Keep your operating system as well as all Web-oriented software up to date. Contrary to popular belief, you’re more likely to be infected by visiting regular websites (e-newspapers, airline companies, etc…) than risky ones (ringtones and mp3 download sites for example). Pirates want to infect as much machines as possible and thus compromise the sites that have the highest number of visits. Protect yourself against such attacks by keeping your operating system up to date and making sure that all Web-oriented applications (especially Adobe Flash Player, your PDF viewer, Java and QuickTime) are also patched.
If you have administrative rights on your machine, most of these applications will be updated automatically. If not, please contact your local IT support and ask them how they deal with this issue.
Finally, at home, you can delegate all this tedious management of security patches to third party software such as Secunia Personal Security Inspector.
Use strong and different passwords. Don’t make it easy for hackers to guess your password and use different credentials for different sites/services. Keep in mind that if you use the same password for every site, a hacker only has to break it once to have access to everything…
Keep in mind that identity spoofing is quite common on the Internet and act accordingly. All information and its source must be considered with caution and circumspection!
Always check the web server certificate when using a secure connection (HTTPS). A digital certificate is a mechanism for users to obtain assurance about the identity and authenticity of a web site. By inspecting the digital certificate on a website, you can help defend against identity theft and fraud. For example, a phishing site set up by criminals which masquerades as a legitimate web site (such as an online banking web site) can often be identified by an invalid digital certificate.
If your browser warns you that the certificate is self-signed, has expired, or that the domain name on the certificate does not match the name of the website address, we recommend that you don’t disclose any sensitive or personal information to that site.
Watch for typos. Misspelled versions of popular services such as Google and Facebook are often used in drive-by malware download and phishing attacks. Always double-check that you typed the website address correctly.
Don’t install useless toolbars or plugins. More and more – mostly free – applications come with bundled software such as toolbars, search plugins, or alternative browsers from commercial partners. Unless you’re 100% sure, don’t install optional bundled software.
Trust your browser security filter. The four most used browsers – Mozilla Firefox, Internet Explorer, Google Chrome, and Opera – come with a feature (Google Safe Browsing or Microsoft SmartScreen) that helps you avoid socially engineered malware phishing websites and online fraud when you browse the web. If you attempt to visit a website that has been flagged as dangerous, you get a clear notification. It’s usually a good idea not to ignore that warning.
Pay attention to the origin of the files you download. Whenever possible, always download software from the publisher’s website or from one of the mirrors listed on his site. This will prevent some nasty surprises (pay-per-install scams, bundled toolbars and so on). We suggest you refrain from downloading anything from the softonic.fr domain.
Use anti-virus software. While your vigilance is by far the best protection against computer viruses, up-to-date anti-virus software may come handy when your attention is temporarily diverted or simply when you browse sites that have been compromised.
Your professional Windows machine at EPFL should be protected by McAfee VirusScan (check for the presence of a red “M” or two shields in the taskbar). If not, please contact your local IT support for assistance.
For your home Windows PCs, we suggest that you use the integrated antivirus, Windows Defender. It offers a decent protection without eating up too much ressources.
Have your suspicious files analyzed. You’ve just received or downloaded a suspicious file and you can’t refrain from opening it? Before you do, please submit it to VirusTotal, which will analyze it using more that forty different anti-virus engines. Although the detection rate achieved by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file.