If you visited the New York Times, the BBC, MSN or AOL within the last week, you may have unsuspectingly fallen victim to malware, according to reports from multiple internet security firms. The ads on these sites and many others are allowing this bad software to be installed on your computer, according to Trend Micro. But you can avoid this problem by disabling or uninstalling the three common browser plug-ins Microsoft Silverlight, Adobe Flash and Java.
People with malicious intent can buy something called an exploit kit to install onto their servers. These exploit kits look for software vulnerabilities within people’s devices. Once the kit finds the best way in, it can install malware onto a device by exploiting the security hole.
So say you visited the New York Times last week. A certain set of code on the page directs your browser to connect to an advertising network’s server and show you advertisements. Unfortunately, one of the ad networks the Times uses was recently compromised, directing site visitors to a malicious server that delivers the Angler exploit kit. Angler, which according to Trend Micro exploits security flaws in browser plug-ins like Adobe Flash and Microsoft Silverlight, is then able to download malware and ransomware onto the site visitor’s computer.
Plug-ins are a remnant of a bygone Internet era. Back in the day, browsers didn’t include ways to watch videos or play animations. So third party companies created plug-ins, small programs (separate from the browser) that do the job. Now, most browsers include the code to do these jobs natively. And for other new capabilities, developers are creating extensions, or add-on features of the browser, which don't have the vulnerabilities of plug-ins. Websites have mainly adapted to this change. For instance, YouTube doesn’t use Flash to play videos anymore and Netflix doesn’t use Silverlight.
Just because you're not using a plug-ins, that doesn't mean you aren't vulnerable. Even if a plug-in isn’t required for any of the websites you visit, it’s still installed and can leave you vulnerable, especially if it's not kept up to date. And that means exploit kits like Angler can install malware onto your computer.
The three most-exploited plug-ins are Silverlight, Flash and Java. So you should check which plug-ins are installed in your browser and uninstall or disable them.
How to disable plug-ins
If you use Chrome, type "chrome://plugins/" into your search bar and press enter. If you want to disable them temporarily, just click “Disable.” If you receive messages on certain sites that you need to run these plug-ins, just follow the same instructions and press “Enable,” instead.
Firefox users should type "about:addons" into their browsers, then select “Plugins” at the left of the window. This will open a page that shows all of the plug-ins installed in Firefox. You can then choose whether you want to activate the plug-in always, never or after asking permission.
If you’re still using Internet Explorer (although you really shouldn’t be because Microsoft isn’t updating the browser anymore, leaving you even more vulnerable to attacks), click the Tools button, then select Manage add-ons. In Show, click All Add-ons, then select the particular add-on you want to turn off, hitting disable.
Safari users should click Preferences from the Safari menu, click the Security tab, then click the Plug-in Settings button. You can then turn the plug-ins on or off.
Microsoft Edge users don’t have to worry about plug-ins, because they’re not even available on the browser.
How to uninstall plug-ins
Since plug-ins are programs, you'll have to uninstall them the same way you would any other program.
If you’re a Windows 10 user, go to Settings > System > Apps & features and search for the plug-in you’re looking for. You can then select “Uninstall.” For earlier versions of Windows go to Control Panel > Programs and Features an select the program you want to uninstall and click on "Uninstall.".
Mac users have a few more steps for their process. Open Finder, then select “Go,” then “Computer,” and open your startup disk. The majority of users’ startup disk is called “Macintosh HD.” Open the Library folder and then the Internet Plug-ins folder. From there, you can right click on any of the plug-ins that are outdated or that you don’t use and send them to the trash.
For an added layer of security, check out our guide to the best antivirus software.
[Concept of network security via enzozo/Shutterstock]