Introduction
We are living in a time where the digital world is dominating our daily lives in so many aspects, some good and some really bad. In real life, I always like to be cautious all the time. This could be something as simple as triple checking that the doors are locked and keeping a long distance from the car in front of me. And I am sure that a lot of you have the same habits, or want to have the same cautious habits since you are reading this short article. I will be giving you 5 ways to stay vigilant in this vast and uncontrolled digital world.
In summary, here are the 5 safety tips:
- Analyse using VirusTotal
- Virtualisation – Online or Offline
- Compare hashes
- Safe browsing techniques
- Have I Been Pwned?
Please note that the following words will be used interchangeably throughout this article.
- “Link(s)” and “URL(s)” and “Website(s)”
- “Software” and “App”
- “Sandbox” and “Virtualisation” and “Virtual Machine”
- “Identity” and “Signature” and “Representation”
1. Analyse using VirusTotal
An underrated online security tool, in my opinion. VirusTotal, often abbreviated as VT, is a free web app that helps you: “analyse suspicious files, domains, IPs and URLs to detect malware and other breaches, automatically share them with the security community” as defined on the VirusTotal website[3].
VirusTotal has been my favourite for more than a year now. I always use it when I am suspicious of files, links received through e-mail or even SMSs, and more. For advanced users and companies, you can use their API to automate scans and analyses. Some functionalities are premium and require payment/subscription.
Contact them to get a quote for your company on VirusTotal – Contact us – premium-services. Also you can check out their premium services catalogue here: PREMIUM SERVICES.
If analysing using VirusTotal is not enough, we’ll talk about the next tip which is essentially taking advantage of the concept of virtualisation.
2. Virtualisation – Online or Offline
You can use virtual machines(VMs) to test how links, software, files, and more behave in a system. This practice is called sandboxing. Read more about sandboxing here: What is Sandboxing? Definition, Use Cases & Techniques Techopedia. You can use this practice either on a web app (online) or download your own virtual machine (offline).
- Online Virtual Machine: there are free and paid services that offer online sandboxing especially for testing URLs. This is called Browser Sandboxing. Good examples are web apps named Browserling on Browser Sandboxing with Browserling and Browser.lol on Browser.lol. Browserling and Browser.lol allow you to test URLs so you can see where they bring you or what they can do to your machine. You might need to wait in a queue to get access to the free version. I recommend online sandboxing for users who don’t wish to install a local VM or non-tech users.
- Offline Virtual Machine: one of the best ways to sandbox apps and websites is using a local virtual machine software such as VirtualBox. With VirtualBox, you download the virtual machine software itself and you get to pick which operating system you want to test your file, app, links, etc. You have to download the image (ISO) of your preferred operating system then install it through your virtual machine. Lookup online for your preferred Operating System to download its ISO image. I would recommend offline sandboxing for advanced users.
Virtualisation is effective but sometimes, even in a virtual environment, you need to be certain that the data that is sent to you is not compromised. For this you can use the practice of comparing hashes. This is the next tip.
3. Compare hashes
Hashing is the one-way process of transforming data using encryption algorithms which results in a fixed-length alphanumeric string of text that is technically the “identity” or “representation” of this data.
There are many generators that can create hashes for your data such as files, software or even plain text. Hashing is great for checking the integrity of data to make sure that it has not been tampered with. So a great use case will be when you download a file online and need to make sure that the file that you have downloaded is the same that the original owner of the file intended for you to download. So basically if this hash or “identity” of the file is not the same hash that the owner informs you it should be, then you need to remove the downloaded file immediately.
Here is an example of a SHA-256 hash. I created this hash using Work@Tech’s Hash generator on: SHA-256 Hash Generator | Generate the SHA256 Hash of any data | Crypto | Developer Tools. You can use any online SHA-256 hash generator and the same input you have should show the same output no matter the generator, hence my mentioning of “identity” or “signature” of the data earlier.
In the above example, you will notice that I only changed one letter (My to Me) from my input text but the hash is a whole different one. This method is used for verifying data integrity to make sure what was sent is what is received.
