source: BBC News Technology, Alan Woodward
Are we wising up to the dangers lurking online? Or are phishing, spam and hacking just words that we still do not understand and we hope will not happen to us.
Ofcom recently revealed that one in four British people still use the same password for all their activities online, suggesting we still have some way to go to fully understand computer security.
Here Prof Alan Woodward explores some of the misconceptions about how we stay safe online.
While there is still a long way to go in raising awareness of the risks inherent in surfing the net, word is spreading.
Unfortunately, some urban legends have arisen that are leading to a false sense of security.
Probably the most common of these myths is that your computer cannot be infected simply by visiting a website containing malicious code. The story goes, that you are only going to get malware on your machine if you actively agree to download software.
SECRET DOWNLOADS
As with many myths it contains a grain of truth. However, you may not recognise that you are giving your permission, and often hackers rely upon the fact that your computer is set to give permission by default to certain types of download. This has led to the phenomenon of "drive-by downloads".
These downloads can happen in several ways, with hackers developing new methods all the time.
Possibly the most insidious technique relies upon what are known as inline frames or "IFrames". The intention of IFrames was to allow webpages that have a mixture of variable and static content to be constructed so that they used computer resources more efficiently.
First introduced in 1997, IFrames essentially allow you to embed "active" material that is brought in from elsewhere.
When misused, IFrames can secretly download another webpage - one you will not see because they can be as small as a single pixel - which redirects you to a page containing an exploit.
If your browser and system are vulnerable to this exploit then the malware is downloaded on to your computer. And, you did not agree to anything, did you?
A variant of this first great myth is that webpages cannot download to your computer without you clicking on an "OK" button.
You may have to click but that click might not be doing what you think. A typical trick is for a compromised site to pop up a box - usually an advert - which you simply have to close if not interested. The act of closing the advert can be the very click that initiates a download.
Things are not always what they seem online.
HOW TO STAY SAFE ONLINE
- Anti-virus software is a good start although it can only protect you against the threats it knows about
- Don't open emails or attachments from people you don't know
- Block spam emails and delete them
- Use unique passwords for every site you interact with
- Make sure passwords are complex and contain no personal information - a combination of letters and numbers is a must
- When visiting a site check that it is genuine - by looking for addresses and phone numbers
- Check the address in the browser address bar is the same as the one you typed