WWW FAQs: Can I catch a virus from a web page?

2004-05-06: unfortunately, yes, in several ways. While in principle the web is designed to be safe, security flaws are sometimes uncovered in web browser software, and unscrupulous people have been known to exploit them. Fortunately, there are five major steps you can take to protect yourself effectively:

1. Do NOT click "yes" or "OK" when asked if you wish to install extra software or "Active-X controls" when you visit a web page, unless you are installing something well-known and reasonably trustworthy such as Adobe Acrobat Reader, Macromedia Flash Player or RealPlayer. If you know what you are doing and have up-to-date antivirus software, you can install optional programs, but NEVER agree to the requests of dialog boxes that pop up asking you to install extra software when visiting a completely unrelated website. Install the frequently required plug-ins mentioned above; they cover most situations in which optional software is needed. Naively agreeing to install useless and dangerous Active-X controls is the most common way for a virus or other unwanted software to infect your computer from a web page. For more information, including how to clean up the mess if your computer has become infected, see the entry on Active-X controls.

2. Internet Explorer users with Microsoft Windows: run Windows Update frequently or automatically. See the Microsoft Windows Update page. When Microsoft is made aware of security holes in Internet Explorer that could allow a program to install itself without the user agreeing to it, they provide security fixes in this way. If you do not get these updates, your computer WILL be vulnerable, even if you refuse to install Active-X controls. Alternatively, switch to a different web browser such as Mozilla or Opera. Of course, you must keep up with new versions of those programs as well. However, most virus authors seem to target the most popular browser.

3. Install quality antivirus software, and ALLOW IT TO FETCH AUTOMATIC UPDATES. If your antivirus software icon is blinking at you, it is probably asking your permission to go fetch crucial updates you must have to keep its protection up to date; click the icon and answer those prompts. As of this writing, Grisoft offers AVG, a quality antivirus utility, free for home use. Symantec offers Norton Antivirus, and McAfee Security also provides a quality antivirus program. Good Windows antivirus software for business use is not free. If you must run Windows for your business, you will need to buy antivirus software.

4. Install quality spyware detection software, and be sure to use the "fetch updates" button first before the "scan for problems" button. There are good free programs for this purpose. See "why is my browser broken?" for more information and links to providers of such software.

5. Although this FAQ is not really about email programs, it is worth mentioning that most viruses exploit similar problems with email software. If you must use Outlook Express, be sure to use Windows Update as mentioned above. Never open attachments unless you clearly understand their importance -- even if you know the sender, there is an excellent chance that their computer is infected, and has sent you a copy of a virus after pillaging the sender's address book. Install quality antivirus software and keep it up to date as mentioned above.

Legal Note: yes, you may use sample HTML, Javascript, PHP and other code presented above in your own projects. You may not reproduce large portions of the text of the article without our express permission.

Got a LiveJournal account? Keep up with the latest articles in this FAQ by adding our syndicated feed to your friends list!