If you are like 99% of the population you graciously allow Microsoft to update your operating system software on a regular basis and you probably (hopefully!!) have an Anti-Virus product installed which is kept reasonably current in regards to detection and protection mechanisms.
On newer versions of Windows, the “Action Center” can be checked to review the state of your systems general health in regard to a Firewall, Windows Updates and Anti-Virus protections being present and functional:
Unfortunately most people still overlook one of the most common infection vectors which we see as Incident Responders within Foundstone, which is your Browser and its associated Plug-Ins.
You can’t ever really be in that 100% “cannot be infected/compromised” state of mind because vulnerabilities are constantly discovered, but you can greatly decrease the chances of this happening to you by taking a few more proactive steps on your computer.
Use NoScriptThe first step I recommend is to use Firefox with the NoScript plug-in. NoScript is very well known and prohibits any script execution except for those specific sites where I have explicitly allowed them to be run (aka a “white list”). When I fire up Firefox, I see this indicator of NoScript’s status:
When I visit a website that isn’t already in my “white list” I see a slightly different representation:
It’s surprising the number of scripts (and sites) a single web page can be referencing. To see what sites are being prohibited from script execution in the current browser window, just click on the NoScript icon:
Here we see that the only attempts to execute any scripts are related directly to “mitre.org” and I can either add “mitre.org” to my “white list” by clicking on “Allow mitre.org” or temporarily allow execution for this browser session by selecting “Temporarily allow mitre.org”.
If there were multiple links attempting to execute scripts and I “trusted” them, I can globally allow execution by selecting “Allow all this page” or “Temporarily allow all this page”. (I generally never select the carte blanche “Allow all this page” and suggest you adopt that same level of prudent paranoia.
Be aware that when you visit your legitimate web sites you will have to initially add them to your “white list” so that subsequent visits will allow the site to look/behave normally – but it’s really worth the tiny bit of effort involved to raise the security bar.
Blocking script execution from general websites is already a HUGE improvement in your browser security, but you can take this much further with some simple additional steps.
Update Your Browser!Make sure your browser itself is current and up-to-date. For Firefox, you just have to fire it up and then select “Help” and then “About Firefox” (as shown below).
If all is well and good you should see something similar to this:
If you don’t see the message: “Firefox is up to date”, it’s time to update! Below we see a screenshot of a system which has been found to have an outdated version of Firefox installed:
Update your Add-onsNext we need to check your Add-ons (aka plugins) to ensure they are current and not known to be vulnerable. Once again from within Firefox, select “Tools” and then “Add-ons” to bring up the Add-Ons Manager:
It’s unfortunately pretty common for us to have multiple Plugins associated with our browsers, and any of them can be the key to infection or compromise. Once the “Add-On” manager is running, select “Plugins” and then “Check to see if your plugins are up to date”:
If you’re lucky (most aren’t) you’ll find that none of your plugins are obsolete or have a known security issue associated with them. Most of us will see that we have one (or more) plugins which require an update to be installed. For any plugin which is shown as being out-of-date it’s critical you install an update immediately:
Looks like we’ve got at least 2 plugins which need to be updated immediately!
With just a little effort you can dramatically improve your systems ability to fight off most infections/compromise vectors. In a nutshell:
- Patch your operating system regularly
- Ensure you have an active and current Anti-Virus running
- Use a tool such as NoScript to prevent carte-blanche script execution when browsing the web
- Ensure your browser is current and up-to-date
- Ensure your plugins are all current and up-to-date
What do you do to protect yourself? Let us know in the comments below!
Post a Comment