Security – Technology Blog | Cyberlab Technologies Since 2004

How to Secure Your Computer using Microsoft’s Enhanced Mitigation Experience Toolkit (EMET)

June 14, 2014/2 Comments/in PC Tips, Security /by Tony Patarini

Today I’m going to show you how downloading a single program and spending 2 minutes configuring it can substantially improve the security of your computer. With this software installed, your PC will be almost completely hacker-proof.

First, you’ll need to download the Enhanced Mitigation Experience Toolkit (EMET) from Microsoft and install it. It’s best to use the Recommended Settings option. This will enable recommended settings designed to protect against the exploitation of the most commonly vulnerable programs. These program include Internet Explorer, Microsoft Office, Microsoft Outlook Adobe Reader, the Java plug-in, and Wordpad.

Next, open the EMET GUI (which can be found in your Start menu).

Then click the Import button at the top left.

Of the files listed as available for importing, select “Popular Software”. This will add new protection rules for many popular programs, including:

7zip
Mozilla Firefox
Apple iTunes
mIRC
Opera web browser
Google Chrome
Pidgin instant messenger
Quicktime media player
Skype
Mozilla Thunderbird
VLC media play
WinAmp
WinZip
and many more programs.

It’s possible to add your own protection settings for individual applications, but this is an advanced feature recommended only for expert computer users.

How EMET Works

EMET enables many security features that are built into Windows but not always turned on by defautlt.

One such protection is Data Execution Prevention (DEP) which allows the operating system to mark specific memory sections as non-executable. This means your computer will treat it only as data, and not as runnable software. In the event that an attacker attempts to use a buffer overflow vulnerability in a protected application that relies on executing memory marked as non-executable, the attack will fail.

Another security feature enabled by EMET is Address space layout randomization (ASLR). ASLR randomizes the locations where applications and system libraries are loaded into memory. Not being able to predict where in memory an application is loaded makes it much harder for attackers to write reliable exploits.

These two features have been available in Unix systems like Linux and OpenBSD for years, and with EMET they’ve been successfully integrated into Windows. In fact, at the most recent Pwn2Own hacking competition, Internet Explorer 11 with EMET protection was the only web browser not to be successfully exploited. (It should be noted that the other browsers were not using EMET protections, which was probably a big factor.)

Together these features substantially reduce the number of security vulnerabilites that can be exploited, and the severity of the vulnerabilities when they occur. And they do all of this without impacting the functionality or performance of the programs that are protected, which is pretty impressive.

Want to keep your computer safe from internet super villains? ZookaWare’s computer experts are available 24 hours a day for remote technical support.

How to Stop Being Tracked Online

June 9, 2014/0 Comments/in Browser, PC Tips, Security /by Tony Patarini

Online advertising is a trillion dollar industry. It is arguably the life blood of the internet and the fuel for almost all of the web’s most popular destinations.

Google alone is valued at nearly $400 billion and the vast majority of that is from online advertising through its AdWords platform. Facebook, Twitter, and most other search engines are also backed almost entirely by the advertising revenue they generate.

If online advertising were to disappear tomorrow, most of the internet as we know it today would disappear with it. Except maybe Wikipedia.

With that in mind, it’s easy to see why all of these online advertisers want to know as much about who they’re advertising to as possible. The more they know about their potential customer, the more they can tailor the advertisements you see, the more likely you are to buy what they’re selling. Knowledge is power.

If you’re like me, you’re not really comfortable with these organizations keeping track of everything you’re doing online. Especially when these organizations have been known to sell off information they’ve collected to overzealous government agencies and other even less scrupulous people and organizations.

Today I’m going to show you how to very easily block the vast majority of online advertisers and other groups that want to track you from collecting your data.

We’re going to use a browser plugin called Ghostery to accomplish this task.

According to the Ghostery website, “Ghostery has the largest tracker database available on the web. We meticulously select, profile and cull over 1,900 trackers and 2,300 tracking patterns.”

Ghostery acts as a kind of blacklist against online tracking, preventing online trackers them from seeing what websites you’re visiting.

Note that this won’t stop your ISP from seeing what you’re doing, though, so you’re not anonymous. You’re just not being tracked by advertisers.

Downloading and installing Ghostery is very simple. Just visit the Ghostery download page and install the plugin for your browser.

The next time you open your browser you’ll be asked a few questions about what kind of tracking you want to block. If you’re unsure, you’re probably OK to select everything. You can also unselect it later.

