25 January 2007

#10. Safer Surfing Safaris

Everybody’s talking about Internet security these days. It’s the hottest topic from Kalamazoo to Katmandu. So why shouldn’t I get in on the action, sitting as I am right between those two?

Welcome back to Jonathan’s Tool Bar & Grill, where twice a month I share my discoveries of great low-cost utilities and Web sites. Today I’ll tell you about a couple of ways to stop fraudsters from tricking you into giving up your personal information.

No Phishing Allowed

As the Beach Boys sang, you can’t be too careful when you’re surfing. Well, OK, so maybe they didn’t, but they should have. If you care about safe surfing, I strongly recommend that you upgrade your browser to the latest version today. If you don’t care, I strongly recommend that you start caring. Why else would you be reading this?

The major browsers – Internet Explorer 7, Firefox 2, and Opera 9 – are all much more secure than their predecessors. They claim their code is harder to exploit, and they try to prevent drive-by downloads from infectious Web sites.

The major browsers now also boast built-in antiphishing alerts. When you go to a site that is suspected of masquerading as a reliable site, these browsers warn you before allowing you into the site. Firefox’s alert is shown below; the "Get me out of here!" link takes you to Google, where you can search for the page you really wanted.

These mechanisms rely on frequently updated blacklists of reported phishing sites, though their blacklists come from different sources. Both Firefox and IE7 also attempt to identify unreported impersonators from the sites’ characteristics, an area where Opera seems to have lagged behind. And Firefox also can allow you to choose a third-party service for checking Web sites, though presently Google is the only one offered.

The antiphishing filter can slow a browser down, but could be worth its weight. Make sure it is enabled in your browser. You can also try a number of antiphishing add-ons, most of which predate the new browser versions, but the built-in antiphishing mechanisms are generally regarded as equally good.

Love At First Site

SiteAdvisor (acquired by McAfee last year) is another good way to avoid Web sites that want to infect your computer, steal your identity, or bury you in spam or pop-ups. SiteAdvisor is a valuable adjunct to the browsers’ built-in antiphishing protection.

SiteAdvisor checks each Web page you visit against its database of sites that send out lots of e-mail, offer infected downloads, generate pop-up windows, collect personal information, or are affiliated with other suspicious sites. It colors the SiteAdvisor button in your browser’s status bar green (safe), yellow (caution advised), red (possibly unsafe), or gray (not reviewed). While surfing, glance at the button to see if the site is safe, and click the button for a detailed report about the site.

When you search through Google, Yahoo, MSN, AOL, or Ask, SiteAdvisor puts a colored safety rating button right next to each result (as shown below). These buttons can take a few extra seconds to appear, so be patient.

Unfortunately, this feature does not work with other search tools, such as metasearch engines I have previously recommended, but you still can rely on the SiteAdvisor status bar button for each page you visit.

SiteAdvisor does give misleading or false results occasionally. For example, it red-flags a clean, upstanding online calendar site that I use because some shady Web site also happens to have an account there. So if SiteAdvisor nixes a site you want to use, check the detailed report to find out why. You can also enter a site name in SiteAdvisor’s home page to see its detailed report.

SiteAdvisor works only with IE and Firefox, and can be downloaded absolutely free from http://www.siteadvisor.com. Consider also SiteAdvisor Plus, the paid version, with advanced anti-phishing protection and other features. Other independent products are available too, from Symantec and others, but they are not free.

Got any better ideas? Please post your comments and suggestions below. And visit me again right here on February 10 for more cool tips.

This column first appeared at http://www.elephant.org.il/jonathans_tool_bar_grill.

1 comment:

  1. I use Site Advisor and love it. I also user a nifty little program from Core Street called Spoof Stick - it's a toolbar that will
    display the name of the actual site you are visiting after you click on a link. Neat way to prevent phishing. It's great!!