How to Stay Safe While Online

 

With the amount of malware currently prowling the internet it's very important to fully protect your computer from online dangers. This is important for everyone, not just the overly security conscious. Below I've compiled advice for both novice users and more advanced users. Trust me, there's something for everyone.

Recent Changelog:

5/23/2014-Fixed some links and added link to Best Free Antivirus Software article.

6/9/2014-Replaced http links with https links wherever possible.

 

Index

1. Ensure Your Computer Is Not Infected

2. Basic Approaches To Staying Safe

    A) Back Up Important Files

   B) Keep Your Software Up To Date

   C) Make Sure Websites, Accounts, And Downloads Are Safe

3. Prevent Future Infections By Using Internet Security Software

    A) Pros And Cons Of Using An Antivirus

    B) Pros And Cons Of Using A Secure DNS Server

    C) Pros And Cons Of Using A Firewall With A HIPS

    D) Pros And Cons Of Sandboxing

    E) My Advice On What To Use

4. Browser Based Protection

5. Protect Your Online Privacy

 

1. Ensure Your Computer Is Not Infected

 

The first thing you should do when securing your system is to ensure that your computer is not already infected with malware. To do this please follow my article about How to Know If Your Computer Is Infected. Please make sure any infections you may have are cleaned before continuing to follow the remainder of this article.

 

2. Basic Approaches To Staying Safe

 

A) Back Up Important Files

An important aspect of protecting your computer is making sure that if anything bad does happen, your important information will still be safe. Note that I am referring to problems which can arise from both malware related issues, which this article can help protect you against, and many other types of issues, which often cannot be prevented. I find that it's best to go about this task with the realization that it's always possible that the next time you turn on your computer all of the files on it could be lost. This happened to me once when my hard-drive died. Thus, it's very important to regularly back up all of your data. One of the best ways to do this is to use a free backup program, such as Dropbox, to back up your important files. Dropbox will give you 2GB of space to backup your most critical information. For information about this, and similar services, please read this article about the Best Free Online Backup Sites.
 
 
However, if you need more space to entirely backup your critical files you can also put the data on an external hard-drive, although these of course are not free. That said, another advantage to having a backup drive is that if it has enough room you can even make a clone image of everything on your computer, including the operating system. This way, if anything bad does happen, you can just reload the last backup you made. One of the best imaging programs is called Macrium Reflect Free. For more information you can read this article about the Best Free Drive Imaging Program.

 

B) Keep Your Software Up To Date

One of the most important things to do in order to keep your computer safe from malware, aside from making sure that your computer is protected with a password, is to make sure that Windows Update is set to automatically update. You may find other sites recommending otherwise, and updating it manually is fine for some people, but for the most part I believe that it's best to have it install the updates as quickly as possible. This will help protect you from exploits used by some of the newest malware.

Picture of Personal Software Inspector (PSI)

 

In addition, I would recommend that you keep all programs on your computer up-to-date. If an update is offered for any program I would strongly suggest that you take the time to update it immediately. All programs periodically update in order to fix security holes, which could otherwise be used by malware to infect your computer. Thus, keeping all of the software on your computer up to date is a very important part of staying safe online. A good program, which can help to make sure that all programs are up to date, is called Secunia PSI. It can be downloaded from this page and is free. It will scan the programs on your computer and identify which are not up to date. It will then attempt to automatically update them for you, thus saving you time.

 

Also, if you have Java installed on your computer, which most people do, you may want to consider removing it. Java is constantly being exploited by malware. Also, for most people having Java installed on their computer is not even necessary. Although there are still sites, and programs, which do require Java in order to run, they are becoming less and less common. Thus, my recommendation would be to uninstall Java and only install it if you find that it is in fact required for you.

 

C) Make Sure Websites, Accounts, And Downloads Are Safe

These days it can be difficult to tell whether many websites are safe or not. If you're not confident that a site is safe you should investigate it using the methods I discuss in How to Tell If A Website Is Dangerous. Also, in addition to making sure that sites are safe, you should also make sure that anything you download from a site is not dangerous. Even downloads from legitimate sites may sometimes turn out to be dangerous. To investigate unknown files please read my article about How to Tell if a File is Malicious.

