The Facebook virus are spreading around the platform, and I was almost going to fall for one when a friend of mine sent me a message on facebook asking me to check a photo of us with a shortned url (the bit.ly, or tr.im kind of urls).
I'm wondering how many people did fall for this kind of message, when a friend of yours gets his account hijacked and start sending emails asking to visit a website with cross site scripting (XSS)...
So basically, this is a message for my friends: I'm not an IT specialist, but I know 2 or 3 tricks to make your web-life safer.
1. Try not to use Internet Explorer. Google Chrome or Firefox are a safer bet. Not because Microsoft's browser is the worst (they are getting better day by day), but it's much more tied to your windows OS than the others.
2. When using Firefox, install Adblock plus extension to have no more ads on facebook (and google, gmail etc...). But so far, the ads on Facebook are not very well controlled and a lot of spammer and hackers are using that to send the users to suspicious sites.
You also have adblocking for Google Chrome through the extensions, but my experience was not that great and Chrome started crashing.
3. If you have a genuine windows Vista or 7 (it's a little bit slow on windows XP for the scan), install the free antivirus AND firewall from Microsoft. If you don't have a genuine one or you want an alternative, Avast Home Edition is a very good and lightweight antivirus.
4. A firewall is a good add-on on top of an antivirus: it filters your connections to prevent someone to access your computer. It's free to use Comodo Home Firewall.
5. An Anti-Malware is a good tool to clean your computer from other things that are not specifically virus (like adware etc...). Spybot Search & Destroy is free and efficient.
6. A step further is to install Lastpass, it's an online password manager with local encryption, they also offer one time password to print in case you use a public computer, to increase security, you can have a confirmation matrix to add to your password for identity control (it's a figures/letters matrix that you print), so even if your master password is stolen, the person won't be able to login. Finally you can also have a usb version to use it on the go.
7. Check your facebook privacy settings, or get more info about facebook's privacy settings here. Basically you HAVE to make sure not EVERYONE ONLINE can see you photos/profile/infos etc... now you can tailor what you post (status, links, photos album...) and make sure only the persons you want to see them, actually see them!
Also Please create friend lists to make your life easier. Start by doing something like that: a list for your actual friends (and let them see your tagged pictures etc..), a "casual friend" list for your acquaintances you meet at conferences etc... (and only let them see the photos you post, or only some of them as now you can do that for each album you post), and a "professional friends" for people who ad you randomly (and only let them see your basic profile and studies, jobs)
8. Alway click the log-out button. Even on your computer! Do you know friends who post "stupid" status messages on your behalf? Yeah, that's funny! But imagine someone who change your email settings to add a filter to forward automatically all emails to another address he has control on, he could change your Facebook password or whatever password with this forward.
9. Always change your password, and don't use the same. At least try to have 4 or 5 different passwords and change them time to time across your accounts. Worst case scenario, if you don't remember them, you'll have to try 4 different ones. (and if you have installed Lastpass) you don't have to!!!
10. Finally: always shut down your computer. Why would you leave it on? It uses energy (and we are all green today, right! ;) and more importantly, some people could put sniffer/keylogger on your password, or at least check your files! And don't assume that your friends/colleagues won't do it, because at least a jealous friend will.
And not I'm not paranoid....I just try to abide by these rules. You can try them, and if you need any help, just let me know, I've configured this for my friends a dozen time...
What do you think? What are the most important ones? What would you use. Personally, there is one that I do not follow... ;)