How to Block Bad Websites
Introduction
With the amount of malware currently prowling the internet it's becoming increasingly important to protect your computer. I've broken my advice into both simple and advanced methods. With the simple methods you shouldn't notice many hassles in using your computer but you will get adequate protection. Advanced methods may be more difficult to use but your computer will be more secure.
Index
Simple Steps: Methods that are easy to setup and use
- Traditional Protection Layers (Antivirus, Firewall, HIPS)
- Browser Dependent Protection
- Browser Independent Protection
Advanced Methods: Methods that may be more difficult to setup and manage
Simple Steps
1.) Traditional Protection Layers: Antivirus, Firewall, HIPS
A.) Protect your system from infection
Installing an active antivirus program is one of the most important steps in keeping your computer secure. All of the programs reviewed in that article scan for all types of malware, but none can catch all.
In order to compensate for that weakness I would advise that you also use a proactive firewall. Some of the firewalls reviewed have excellent security features, such as Comodo's new automatic sandboxing feature (using isolation) or Online Armor's "run safer" feature (using limited privileges). Personally, I would recommend Comodo Internet Security as it comes with an antivirus, firewall, HIPS, and the automatic sandbox. If you do choose to install Comodo Internet Security, or Comodo Firewall, here's a guide on How to Install Comodo Firewall. All HIPS programs require a little patience in setting up and initially correctly answering the warnings. I would advise that you try one and see if you can deal with the alerts. If they're really too difficult for you then install a simple firewall that lacks a HIPS, but be aware that the protection offered is much less than you would get with the proactive firewall.
If you do decide not to use a proactive firewall, then a good alternative is to get a behavioral blocker, such as ThreatFire. These attempt to detect malware by its behavior, and should have significantly fewer popup alerts. Some malware is best detected by its behavior, so this is a potent second layer of active defense.
B.) Scan for Existing Malware
If you want to ensure your computer is not infected, or perhaps you suspect it is, then I would advise scanning your computer with a few of the programs in this review. Also run a scan with your current antivirus. The programs in the article are specialized scanners, but between them most malware will be detected.
After ensuring your computer is not infected it's now important to keep it that way. One simple approach to help accomplish this is to ensure that any file you download is not malicious before you run it. You can use this guide on How to Tell if a File is Malicious. By following those methods, and using common sense, you should be able to avoid manually running any risky software.
2.) Browser Dependent Protection
A.) General Browser Protection
Almost all popular web browsers now provide some general protection. Firefox, Opera, Google Chrome, and Comodo Dragon have encryption support (with SSL & TLS), deletion of private data, and popup blocking. They also produce warning screens to help you to avoid known malicious sites (anti-phishing, anti-malware protection). Firefox, Google Chrome, and Comodo Dragon also have private browsing modes that clear your tracks when you close the browser. Also Chromium browsers, such as Google Chrome and Comodo Dragon, have built-in secure sandboxing, making them especially difficult for outsiders to exploit even when hackers do find a bug. Comodo Dragon also doesn't have the privacy concerns that come with Google Chrome. In addition it will warn you if the site you are visiting has a SSL certificate that may not be trustworthy.
For blocking tracking cookies I would advise that you enable the option to block third-party cookies in your browser. This will prevent sites from loading cookies in your browser that are not from the site you are currently on. Thus almost all tracking cookies will be blocked. The only time you may have problems, and need to disable this, is sometimes when a site redirects you to another page. That said, in most cases it will work fine.
B.) Security Addons/Extensions
The website ratings freeware such as WOT, LinkExtend, and SiteAdvisor, and link scanners are (reviewed here).
WOT(IE, Firefox, Opera, Google Chrome): This has an excellent warning screen that allows you to choose whether to go to a bad site. This is my favorite sort of approach since it leaves the final decision to the user. If you combine this with your own good sense in avoiding untrustworthy sites, then you have a solid and free preventative web shield. If you happen upon a potentially dangerous site, WOT covers the screen with a warning and waits for you to decide. Whether to stay or leave. You can ignore the WOT warning and go to the site anyway or even rate the site if you disagree with the rating.
