Check us out on GitLab Email us
admin@kaisev.net

How to protect yourself online

Contrary to the marketing, there is no software that can give you your computer total protection. The most effective defense will always be your own habits. The best part of that, is that there is no subscription fee for good habits. Reading this article will help you build safe browsing habits and learn how to protect yourself and your computer.

When to trust someone

You receive a phone call saying that your computer has a virus, and you need to fix it. The caller says he works for Microsoft, and that he will help you for free. Can you trust him?

Trust is an important factor in security, especially when you are seeking help. In these cases, I find it best to compare computer work to having work done on a car, consider the below example:

You receive a phone call saying that your car has problem, and you need to fix it. The caller says he works for Dodge, and that he will help you for free.

Immediately in the above scenario you have to wonder several things:

  1. How do I know this person is from Dodge?
  2. How would this person know what's wrong with my car?
  3. Does Dodge even fix cars? Wouldn't that be done by a mechanic or dealership?

These same questions apply to the call about your computer.

  1. You have no way of knowing who called you
  2. They have no way of knowing what's going on with your computer
  3. It's not Microsoft's job to fix your computer, that would be done by a computer shop.

A good rule of thumb then, is never trust anyone who contacts you. If you are having computer issues, people will not approach you about it. Unless you contact someone for help, no one will know or care about it.

This same approach doesn't just apply to phone calls. This applies to emails, pop-ups, and any other form of communication.

Below are some red flags to watch out for:

  1. Someone contacts you
    • As opposed to you contacting them
  2. Someone tries to scare or threaten you
    • Example: "your data will be lost" or "your account will be deleted"
  3. Someone tries to pressure you and say that this is time-sensitive, often including a threat
    • Example: "This has to be done by tomorrow" or "Urgent"
  4. Someone is pushy or insistent, even if they are polite while doing so
    • Example: "You have to do this", or trying to give you instructions
  5. Someone has poor spelling/grammar
    • Professional companies tend to communicate professionally, and blatant mistakes don't usually get sent out

How do you handle a possible scammer?

If something or someone contacts you, the best thing to do is contact someone you trust. If you get a popup that says you have viruses: close it and open your antivirus program through the start menu (a method you trust for opening your antivirus software and checking for viruses yourself). If a company sends you an email saying your account will be deleted: Go online, find their real phone number (obviously you can't trust the one in the email!), and ask them about it

  1. Don't Panic
    • It is the goal of these people to make you panic so they can influence your decisions
    • If you think something might be wrong, turn off your computer until you can get trusted help
    • Malware will not damage your computer while it is off
  2. Don't give them information
    • You never want to give information to someone you don't trust. Even if it's something that seems harmless, like your name, your children's names, what kind of computer you have, or what city you're in. That information can be used to attack you later
  3. Challenge the caller
    • Ask them the name of the company they work for, where they're located, what their full name is, etc.
    • This can put a scammer on the defensive, and their story can quickly fall apart
  4. Contact someone you trust
    • If a caller claims to be from a company you trust, call that company's support directly by getting their phone number of their website
    • If an email has a link, don't click on it. Instead go to the website in your browser
    • Ask a forum, a friend, or someone else you trust if they think this is safe

Web Addresses

A web address or URL is the address of something on the Internet. This is the address at the top of your webpage, and it tells you some important information about where on the Internet you are, and how you're connected. For example, let's look at the address for Google: https://www.google.ca/

From the address we can tell what site we are connected to, and if we are connected securely. This will help you to avoid fake versions of websites that steal people's information (known as phishing sites).

Tip: Links on webpages lead to addresses. If you move your mouse over the link you will see an indicator in the bottom corner of your screen telling you what address the link leads to.

Where are we?

Looking at any web address, there are a series of words and letters seperated by periods

www.google.ca

What we care about here is the google.ca part. mail.google.ca, maps.google.ca, and www.google.ca, are all sites on google.ca. We know this because the last parts of the address before the forward slash (/) are google and ca.

In an example, let's look at reddit.com and reddit.ca. reddit.com is owned by Reddit inc, and reddit.ca isn't owned by anyone, and could be purchased by anyone. This means someone could purchase reddit.ca and build a page that looks like a login page for reddit.com to try and steal usernames and passwords.

It can be hard to remember whether the site you want is reddit.com or reddit.ca, so it is a good idea to create bookmarks for sites you use and trust, and use them to navigate to those sites. Beware that some fake websites will use ambiguous characters, such as a lower case L instead of an I, to trick you.

HTTP VS HTTPS

You will notice that some addresses have HTTP or HTTPS in front of them, and some addresses have nothing in front of them. This tells you how you are connecting to a page. The difference is simple, HTTPS is just HTTP Secure, a secure version of HTTP.

Seeing that HTTPS or the green lock in the address bar means two things:

  1. This is the website that it says it is in the address bar, and your browser has verified this
  2. Your connection is secure, no one can read what you send to the site or what it sends to you

HTTPS does not mean the site you are on is safe. It just means that you are on the site the address bar says you're on, and that your connection to that site is secure. This is why you it's important to know how to read the address bar, so you can confirm that you are on the site you trust and that your connection is secure.

Note: In a work environment, your administrator can always see what you are doing, regardless of https.

