Protect your PC in the web's worst neighborhoods

Avoid these dangers with a good security suite and an abundance of caution.

Your data. Your wallet. Your identity. In the darker corners of the internet, it's all fair game, and disaster could be one unwitting click away. Protect yourself by learning about the web's most common dangers, and how to avoid them. Also, take some basic steps to make your PC more resistant to harm.

Install security software

No, seriously. Go do it now. If you're running a Windows-based PC, security software is an absolute must. PCWorld recently tested 10 premium security suites--pick one! And even if you can't or won't pay for protection, you can bolster your defenses by building a comprehensive free security suite. Good security software stops web-based dangers in their tracks and can prevent malware infection before it happens.

Viruses and malware

A lot of people see viruses and malware as something that malicious hackers slip onto your computer. In reality, the vast majority of infections happen because of something the user does. Specifically, downloading and running files from websites or email attachments that you don't trust is a great way to wreck your computer.

Hackers especially like to serve up viruses on seedy websites, such as those claiming to offer movies, music, commercial software, and porn for free. Steer clear of these sites altogether, and you'll greatly reduce your chance of getting a virus.

To fend off malware, download programs only from trusted websites. Deny all others! Be sure to perform a virus scan on any software you download before you install it, as well.

Sometimes, shady websites disguise malware downloads as fake update or error warnings. If you encounter a prompt like that, just close the tab or window--don't click the warnings shown on-screen. Instead, browse to the official website of the software that's allegedly out-of-date and look for updates there.

"Drive-by" viruses

Most viruses come from files downloaded off the internet, but an insidious variant called a "drive-by" virus can infect you if you simply visit certain websites. Drive-by viruses exploit vulnerabilities in your operating system, browser or other software, so the key to avoiding them is to keep everything updated--your browser and any plug-ins like Flash and Adobe Reader.

Make sure you have Windows updates turned on, and if you ever get a notice that one of your plugins is out of date, take care of it right away. Microsoft will stop supporting Windows XP this April, so XP holdouts really need to upgrade to a new OS by then--even if it means switching to Linux. Connecting to the internet with an unsupported operating system puts you at a very big risk for being infected with a virus.

You can prevent some infections by disabling Java in your browser--to do this just search in the Start Screen for "Configure Java." In the Java preferences screen you'll find a security tab, which allows you to disable Java in web browsers. Or you could just delete the notoriously leaky Java from your PC altogether--you won't miss it unless you truly need it.

Turning off JavaScript--which is different from Java--can also reduce the risk of drive-by downloads, though it may nerf some of the richer design features found on some sites. The popular NoScript add-on for Firefox blocks JavaScript but allows you to whitelist a specific website with a mere click. Chrome users can manage JavaScript permissions by opening the options menu and selecting Settings > Show advanced settings > Content settings (under Privacy) > JavaScript.

Internet Explorer users should check out this tutorial on how to manage JavaScript in IE--and activate IE's ActiveX Filtering options while you're already ankle-deep in technical options. Bad guys frequently target ActiveX.

Using Sandboxie

To avoid all possible risk, or to take a protected walk on the wild side--like visiting a sketchy download site or installing a program that you're not sure about--there's a way to make sure you don't do any damage to your computer. It's called Sandboxie.

Sandboxie acts like a latex glove for your computer, dumping programs into a walled-off "sandbox." (Hence the name.) When it's activated, you can run programs or surf the web and be sure that those programs can't actually have any effect on your file system. That means they can't install software, or deposit or delete files on your machine. Instead, Sandboxie intercepts any changes, and you can decide if you want to let any of them affect your PC proper.

Once you've downloaded and run the installer, a quick tutorial will run, telling you to open up a browser window is sandboxed mode. To do that, just find the desktop shortcut for your browser, right-click on it, and choose Run Sandboxed. You can use this procedure to get your browser or any other program to run with Sandboxie's protection.

If you actually do want the sandboxed browser to be able to download a file, just download it as you normally would, and choose to save it in your Documents or Downloads folder. Sandboxie will display a dialog box asking whether you want to transfer the file out of your sandbox and onto your real hard drive.

Sandboxie isn't an excuse to throw caution to the wind, but it does give you a safe way to try out software that you're unsure about. Use it responsibly!


Thanks to sophisticated spam filtering on popular webmail service like Gmail, email isn't quite the wasteland it once was. Still, it's one of the easiest ways to get infected with a virus or to have your identity stolen. Just follow these two rules, and you'll be fine--doubly so if you have a security suite installed, as most premium options protect against email-based risks.

- Email rule #1: Don't open attachments that you weren't expecting.

If you get an email from someone you don't know that comes with any sort of attachment--even something that sounds totally normal like a JPG or PDF--don't open it. Simple as that. If the email is from someone you do know, but you weren't expecting to receive a file from them, don't open it. Send them a text message or something and ask if they meant to send it to you. One of the most common ways viruses propagate themselves is by taking over your address book and sending a copy of themselves to all your friends.

- Email rule #2: Don't log-in to sites you visit via email.

You've probably heard of phishing by now, but just to refresh your memory, it's the name for the class of email scams that work by tricking you into going to a fake version of a popular website. Once you're on the fake website, you're prompted to log in. When you enter your account name and password, that precious data goes straight to identity thieves.

The simple way to avoid getting phished is to avoid sites that require logging in through an email link. If you get an email from Amazon or eBay that says you need to make some change to your account, just visit the site like you always would--type it into your browser's address bar, click on a browser bookmark, or search for it in Google--and take care of the problem there.

But wait, there's more

These basic steps should keep you safe in the deep, dark corners of the web. If you're interested in learning how to safeguard yourself against more specific security woes, however--like hackers, zero-day attacks, spearphishers, and more--check out PCWorld's guide to protecting your PC against devious security traps. Keeping your PC safe and secure is simple enough...but only if you know what to look for.

Show Comments