Advice on "common sense browsing"?

New laptop to be delivered by UPS tomorrow. (My current laptop is an IBM Thinkpad with 27Gb HD and 512Mb RAM, so I'm waaaaaay overdue!) I've been reading reviews of AV software, but also the "Post your security setup" thread here for advice, as I have to make a decision about AV right away. (The new laptop will come with McAfee pre-installed, but after everything I've read, I plan to uninstall that instantly.) The most-mentioned AV in the above referenced thread seems to be MSE, but I'm considering Avast after reading that it was more of a "suite". I have not had to consider AV on my current laptop, as it has a lifetime corporate Symantec installed.

Anyway... I play on a trivia team that requires LOTS of online research and leads me to all kinds of sites to find info. The Symantec has quarantined 2 Trojans in the last year, and at least once a month I get some sort of malicious activity attempt alert from Symantec ... which leads me to believe that I am not practicing "common sense" browsing. Because of this, and because years ago (pre-Symantec) I got a virus so bad I had to re-format my HD, I am VERY concerned about having the very best protection on my new, clean laptop.

What exactly is involved in "common sense" browsing? What are some examples of "lack of common sense" browsing? How can I increase my web security by altering my surfing habits?

And is a paid suite like Norton or Kaspersky going to offer better protection than going with a free AV like Avast and using Malwarebytes also?

 

Don't click "Yes" to pop ups like "This website wants to install xxxx.exe in your computer" without knowing what software it is.

Free security software should be enough for most people.

 

Be careful not to randomly/accidentally click on ads either, it will happen eventually, but be careful where you click. Be wary of social engineering scams like pop-ups saying your computer is infected, they want to trick you into downloading actual malware. The xp style screenshot of your "infected computer" kinda gives it away as a scam sometimes. Had a relative call me about that particular kind of threat a while back, that's what you get for being the tech savvy person in the family. At least they didn't install the malware.

I also do most of my every day tasks using an account with admin privileges, it is a thin extra layer of security, but it is still better than no extra layer. Besides i feel better knowing that people who ask if they can use my computer quickly are running on an account without admin rights so they can't install 3rd arty apps without knowing the password and no third party app is ever getting on my computer without me installing it. I wouldn't trust my friends if they asked me to use the computer to show me this funny or neat picture/site/whatever if they had admin priviledges. Well i still don't trust them completely and it makes me cringe, but i have to take their feelings into account...

 

Thanks to both of you for the replies. That made me feel better, as I do have the sense not to download unknown software, and I never click on ads, either. I have seen that scam about the infected computer first hand ~ and it does look pretty official ~ but I won't fall for that one, either. And no one else ever uses my computer, so I'm good there, too. Thanks for the advice!

 

Don't follow unsolicited links, even from friends through email or facebook. They could have been phished by a spam bot.

Also, stay away from sites with multiple re-directs. Even if they give you the content you wanted 2 pop-ups later....they usually have something fishy running from the first window while they serve you the content you wanted.

 

Do not disable UAC.

 

^+1 and use a user account for daily work like browsing.
Keep all your software up-to-date, especially stuff like java and flash.
Install an Ad blocker; increases page loading and disables possibly infected ads.
And as already mentioned, simply be careful about clicking on 'yes'.
If a website urges you to install a codec, software or whatever, don't click on 'Install/download/etc', always get such software from the source.
Example; if a site mentions 'Install/update Flash here', ignore the message. Instead, go to Adobe.com and always get Flash there.

For completely care-free browsing, I'd recommend (free) Sandboxie.

 

https://survey2.securestudies.com/wix/p122560761.aspx

 

Don't bother with common sense browsing. IT is virtually useless.

1) It relies entirely on the user, which is an inherently weak security method.

2) It presupposes that there are groups of websites that are "trusted" and "untrusted" when in fact every website should be considered "untrusted."

3) It's a pain in the to think "Well this site might have what I need but it doesn't look legitimate."


Instead, set up yourself up with some decent security programs and a secure browser (Chrome or IE9) with extensions like adblocking and stop worrying about your online activities.

 

That is complete bull and I'm surprised to see you say this, HM. Denouncing common sense goes completely against the thesis of your AV-less experiments. If anything, common sense should be the FIRST line of defense against anything malicious.