If you don't see HTTPS or the little green lock, then neither of the above is true. When you're at http://google.ca, you have no way of knowing that you are actually seeing Google, or if it's an imposter. In addition to that, anyone can see what data you send to that page. Always make sure you see HTTPS or that green padlock and verify you're on the right page before you enter login or payment information.

Learn Your File Extensions

In Windows, the file extension is the last three or four letters of a file name after the period. The file extension indicate to Windows what type of file it's dealing with. For example you will see filename.docx for word documents, and filename.exe for Windows executable files. Look at Fileinfo's list of common file types for a list of common file extensions.

The last letters following a period indicate the file extension. A file named program.pdf.exe is not a PDF document; it is an EXE file. This means it is an program that will run (or 'execute') when opened. Of course any file that tries to trick you with it's name like above is not to be trusted. If you do not recognize a file extension, look it up or ask someone knowledegable if it is safe.

Below are some common executable file-types and their associated extensions, make sure that these files are from a trusted source before you run them.

Executable File Extensions

File-type Extension
Windows Executable File .exe
Java Archive File .jar
DOS Batch File .bat
Visual Basic Script File .vbs

Showing File Extensions

You will notice in Windows that, by default, you can't actually see your file extensions. This is because many people consider the file extensions ugly, and don't know what they do anyweay. From a security perspective, this is horrible; if you can't see the file extension, you are relying on the icon to indicate the filetype. Windows Executables can use any icon they want, so that file that looks like a PDF, could actually be an EXE.

It is important then to change this setting so you can see the file extensions of all of your files. In Windows 10 this is as easy as opening File Explorer, clicking on View, then checking File Name Extensions.

Watch Where You Click

Most users that get into trouble do so by clicking on things without understanding what they are doing. Often we receive complaints that a program "just appeared" or "installed itself" when we know they had gone through the entire installation process, and just clicked on everything that said "yes", without considering what they were doing. It is important to take your time and understand what you are doing, and what you are agreeing to. If you don't understand click "No" or ask someone

Many people seem to think that choosing "no" will stop something important from running, or that there are some horrible consequences to saying "no" to something. If you are unsure about something, always feel free to press "no"

E-mails and Spam

E-mails are a major source of more serious infections. Beware of emails that try to send you to links, or are claiming to be from payment or shopping websites. These are often attempting to do something that will harm you, usually phishing (stealing information). For more information on phishing, please read the following Microsoft Article. If an email is in your spam folder, do not open it unless you know the sender, have communicated directly with them and know it can be trusted. More importantly are attachments. Never, ever, open an executable attachment (see above for common executable file-types), it is also recommended to do an anti-malware scan on all attachments that you do download.

Advertisements

Advertisements are designed to get clicks. Even if you are on a site you trust, don't click the advertisements. Many sites will use a service to deliver their advertisements, and often they are not good at vetting them. Even on Bing clicking on an advertisement has taken many of my users to a page that then trys to scam them, and threaten them with virus infections.

Many choose to use an adblocker such as uBlock Origin to prevent advertisements from showing up in the first place. This can greatly improve your security online

Installers

Installers are where most adware comes from. Installing a program on Windows is easy, as you get little dialogue boxes to guide you through the process. However, a lot of software comes bundled with adware and toolbars. These are programs that inhibit your ability to use your computer, attempt to sell you things, collect and sell your information, and cause problems in general. Why do some installers attempt to install adware? Someone paid someone money to put that stuff in there. Please note that it is not the creator of the program that does it, some download sites (that you should avoid) such as Cnet and SourceForge will bundle the original installer with adware.

Always select the custom installaion option if available. At every stage of the installation you have to look over the dialogue boxes carefully, and make absolute sure that you are not agreeing to install anything besides what you are actually trying to install.

User Account Control and Other Warnings

Warning dialogues are a practically a trademark of Windows, and a lot of people are in the habit of clicking 'okay' as quickly as possible to get back to what they were doing. This is a bad habit, especially when you have multiple dialogues pop up in a row. Believe it or not, these warnings are important. Paying attention to them could save you a lot of grief, even if it does slow you down. Most of these warnings ask you if you want to download a file, conveniently telling you the name, File-type, and origin of the file. Good thing you read the previous sections on URLs and file extensions, because that's exactly the information this type of warning will give you. Another common warning asks you if you want to allow a file to run as an administrator and do whatever it wants to your computer. These warnings also give the origin of the file, and it is important to read these to make sure that you recognize the file, and to be sure that you actually do want it to run. If that warning pops up out of nowhere, you have done nothing to open a file, or you don't trust the file or it's source, just choose "no"

Installing Software Safely

Finding and installing the software you want can be risky, as it's hard to know what you can and can't trust. Chocolatey is a solution, it's like an 'appstore' for Windows. Installing it from their site requires a bit of effort. However, we have an installer you can run that will do the work for you. Download and install Chocolatey by running this file: Kaisev Chocolatey Installer.exe

Just open the Chocolatey GUI to look for and install programs. You can be confident that any programs you find in Chocolatey are trustworthy

Some Software to Pick Up the Slack

As mentioned earlier, installing security software does not make your computer secure. But there are some tools that can help improve security, and make it easier to stick to your good habits

For specific recommendations, please see our article on Recommended Security Software