A lot of websites will usually provide a hash of a file that you are trying to download from them. Again, VirusTotal can also check hashes for you, and it will let you know if the file you have is potentially suspicious. We also use hashing and encryption for saving passwords in databases but that is a topic for another day. For now, we’ll move on to safe browsing methods as the next tip.
4. Safe browsing techniques
The general concept of safe browsing is the essence of this article. Although, there are also technical and some non-technical implications of safe browsing you might want to be familiar with.
Technical
- Microsoft Defender: Microsoft defender comes with many different security features such as a Firewall, App and Browser Control, Antivirus, Device Security and more for your Windows PC. By default, most of these features will be enabled, so you might not even need to configure anything. But for those of you who want to go further, I will suggest looking into each feature and see exactly what it protects you from and if you can make adjustments. In particular, look into App and Browser control as well as Firewall features.
- XProtect : XProtect is a built-in antivirus software that comes with macOS. You are not required to configure anything for this feature as it is built-in and running in the background and protects your Mac computer. But this is mostly for applications.
- Enable browser security features. Most browsers these days have security features installed, so you might not even need to enable them but just in case your browser doesn’t have safe browsing enabled, do go ahead and enable it. Popular browsers offer the following:
- Microsoft Edge: Enhanced Security (off by default), so you should enable it where necessary. Read more about it: Enhance your security on the web with Microsoft Edge.
- Google Chrome: Safe Browsing (on by default). Read more about it: Google Safe Browsing.
- Mozilla Firefox: Security/Safe Browsing now known as “Phishing Protection” (on by default). Read more about it: How does built-in Phishing and Malware Protection work? | Firefox Help
- Safari: Fraudulent Website Warning (on by default). Read more about it: Block pop-up ads and windows in Safari – Apple Support
Non-technical:
- Do not trust any website that doesn’t start with “https://”. And you should click the lock 🔒 icon to verify that it is truly secure.
- Make sure you trust the website that you are giving your information to.
- Keep your apps and browsers up to date.
- Use Multi-factor authentication (MFA).
- Use strong passwords. Or if you’re scared of forgetting them, use a password manager.
I mentioned earlier that you need to make sure you trust the website that you share information with. Sometimes even trusted websites can be hit by cyber attacks and your data might get leaked such as emails. This is why the next tip helps you check if your information is found in a data breach.
5. Have I been pwned?
“Have I Been Pwned” is a web app that checks your email to find if it has been leaked on the internet by malicious actors[1]. And not only this email as the leaked info, there could be a possibility that other Personally Identifiable Information(PII) of yours have been leaked as well such as your name, date of birth, IP address, password hashes, and more. This happens after a data breach on a server or database.
There have been countless data breaches just in this year alone where millions of people’s personal information have been leaked. One of the biggest data breaches was CAM4.COM (WARNING: please note that this website contains nudity) in 2020, where more than 11 BILLION, that’s right, BILLION records were leaked. And another notable data breach was from Yahoo in 2013 but only disclosed in 2017, where more than 3 billion accounts were leaked[2].
I would personally recommend using this tool to check if your data has been exposed https://haveibeenpwned.com/. Once you get on the home page, type in your email and review the results. Additionally, a lot of anti-malware services such as MacAfee also have a similar feature which checks if your data has been exposed.
Conclusion
In brief, there are Five Essential methods which I personally use to remain vigilant in this vast digital world, and they are:
- Analyse using VirusTotal
- Virtualisation – Online or Offline
- Compare hashes
- Safe browsing techniques
- Have I Been Pwned?
There are more techniques to stay safe you can but I hope these ones help you in one way or another.
References
- Have I Been Pwned. (n.d.). About. Retrieved October 30, 2024, from https://haveibeenpwned.com/About
- Statista. (August 2024). Biggest online data breaches worldwide as of September 2021, by number of records exposed. Retrieved October 30, 2024, from https://www.statista.com/statistics/290525/cyber-crime-biggest-online-data-breaches-worldwide/
- VirusTotal. (n.d.). VirusTotal – Free online virus, malware, and URL scanner. Retrieved October 30, 2024, from https://www.virustotal.com/gui/