Protect your PC in the web's worst neighborhoods

Avoid these dangers with a good security suite and an abundance of caution.

Your data. Your wallet. Your identity. In the darker corners of the internet, it's all fair game, and disaster could be one unwitting click away. Protect yourself by learning about the web's most common dangers, and how to avoid them. Also, take some basic steps to make your PC more resistant to harm.

Install security software

No, seriously. Go do it now. If you're running a Windows-based PC, security software is an absolute must. PCWorld recently tested 10 premium security suites--pick one! And even if you can't or won't pay for protection, you can bolster your defenses by building a comprehensive free security suite. Good security software stops web-based dangers in their tracks and can prevent malware infection before it happens.

Viruses and malware

A lot of people see viruses and malware as something that malicious hackers slip onto your computer. In reality, the vast majority of infections happen because of something the user does. Specifically, downloading and running files from websites or email attachments that you don't trust is a great way to wreck your computer.

Hackers especially like to serve up viruses on seedy websites, such as those claiming to offer movies, music, commercial software, and porn for free. Steer clear of these sites altogether, and you'll greatly reduce your chance of getting a virus.

To fend off malware, download programs only from trusted websites. Deny all others! Be sure to perform a virus scan on any software you download before you install it, as well.

Sometimes, shady websites disguise malware downloads as fake update or error warnings. If you encounter a prompt like that, just close the tab or window--don't click the warnings shown on-screen. Instead, browse to the official website of the software that's allegedly out-of-date and look for updates there.

"Drive-by" viruses

Most viruses come from files downloaded off the internet, but an insidious variant called a "drive-by" virus can infect you if you simply visit certain websites. Drive-by viruses exploit vulnerabilities in your operating system, browser or other software, so the key to avoiding them is to keep everything updated--your browser and any plug-ins like Flash and Adobe Reader.

Make sure you have Windows updates turned on, and if you ever get a notice that one of your plugins is out of date, take care of it right away. Microsoft will stop supporting Windows XP this April, so XP holdouts really need to upgrade to a new OS by then--even if it means switching to Linux. Connecting to the internet with an unsupported operating system puts you at a very big risk for being infected with a virus.

You can prevent some infections by disabling Java in your browser--to do this just search in the Start Screen for "Configure Java." In the Java preferences screen you'll find a security tab, which allows you to disable Java in web browsers. Or you could just delete the notoriously leaky Java from your PC altogether--you won't miss it unless you truly need it.

Turning off JavaScript--which is different from Java--can also reduce the risk of drive-by downloads, though it may nerf some of the richer design features found on some sites. The popular NoScript add-on for Firefox blocks JavaScript but allows you to whitelist a specific website with a mere click. Chrome users can manage JavaScript permissions by opening the options menu and selecting Settings > Show advanced settings > Content settings (under Privacy) > JavaScript.

Internet Explorer users should check out this tutorial on how to manage JavaScript in IE--and activate IE's ActiveX Filtering options while you're already ankle-deep in technical options. Bad guys frequently target ActiveX.

Using Sandboxie

To avoid all possible risk, or to take a protected walk on the wild side--like visiting a sketchy download site or installing a program that you're not sure about--there's a way to make sure you don't do any damage to your computer. It's called Sandboxie.

Sandboxie acts like a latex glove for your computer, dumping programs into a walled-off "sandbox." (Hence the name.) When it's activated, you can run programs or surf the web and be sure that those programs can't actually have any effect on your file system. That means they can't install software, or deposit or delete files on your machine. Instead, Sandboxie intercepts any changes, and you can decide if you want to let any of them affect your PC proper.

Once you've downloaded and run the installer, a quick tutorial will run, telling you to open up a browser window is sandboxed mode. To do that, just find the desktop shortcut for your browser, right-click on it, and choose Run Sandboxed. You can use this procedure to get your browser or any other program to run with Sandboxie's protection.

If you actually do want the sandboxed browser to be able to download a file, just download it as you normally would, and choose to save it in your Documents or Downloads folder. Sandboxie will display a dialog box asking whether you want to transfer the file out of your sandbox and onto your real hard drive.

Sandboxie isn't an excuse to throw caution to the wind, but it does give you a safe way to try out software that you're unsure about. Use it responsibly!


Thanks to sophisticated spam filtering on popular webmail service like Gmail, email isn't quite the wasteland it once was. Still, it's one of the easiest ways to get infected with a virus or to have your identity stolen. Just follow these two rules, and you'll be fine--doubly so if you have a security suite installed, as most premium options protect against email-based risks.

- Email rule #1: Don't open attachments that you weren't expecting.

If you get an email from someone you don't know that comes with any sort of attachment--even something that sounds totally normal like a JPG or PDF--don't open it. Simple as that. If the email is from someone you do know, but you weren't expecting to receive a file from them, don't open it. Send them a text message or something and ask if they meant to send it to you. One of the most common ways viruses propagate themselves is by taking over your address book and sending a copy of themselves to all your friends.

- Email rule #2: Don't log-in to sites you visit via email.

You've probably heard of phishing by now, but just to refresh your memory, it's the name for the class of email scams that work by tricking you into going to a fake version of a popular website. Once you're on the fake website, you're prompted to log in. When you enter your account name and password, that precious data goes straight to identity thieves.

The simple way to avoid getting phished is to avoid sites that require logging in through an email link. If you get an email from Amazon or eBay that says you need to make some change to your account, just visit the site like you always would--type it into your browser's address bar, click on a browser bookmark, or search for it in Google--and take care of the problem there.

But wait, there's more

These basic steps should keep you safe in the deep, dark corners of the web. If you're interested in learning how to safeguard yourself against more specific security woes, however--like hackers, zero-day attacks, spearphishers, and more--check out PCWorld's guide to protecting your PC against devious security traps. Keeping your PC safe and secure is simple enough...but only if you know what to look for.

Join the CSO newsletter!

Error: Please check your email address.

Tags security

More about About.comAdobe SystemsAmazon Web ServiceseBayGoogleLinuxMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Alex Castle

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place