 

Also, even if the site is trustworthy, there is something else to consider if the site asks you to create an account. These days many legitimate sites are being hacked and users' passwords are stolen. This would not be too large a problem if that meant that the passwords could only be used on that site, but the problem is much larger than that. Many users tend to use the same password on multiple sites. This means that if criminals gain access to your password for just one site, they may also have it for many others. Thus, my advice is to not only choose a strong password for each account, but to make sure that you use different passwords for different sites. For good advice on how to do this please read this article about How to Keep Your Passwords Safe. Also, spam is currently a very large problem for many internet users. Because of this I have written an article about How to Avoid Spam. Please read this article in order to learn what behaviors will best allow you to avoid this problem.

 

3. Prevent Future Infections By Using Internet Security Software

 

There are many different approaches to protecting a computer. Below I have reviewed the main approaches which are constantly being advocated today. I conclude this section with my advice about what approaches I would advise most users to follow in order to protect their computer.

 

A) Pros And Cons Of Using An Antivirus

I do believe that having an up to date antivirus program running on your computer is an important component to nearly any protection regime. One of the greatest attributes of a good antivirus program is that it will automatically remove any files that it knows to be bad. Thus, the user can essentially install an antivirus and then almost forget that it is there. For the most part it will do its part protecting the user without requiring any interaction. It's very easy to use. However, make sure that you only have one antivirus program for protection. Running more than one can cause problems for your system.

 

However, there are also downsides to the approach taken by antivirus programs. It really boils down to this. An antivirus cannot detect all malware. In fact, antiviruses are really quite bad at detecting new malware. Those detection statistics you see in many tests, in which antiviruses achieve detection rates such as 99%, do not apply to new pieces of malware. For real life situations these statistics would be more like 60-70%. Also, the better malware writers will test their new creations before releasing them to make sure that initially their malware won't be detected.

 

There is a lot more to the story, but the truth is that even if an antivirus program uses ordinary signatures, generic signatures, heuristics, cloud-based detection, and behavioral analysis it still will not be able to provide true protection from new malware. Any detection based approach to protecting your computer can be likened to playing Russian Roulette. One day you're probably going to get unlucky and wind up with your system infected. Because of this it has become apparent that additional methods are required in order to fully protect your computer. That said, an antivirus is a very good compliment to any of the other approaches reviewed in this section.

 

B) Pros And Cons Of Using A Secure DNS Server

The benefits of a Secure DNS Server, or at least one that will also filter known dangerous sites, are similar to those of an antivirus. It will protect your computer from any sites which are flagged as dangerous by the company operating the service. Thus, many threats will be stopped before they can even reach your computer. In addition it will also protect you from what are known as DNS Cache Poisoning attacks. These DNS servers are also relatively easy to setup and require no software. In addition, the speed you achieve by using these should be the same, or perhaps even faster, than you achieve without using one at all.

 

Of course, the downside to using a service like this is similar to that of an antivirus. It cannot possibly block all dangerous sites. The vast majority will likely bypass it. That said, just as with an antivirus, if you rely on this only as part of your protection regiment it is a very good addition. I find that it complements the other methods very well.

 

C) Pros And Cons Of Using A Firewall With A HIPS

Using a firewall with a Host Intrusion Prevention System (HIPS) can protect your computer from nearly all types of threats. It operates by preventing unknown programs from altering any part of your system. It automatically blocks any files which are not verified as safe by the security vendor. Therefore, malware is automatically prevented from doing any damage. In this way HIPS is superior to detection-based software, such as traditional antivirus applications, as it will stop any type of malware. Once the file is blocked the HIPS program will ask you if you want to give the blocked file access to your computer. Thus, control over what unknown programs are allowed to do is entirely in your hands. For a full explanation of what a HIPS is please read the explanation on this page.

