There are some simple steps you can take to protect your internet surfing from danger. Most people don't do them because they underestimate the risk and time it takes to repair problems. Don't wait until it is too late. Spend some time protecting yourself and then you will be less likely to experience massive suffering in the future.
DNS servers translate the web address you type into your browser into the actual IP address of the internet server you're connecting to at the other end. Windows gets default servers from your ISP but they may not be high performance and they probably don't provide security filtering of bad websites. Switching over to a more secure DNS is free and very easy. It will help protect you from fraudulent websites that attempt to steal your personal information and money by blocking your visit to them. All you need to do is enter the OpenDNS addresses, 220.127.116.11 and 18.104.22.168, in Primary DNS Server and Secondary DNS Server fields on your router if you want to cover your whole network, or directly your machine if you prefer. The provided link gives you detailed instructions on how to do this for a machine or router.
Update to the latest version of your favorite browser. Strongly consider updating to Chrome which is currently both the fastest and most secure browser. I personally love Firefox so that is fine too as long as it is the latest version. It is truly amazing how many people are running with the default version of IE just because it is on their machine. Unfortunately older versions of IE didn't prompt to update so millions of people are running with very old and very insecure browsers. Don't be one of them.
WOT is a community-based, free safe surfing tool for browsers that provides website ratings to help web users as they surf online. Web of Trust adds traffic lights to internet searches so you can be sure which websites you can trust. WOT ratings are powered by users all around the world who have rated millions of websites based on their experiences. Third-party sources are also used to warn you about malware and other technical threats. You will see a green, yellow or red icon next to search results when you use Google, Yahoo!, or Bing, on links in social networking sites like Facebook and Twitter, on online email like Gmail, Yahoo! Mail and Hotmail, and other popular sites like Wikipedia. Green indicates a trustworthy site, yellow tells to be cautious, while red indicates a potentially unsafe site. It gives you some decent protection while surfing around with a trivial amount of searching delay.
HTTPS Everywhere is a Firefox and Chrome extension that encrypts your communications with many major websites, making your browsing more secure. Many sites on the web offer some limited support for encryption over HTTPS, but it can be difficult to turn on by default. Once you install it you don't need to do anything else, it will just use more secure communication when it is available. (Note that this is one of many reasons to upgrade to Chrome or Firefox because of the increased security extensions available)
Most modern browsers come with a decent security profile. However, they must be competitive with other browsers and lean towards giving you the best out of the box experience rather than the most safety, so it is possible to increase the security a bit more than the default settings. This site will help you configure your web browser for safer internet surfing. Unfortunately the descriptions are for older versions of browsers you are using so please use it to become generally familiar with the settings available to you for increased security. There really aren't that many settings so it is worth taking a little time to learn about your options. Some of the settings recommended might make your life more annoying than they are worth, like prompting for each cookie, so feel free to back off on that a bit to something reasonable. The point is to be aware of your options and find a good balance.
AdBlock plugin will help block popups and ads that trick you into clicking something you shouldn't click. The add-on is supported by over forty filter subscriptions in dozens of languages which automatically configure it for purposes ranging from removing online advertising to blocking all known malware domains. Your focus is getting it to block the malware domains but blocking tasteless ads is a great side benefit. There is a very small chance that it might block things that look like ads on sites you might want to see so just keep in the back of your mind that it is running. Learn where the "allow this site" button is on your browser for the sites you know and love. I have only needed that feature a few times in the last few years though. I honestly can't stand using the internet without this plugin but keep in mind that some of your favorite sites may be able to provide you their great service through tasteful ad revenue so be nice to them and disable this plugin on known sites you love. CHROME https://chrome.google.com/webstore/detail/adblock/gighmmpiobklfepjocnamgkkbiglidom FIREFOX https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/
Don't use any kind of public WIFi without a private VPN tunnel securing your data. SecurityKiss seems to be the best option available at the moment. In addition, go out of your way to be sure you are connecting to the real wifi provided by your location and not someones personal wifi they are trying to trick you with a similar name. It is very easy to run a personal hotspot and trick people into connecting to it so they can watch all of your data go by. Fortunately you are smart enough now to use an encrypted VPN which will secure all your data!
Some sites have additional security features you can enable if you choose. They are not on by default because they sometimes make the connection a bit slower on older machines or they are not supported on older browsers. Now that you have updated your browser, you should be using all the security available and you won't notice any slowness on a decently modern machine. If you use Facebook, here is an option to make your connection more secure.
Increase the security of your email by switching over to gmail. Then enable gmail's two-factor authentication on your account. It is easy to install and once you are done, you won't even notice the extra protection. You just need to enter a random pin every 30 days into your browser or whenever you use a new browser. Basically what this does is make it impossible for someone to get into your email on a remote machine by just guessing your password or successfully tricking you into giving it to them by well designed phishing spam. Some of which is getting so good it looks real so protect yourself. This is critical to do because most people send the forgot password emails to all their financial accounts to their primary email...so once someone gets into your email, they can literally destroy your life. Please don't skip over this step. WHY http://www.mattcutts.com/blog/google-two-step-authentication/ http://www.theatlantic.com/technology/archive/2012/08/turn-on-gmails-2-step-verification-now/260822/# HOW 1) http://www.codinghorror.com/blog/2012/04/make-your-email-hacker-proof.html 2) https://support.google.com/accounts/bin/answer.py?hl=en&answer=1066447 (Note that Amazon Web Services also supports Google Authenticator so enable it there to protect your business assets from hacking)
The two most popular tools available to help you with this are 1Password and LastPass. They are both good programs so look them both up and choose one of them that looks good to you. Once you have it installed, make sure you login to every site and make sure to change your password to be unique to every site so if that site gets hacked, your accounts everywhere else are safe. Here are some additional resources to help you choose good unique passwords: Learn about secure passwords: http://www.microsoft.com/security/online-privacy/passwords-create.aspx Do a password strength checker: https://www.microsoft.com/security/pc-security/password-checker.aspx
Learn to identify fake virus alerts. Some popups are getting so real looking that it can be hard to tell they are fake. I have had several smart friends and family members accidentally install fake anti-virus software from legitimate looking popups. They can trick you into agreeing by shifting around the close buttons, etc and once this software is on your machine it is hard to remove. Spend a minute learning about this very common problem so it doesn't happen to you. Learn to identify fake Virus alerts: http://www.microsoft.com/security/pc-security/antivirus-rogue.aspx Don't be tricked into downloading malware: http://www.microsoft.com/security/pc-security/protect-pc.aspx#Tricked
Has your account on any site ever been hacked? Up to now it has been hard to tell. shouldichangemypassword.com makes it easy. All you need to do is enter your email address and it will tell you if any reported leak of information has ever been linked to your email. No, you don't need to enter your password. Just make sure you run it every few months for each email address you own.