That’s it, you’re now virtually invisible to online advertisers and other trackers!

Spyware got you feeling like you’re always being watched? ZookaWare techs can remove even the toughest spyware and are availabe 24/7 for remote technical support.

How to Easily Encrypt Your Email

June 5, 2014/0 Comments/in Browser, PC Tips, Security /by Tony Patarini

There are lots of reasons someone may want to encrypt the emails they send.

Maybe they don’t trust their internet service provider or email host with their private data.

Maybe they want to be more sure their messages won’t fall into the wrong hands while being sent over the net.

Or maybe they just don’t want to make it easy for certain 3 letter government agencies to process, analyze, inspect, evaluate, scrutinize or otherwise read their private personal communications.

Whatever the reason, it’s easier than ever now to securely encrypt your email thanks to a free and open source browser extension for Firefox and Chrome called Mailvelope.

Unlike most encryption programs, Mailvelope doesn’t force you to use a particular email provider or a separate encryption program. Mailvelope works out-of-the-box with Gmail, Yahool Mail, Outlook.com (formerly Hotmail) and GMX.com. If your preferred email provider isn’t listed, it’s not very hard to add support for it through Mailvelope’s options.

To use Mailvelope, visit the Mailvelope plugin page for Chrome or Firefox depending on your browser. Click the install button and it will do the hard work for you.

After it’s installed you should see a new Mailvelope “lock” icon in your browser. Before you can start encrypting messages you’ll need to click this icon and select “Options” from the menu that appears.

In the Mailvelope options menu, click “Generate Key”. Enter your name and email address, and then enter a passphrase to secure your key. You’ll need to enter this key in order to encrypt messages or decrypt messages you receive.

After you’ve generated your encryption key, you’ll also need to give your public key (which identifies you) to the people you want to send encrypted message to. You can email the key to them, or post it to a keyserver (which is beyond the scope of this article).

To create an encrypted message, simply create a new email as you normally would. So, for example, in Gmail click “Compose”.

In the Compose window you’ll see a new lock icon. Click the icon and a new text entry window will appear. Here you can type the message you want to encrypt.

After you’ve finished typing your message you can click the lock icon in the text entry area to select who you want to send the secure message to. After you’ve select who you want to send the message to Mailvelope will automatically encrypt the message. From there you can click send in your email interface just like you normally would to send a message.

When receiving an incoming encrypted message Mailvelope automatically detects that it is encrypted and tries to decrypt the message for you. After you’v entered your passphrase to unlock your private key Mailvelope will display the decrypted version of the message just like a normal email message.

This may all seem complicated to read, but I assure you it’s actually easier than you think. To download Mailvelope and find additional documentation for how to use it, visit the Mailvelope website.

Want to make sure hackers stay locked out of your computer? Zookaware computer experts are here 24/7 for secure remote technical support.

How to Completely Erase a Computer

June 4, 2014/0 Comments/in PC Tips, Security /by Tony Patarini

Are you preparing to sell, give away or otherwise get rid of a computer? Here’s something you should know:

Even if you think you’ve deleted all of your personal and private data from your computer, there’s still a good chance it can be recovered. This is because of how data is stored by Windows on your hard drive.

When Windows deletes a file it’s really only deleting the location of the data on the hard drive. This makes deleting fast, but it also means that deleted files can be recovered unless something has overwritten them.

If you only need to securely delete a couple of files you can use a file shredder program like the one included with SpeedZooka. But if you want to be absolutely sure that your personal information is fully removed, there really isn’t a good substitute for shredding the whole drive.

Today I’m going to show you an easy way to do just that using a free software program called Darik’s Boot and Nuke, or DBAN for short.

From the DBAN website: “DBAN is a self-contained boot disk that automatically deletes the contents of any hard disk that it can detect. This method can help prevent identity theft before recycling a computer.”

Warning: Shredded files cannot be recovered. Do not shred any files you want to keep.

To use DBAN, you first need to download the program from the DBAN website. DBAN is distributed as an ISO file. Once you’ve download the ISO it needs to be burned to a blank CD. This is because DBAN isn’t like most other programs. Most other programs run on top of Windows as their operating system. DBAN is actually it’s own (very small) operating system that does only one job: shred files on any hard drive it finds.

Restart the computer you would like to completely erase with the DBAN disk in the CD drive. On most computers DBAN should start to run automatically.

