Downloading files from websites (especially pirated files) is risky no matter what. The files may not be what you think they are, and may contain malware installers. Or the site may be ‘poisoned’ and try to automatically download malware to your machine. The short answer is that you don’t know in advance whether a site has malware on it. The first line of defense is to only download files from sites that you know are trustworthy. For Windows and Mac shareware I recommend C|Net’s Download.com. But how do you know whether a site you are unfamiliar with is a risk?
MyWot is a plug in that rates the trustworthiness of web sites
http://www.mywot.com/
Macafee Site Advisor also checks websites for scams and malware.
http://www.siteadvisor.com/
Scamadviser.com lets you check for reports of scams from web domain names.
Google has a tool which gives you a diagnostic report on the problems that have been found with a particular site. Highlight and copy this partial address below and put it into your browser location bar:
http://www.google.com/safebrowsing/diagnostic?site=
Now, directly after the = type the name of the domain you want to check and then hit return or click Go. You will get a page with an up to date report on the domain.
The problem with these reputation based ratings is that they don’t take into account dynamic third party content (such as display ads generated from a completely different site) which can be poisoned. The off-site content such as ads and syndicated content, changes continually so there is no effective way to judge its trustworthiness.
Download risks
You can’t scan a file for viruses without downloading it and reading it, so there is an inherent risk any time you download a file or run a web-based program. Never run or decompress a downl0aded file right away. Always download it to a folder on the hard drive and scan it for viruses before opening it. Some anti-virus programs can be directed to automatically scan any new files in a specific folder, so set that up on your Downloads folder.
Always make sure you have anti virus software running and updated to the latest definitions.
Disable Scripts
Look at your browser security settings, and do the essential things like disabling automatic running of downloads, and disable automatic running of Java and Javascript. I recommend using Firefox and the NoScript plug in which allows you to control which servers are allowed to run Javascripts – you’ll be amazed at how many third party sites want to run scripts when you visit a page – these are mostly associated with advertising tracking – NoScript allows you to accept scripts from the site you want, and deny all others.
Disable ActiveX
in Internet Explorer (or turn on Active X filtering in the latest version of IE). There’s no strong reason that you should want a web application to control other software on your computer without you knowing. The exception might be installing an update from a known source like Microsoft or Adobe.
Security settings for browsers:
Internet Explorer (Windows):
- Select Tools, Internet Options… from the menu.
- Click the Security tab.
- Click the Custom Level… button to adjust specific security settings or change the security level.
- Click OK (twice) to return to the browser window.
Firefox security settings look almost the same on both Mac and Windows platforms.
- On a Macintosh, select Firefox, Preferences…
On Windows choose Tools, Options…. - Click Security.
- If you like to save passwords for protected web sites, consider creating a Master Password to ensure private information is not accessed by others using your computer.
- Review other security settings and make the best selections for your needs.
- To exit and save the settings: On Macintosh, close the window. On Windows click OK.
Safari’s security settings:
- Choose Safari, Preferences… from the menu.
- Click Security.
- Review and adjust the security settings to suit your needs.
- Close the window.