 

Of course, the obvious downside to this approach is that just as there are many millions of malicious programs, there are also millions of safe ones. Because HIPS vendors cannot instantly analyze every possible legitimate program it's quite likely that you will receive questions about some safe programs, as well as for the dangerous ones. Of course, HIPS vendors are also acutely aware of this problem. In response many companies have developed extensive whitelists. These are databases of known safe programs. If a program is known to be safe, or is produced by a trusted vendor, you won't have to answer any questions about it and the program will be allowed complete access to your computer. Thus, for some HIPS applications, the number of alerts you get for everyday programs is so small that it is almost unnoticeable.

 

That said, for many people this type of protection, powerful though it may be, is too intrusive. With programs such as these there will always be at least a few popups which the user will be required to answer. In my opinion this is a very good trade-off for the very high level of protection you achieve, but for others it is not worth it. If you are looking for an install and forget kind of program a HIPS is not that. Therefore you should consider other alternatives. However, do realize that besides using a HIPS or sandboxing, which will be discussed in the next part, no other approach will be able to offer you anything approaching complete protection.

 

D) Pros And Cons Of Sandboxing

Using a sandboxing program can also protect your computer from nearly all types of threats. The types of sandboxing software I believe are most suitable for the majority of users are the ones which only sandbox individual applications. With these, anything run in the sandbox does not affect the real system. Thus, if something turns out to be malicious you can just delete everything in the sandbox. Thus the malware, or whatever was causing the problem, can be easily removed without it ever even touching your actual system.

 

However, this approach has drawbacks as well. While it is true that all applications in it are isolated from the system, it does give you the option to recover files to your real computer. This will sometimes be necessary, as most users will want to save what they are doing for future use. Thus, it's possible for malware to trick you into infecting your actual computer, even if you are using this type of sandboxing technology. In addition, for many users it may become a hassle that whatever you are working on in the sandbox will not be automatically saved for future use. I believe that many users will find this type of approach to be disagreeable.

 

I don't mean to imply that sandboxing technology is not useful. It is one of the most potent forms of protection currently available. However, I would argue that, at least for most implementations of it, it is really more designed for advanced users. That said, there are a few approaches to using sandboxing which I believe may be suitable for novice users.

 

E) My Advice On What To Use

Regardless of what other approaches you take to protecting your computer, I would suggest that you use a Secure DNS Server with malware blocking capabilities. The one I would most highly advise using is Norton DNS. Using this will not slow down your connection. In fact, you may even notice an increase in speed. Norton DNS blocks sites which it knows to be dangerous.

 

I. Use A Single Program Which Incorporates All Of The Above Technologies

My top recommendation would be to protect your computer by using all of these technologies at the same time. There is a program called Comodo Internet Security, which has combined all of these together into a single package. If you choose to use it you should download the free version from this page. This program includes an antivirus, a HIPS, an automatic sandbox, a firewall, and Comodo DNS Servers (which you can opt out of during installation if you would prefer to use Norton DNS, as advised above). Also, in my opinion this program is quite easy to use, and it keeps getting more user-friendly with each new release. The way this program works is that all files which are known to be safe will be allowed access to your real system and files known to be dangerous will be removed. However, unknown files will be automatically sandboxed and, if they require more permissions than are allowed by the sandbox, the HIPS component will ask you if you trust them enough to allow them access to your computer.

 

Also, much of the difficulty of using a HIPS, or a sandbox, is mitigated by the very extensive whitelist which Comodo has developed. I find it to be quite easy to use and would strongly recommend it to all levels of users. That said, there will be a few popups which will initially have to be answered, but I believe that these are relatively easy to understand and are few in number. If you like the approach this software takes, but would prefer to use a separate antivirus program, you can instead install Comodo Firewall. You can download the free version from this page. It comes with a HIPS, an automatic sandbox, a firewall, and Comodo DNS Servers. You can then install a separate antivirus program alongside it. A good list of free antivirus programs can be found in my article about the Best Free Antivirus Software. Do note that if you do choose to install Comodo Internet Security, or Comodo Firewall, you should read my guide about How to Install Comodo Firewall. This will explain how to configure it for maximum security.