DBAN works by overwriting all the data on every hard drive it finds many times, so the shredding process will likely take a couple of hours to finish completely. Once the shredding process is completed, your hard drive will be completely empty. At this point you can sell, give away, or dispose of your computer without having to worry that your personal information could be exposed.

You can download DBAN from the DBAN website here: http://www.dban.org

Got a computer issue you can’t erase? ZookaWare technicians are here 24/7 to help with Remote Technical Support.

How To Remove Yourself From Google Search Results

June 4, 2014/0 Comments/in PC Tips, Security /by Tony Patarini

Thanks to a new ruling by the European Commission on the “right to be forgotten”, Google has implemented a new feature that allows you to request the removal of pages that contain personal information about you from its search results. Google says it will comply with the ruling and remove requested search engine results when they are “inadequate, irrelevant or no longer relevant, or excessive in relation to the purposes for which they were processed.”

Best of all, while this is an EU ruling, nowhere that I can see is Google limiting search engine result removal to EU citizens. On the request form, Google does ask for a form of photo ID and what country’s laws apply to your request, but Google also states specifically that the photo ID requested doesn’t need to be government issued. That opens up an opportunity for US and other non-EU residents to also clear their names if they need to do so.

The goal here to allow people to protect their reputations in an age where data is never forgotten.

However, there are limits to what Google will remove. For example, Google states that they will “look at whether the results include outdated information about you, as well as whether there’s a public interest in the information—for example, information about financial scams, professional malpractice, criminal convictions, or public conduct of government officials.”

So if you’ve ever been convicted (or even charged, probably) of some kind of wrongdoing, it’s unlikely Google will remove references the such an event.

If that’s not a problem for you and you’d like to ask Google for help removing search engine results, you can find the form to do so here: Google Search Engine Removal

Have a problem with your computer that you need help removing? ITZooka technians are available everyday for 24/7 remote support for any computer problem.

How To Shred Files using SpeedZooka

June 3, 2014/0 Comments/in PC Tips, Security /by Tony Patarini

If you think that once you’ve deleted a file it’s gone forever, I’ve got news for you. Even after you’ve deleted a file and emptied the windows Recycle Bin, most times that file can still be recovered!

Even after you’ve formatted your hard drive it’s still sometimes possible to recover data from it. This has led to a number of incidents where discarded computers and other devices that were thought safe the throw away have been found to contain sensitive and sometimes even classified information. It’s even rumored (with some evidence) that some criminal organizations have taken to buying used computers and hard drives off of eBay and other websites in an attempt to recover personal information and steal identities.

This may sound pretty serious, and it is, but there’s an easy way to keep your information secure and I’m going to show you how right now.

In order to delete files in a way that they cannot be recovered you need to use a “file shredder”. File shredders work by overwriting the data in a file many times before deleting the file, making the data within the file completely unrecoverable. This process is often used for securely removing sensitive and private information like tax documents, medical records, and credit card information from disks.

Before we go any further, though, I need to make something perfectly clear:

SHREDDED FILES CANNOT BE RECOVERED.

EVER.

DO NOT SHRED FILES YOU WANT TO KEEP.

SpeedZooka includes a secure file shredder built to the specifications of the U.S. Department of Defense. SpeedZooka’s file shredder works on every version of Windows from XP onward.

To access the file shredder, click “Advanced Tools” in SpeedZooka, and then click the “File Shredder” button. It’ll look something like this:

From the file shredder window, you can either drag and drop the file(s) you would like to shred into the file list, or click the word “Search” to open a file menu and select the files you would like to shred from there. Clicking “Remove” removes a selected file from the file list, and clicking “Clear list” removes all files from the file list.

Files ready to be shredded. Once they’re shredded they’re gone for good.

Once you have added files you would like to shred to the list, click “Shred files”. After a few seconds (depending on the size of the files being shredded) the filenames will disappear from the list, indicating they has been shredded. Those files have now been completely removed and cannot be recovered.

Want to be sure your data is safe from internet bad guys? ZookaWare experts know what it takes to keep your computer safe and are availabe 24/7 for Remote Technical Support.

What is the Best AntiVirus for 2014?

June 3, 2014/0 Comments/in PC Tips, Security, Virus, Windows /by Tony Patarini

When I first started using a Windows computer (back when Windows 98 was brand new) there were really only two popular antivirus programs to choose from, at least as far as most computer users knew about. You either had Norton or you had McAfee. Well, I guess some people just used nothing at all, but even back then that was a terrible idea.