McAfee SiteAdvisor(IE, Firefox): This operates much the same as WOT. It also has filtering features, which block links, and a search engine to help prevent unwanted, or potentially dangerous, sites from appearing in your search results. This filtering or "censoring" of sites runs into the problem of false positives. If the filter draws from a false or controversial security rating for a site, then you won't even see the site in search results to judge for yourself whether it is worth surfing. However using it in this regard is optional.
LinkExtend(Firefox): This scans links with eight online services and gives you the verdict. Thus you are given the information, but the decision is still in your hands.
KeyScrambler(IE, Firefox): This encrypts your key strokes so that even if you have a keylogger on your computer your passwords, and personal information, will be protected.
LastPass(IE, Firefox, Google Chrome, Comodo Dragon): This is an effective password manager, with automatic password and form filling. It not only helps protect your passwords and sensitive data but also allows you to confidently create strong pass
words and change them often.
- Adblock Plus(Firefox): This allows you to subscribe to many different filter lists which help block unwanted or malicious content. This can include malware domains or unwanted privacy threats (tracking, web bugs, and marketing-analysis strings). You can subscribe to any of the lists on that page, but be aware that subscribing to too many will slow down your browsing experience. I'd advise subscribing to either Fanboy's List or both EasyList+EasyPrivacy. In addition it may be a good idea to subscribe to Malware Domains.
AdThwart(Google Chrome, Comodo Dragon): This serves the same purpose as Adblock Plus, except it works on Chromium browsers. You can even use the same filter lists.
3.) Browser Independent Protection
One limitation of the browser specific programs or extensions is that they miss other Internet facing applications (Internet messengers, Email programs, media players, etc.). Secure DNS services can filter out known malicious content, but a more general and potent way is with PeerBlock or HostsMan. This is explained here.
There are many good free DNS providers currently available. They are relatively easy to setup and require no software. These services use servers that are more secure than your regular ISP and they even filter out any known malicious content before it even reaches your computer. If you want to understand the technical details about how they work you can read about it here: IP Addresses Explained, DNS Primer.
Below I have listed three of the best services currently available. From them you can choose the one that best fits your needs. None of them will slow down your internet. In fact you may even notice an increase in speed. Each of these has malware blocking capabilities, but at the moment it appears that Norton DNS and ClearCloud DNS are much more potent at preventing malicious downloads. Comodo Secure DNS is currently lagging behind, but this may change as the service matures. I have listed the server names you will use to set up the DNS servers below, but if you're not sure how to set them up you can follow the directions provided by the services.
- 74.118.212.1
- 74.118.212.2
- 198.153.192.1
- 198.153.194.1
- 156.154.70.22
- 156.154.71.22
Advanced Methods
The methods discussed here may be more work to setup and manage but if you're willing to put up with the extra hassle they will also provide you with superior security. Be aware that these methods are in addition to those already discussed above. Therefore if you haven't read through the simple methods first then go back. If not then read on.
1.) Limit the Actions Malware Can Take
A.) Use Least-privileged User Accounts (LUA)
I highly suggest using a limited/standard user account (LUA or least-privileged user account) rather than a normal, full administrator account. Alternatively, you can selectively reduce rights for particular applications with DropMyRights (download, editor review), but you have to create or modify shortcuts. (XP users may want to use SuRun to run some applications with more privileges.) In some statistical studies, least-privileged user accounts protect against the majority of malware problems.
Personally I think a blanket LUA creates too many annoying restrictions/prompts for innocuous actions, but others find ways to make it work without pulling out all their hair!
Yet another option for Vista/7 users is to keep the UAC active (meaning "user account control", a built in windows HIPS and least privileged account feature) silently or full on. It automatically reduces rights system wide and virtualizes the registry. Read more about it on Wikipedia. Some like using TweakUAC to help reduce alerts. But a silent UAC makes it mysterious whether an application is going to work correctly (you have to check whether an application needs to be run under administrator mode).
