Ok, we *all use Facebook. Something that makes Facebook unique (and MySpace started doing this toward the end too) is apps. Facebook lets you install applications – e.g. Farmville (my personal fav). Well, these apps are developed to utilize everything about your Facebook profile. Facebook provides an API (Application Programming Interface). This allows developers to write apps that can do anything to your Facebook profile – e.g. post to your feed, send messages to your friends, etc.
So what’s my point? Don’t install any and every app you come across. Some apps aren’t games or “surveys” – some are “give so and so a flower” or “send so and so a hug”. The majority of these are traps. They seem harmless – “oh, sure, I’ll send my friend a hug!” Why would you need to install an app that “requires full access to your Facebook profile”? It’s just not worth it.
So safety tip #1 – do not install apps on Facebook unless you KNOW who the software vendor is. Games such as Farmville come from legitimate software developers. These little “hug” or “flower” apps can be developed by pretty much anyone. Is it worth it to send a hug, just to have your profile hacked?
The next way your Facebook profile can get hacked is via JavaScript. I’m going to do my best to not get too geeky here, but we have to talk nerdy just a little. JavaScript is plain text, embedded within Web pages. It provides for more elegant Web design and can do far more than flat HTML can do. Whether it’s fancy image transitions or actual data retrieval, JavaScript is a very powerful scripting language. It can also control what your browser does – e.g. move your cursor, control windows (e.g. pop-ups), etc. Well, the power behind Facebook is JavaScript.
The latest trend has been to send people links via private message/email. You click on the link thinking it’s going to be a funny video, but it’s actually a malicious JavaScript on the offending site/host. It then executes JavaScript that can penetrate your Facebook page and post whatever it wants to your feed.
That brings us to safety tip #2 – don’t click on links in messages or posts that you do not trust 100%. It’s the oldest trick in the book. “Hey, look at this” and then wham, you’ve been had.
How does one prevent this? Well, JavaScript can only be stopped one way – stop it. That’s why The Computer Peeps recommend Firefox as your Internet browser. Firefox alone is not only one of the safest, fastest Internet browsers, it’s also ahead of its time. All of the security measures Microsoft just got to today, Firefox had years ago.
Another benefit of using Firefox is add-ons. These are plug-ins developed to enhance Firefox. Just like Facebook, there are good apps and bad apps. Because Firefox is open source and because everyone – good or bad – has access to the code, it makes for an extremely safe and stable product. Seems odd doesn’t it? It’s the beauty of community. I don’t use a bunch of add-ons for Firefox simply because it just doesn’t need them. There are a few that are worth their weight in gold though:
- NoScript
- AdBlock Plus
I have been using these for years and they are both lifesavers. NoScript is the one we’re going to discuss in this post. AdBlock is fantastic and helps block all ads embedded within a page – I’m sure ads are most-annoying to all of you reading this. NoScript though is special. It blocks all JavaScript from being executed. Thus, if you visit a site that attempts to execute malicious JavaScript, it simply cannot execute it, period.
That can be a good and bad thing though. You want certain sites to be able to execute JavaScript, such as Facebook. What you DON’T want is for sites people link to on Facebook to be able to execute JavaScript. After installing NoScript, the first time you visit a site such as Facebook, JavaScript will be disabled. All you do is click the little icon and allow JavaScript on the site you trust. Within a day or so, you will have visited all of your regularly visited sites – e.g. Facebook, Amazon, CNN, The Onion, etc. Just “allow” each of those sites and you never have to do it again!
To me, it’s beyond worth it to “allow” a site rather than let it execute JavaScript that posts a naked girl dancing on my Facebook profile. You tell me if it’s worth it. 😉
All of these products are free and easy to use. To download Firefox, visit:
http://www.firefox.com/
.
Once you have Firefox installed, click Tools > Add-ons…
Search for NoScript and install it. Once that’s installed, search for AdBlock Plus and install it. You’d be amazed what ESET Nod32 as your anti-virus and the above Firefox setup can do in the name of securing your computer. Add to that, you don’t have to see annoying ads when you visit a site (and even ads can be a security issue if they lead you to another site).
If you need any assistance with the above, just call The Computer Peeps!
Dean
I am a Software Developer, System Administrator, and consignment software specialist. I currently manage hundreds of consignment workstations, point of sale systems, and database servers all across North America and I am the developer of Peeps' Software, Peeps2Go, and Peeps' Consignor Login for iOS and Android. I've been helping consignment & resale store-owners since 2003. I started The Computer Peeps in February of 2010. Peeps' Software launched in 2016 and is now on hundreds of systems all across North America. I have successfully converted dozens of stores from all of the major consignment software systems. After 20 years of working with consignment stores, I understand the unique challenges consignment & resale store-owners face. From electrical issues in old buildings or strip malls, to advocating for them when their old consignment software keeps crashing.
Wow, it’s getting worse. Now pages you become fans of (or ‘Like’) are starting to get blatant. Here’s an example of a page that is straight-up asking you to paste JavaScript into your address bar and execute it…
http://bit.ly/fbjshack
You have to have your wits about you when you’re on the Web. Think about what you’re about to click when you click it. Think, “is it worth it to me?” Even the link I put above – I would personally look at and wonder, “is this guy legit?”
Just treat the Internet like you would a side street in New York City and you’ll do well. If you think, “I have a Mac – I’ll be safe,” you’re wrong. Your browser doesn’t care which operating system you have. Windows, Mac, Linux – no one is safe.