Now 15 years later (give or take) there are literally hundreds of antivirus programs fighting malicious software, and each other, for the title of best antivirus software.

Last month AV-Test.org conducted a test of all the top antivirus software currently available for Windows 8. Each program was tested on three main feature categories: Level of Protection, Performance, and Usability. I’ve gone through the raw data they collected so you don’t have to. Here’s what they found:

The Best Paid AntiVirus

According to the AV-Test.org test results the highest scoring antivirus program in terms of protection, performance, and usability was…

… drum roll please …

Kaspersky AntiVirus. Kaspersky was the only program to earn perfect scores in all three of the measured categories. As one of the first anti-virus companies Kaspersky has since grown into a huge international enterprise. It’s not really surprising that Kaspersky would take home the top honors, they’re always near the top of the antivirus bunch as far as malware detection goes.

The Best Free AntiVirus

I used to recommend Microsoft Security Essentials to people looking for a cheap, fast, effective antivirus program. It was all of those things, and it didn’t bug you to buy the full version because it was included free from Microsoft with your operating system. Alas, those days are gone and Microsoft no longer shows MSE the attention it would need to be a top contender. While Microsoft Security Essentials (or Windows Defender as it’s called on Windows 8) is certainly better than nothing, I recommend using an antivirus program where the company behind it actually puts effort into it. With that being said, here’s the top Free antivirus software for 2014.

2014-05-30 16_59_35-Microsoft Security Essentials

I used to be able to recommend Microsoft Security Essentials, but not anymore thanks to Microsoft’s lack of effort to keep it competitive.

Close on Kaspersky’s heals, Avira AntiVirus can currently claim to be the top performing Free antivirus program. While Avira scored on the same level as Kaspersky for level of protection and usability, it fell behind slightly in its impact on system performance. Even then, however, the difference in performance impact was slight and not likely to be noticed by the average computer user. Avira is another one of the older competitors in the antivirus world, even older than Kaspersky.

While these two programs are currently the top rated, you should also keep in mind that the computer security world moves fast. What is best today could very easily not be best tomorrow. However, both Kaspersky and Avira have a long history of excellent malware detection and system performance, and seem likely to me to stay near the top of the antivirus herd for the foreseeable future. Also, this test was done only on Windows 8. Other Windows versions are likely to show similar results, but they won’t be identical.

For those of you who would like to see the results directly, here you go: AV-Test.org April 2014 Results

Got a computer virus, malware, or other problem that won’t go away? ZookaWare’s Remote Tech Support service is here 24/7 to solve all your computer related problems

How to Reset Internet Explorer

June 3, 2014/0 Comments/in PC Tips, Security, Spyware, Windows /by Tony Patarini

If you use Internet Explorer as your primary web browser, you’ve probably managed to pick up an unwanted toolbar or browser addon here and there during your travels around the web.

While toolbars and browser addons aren’t as bad as viruses and other malware, they can still be an annoyance, invade your privacy, and be a total pain to remove if you’re not sure how.

What I’m about to show you is the easy way to remove any toolbars and unwanted browser junk thats causing problems in Internet Explorer on your computer. We’re going to just remove everything from internet explorer and reset all of its settings and configurations as if it had just been freshly installed. This has the benefit of removing unwanted nastiness, but can also remove setting you actually want to keep. So if you have a toolbar you actually do like or a browser addon you need for a particular website you visit, this strategy may not be best for you.

Honestly though, if you’re not sure whether or not that warning applies to you, it probably doesn’t and you can reset your browser without issue.

The first step in the reset process is to open Internet Explorer. If Internet Explorer is so badly clogged up on your computer that you can’t open it, there is an alternative method, which is to open Control Panel, then open the Network and Internet Category, and then finally click Internet Options. This will open the same menu that I’m about to explain how to open in Internet Explorer. From inside Internet Explorer click the Gear icon near the top right of your screen, and then select Internet Options from the menu that appears. From the Internet Options menu click on the “Advanced” tab. It should be the tab at the very end. At the bottom of the Advanced tab, you’ll see a button that says “Reset”. If you’re ready to reset your Internet Explorer to the way it was when you first started using it, click this button. You’ll also have to click a button asking if you’re sure you want to do this, but after that it will reset. You may also see a checkbox that offers to “Delete personal settings”. If an unwanted program has changed your homepage or search page you may want to check this box to reset them also. After the reset process is finished, you’ll have to restart Internet Explorer. The next time you run Internet Explorer is should be in the same state it was when it was new. Are browser toolbars, unwanted addons and homepage hijackers driving you nuts? ZookaWare Remote Technical Support technicians are available 24/7 to help with any computer problem.

