by Jimmy Greystone - 6/6/12 12:27 PM
In Reply to: Safe web sites by MarkFlax
In addition, what you really need to watch out for are third party advertising systems. Someone might compromise the ad server that is linked to on a Facebook page, and make it serve up rigged ads designed to hit people with drive-by style infections. This is why I tend to say it is not safe to use IE for anything more than isolated sites which absolutely require Internet Explorer to work, and you cannot find a single other site on the whole of the Internet that offers this particular content/service. There are so many third party elements to different websites these days, that any would-be ne'er do well would have a half dozen different avenues of attack at least.
For that matter, I wouldn't even trust something like Firefox without the NoScript extension. Chrome has NotScript which is maybe 75-80% of NoScript, but Chrome (last I checked) still lacks the one critical element of allowing the extension to interrupt the browser's rendering engine and basically block some bit of the page from actually loading. That is pretty much the failing of every other web browser out there. NotScript for Chrome will basically cause the page to be reloaded after it's loaded the first time, then strip out all the scripts, but by then it could already be too late.
I will say that it is far less likely anything bad will happen on well respected sites, but again you have to understand that there are a lot of things going on behind the scenes which are not under the direct control of the company behind that website. Looking at my NoScript listing just for these forum pages, Cnet has scripts being loaded from Google, Twitter, crowdscience.com, gigya.com, and scorecardresearch.com not counting the three separate domains under the CNet/CBS aegis. So by coming to Cnet's website here, without something like NoScript to block those scripts from loading, you are trusting at least 5 different companies, probably without even knowing it. Google probably does a pretty good job keeping its systems secure, but I've never heard of crowdscience.com, gigya.com, or scorecardresearch.com myself, so how do I know how seriously they take their security? For all I know, any one of those domains could have been compromised months ago, and they don't have anyone on staff who knows enough to spot the telltale signs. It's something you need to keep in mind along with everything else. Especially since most people are under the mistaken impression that their AV program or firewall program will protect them from this sort of threat.
Was this reply helpful? (3) (0)