Avoiding Dirty Web Sites - Here's How

I spent some time earlier today helping a friend rid her home computer of a malicious application that kept popping up notices warning that her machine was infected by a virus while advising that if the user purchased their anti-virus program, a portion of the cost would be donated to environmental causes. Green AV is the name of this pernicious app.

So how do people end up with viruses, Trojan horses, malicious code, and other unwanted pieces of software installed and functioning on their machines? Typically by browsing particular types of web sites, accessed directly, via a shortened link (TinyUrl, bit.ly, etc.), or by following a hyper-link embedded in an email, instant message, Twitter post, ad naseum.

Anti-virus and security vendor Symantec has written up a handy survey of the 100 Dirtiest Web Sites with information gleaned by visiting the sites. And here's something that might surprise you - while the average number of threats per site was 23, a number of the offending locations had between 18,000 and 20,000 threats apiece.

It used to be that adult sites made up the vast majority of the threat class, but according to Symantec, only half of their survey sites were comprised of adult content. More innocuous sites are now pressed into service to host malicious content.

The best advice? Use a browser that has a smaller risk footprint, like Opera or Firefox. Microsoft's Internet Explorer is notorious for vulnerability, and its tight integration into both the Windows platform and applications like Microsoft Office means the chance of damage increases.

If you move to Firefox, installing add-ons like NoScript, Ad Blocker, WOT, and others can keep you from ending up on malicious locations or having scripts install software without your knowledge or permission.

Of course, having an updated version of an anti-virus program that gets its signature database updated at least daily is a must, as is using a free program like Secunia PSI to make sure that end-of-life software is identified, and that ancillary programs like JavaScript, Flash, Adobe Reader, and iTunes are maintained with security patches and version upgrades, since many vendors often upgrade to new program versions to fix serious vulnerabilities, leaving prior versions wide open to exploit.

Since even mainstream sites are being compromised by SQL injection attacks or via advertisements piped in from compromised ad servers, simply avoiding particular kinds of web sites no longer offers a measure of protection. Disabling active scripting and taking other defensive measures is now a requirement for safe web browsing.

Questions? Email me at RedGeckoBlog@gmail.com.

Image by SecurityLabs.Websense.com