Blogs / Podcasts / Articles » Free Articles

Scott Wright's Security Views (ScottWright)
Blog Entry

Clicking on links is like hitch-hiking - you never know where you'll end up

Monday, November 24th 2008 @ 6:03 AM (not yet rated)    post viewed 1775 times

Originally posted - May 17, 2007

Just to ad a little bit of confusion to the question of “Who are the bad guys and who are the good guys?”, there has been discussion of how some dangerous links are able to get into the Google Adwords ads on the right side (and sometimes first few search results) of a Google search results page.

Didier Stevens did an interesting experiment to demonstrate how easy it was for a malicious site to get an ad in a high position, where it might infect people with inadequate security on their systems if they click on them.

This goes to show that it doesn’t matter who you think you can trust. I have the following advice:

  1. Don’t click on links or attachments you don’t know anything about or aren’t expecting. Sadly, Google hasn’t kept on top of the ad links to make sure they are safe. So, even if a link looks legitimate, you should put some effort into checking out the reliability of Web links in Google ads that you may want to visit. Even links in emails can be disguised. Just because the visible part of a link says “www.paypal.com”, the link might actually take you somewhere else, and it won’t be so friendly.
  2. Make sure you are using an industry standard anti-virus and anti-spyware product on any PC you use. Some people think that Firefox browser is more bulletproof than MS Internet Explorer. This may be true, but no software is without bugs, and even with Apple Macs, there can be a first time for everything. Keeping subscriptions for anti-virus and anti-spyware up to date is essential, but not always sufficient. You need this kind of protection because we no longer live in a world where a virus infection immediately causes your system to go wonky. They can hide in your system indefinitely and just observe your actions, reporting back to the mothership once in a while. You may never know.
  3. Finally, if you really want to go into the wild and click on things that might be dangerous, make sure you have everything backed up from your system, and it’s always good to do it on a freshly installed operating system… then re-install the OS immediately afterward!

Seriously, links are not always what they seem. You have to treat them as if you are hitch-hiking. You just can’t be too careful.

 

Scott Wright

The Streetwise Security Coach

Phone: 1-613-693-0997
Email: scott@streetwise-security-zone.com
Twitter ID: http://www.twitter.com/streetsec
LinkedIn: http://www.linkedin.com/in/scottwright (please send a personal message first on LinkedIn if you'd like to connect, to ensure that you're not a spammer)


Did you find this post interesting?
If so, why not find out more?...

To download my FREE Security Management Resource Guide now, and to receive my series of Streetwise Security Tips, as well as my Streetwise Security News and updates click HERE.


Join the Streetwise Security Zone, or learn more about mobile security risks through the Honey Stick Project.


If your organization is looking for innovative ways to make its security investments more effective right now, CLICK HERE to learn more about Streetwise Security Awareness solutions.

 

Site Meter

Comments

Copyright 2012. Security Perspectives Inc. All Rights Reserved.