Nobody needs to fret over every site they visit but even a good browser w/ad and/or script blocking and av program are not a guaranteed ticket for immunity. Nothing truly is. The best security comes in layers, we all know this but being careless just because 'I can' is..c'mon,...seriously? Keep in mind also, that both IE, Chrome and quite a few AV suites/programs have web scanning so they assume the role you mention of dividing up the internet into trusted and untrusted sites. To anyone who does online banking or product ordering, filing for student loans or unemployment, etc., it's impractical to mentally mark everything out there as untrusted.

Then again, maybe I really have just won an iphone 5. Maybe sexy singles in my area really are waiting to meet me... I gotta go freshen up.

 

Common sense should only ever be used as a superfluous measure. What I did when I ran my computer for over a month without any protection was not something to prove that common sense is worthwhile, it was just me wondering whether or not my AV was that "barrier" between infection and a clean computer.

Common sense has its place. You can apply it but it is never reliable. You should build your security setup assuming that you're going to make the wrong decision at some point.

I think my issues with common sense would end up being a long and drawn out discussion.

 

Check my signature, that might be of some help.

 

Quoted for truth, you have to assume that you'll eventually make a mistake somewhere and that common sense won't save you. That's why you need to have a decent security setup as far as programs go (AV, browser etc.). Still, using your head won't hurt in helping keep your computer safe, it seems to me like social engineering threats are more common recently.

HM, just out of curiosity, any thoughts on Opera regarding security?

 

First off, apologies to Hungry for having jumped down your throat there. By bringing up your AV adventures, I meant to point out that a likely (but unmeasurable) contribution to you not actually contracting anything was due to common sense on your part and using your head, which differ only semantically in my mind. This doesn't equate to a conscious decision or analysis of every page and link you came across during that timespan, but it does mean you're able to use sound judgment to keep yourself out of trouble.

I'm thinking of things like using an ssl connection vs http for site logins, staying away from free mp3 & movie download sites, not pissing off 4chan, etc. To quickly try and define it, precautionary measures and actions taken by the user which are not necessarily dependent on a software. That definition could probably be improved, but I'm sure you catch my drift.

I agree that common sense isn't 100% reliable, but in the real world, little is. Thanks to our..um.. colorful gene pool, the effectiveness of common sense from user to user has wildly more variation than than the predictable strength of a program based security setups. I don't for a second deny the value of those programs either. I'm just of the opinion that one would not blindly cross a busy intersection because they're 250 pounds of Brazilian jujitsu sculpted muscle and "can take a hit".

I don't believe that simply having a good software setup negates the practice of using caution to minimize vulnerability. I like to think that the user would know something is wrong with a popup that promises a lifetime supply of lollipops, and thus avoid it.

That said, I fully acknowledge the possibility of having too much faith in humanity but I think we arrive at the same end point by just a slightly different means.

 

Lots but none of them are good I'm sorry to say. Browser security is my area of interest as well.

@RWUK,

No apology necessary, we understand each other I think.

Here's how I feel:
In an ideal world the software/hardware would handle literally every (important) aspect of security and leave user interaction to only the most trivial decisions.

The problem is that the world does not work like this. Because we lack the proper software for this we're forced to use our heads to make up for this.

There's a lot more to it to that (I'm sorry to say) and it gets more complicated but basically it comes down to common sense being weak security - it's just what we need because no OS provides the right tools.

 

To quickly see if all things like java and flash are up to date you can run Qualys BrowserCheck: https://browsercheck.qualys.com/
I have it set as homepage for when my browser starts.
The attached screenshot is from my work laptop that is not so up to date

 

Unfortunately that doesn't work with Chrome.

 

I works with my Chrome
You have to install their extension (as you have to do for Firefox or IE).

 

Ah, I gotcha.

 

Disable Javascript.

 

I would definitely recommend using SandBoxie while browsing to avoid viruses and spyware. Its an awesome program.

 

The issue with removing Javascript is that so many sties require it. This means that it's up to the user to start whitelisting sites. If they believe a site is legit they'll whitelist it, and that site may be malicious or hacked.

I'ts not a bad step but it's cumbersome and not always effective.