Yes, I realize that’s an ambitious title for a blog post about staying secure online, but there are a handful of basic security principles that — if followed religiously — can blunt the majority of malicious threats out there today.
Krebs’s Number One Rule for Staying Safe Online: “If you didn’t go looking for it, don’t install it!” A great many online threats rely on tricking the user into taking some action — whether it be clicking an email link or attachment, or installing a custom browser plugin or application. Typically, these attacks take the form of scareware pop-ups that try to frighten people into installing a security scanner; other popular scams direct you to a video but then complain that you need to install a special “codec,” video player or app to view the content. Only install software or browser add-ons if you went looking for them in the first place. And before you install anything, it’s a good idea to grab the software directly from the source. Sites like Majorgeeks.com and Download.com claim to screen programs that they offer for download, but just as you wouldn’t buy a product online without doing some basic research about its quality and performance, take a few minutes to search for and read comments and reviews left by other users of that software to make sure you’re not signing up for more than you bargained. Also, avoid directly responding to email alerts that (appear to) come from Facebook, LinkedIn, Twitter, your bank or some other site that holds your personal information. Instead, visit these sites using a Web browser bookmark.
Krebs’s Rule #2 for Staying Safe Online: “If you installed it, update it.” Yes, keeping the operating system current with the latest patches is important, but maintaining a secure computer also requires care and feeding for the applications that run on top of the operating system. Bad guys are constantly attacking flaws in widely-installed software products, such as Java, Adobe PDF Reader, and Flash. The vendors that make these products ship updates to fix security bugs several times a year, so it’s important to update to the latest versions of these products as soon as possible. Some of these products may alert users to new updates, but these notices often come days or weeks after patches are released.
Krebs’s Rule #3 for Staying Safe Online: “If you no longer need it, remove it.” Clutter is the nemesis of a speedy computer. Unfortunately, many computer makers ship machines with gobs of bloatware that most customers never use even once. On top of the direct-from-manufacturer junk software, the average user tends to install dozens of programs and add-ons over the course of months and years. In the aggregate, these items can take their toll on the performance of your computer. Many programs add themselves to the list of items that start up whenever the computer is rebooted, which can make restarting the computer a bit like watching paint dry. And remember, the more programs you have installed, the more time you have to spend keeping them up-to-date with the latest security patches.