OK, does anyone feel knowledgeable enough to offer guidance on everyday security for the average web walker, esp with respect to the whole "click-jacking" thing, for which, according to the news, it seems, only NoScript offers immediate help.

To view links or images in this forum your post count must be 2 or greater. You currently have 0 posts.

Two specific questions for anyone caring to comment.

First, when a person visits a website on which NoScript blocks a load of content, what process is recommended for deciding what to let run? Grrr. Why, even after allowing scripts to run, is the page still not rendering all its content. I must be missing something--like, for example, I am unable to view and respond to pages using captcha, even after allowing everthing except "Doubleclick" to run. Here's an example of a page on which I had to open IE to deal w the captcha in order to post my wee rant: To view links or images in this forum your post count must be 2 or greater. You currently have 0 posts. I've used NoScript for a couple of years, know a tiny bit more than the average mortal about html code and how webpages are written, and am embarassed to admit that I am still unable to drive safely with NoScript ...

Second, other than using FFox and NoScript, do y'all have other security suggestions for ordinary mortals wandering the internet with ordinary machines, who want to do things other than man defensive battlements against attackers.

I use and recommend Spybot S&D: To view links or images in this forum your post count must be 2 or greater. You currently have 0 posts. . It's free for private use.

Nowadays you need 3 levels of protection: antivirus program, firewall, and malware/spyware/adware removal program - in my case Spybot.

Hope that helps.

All I really have to say is use common sense. Some examples:

1) To avoid falling for stupid Phishing techniques, watch the URL very closely. If it looks odd like To view links or images in this forum your post count must be 2 or greater. You currently have 0 posts. don't enter any information, get out of there immediatly.

2.) Know that its never really possible to completely secure your computer, except by disconnecting your self from the internet. And I'm sure no one wants that for you.

3.) Update regularly. (duh)

4.) Know what is and what is not on your system. So when something changes just a bit and you didn't do it, check it immediatly.

5.) As a little project, keep in mind that you can fight fire with fire...defensively of course. Learn about the different types of attacks that can be made on your computer so you can protect those weaknesses and at least you know how to defuse a bomb before you actually see one.

Hmm, that's all I can think of at the momment. Ill tell you if I think of some more. Good luck on this battlefield!

I use the following tools. They're only for advanced users, though.

1) Common Sense (To view links or images in this forum your post count must be 2 or greater. You currently have 0 posts.)
2) Process Explorer (To view links or images in this forum your post count must be 2 or greater. You currently have 0 posts.)
3) Autoruns (To view links or images in this forum your post count must be 2 or greater. You currently have 0 posts.)

Using them wisely, you're 98% safe from all virus and spyware that lurk the web.

Clickjacking? Common Sense and Noscript. It shouldn't be any problem.

IDK. Criminal IT is big bizness. News in the last few days show long and massive compromises of sites like the US Postal Service, the World Bank, a couple hundred thousand big company sites (fortune 500 and gov't sites.) The companies' sites now attack visitors' machines via security holes in browsers and bloody adobe acrobat READER! and Quicktime!) I use some big commercial sites like usps.com all the time, and, though I want to, don't keep every internet-connected application patched all the time.

To view links or images in this forum your post count must be 2 or greater. You currently have 0 posts.

To view links or images in this forum your post count must be 2 or greater. You currently have 0 posts. (normally fox "news" isn't reliable, but, this version of the story tracks with others and links to worldbank internal email and memos discussing the attack, which is interesting.)

Seems like you need tools like no-script that prevent involuntary malicious installs on visitors machines. Or throw away virtual boxes.

1) Hire me
2) I stand by computer
3) I smash SpyWare upon attack
4) I smash anyone who tries to steal computer
5) You browse internet in peace

I charge a nominal fee per hour, but you'll thank me... trust me, my badge reads "SECURITY" for a reason ;)

Install antivirus, use opera, use only "Guest" account privilege level (not Administrator), do not install java, run automatic windows update, set firewall with no exceptions, use email account only from major company like hotmail or gmail and always set your passwords to something which is hard to guess.
This is proven to work for 6 years for my father, no single infection etc with windows xp.

If you are still paranoid, you can restore orginal image (image from just after installation) of your harddrive every day.

For credit card payments its better to use fax those days.

For credit card payments its better to use fax those days.

Say what??!?

...do not install java...

what does he do when he needs access to information on sites that require installation of Java?

what does he do when he needs access to information on sites that require installation of Java?

Lot's of websites like forum and chats that require java, does contain viruses.
When some website asks for java, you have a lot of chance of getting something you don't want, so it's better not to run Java.

If you really need Java to access some professional application, you could install Java, but then you cannot go to random websites to download viruses.
When you run on limited priviledge account, the damage is smaller - operating system is not infected, but your PC account is taken over anyway.

So this is simple - you dont run java, you dont have java viruses :-)
If you want to run java, make sure you run antivirus.

I had those problems with my parents machine, every time I was inspecting their machine it was full of crap even with kaspersky antivirus. Now they dont run Java and they are happy with their PC.





Monster added to this post, 14 minutes and 35 seconds later...

Say what??!?

I am using only fax for banking instead of the internet and people consider me crazy because of that and very outdated :-) It's reliable way too and quite safe, especially when you have office between two student houses.

I like real cash, but I hope it wont dissapear soon. You know, terrorists etc...

I am using only fax for banking instead of the internet and people consider me crazy because of that and very outdated :-) It's reliable way too and quite safe, especially when you have office between two student houses.

I like real cash, but I hope it wont dissapear soon. You know, terrorists etc...

Yes, because using an unsecure phone line, where some random can pick up your personal details on the other end of a fax machine intray is much more secure than at least using some encryption on your net connection...

I really don't think you understand Java at all either...

IMHO fax sniffing is less popular now. I dont have to put my credit card details too, just my sig.
From the from practice, java viruses are giving the hard time. It's not java really, it is the browser activex/plugin system hole. Java viruses are the fact and by visiting forums etc you get a lot of this crap, but I dont know if they can do harm or not, my goal is not to get infected.