 

After installing this program it's very easy to use. For example, you can open up your browser on your actual computer. You don't need to worry about sandboxing anything. Everything will be done automatically. What will happen is that any files you download, bookmarks saved, changes made, etc... will all be saved to your real computer. However, any files will be checked by Comodo before they are allowed to be run. If they are already known to be safe they will be allowed full access to your computer. Thus everything will work fine and you don't need to do anything. If they are known to be bad they will be removed.

 

However, if they are unknown they will be sandboxed. It's also important to realize that initially much malware will fall into this unknown category. That means that with this approach your computer is protected from anything these files may do, although they may still be able to run in the sandbox. Very little interaction is needed on your part for these files, and of course the number of unknown safe files that ordinary users will run into is very small. Thus, I believe that Comodo Internet Security, or Comodo Firewall, is the most user friendly, and arguably the strongest, approach to truly protecting your computer currently available. There are more user friendly approaches, but these rely on detection technology, thus not providing what I consider to be an adequate level of protection. I would strongly recommend that you try this software and see if it is suitable for you.

 

II. Or Just Use An Antivirus And HIPS

If you would prefer not to use Comodo Internet Security, or Comodo Firewall, then my first suggestion would be for you to install a different firewall with a HIPS component. A list of other good free firewalls, with strong HIPS protection, can be found in this section of the review of the Best Free Firewalls. I would consider the other programs in that section to be more difficult to use than Comodo Firewall, but if you find that Comodo Firewall is not a good fit for you these programs are certainly viable alternatives. However, just as I advised above, I would strongly suggest that you run an antivirus alongside it. This way, if a file is already known to be bad you will be protected from the possibility of accidently allowing it. A good list of free antivirus programs can be found in my article about the Best Free Antivirus Software.

 

III. Or Just Use An Antivirus And Sandboxing

If you would prefer not to use Comodo Firewall, or any HIPS program, then perhaps a program which is strictly used to sandbox applications is the correct approach for you. In terms of a program which runs specific applications in an isolated environment, my top recommendation would be Sandboxie. This program is free, very effective, and relatively easy to use. Anything run in this sandbox will only be able to interact with the virtual system. Also, make sure that you install an antivirus program alongside Sandboxie. Keeping an antivirus in the loop means that most dangerous files will automatically be removed before you even have to worry about whether you should allow them access to your computer or not. A good list of free antivirus programs can be found in my article about the Best Free Antivirus Software.

 

One of the most effective ways to use this program is to run your browser, or other potential threat vectors, inside of the sandbox. That way anything that enters your computer through them will automatically be isolated from the rest of the system. However, be aware that whenever something is downloaded you will be given the option to recover it to your real system. I would recommend that you only do that if you really trust the file. In order to make sure files are not dangerous please follow the advice I given in my article about How to Tell if a File is Malicious. However, please note that you will have to navigate to the Sandboxie folder in order to submit the file for analysis. When initially setting up Sandboxie I would strongly recommend that you follow this tutorial. Also, in addition to running an antivirus, I would advise that you run a good firewall alongside Sandboxie. For a listing of the best free firewalls please see this review about the Best Free Firewall.

 

4. Browser Based Protection

 

Securing your browser is another very important step in order to keep malware, and other threats, from gaining a foothold on your computer. For this please read my article about How to Harden Your Browser Against Malware and Privacy Concerns. If you are not also concerned about privacy concerns then pay particular attention to the portions which are concerned mainly with security.

 

5. Protect Your Online Privacy

 

If you are concerned about your online privacy, especially seeing as there have been more and more attempts to invade it recently, then please read my article about How to Protect Your Online Privacy. This covers many ways in which you can increase your online privacy. Many of these methods are easy to use, but some do take a little bit of effort. Please read it and use whichever methods you think best address your concerns.

 

 

 

 

Please help by rating this article. Also, if you believe this article deserves anything less than 5 stars, please leave a comment below explaining how you think it can be improved or where you find fault. This article is written by me but fueled by the community. Thus your opinions and advice are not only much appreciated, but actually necessary in order for this article to grow and improve.