B.) Isolate Malware From Your System
Improve your online protection by isolating or sandboxing applications that frequently use the Internet. These novel options will help prevent the vast majority of malware from getting a foothold. If you are willing to put up with the slight learning curve of Sandboxie (home, editor review) or GeSWall (home, editor review), then I highly recommend one of those products. They use different techniques to prevent or remove malware without depending on antivirus and antimalware scanners (that do not detect everything).
2.) Additional Browser Addons
NoScript: Blocks possibly harmful scripts and other content from executing before you can get away fro
m a site (for example, as you notice a poor site rating). It's a general JavaScript, Java, XSS, JAR, Silverlight, Flash, and other plugin blocker for Firefox. It optionally blocks web bugs to help protect your privacy (unchecked by default in "Options" > "Advanced" > "Untrusted"). However, many sites use such scripts and plugins today for legitimate purposes, so NoScript takes some getting used to and requires you to manually allow sites you trust if you want them to work as expected.
CS Lite: However, NoScript doesn't block cookies. You could just use the built-in cookie blocking features of Firefox or another browser (if applicable), but such features are usually difficult to access. CS Lite allows you to quickly allow/block cookies globally and then easily add exceptions to allow/block individual sites, which gives you more user friendly access to Firefox's cookie managing features. It requires much manual customizing, however, if you block cookies globally since many sites will not work properly (or sometimes not work at all) without them.
3.) Manually Block Bad Sites
Many free programs allow you to block bad sites based on a site's IP address. The very best type of IP Blocker that I've tried is PeerBlock. It's a very simple program that monitors IP connections and blocks connections that are on one of its lists of bad or unwanted sites. It comes with default block lists, allows you to easily download other lists (or create custom ones), automatically updates the lists for you, and uses very low resources (unless you have many, many lists). It's especially excellent for heavy users of P2P connections, or for users who don't use a large Hosts file.
The hpHosts, Hostsfile, and MVPS Hosts now focus on preventing malicious content, but they also help reduce ads. All of these Host providers frequently update their files, but make sure you remember to manually download them on a regular schedule (perhaps monthly). Choose only one of the three if you manage them on your own, though.
But you can use HostsMan to quickly update host files like hpHosts and MVPS Hosts. You can even download both of them, combine them together into a single Host file, and automatically optimize them by deleting duplicate entries. MVPS highly recommends setting the default update method to "overwrite current Hosts file" since it will prevent old entries from remaining in the file.
Note that there is always a possibility that malware may try to worm its way into the file (another good reason to update them regularly and to use anti-malware software). Some programs lock the Hosts file for this reason, such as WinPatrol, and most proactive firewalls (Comodo, Online Armor, etc.) will also detect access attempts or changes to it.
Also, users with Vista and above may have to shutdown their DNS client service to avoid slowdowns (all of the host providers above give directions on how to do this). I haven't noticed connection slowdowns with the filter lists I've tried.
If you use too many of these lists, such as a large hosts file and many IP blocklists, then they may slowdown or lessen your browsing experience. Choose them wisely. One idea is to get just one or a few at first, and then decide whether you want more filtering later. It's more important to get to know what they do (and to learn which list blocks which content) than to grab every list you possibly can and perhaps get frustrated with all of them!
4.) Update Software and File Encryption
A.) Repair Security Holes in your Software
Secunia PSI provides you with helpful links to update or uninstall software. But it automatically adds itself to the task scheduler without asking and it's generally slow. So for regular updating, see the article on Software Update Monitors. However, Secunia is also a well respected source for information and you can search its site to read about possible security threats and vulnerabilities to determine the trustworthiness of an application.
B.) Cloak Your Sensitive Information If Needed
Encryption helps with prevention to protect or hide your personal data from prying eyes, thieves, or malware (on the chance that malware luckily gets through and starts scanning for sensitive data).
No comments:
Post a Comment