The Cocoon Blog
The Internet as it should be: private, secure and virus free

A friend forwarded me a link to Lifehacker that described the step-by-step (by step, by step, etc.) method to follow in order to protect yourself from drive-by malware. The instructions start with the assumption that you are already using (and updating) an antivirus application. That’s the first thing that should strike us all as unsettling – having up-to-date antivirus software is not enough to protect your PC.

Of course, if you’re reading this, you already know your PC isn’t safe. The old IT security joke, that the only secure PC is unplugged, is sadly still holding true. The Lifehacker article lays out the hoops we need to jump through to protect ourselves. With at least six separate changes needed within our browsers, followed by several others brought up in the comments and agreed to by the author, it would be easy for the average tech savvy user to be a bit overwhelmed. For non-tech savvy users, forget it; they’d be completely lost.

In addition, making the changes within your browser requires that you disable some features that you likely use and appreciate. For me, disabling the PDF viewer in my browser, forcing all PDFs to be downloaded, would be a major disappointment and time sink. The ability to view PDFs online while I browse has become a part of my daily life, especially when doing research, yet doing so leaves a vulnerability wide open for malware to be installed on my hard drive.

What’s the answer to this? For now it’s to follow the steps and precautions listed in the Lifehacker posting. Soon however, Cocoon will be available to us all to provide a safe browsing experience. (Full disclosure: Cocoon will err on the side of safety out of the gate, allowing only downloading PDFs not opening them, but my favorite feature of opening PDFs safely within Cocoon will follow soon.)

If you’d like to be invited to the Cocoon beta when it opens, go to www.GetCocoon.com and sign up. Until then, be careful out there!

On our website and blog we talk about Cocoon protecting you from drive-by malware infections, but what exactly are they?  In the not too distant past to get a computer virus, you had to do something, open an email from someone you didn’t know, download an executable file from a suspicious website, etc. Viruses didn’t just happen because you didn’t wash your hands or someone forgot to cough into their elbow – it took some action by you to infect your computer. Back in those good old days the annoyed look you got from the IT guy was because you likely had done something stupid. Not so anymore.

Now you can get a virus, malware or spyware from visiting and just viewing a website as innocent as msnbc or facebook (not to defame them – my point is it can happen anywhere).

The malware is not the fault of the website itself, but instead can happen for a number of reasons. One, a web server hosting this content hasn’t been updated with newer software or patches – Google reports 38% of common but older versions had outdated software. Or two, the advertising on the website may be delivering malware infections – and these infected ads may be provided via a sales syndication network, so the website doesn’t even know who the ad owner is.

Yes there are still stupid things we can do to get infected – like clicking on a suspicious popup ad or opening every attachment that is emailed to you. But just avoiding the obvious will not keep you safe. So what can you do? Well, Cocoon will protect you once it’s available, but we’ll also talk about other options in our next post.