Authored by a Symantec employee
Most people are unaware of the fact that you don’t have to intentionally download a malicious attachment in order to compromise your computer’s security. Malicious websites and drive-by downloads are just two ways that your security can become compromised by doing nothing more than visiting a website. Both underpin the necessity of protecting your computer with a strong Internet Security Program. And despite what you might have heard, Macs need them just as much as Windows machines.
What is a malicious website?
A malicious website is a site that attempts to install malware (a general term for anything that will disrupt computer operation, gather your personal information or, in a worst-case scenario, gain total access to your machine) onto your device. This usually requires some action on your part, however, in the case of a drive-by download, the website will attempt to install software on your computer without asking for permission first.
What’s more, malicious websites often look like legitimate websites. Sometimes they will ask you to install software that your computer appears to need. For example, a video website might ask you to install a codec, which is a small piece of information a video player needs to run on a website. You might be used to installing safe codecs, but it only takes one unsafe installation to compromise your machine, and your sensitive information along with it. Similarly, the website might ask for permission to install one program, but install a completely different one -- one that you definitely do not want on your computer.
What is a drive-by download?
Drive-by downloads are even scarier than a malicious website, though the two sometimes overlap. Drive-by downloads can be installed on your computer simply by looking at an email, browsing a website or clicking on a pop-up window with text designed to mislead you, such as a false error message. This type of malware is particularly frightening, because it’s basically impossible to know if you’ve done something to install the malware. What’s more, your anti-virus software might be incapable of detecting it, because hackers deliberately make it difficult for anti-virus software to detect.
Drive-by downloads often don’t require your consent, or tricking you into giving it. Sometimes the malicious code hides deep in the code of the website. Once the download is on there, it can be difficult or impossible to get off of your computer, tablet or mobile phone. You might even be visiting a website you’ve visited hundreds of time and trust, but somehow a drive-by download got in there.
How do I protect myself against malicious websites and drive-by downloads?
- Internet security software can’t always detect bad software from malicious websites and drive-by downloads. It can, however, prevent you from getting them in the first place. Defensive software such as Norton Security will prevent known drive-by downloads and warn you when you try to visit a malicious website.
- The best thing you can do to protect yourself is to keep your computer’s software up to date, most importantly your operating system. Often times, hackers utilize known security problems in software before manufacturers can patch the problem. Updating your software prevents you from being low-hanging fruit.
- Don’t install codecs unless you’re absolutely positive that they’re safe.
- Don’t open emails that seem suspicious or “spammy,” especially if they contain attachments or are from unknown senders.
- If you get a link in an email, it doesn’t hurt to visit the main website by typing the address into your browser manually. When in doubt, call the person who sent you the email before clicking.
- If you’re the least bit suspicious about a URL, use Norton Safe Web to check it out.
- If a website seems off, looks like it’s installing something or is asking permission to install codecs, you’re better off closing the tab and looking for the content elsewhere.
There are a lot of dangers out there and malicious websites hosting drive-by downloads are some of the newest and scariest. But there are ways for you to protect yourself so that you can use the Internet without trouble. Do your due diligence and exercise reasonable caution and your web surfing should be smooth sailing.
Disclaimers and references:
Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.
© 2018 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the Lockman Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome is a trademark of Google, Inc. Mac, iPhone