 

 

Share this
4.72973
Average: 4.7 (111 votes)
Your rating: None

Comments

by cindykim on 7. July 2014 - 1:02  (117185)

If we put too much important information online, actually it's very hard to stay safe online no matter what we do. The most thing we need do is seriously choosing what you post online.

by JoeRS on 28. March 2013 - 7:16  (106594)

Very good article. Also I recommend to use a virtual machine in case of unsafe websites browsing.

by Chiron on 28. March 2013 - 12:30  (106604)

No doubt a virtual machine is the most secure option. However, most users would prefer to be able to work on their normal machine. That's the reason I'm trying to avoid virtual machines.

Sandboxing, or HIPS, provide a very high level of security as well. It's a very rare piece of malware which can bypass either a good sandbox or a good HIPS.

by Solar Sky on 18. December 2012 - 17:58  (103731)

thanks for this information. i would just like to know if i use kaspersky total security or macfee total security or bitdefender total security or any other total security products, do i need to have any other protection guards ?

by Chiron on 18. December 2012 - 20:48  (103735)

In general those products you directed me towards do not have very good HIPS protection, if any. Unless I am wrong, they are mainly just antiviruses with a firewall. As I mentioned in my article, I believe that using a HIPS is very important. However, there are certainly pros and cons to using one. I believe the benefits outweigh the cons, but that is up to you.

Please read through section three of this article and see what combination of security features you believe is best for you.

by Chiron on 12. August 2012 - 19:53  (97620)

I've updated the article.

Please let me know what you think of the newest version.

by Notwgl (not verified) on 4. July 2012 - 8:37  (95705)

This is a fabulous site. Thankyou for the gift of your knowledge delivered with such comprehensive clarity.

by Chiron on 7. July 2012 - 1:27  (95841)

Thank you very much.

Please let me know if you have any questions and I'll do my best to answer them.

by Bunyip22 (not verified) on 24. May 2012 - 20:47  (93920)

I just tried Hotspot Shield. A Speed Test gave me 1 mbps upload, 0.5 download and ping 500, as bad as any proxy server I have tried anywhere. This compares with 48+ upload, 3 download and ping 12 without it. I guess it depends where you are. I'm almost 2000km from LA where Hotspot connected me.

by Chiron on 25. May 2012 - 2:33  (93928)

I believe you meant for this comment to be in my article about protecting your privacy.

Either way, for me it works well and the same for many others. Perhaps another will work much better, that's one of the reasons I link to the page that has a lot of other free VPN's listed.

Please let me know if one of them works well for you and I'll look into it.

Thanks.

by HK (not verified) on 20. May 2012 - 0:52  (93720)

Please...

add DNScrypt from openDNS to this article
Thanks

by Chiron on 20. May 2012 - 1:25  (93723)

As far as I can tell it encrypts the data between OpenDNS and your computer. However, it appears that it doesn't actually block any malicious domains, which is one of the most important functions of the DNS providers I recommend.

Thus I don't think I'll add it to this article as it doesn't block malicious domains. Please let me know if I'm wrong and it actually does.

Thanks.

by gin (not verified) on 19. May 2012 - 23:02  (93717)

thanks for the great tips! they helped immensely.

by Chiron on 19. May 2012 - 23:04  (93718)

Thank you.

Please let me know if you have any questions.

by aemi on 14. March 2012 - 20:36  (90618)

Please include OpenDNS. It's one of the best out there imo.

by MidnightCowboy on 15. March 2012 - 4:03  (90633)

As is reported in various places on this site, OpenDNS does not protect against malicious sites. Only phishing protection is included with the free service. If you want protection against malware or malicious domains, then you have to purchase their paid service.

by aemi on 15. March 2012 - 17:50  (90659)

Thank you, I then have to reconsider my options.

by Azhar (not verified) on 23. February 2012 - 8:00  (89287)

Hi Chiron,

Can you please tell me in detail(amap)how to use TOR With CD?

