Avoiding Drive-by Downloads
My daughter was sent a link from one of her Facebook friends and became infected just by clicking on it. How do I keep this from happening in the future (Windows XP)?
This question was answered on November 25, 2010. Much of the information contained herein may have changed since posting.(Get advanced tips and more discussion on Drive-by Download prevention on our Radio Show page: http://www.datadoctors.com/media/radio/633 )
Without seeing what the exact link was and what actually happened when it was clicked, it sounds like she might have been the victim of a ‘drive-by download’ (the ability to download a program in the background by simply visiting a malicious website).
Software authors with malicious intent have rigged up websites all over the Internet designed to exploit computers that are not completely secured with all of the latest operating system and security patches.
Windows XP is a fairly old operating system (Oct of 2001) and if you don’t install security patches as they are released, your computer is a sitting duck.
From a hackers standpoint, your situation is a prime target (teenager, older Windows OS & high-speed ‘always on’ Internet connection) because your combination is the most easily exploited.
Younger users tend to participate in more of the activities that expose them to a higher potential of running across a malicious website (downloading free wallpaper, screensavers, music, video, game cheat codes, file sharing, etc.) and when you combine that with an older less secure operating system and an always-on Internet connection, you are a prime target.
My first suggestion would be to migrate to Windows 7 which has substantially more protection against these kinds of exploits built-in (drive-by downloads were not common when Windows XP was created).
In any case, staying current with all of the updates for Windows and your security programs is one of the biggest keys to avoiding most of the problems.
In the past, drive-by downloads primarily targeted the holes discovered in the Windows operating system, but today web browsers and web tools (such as Adobe’s Flash and PDF Reader) are heavily targeted as well.
This means that you must keep them all updated with any patches as soon as they are released or risk being exposed to drive-by downloads that can come as links in social media, instant messages and e-mails as well as stumbling across a malicious site while using a search engine.
Browsers such as Internet Explorer, Firefox, Safari and Chrome are now highly targeted by malware authors that quickly create malicious websites when a new vulnerability is discovered (the term ‘zero-day exploit’ refers to newly discovered vulnerabilities being exploited the same day that they are discovered).
Since it can take a number of days or in some rare cases, weeks for new browser exploits to get patched, you should have two or three browsers installed so that whenever a really dangerous vulnerability is discovered, you can switch to another browser until the patch is released.
Another big threat these days are PDF files, the universal document format from Adobe Adobe’s free Reader program is routinely being reported to have vulnerabilities, which makes opening PDF files from anyone another way to be exploited.
Many technical users are switching to an alternative program such as Foxit Reader http://bit.ly/iaq44D) and uninstalling the Adobe Reader altogether.
At the very least, you should consider turning off the feature that allows you to view PDF files in your browser (usually in the Tools or Preferences menu, depending on which browser you use) and get into the habit of downloading any PDF files and opening them with an actual PDF reading program outside of your browsing session.
If you want help keeping up with the security risks as they are discovered, we routinely post warnings about newly discovered vulnerabilities that impact most users on our Facebook page http://on.fb.me/kZifn) along with links to updates as they are released.
Need Help with this Issue?
We help people with technology! It's what we do.
Schedule an Appointment with a location for help!
Posted by Ken of Data Doctors on November 25, 2010