The world wide web is a way of life. I don’t go one day without using it. In fact, I am using it right now to write this blog. When I go home, I go online, maybe to check my Amazon orders, or to dig up some information for school, to see what celebrity is in jail, some cute videos of kittens, or anything else this massive network of computers has to offer. If you imagine the world wide web as a hypothetical model of the real world, most of it is safe, while a few bad apples ruin it for everyone else.

At the heart of the process of “surfing the web” is the internet browser. None so ubiquitous as Microsoft’s Internet Explorer. There were others before it (Netscape to be most specific) but none penetrated became quite as popular as IE. Its simple really, IE is easy to use, readily available, and can display nearly all web content in existence. They ugly side of IE’s popularity is the huge target symbol for internet miscreants that being the chief software brings with it.

If you have been infected with a virus, trojan horse, or spy-ware in the last 5 years, it was due to an internet browser and an infected web-page. Virus scanners have become so sophisticated, that we rarely see viruses come onto a computer via a flash drive or floppy disk. Software manufacturers have stopped bundling spy-ware with their products and most virus scanners will scan a program downloaded from the internet before it ever lets you install it.

Look at a web page from 1999 and compare it with one from now or even a couple of years ago. What was once a text driven HTML page is now a media rich sound and video experience. In order to drive this contents, web-pages run “scripts” in your browser. For example, of you are in a web-page that has embedded video, the web page will run a script that instructs the browser to run windows media player within the browser, loads the beginning of the content into the player, and sets the volume. This is oversimplified, most modern web-pages have 8 or 9 scripts that need to be run for the full experience of the web-page to be realized.

This is the latest vector of virus attack and it is surprisingly effective. All an attacker needs to do is embed malicious code in a popular web-page. Even if the attack is noticed and responded to quickly, there could be literally thousands of computers that were infected in the short time it would take for a web administrator to remove the malicious code. One of the most popular attacks is the “win-antispy” program that installs itself and indicates that it is an anti-virus program, in truth it is actually a virus itself and in order to remove it, it directs unwitting users to a website where they pay a small fee to remove it. In testing, I have seen a computer get totally infected with this virus in about 15 seconds. Removal takes hours and may not always be successful.

Many people have switched to Mozilla’s Firefox (an extension of the old Netscape browser) which is more resistant to these types of attack, but as it grows in popularity, malware designers have come up with ways to trick Firefox as well. I keep my computers safe using three programs. Microsoft Security Essentials, Mozilla Firefox, and No Script. MS Security essentials is an excellent anti virus which is free from Microsoft. In case a virus does get down to your disk, Security Essentials has a very high detection and remediation ability. Firefox is less secure than it used to be, but with the NoScript add-on, you will be safe from almost every browser threat. NoScript blocks scripts from running on every page, and gives you a list of scripts the website wants to run. For your bank and other trusted sites, you might opt to always allow those pages. For everything else, I let it block the script first, then I decide whether or not the script is needed in order for the page to display correctly.

All three of these tools are 100% free. While the Firefox Add-In adds a layer of complexity, once you get used to it you forget that its there, and it makes for a very secure browsing experience.

http://www.mozilla.com/en-US/firefox/personal.html

https://addons.mozilla.org/en-US/firefox/addon/722 | http://noscript.net/

http://www.microsoft.com/security_essentials/