In our safe surfing guide series (part 4), we recommended you to dump IE and choose a better web browser, e.g., Chrome or Firefox, or SeaMonkey. Today, you get another reason to dump it forever!

On Feb. 20, Microsoft claimed that Google has been bypassing the user-defined privacy settings in Internet Explorer by using incorrect P3P identification terms:

Technically, Google utilizes a nuance in the P3P specification that has the effect of bypassing user preferences about cookies … By sending this text, Google bypasses the cookie protection and enables its third-party cookies to be allowed rather than blocked

Google’s response gave us a clearer picture.:

Microsoft uses a “self-declaration” protocol (known as “P3P”) dating from 2002 under which Microsoft asks websites to represent their privacy practices in machine-readable form. It is well known – including by Microsoft – that it is impractical to comply with Microsoft’s request while providing modern web functionality. We have been open about our approach, as have many other websites.

Today the Microsoft policy is widely non-operational. A 2010 research report indicated that over 11,000 websites were not issuing valid P3P policies as requested by Microsoft.

If the privacy settings in your browser is so easy to pass, it just proved IE is crappy. And, it was, it is and it will be!

Anyway, if you are still using IE, it is time to change, change for better web browser.

According to some reports, Microsoft Antivirus and Security products ( Microsoft Forefront and Microsoft Security Essentials) started to mark google.com as as being a severe threat called Exploit:JS/Blacole.BW in the Valentine’s day. A V-day gift for Google.

Surely, Microsoft quickly (4 hours) fixed the issue, and as usual, explained this is another technical issue.

Of course, I was not affected because I am using Avast!, one of the best free antivirus software. We used it for many years without major issues.

I just feel a bit sorry for those who are still using M$ antivirus or internet security software.  If you are using Windows (90% of our readers are still using it on desktop), you need antivirus for safe surfing as explained in a previous post.

But you need better quality antivirus software. If you are are M$ Av user, change to avast right now.

A war M$ is losing. Sorry it is just our hopes.

Anyway, this is a smart move to stop or at least to slow down the losing of market share (to Chrome and Firefox). M$ won the browser war against Netscape by bundling IE to Windows since Windows 95. But is has been a  loser in the same battlefield against Forefox, nor against Chrome.

Security, speed, and W3C standard are the major reasons tech geeks abandon IE. IE 8 and IE 9 did has some improvement in security and speed. But the compliance to standards is still not as good as Chrome or Firefox.

So, M$ silently updates the IER browser for most users; a lot of users will not know because they already switched to other better browsers.

The Carrier IQ website claims that the program has been installed on more than 140 million devices. If you are using Sprint+Samsung or Sprint+HTC, you should check your phone today.

Are you one of the victims?

Plain is better!

Everyday millions of third-party add-ons are installed for Firefox. Some of them can impose serious privacy and security holes for the computer.

Finally, in the latest release, Firefox 8 disables third-part add-ons. This is a correct step among so many mistakes in recent releases.

According to the official Mozilla Add-ons Blog:

These add-ons installed by third parties present a number of problems: they can slow down Firefox start-up and page loading time, they clutter the interface with toolbars that often go unused, they lag behind on compatibility and security updates, and most importantly, they take the user out of control of their add-ons.

So, in the Firefox 8, users must opt in to add-on installation. This means Firefox will disable the add-on until the user has explicitly opted in to the addition.

Anyway, this is a positive move. What do you think about this?

It is another sandbox you enjoy!

One of  the safest web browser is Google Chrome browser, which is becoming more and more popular. The security features include:

1. Sandboxing. Almost all  browsers now have tabbed browsing, even IE has it for long time. But Chrome differs itself from others by implementing sandboxing. The tabs have individual processes with sandbox capabilities which restrict privileges for third-party apps. This (sandboxing), according to Google and security experts “prevent malware from installing itself on your computer or using what happens in one browser tab to affect what happens in another. The sandbox adds an additional layer of protection to your browser by protecting against malicious web pages that try to leave programs on your computer, monitor your web activities, or steal private information from your hard drive.”
2. Alerting. Chrome alerts about bad sites, most importantly, very accurately. IE also tries to do the similar thing, but it is totally unreliable. Chrome’s phishing and malware detection is very impressive and it can be a good compliment to your anti-virus software.
3. Self-updating. Auto-updating is nothing new, even M$ rolled out updates every month. But self-updating in Chrome is truly non-intrusive: no bullshit and updating itself only. No popups, no restart, no reminders.

Remember, browser itself can provide very limited protection for safe surfing. You still need other tools and measures, as explained in our safe surfing guide series, antivirus, anti-malware and webmail.

Anyway, try to download and use Chrome today, if you haven’t.

Just another bullshit!

After the post on “How to surf safely? Dump IE, choose a better browser” was online, a reader pointed me to a so-called research report that IE 9 crowns the browser security.

According to the report, IE 9 can block 96% socially engineered malware; while the distant second (Chrome) can only block 13.2%. Full report is freely (anyway, nobody is wiling to pay such so-called reports) available here.

It sounds like a story told in April 1. And it actually is.

If you happen to read the report, you will notice their research was based on “NSS Labs has developed a unique proprietary “Live Testing” harness and methodology”.  So, we have no idea how reliable the test was. Who knows?