Thanks.

by Chiron on 23. February 2012 - 21:12  (89316)

I haven't used Tor with CD, but I believe the setup should be almost identical to that for Google Chrome. Thus I would advise that you search for a guide that fits your operating system and your needs. This should also work for CD.

Please let me know how it works, and if you find a good guide I'd be interested to see it.

Thanks.

by trent andrew (not verified) on 11. February 2012 - 10:26  (88668)

Hi Chiron,
I have a doubt about sandboxie.
If I use sandboxie will the websites be unable to track my computer when I am running a sandboxied web browser.I mean some websites track my machine for diff purposes and some of them track my MAC address too.So as i'm running this virtual sandboxie will they still be able to do all those things.I am not familiar with virtual machines. So please reply back.
Thank you.

by Chiron on 11. February 2012 - 23:05  (88705)

As far as I know the only privacy gain that Sandboxie gives you is that you can easily, and permanently, destroy all cookies, cache, etc... that were created while you used it inside Sandboxie. It definitely won't be able to stop websites from tracking your MAC address or anything like that.

Please see my other article about How to Protect Your Online Privacy:
http://www.techsupportalert.com/content/how-protect-your-online-privacy.htm

by nameuser0192 (not verified) on 11. January 2012 - 14:43  (87010)

O.k

I dont want to be criticizer but today i got a "Dns cache poisoining attack" and do you know what was the source of the attack.

The source of the attack was ip-8.26.56.26 and 8.20.247.20

Can anybody explain whats going on with comodo dns servers.....

Thank you

by Chiron on 12. January 2012 - 0:01  (87039)

Hello, can you please let me know what you saw that made you think there was a DNS cache poisoning attack? The more information I have the faster I can figure out what's going on.

Thanks.

by nameuser0192 (not verified) on 12. January 2012 - 5:19  (87054)

My antivirus just started popping out messages saying "Dns cache poisoining attack detected" and at that time i was using comodo dns secure servers ips.

When i checked for the source ip of the attack i found the comodo dns server ips i.e which i have mentioned earlier.

by Chiron on 12. January 2012 - 14:21  (87081)

Which antivirus was this?

by nameuser0192 (not verified) on 9. January 2012 - 7:24  (86854)

hi,

According to my puny knowledge i think
Its better to install ghostery,adblockplus and Disconnect

I have found that when i visit this site http://www.techishare.com/tech/comodo-dragon-vs-google-chrome-updated/

Ghostery showed-7 of 7 blocked

Disconnect showed- 4 of 4 blocked

Adblock showed-0 out of 91 blocked

if i am misunderstanding something please clarify.

Thank you.

by Chiron on 9. January 2012 - 14:16  (86877)

Which lists were you using for Adblock Plus?

Also, see how many Adblock Plus will block if you disable Ghostery. It's possible that it's not blocking any because they are already being blocked by the other two.

by Johnny18122911 (not verified) on 18. December 2011 - 4:20  (85216)

Thanks for this article. It was a fantastic read. I use most of the above programs (e.g. Firefox, Sandboxie, AdBlock Plus with NortonDNS). However - I never knew how serious the Google Chrome issues where. I rarely use Google Chrome, but I keep it as a back-up browser. In example, I download files from the internet with Chrome because I have strict Firefox settings that reduce my download speed. I think I might just delete Chrome and use Comodo now as my back-up browser :-) thanks again. I would love to see more articles from you. You seem very knowledgeable.

by Chiron on 18. December 2011 - 5:05  (85217)

Thank you very much.

Yes, as much as I do love Google's services (they work very well), they seem to have tracking built into every one. That includes their search engine, browser, Gmail, etc...

by mere male (not verified) on 17. December 2011 - 1:45  (85156)

Thanks, Chiron. As per your advice, I am now connecting via Norton DNS and Hotspot Shield. So far working well, and no speed issues.

Gizmo's Freeware is Recruiting!

Gizmos Needs YouShare your knowledge of free software with millions of Gizmo's readers by joining our editing team.  Details here.