MyWOT and the Problem with Crowdsourced Rating Sites

December 6, 2013/0 Comments/in Browser, PC Tips, Security /by Tony Patarini

As the internet continues to grow by leaps and bounds every day it’s getting harder and harder keep track of what’s safe and what isn’t online.

Online reputation sites attempt to solve this problem by giving each website a rating of some kind to indicate how safe that website is. There are many reputation sites, but MyWOT (which stands for “My Web of Trust”) handles website ratings in a rather unique way.

MyWOT works kind of like the online encyclopedia Wikipedia. People from all over the world help build and improve Wikipedia by writing and editing articles. In much the same way MyWOT users from all over the world help build MyWOT by contributing website ratings. Seems like a great idea.

I really like Wikipedia and many other user-powered or “crowdsourced” websites so I was eager to give MyWOT a try.

Problem #1: MyWOT isn’t accountable for their ratings

MPAA.org has a poor WOT rating simply because of unpopular opinions.

But there’s a big difference between Wikipedia and MyWOT: Wikipedia has strict rules that every sentence of every article must be supported by verifiable facts. A user cannot post their opinions and have them included in Wikipedia. Any attempts to do so are swiftly removed.

MyWOT doesn’t have any similar rules. MyWOT users are free to rate a website however they feel regardless of the truth of their rating. This results in many sites receiving poor ratings because of unpopular opinions, personal grudges and misunderstandings. For example, the websites of the Recording Industry Association of America (RIAA.com) and Motion Picture Association of America (MPAA.org) both have low scores on MyWOT, not because their website are dangerous in any way but because some MyWOT users simply don’t like these organizations.

2013-12-16 17_11_43-monsanto.com _ WOT Reputation Scorecard _ WOT (Web of Trust)

Monsanto also has a poor WOT score. I don’t like them either, but there is nothing dangerous about their website.

MyWOT could enforce a “facts only” policy like Wikipedia does but chooses not to. Legally they don’t have to. Because of laws set up to help shield internet service providers from being sued for the actions of their users MyWOT isn’t legally liable for the reviews they host.

Users who post reviews on MyWOT are, however, liable for what they post. But most MyWOT users are shielded by the relative anonymity of the internet. It would take a court order to even find out a user’s real identity let alone hold them accountable for what they say. While large corporations may have the resources to hold anonymous trolls accountable, it’s simply too expensive for individuals and small businesses to protect their reputations in this kind of system even when what is being said about them is provably false.

Problem #2: The rating system is dominated by “power users” on power trips

While anyone is free to sign up with MyWOT and begin rating websites right away, MyWOT’s rating system doesn’t treat all users equally. MyWOT likes to call their rating system “meritocratic” which really just means users who have been around longer and rated more websites have much more rating power than average users.

At first that sounds like a good idea. In theory this would keep scammers from making a bunch of fake accounts and rating themselves highly. But a closer look shows this system creates at least as many problems as it solves.

Websites that criticize MyWOT very quickly receive poor ratings.

Because MyWOT gives preference to users with a long history of site ratings it’s much harder for individual users who have no interest in becoming power users to affect the scores of sites they feel are rated incorrectly. It does, however, give power users a much greater ability to influence the ratings of websites they personally dislike. The expression “Power Corrupts” definitely holds true here.

This “meritocratic” system also creates some twisted incentives for scammers to become MyWOT power users. What better way for scammers to give their sites some legitimacy than to use their power user status on MyWOT to give their websites a nice high rating and negatively influence the ratings of their competition at the same time.

Of course, to pull off a task like that, a scammer would need access to a lot of computers all over the world in order to build up a bunch of fake reputations over a period of time. This isn’t something most website owners are capable of, but it’s exactly the type of scam botnets are great for. By designing their system this way it’s almost like MyWOT is actually trying to encourage hackers and scammers to cheat the system.

Problem #3: MyWOT’s management are secretive and hard to contact

As if the other problems with MyWOT aren’t bad enough the organization behind it, WOT Inc., is notoriously difficult to get ahold of. While the founders of WOT are publicly known, the only way to contact the MyWOT team is through a contact form their website that isn’t easy to find. And if you have a problem with how your website is being rated they make it pretty clear they have no interest in talking to you.

