Last week, the New York Times (via Yahoo) posted an article on five ways to keep safe online.  They have blurbs and excerpts on each one, but here they are with my summaries.

1. Use a secure browser.  The article suggests that because Internet Explorer and Firefox are the most popular browsers, they are the most targeted. That’s true, and they go on to suggest that you should use the most recent version and install security updates.  Again these are both good pieces of advice.
   
   The NYT then says it can help to use a more obscure browser like Google Chrome.  Because it’s not as popular, it’s not as targeted.  That’s essentially security by obscurity and the theory is that since it is not used as often, it is not worthwhile being targeted by malicious actors.  There’s some truth to that, but psychologically if you think that nobody is going to target you and therefore you don’t need to take security precautions (cough, Mac users, cough), you could end up being even more vulnerable.  The reason is that having no coverage at all means that the most glaring security exploits go unchecked by you and eventually, you get hit simply due to the prolific nature of malware on the web.
   
2. Get Adobe updates.  Adobe’s software has suffered in recent years with a perception for being insecure.  Given that Adobe Acrobat has as wide a footprint on users’ computers as Microsoft’s Windows, and that’s a large user base for malicious actors to target (Flash is also quite ubiquitous – except on iPhones and iPads – and it runs in browsers, see point 1).
   
   Luckily, Adobe has adopted a security model similar to Microsoft’s in that they have a predictable patch schedule.  So long as you agree to install the updates when it is finished downloading (and you should), these auto-updates lower your risk.
   
3. Be careful of malicious ads.  When you do search results on a search engine like Bing or Google, sometimes, the ads on the side are malicious.  For example, if you search for “antivirus software”, sometimes the paid search results look like anti-virus programs but are actually malicious software (malware) that actually do nothing for you except flip your computer into a botnet or steal personal information.
   
   It’s a little unfair to expect the end user to beware of malicious ads on search engines; a good portion of the user base doesn’t understand how to recognize them.  My own perspective is that Google and Microsoft should be aggressively hunting these things down and removing them as quickly as they can detect them.  The NYT does advise users to run Microsoft’s MSRT tool, so that’s a good thing.
   
4. Beware poisoned search results.  This is similar to the above where a spammer or malware author will do black search engine optimization to get their pages to the top of a search list (such as exploiting the top search terms of the day).  Most browsers today have URL filters built into them that update frequently that are able to scan the link that the user browses to and indicates that the site is malicious.
   
   My perspective here is similar to the above.  Internet browser maintainers need to partner with URL reputation organizations to protect their end users.
   
5. Be careful who your friends are.  While the NYT article says to beware all social media sites and calls out Twitter, they specifically allude to Facebook and advise you to only friend someone whom you know.  The reason is that some malicious actors will use Facebook to gain your trust and blindly add them to your friends list where they can either access your data, or get you to install applications that steal data from you.
   
   Facebook is an interesting case study because it does so much, but is also attracting the ire of legislators.  I don’t think that Facebook was prepared for its rapid growth in popularity and is dealing with the growing pains.