Secondly, the report did not say how many false blocking generated by IE 9. Remember, if Microsoft Security  Essentials can treat Google Chrome as a virus and remove it, it is not surprising that IE 9 may just blindly block a lot of legitimate contents as well.

Anyway, without Windows, 99.9% of computer virus will not able to survive.

Without IE, we would have got a safer network.

Your first internet experience!

This is part 4 of the Safe Surfing Guide series. You may check other parts as well to read the  complete safe surfing guide.

To surf safely, your browser can also play an important role. There are so many choices for browsers now: IE, Firefox, Chrome, Opera, SeaMonkey; all are freely available. But unfortunately, most users are still using the crappy piece of IE, simply because it is bundled by M$.

You should dump IE when you get your new PC. Most computer viruses or malware reply on IE, because M$ tightly integrate IE with the Windows OS.

In addition, IE is notorious for ignoring the web standards and trying best to drag the advancement in HTML standard. Although M$ changed gradually changed the strategy since IE 8, but it is too little, too small.

Sadly, if you are not using Windows 7, you cannot disable or remove IE. On Windows 7, it is possible to disable it. You may check this Youtube video on how to disable or remove IE on Windows 7.

So, you need install alternative (and surely better) web browser. Then, which browser is the best? My recommendation is Chrome.

If you had asked me this question one year ago, I would have recommend Firefox. But Firefox is burying itself. After Firefox 4, it seems the guys behind the project were getting crazy. The short release cycle just leaves a lot of incompatibility issues behind. I am currently still using Firefox 4. I downgraded after the automatic upgrading brought me to Firefox 5 and then 6. Now, I have to disable the automatic upgrading. Anyway, it is still better than IE.

On the other hand, Chrome browser is getting better. It is the most secured browser: each tab in its own sandbox. You also do not need administrator privilege to install it, so you can even install your own copy of Chrome in your school or company.

Of course, there are some security settings to make your surfing safer. I will share with you some security setting for Chrome in another post.

Anyway, if you do not like Google. You may try SeaMonkey or Opera. Both of them are also better than IE.

Follow her to use webmail.

This is part 3 of the Safe Surfing Guide series. You may check other parts as well to read the  complete safe surfing guide.

Malicious code and malicious link can be easily hidden in emails. When you open emails, the execution of the malicious code may be triggered. Or, the malicious link may open automatically and download nasty things to your local computer.

Another security issue for your email is phishing. The sender pretends to be someone else, e.g., facebook, or your banker. If you follow the link, you are trapped.

If you follow this Safe Surfing Guide series, you may wonder how this can happen after your install antivirus and anti-malware software already. The reason is simple.

All antivirus and anti-malware software can only find “known” threats, although some software can use certain patterns to find new threats. Most of the time, only after the virus and malware are reported, the computer security software vendors analyze such virus and malware, then update the virus or malware databases. Only after these databases are updated, such new virus or malware can be detected by the software.

The simple way to mitigate the damage of new malicious code/link in your email is to use webmail for any new emails, instead of using any email client, which manage your emails in your computer. For example, M$ Outlook and Thunderbird are the two commonly used email client packages.

Most webmail systems gives some sort of protection against such threats. For example, Gmail will find and mark most of the phishing links. AOL webmail disables all links in the email by default: if you need open it, you need confirm the operation. New Yahoo webmail also sees a lot of improvement on identifying spam and phishing emails. For the malicious code hidden in the email, most of these webmail systems are able to block them easily.

If you are using local email client to receive such malicious emails, the risk is quite high. Your antivirus and antimalware software are usually useless with new threats.

So, if you need store your emails locally, you may check all emails on webmail first, then download/retrieve them with your email clients.

Another advice dealing with malicious email is do not open any email from someone you don’t know. Gmail can show the snippets of the email so that you can discard unwanted emails quickly.

Anyway, checking your email use webmail, not email client, will reduce your risk of attacks from malicious emails.

Two tools can keep your safe!

This is part 2 of the Safe Surfing Guide series. You may check other parts as well for a complete safe surfing guide.

After reading the part 1 of this guide, you installed the antivirus software (hopefully, it is Avast), you may still expose yourself to something named malware occasionally.

Malware includes all malicious software. Some examples are: computer viruses, worms, trojan horses, spyware, adware,  and rootkits. The purpose of malware is to steal some information from your computer or  to gain unauthorized access of your computer. Normally, in computer security industry, we classify them into virus and malware.

Just like antivirus software, there is anti-malware software. Most antivirus software has some capabilities to scan and remove malware, especially rootkits, worms and trojan horses. But for adware, spyware, most of the time, you need anti-malware software.

For anti-malware, I usually recommend the free Malwarebytes Anti-Malware Free, which is sufficient for most users when works together with Avast!. The free version can do manual scanning and removal; while the Pro (paid) version allows real-time monitoring. For malware, usually you just need scan your machine once a month. So, you can go ahead with the free version. It should do the job. However, if you often visit high risk sites, e.g., adult sites, hacking sites, or you do online shopping very frequently, you probably can consider the paid version.

Surely, there are a few other similar software vendors with anti-malware offering. I usually recommend none of them. One reason is that Malwarebytes+Avast is sufficient for most normal users.

It is most users’ misconception that malware is less detrimental than computer virus. As a matter of fact, malware may cause more damages financially. For example, the spyware may get your passwords and credit card info. So, after installing antivirus software, you should install Malwarebytes Anti-Malware Free.