Solved

Fact or Myth? "If the padlock in my browser is locked, I'm good to go."

  • 16 January 2012
  • 3 replies
  • 49 views

Userlevel 5
  • Retired Webrooter
  • 58 replies
Myth!



Before you go online and purchase that batch of glow sticks for your emergency preparedness kit, you look for that little padlock in the browser bar. Although your instinct tells you to beware, that lock is the mark of the Internet Security God, right? That would be a big, fat fail.

 

All that the padlock icon means is that there is a secure connection between your computer and the web server: You’re still not protected from malware. That secure connection is going to help prevent someone from hacking into your home network, but it won't stop the traps that are found on phishing sites or sites with poor reputations, for example.

 

Also, some hackers are quite good at faking an SSL certificate – or buying one for a spell – and throwing in some padlock clip art. Many people have been fooled into thinking a page is legit when in fact it’s not. It's a great idea to have effective an effective antivirus in place and run system scans before you shop or bank online.
icon

Best answer by JimM 12 September 2012, 17:09

View original

3 replies

Userlevel 7
Badge +36
Fact or Myth? "If the padlock in my browser is locked, I'm good to go."



Options



01-16-2012 11:34 AM

Myth!



Before you go online and purchase that batch of glow sticks for your emergency preparedness kit, you look for that little padlock in the browser bar. Although your instinct tells you to beware, that lock is the mark of the Internet Security God, right? That would be a big, fat fail.



Quote: All that the padlock icon means is that there is a secure connection between your computer and the web server: You’re still not protected from malware. That secure connection is going to help prevent someone from hacking into your home network, but it won't stop the traps that are found on phishing sites or sites with poor reputations, for example.



Also, some hackers are quite good at faking an SSL certificate – or buying one for a spell – and throwing in some padlock clip art. Many people have been fooled into thinking a page is legit when in fact it’s not. It's a great idea to have effective an effective antivirus in place and run system scans before you shop or bank online.



// Alex // Webroot Community Enthusiast // Quote:

 

Are you suggesting that 'Webroot Secure Anywhere' is NOT an effective antivirus and that a Secondary Program be installed???

Userlevel 7
This would have been a really good opportunity for Alex to use a picture to illustrate what he was referring to.  Since Alex is no longer with us, I doubt he'll reply to this.  I'll follow up for him.

 

He wasn't actually referring to the padlock covering the WSA icon when your session is being protected.  He was referring to the padlock that shows up when you visit an SSL-encrypted page in IE.  Older versions of that lock icon showed up towards the bottom of the screen and were easier to impersonate with a fake icon.  More recently, here is a screenshot from IE8, where it's housed in the address bar itself:

 



 

So no, Alex wasn't trying to say the WSA padlock isn't evidence of being secure, but rather that if you do not have an antivirus program installed, don't necessarily trust what you think might be the padlock from IE.

 

Thanks for requesting the clarification!  🙂
Userlevel 7
Badge +36
Thank you JimM.................could have been a little confusion out there. 

Reply