Chapter 4 discusses the various security risks that users face from using the internet. While there are a plethora of risks, I will discuss what stood out for me from reading the chapter.
One of the security risks is what is called 'drive-by downloads'. I know enough not to download suspicious software but I had no idea that just by viewing a website that I could become infected with malware. I learned that CNET.com, ABC News' homepage, and Walmart.com have all at one time or another been infected with drive-by download malware. So, just by visiting a well-known and trusted website I could become infected with malware which will (if all works according to the attacker's plan) automatically download, install and execute on my computer without my knowledge. One way to defend yourself against this attack is to set up browser security zones which can be found in the Internet Explorer's web browser. I use Firefox which doesn't use security zones, however I also use Norton's Security Suite which does have other security settings for browsing safely. One of the assignments this week was to use IE to create security zones for web surfing and to place the sites that I visit into the zones. It was easy enough to do but I didn't see much difference whether I used them or not. Perhaps I don't fully understand how it works, or perhaps it's just not 'all that'? While I love all the security settings found in IE, I just don't care for the browser so I rarely use it.
Another type of attack comes from what is called mobile code. I have heard of JavaScript, Java and ActiveX but I did not know these types of programming instructions is called mobile code. I learned that you can disable these codes from running by disabling them in the browser settings but if you do that, some pages may not look right or function the way it was designed. The text says you can restrict mobile code so that it must prompt the user before the code runs...I like that idea.
One of the more common ways to become a victim of an internet attack is through email which includes spam, malicious attachments, and embedded hyperlinks. Embedded hyperlinks are used to "trick" users to the attacker's website. Easily done since all that is needed is a hyperlink that displays words instead of the URL which is embedded within the text. I personally use a spam filter in my email and I know my ISP also stops spam from reaching my computer. Most of the so called spam that makes it through isn't actually spam...they're legitimate emails that I signed up to receive from websites that I trust! The true spam gets deleted immediately or added to the block list. I wasn't aware that using the reading pane is a way to safely view message because malicious scripts and attachments are not activated or opened automatically in the reading pane. I have always disabled the reading pane simply because I never like the way it took up extra space or the way it looks, however, after learning how it's a way to defend against attacks, I will begin using that feature.
No comments:
Post a Comment