It’s also pretty difficult to get any specific details about the rating system MyWOT uses. For example, MyWOT makes it clear that user ratings are weighted differently depending on the “merit” of the user. What algorithm do they use to determine whose rating is more important? They don’t say. They won’t even tell you how many ratings a website has, only its overall rating score. Presumably all this secrecy is an attempt to make it harder for scammers to game the system (which I’ve already explained doesn’t work) but it also makes it impossible for website owners and third-parties to verify that websites are being rated fairly. This lack of openness seems a bit strange especially for a “community-driven” reputation website.

MyWOT’s financial situation is also a bit confusing. MyWOT has more than a handful of high profile investors like Risto Siilasmaa, the founder of F-Secure, and Michael Widenius, founder of MySQL. MyWOT also has business deals in place to provide website rating data to several popular websites like Facebook and Mail.ru. For a period of time MyWOT also sold “Trust Seals” that website owners could purchase and post on their websites to show off their MyWOT ratings. (MyWOT stopped selling Trust Seals due to suspicion that these purchases led to favoritism for certain website owners.) Yet MyWOT still solicits donations from its users to stay in operation. Why does a website with millionaire investors and business deals with the most popular websites in the world need to beg for donations to stay afloat?

Because of problems like these MyWOT has earned a less than stellar reputation on other online rating sites. It’s not unusual to find dozens of complaints about unfair and inaccurate ratings. This is the case on every rating site except for MyWOT itself. Of course, it’s hard to blame the MyWOT community for being a bit biased but this kind of bias is exactly the behavior that has generated so many complaints.

Better Alternatives

There are other flaws in MyWOT but these 3 stand out as the most glaring examples. If you want to protect yourself online but don’t want to deal with the problems that MyWOT brings with it there are a few alternatives you can choose from. The browser addons listed below are produced by reputable security companies. These organizations can actually be held accountable for the ratings they provide so they are more likely to be accurate and can make your web surfing safer.

Browser Addons:

AVG Secure Search: http://www.avg.com/us-en/secure-search

“AVG Secure Search alerts you before you visit dangerous webpages to make sure your identity, personal information, and computer are protected.”

Bitdefender TrafficLight: http://www.bitdefender.com/solutions/trafficlight.html

“…a free cross-browser add-on that intercepts, processes, and filters all Web traffic, blocking any malicious content and taking browser security to new levels.”

Reputable Review Sites:

TrustPilot: http://www.trustpilot.com/

On its face TrustPilot looks just like any other internet review website. But it’s more than that. Unlike other review sites TrustPilot makes the effort to verify reviews it receives are coming from actual customers of the websites they are reviewing. This makes it much harder for anonymous internet trolls to create a bunch of fake accounts and post fake reviews.

Make Your Internet Secure Everywhere

May 12, 2013/1 Comment/in Security /by Tony Patarini

We all know that you should never enter your credit card details online unless the webpage you’re on is secure. This knowledge has been drilled into our heads constantly by security people over the past decade or so. Even my Grandma knows it. Before she gives her credit card number to Amazon.com or Ebay or wherever she goes to buy ~~ugly~~ thoughtful Christmas sweaters, she checks to make sure there is a little lock icon and the letters “https” at the start of her address bar.

But your credit card data isn’t the only information you want to keep secure online, right? At least for me it isn’t. We expose all kinds of information about ourselves online every day, and we often don’t even realize we’re doing it.

“HTTPS Everywhere” is a browser extension available for Mozilla Firefox and Google Chrome designed to make your web browsing more secure. It does this by enabling SSL (Secure Socket Layer) on any website that it can. SSL is the encryption technology used to secure internet traffic like shopping site and online banking. HTTPS Everywhere enables SSL for any website it knows how to enable secure connections on, which is currently almost 3000 websites including the websites for major airlines, universities and social media websites.

The HTTPS Everywhere website explains:

HTTPS Everywhere is produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site. The HTTPS Everywhere extension fixes these problems by using a clever technology to rewrite requests to these sites to HTTPS.

Once installed, the only indication that HTTPS Everywhere is installed is a small icon in your browser. Clicking the browser icon allows changing settings for HTTPS Everywhere, including enabling or disabling certain websites from being securely redirecting, or disabling HTTPS Everywhere altogether.

HTTPS Everywhere works behind the scenes redirecting unsecured connections to secured versions without needing any user interaction. If you value your privacy online, you would be wise to consider using HTTPS Everywhere.

HTTPS Everywhere can be freely downloaded from the EFF website here: https://www.eff.org/https-everywhere