Avoiding Malicious Websites
Browse the web and be alerted to dangerous websites.
Avoiding Malicious Websites
- About Camino’s phishing and malware protection
- What is phishing?
- Protecting yourself from phishing
- What is malware?
- Protecting yourself from malware
- Reporting malicious websites
- How do I get my website off of the list of blocked sites?
- How does Camino’s phishing and malware protection work on a technical level?
About Camino’s phishing and malware protection
Camino includes protection against two types of malicious websites, phishing sites and malware sites. Camino 2 or later use Google’s Safe Browsing service to provide warnings about potentially dangerous websites. While Google’s service is very good, it may not be 100% accurate; specifically, it may fail to identify a dangerous website as a phishing or malware site, or it may mistakenly flag a normal website as dangerous.
When you start to visit a web page, Camino checks to see if the page is potentially dangerous and, if the page is potentially dangerous, displays a warning instead of the website. To protect yourself and your information, you should close the tab or window when Camino displays this warning, rather than viewing the blocked site. (If you are using Camino 2 or later, you can see example warnings by trying to visit the phishing and malware test pages.)
If you choose to ignore the warning and visit a potentially dangerous website anyway, Camino will display a small bar, similar to the blocked pop-up notification, at the top of the web page. This bar has buttons that will close the page (so that you can return to a safe site in another tab or window) or allow you to report an site that was wrongly blocked (for malware sites, the Report an error… button takes you to Google’s Safe Browsing diagnostic page for a site, which offers information for webmasters of blocked sites).
What is phishing?
Phishing is a practice by which criminals use forged copies of websites (sometimes called “web forgeries”) in an attempt to steal personal information, such as your username and password for a website, account details, or financial information like credit card numbers. While the phishing site may look like an exact copy of a site you normally visit or trust, any information you provide to the site is instead sent to criminals.
Many times criminals will send fake email messages pretending to be from banks, ISPs, government agencies, or other businesses, directing users to visit fraudulent websites and enter personal information. You should be very careful when providing information to websites. For more information about phishing, visit the Anti-Phishing Working Group.
Protecting yourself from phishing
You can help keep your computer and your information safe from criminals and phishing sites by following several guidelines.
- Do not visit websites that Camino warns are phishing sites; return to a safe website instead. If you were not warned before viewing the test page, be sure that Warn me when visiting potentially malicious sites is checked in Camino’s Security preferences.
- Do not click on links in email messages that appear to be to banks, online commerce sites, or other sites that have your personal information or ask you to log in. Instead, use your Camino bookmarks (if you have the website bookmarked) or manually type the address of the web page into Camino’s location bar.
- Allow Camino to save website passwords in the Keychain rather than typing passwords manually on login pages. If the website you are visiting is not the same as the website on which you saved your password, Camino will not fill in your username and password. Camino will also warn you if a login page is communicating with a different page now than it was when you saved your password in the Keychain.
- Use an email client that warns you when it detects links to phishing sites in your email.
What is malware?
Malware (sometimes called “badware”) is software designed to run on your computer without your knowledge. Malware can steal your personal information, damage your computer, or use your computer to help criminals attack other computers.
Malicious websites (sometimes known as “Attack Sites”) are designed to install malware on your computer without your knowledge. Usually malware sites are run by criminals, but sometimes a site you trust can be turned into an malware site without the site owner’s knowledge. For more information about malware sites, visit StopBadware.org.
Protecting yourself from malware
You can help keep your computer and your information safe from malware and malware sites by following several guidelines.
- Do not visit websites that Camino warns are malware sites; return to a safe website instead. If you were not warned before viewing the test page, be sure that Warn me when visiting potentially malicious sites is checked in Camino’s Security preferences.
- Do not download software from websites you do not trust, even if the site claims a download is necessary to use the site. If a site claims you need to install a plug-in, download the plug-in directly from the plug-in vendor (our Setup Documentation includes links to the websites of most popular plug-in vendors). If you do not recognize the plug-in or plug-in vendor, you may not want to install the plug-in at all.
- Install software updates promptly. Software vendors typically release security updates for their software on a regular basis, and using up-to-date software makes it more difficult for malicious websites to attack your computer. The Camino Project issues security and stability updates approximately every other month, and it is important that you install the latest release promptly after being notified by software update. You should also make sure you are always running the latest “point release” of a major version of Mac OS X (e.g., Mac OS X 10.4.11 for Mac OS X 10.4 “Tiger” or Mac OS X 10.5.8 for Mac OS X 10.5.8 “Leopard”), as well as the latest security updates from Apple (check by choosing Software Update… in the menu). In addition, be sure to update to the latest versions of popular plug-ins like QuickTime, Flash, and Java.
- Do not configure Camino to open files when they finish downloading. In Camino’s Downloads preferences, ensure that Open downloaded files is unchecked.
- Do not open email attachments from people you do not know, even when the attachments appear to be “harmless” files like videos or screensavers.
Reporting malicious websites
If you find a suspicious web page that you believe is a possible phishing site and Camino does not warn you when attempting to visit the site, you can select Report Phishing Page… from the Help menu to report the site to Google (it is not currently possible to report a web page as a potential malware site).
How do I get my website off of the list of blocked sites?
If your website is blocked by Camino’s phishing and malware protection, there is a good chance that your site is currently or has recently been used to steal personal information or distribute malicious software. Pages can be turned into phishing or malware sites without any visible changes. Even if parts of your website that you control are free from malicious content, it is possible that content you include from other sites (for instance, advertisements you display using a third-party ad network) could have been malicious. If Camino has blocked your website, you should inspect it carefully for potential vulnerabilities and malicious content. Google’s Webmaster Tools has a helpful article with more information about malware and hacked sites.
If you believe your website is free from phishing attempts and malware after you have inspected it carefully, you can use the following resources to request removal from the phishing or malware lists:
- To request removal from the list of phishing sites, use this form provided by Google.
- To request removal from the list of malware sites, follow this process outlined by StopBadware.org.
For pages suspected of being malware sites, Google’s Safe Browsing diagnostic page for the site also contains information that will help you get Google to re-examine your site. If you need additional help removing malware from your website or in having your site removed from lists of sites that distribute malware, you can also visit StopBadware.org’s Information for Website Owners.
To access the Safe Browsing diagnostic page for a web page or a site, enter its address (URL) below to visit the Safe Browsing Diagnostic page for the site:
How does Camino’s phishing and malware protection work on a technical level?
When launching Camino with Warn me when visiting potentially malicious websites checked in the Security preference pane (the default setting), Camino will begin downloading partial hashes of URLs of websites that Google has identified as potentially malicious. It takes about five minutes after launch to get the first update, and updates are done in small chunks over time for bandwidth considerations. Camino will regularly check for and download updated partial hashes.
When you start to visit a website (with phishing and malware protection active), Camino creates a hash of the website’s URL and compares that to the list of partial hashes downloaded from the Safe Browsing service. If the hashes match, Camino will request a full hash from Google to double-check that the site you are about to visit is the same site that Google is blocking and that the site is still in the list of blocked sites. Camino will the compare the full hash from Google with the hash of the website’s URL and, if the hashes match, display a warning instead of displaying the website.
If you have an existing google.com cookie, Camino will transmit this cookie when requesting periodic updates to the list of partial hashes and when requesting full hashes for potentially blocked sites; however, Camino does not send any personal information (e.g., the website you are visiting) to Google’s Safe Browsing service.