Re: Good Browsing Hygiene, was: Kaspersky antivirus, how accessible?
I am not aware of any such command in screen-readers to hover the mouse and announce the text that results. You may be able to hover the mouse by routing it to the link, using the move mouse to object navigation item but I don't recall any screen-reader automatically reading anything when the underlying link is shown. Again, You may be able to move to it and read it but I haven't investigated it to any extent.
I assume that every e-mail I get claiming to be from anyone legitimate that wants me to do something to approve something such as a card, or to submit information concerning my e-mail account or click on a link or open an attachment is spam and is malicious unless I am expecting something from a specific person or entity in advance. If you aren't sure, contact the person or organization and ask. Use the actual address. Don't follow a link or use an address in a message to contact the person.
If you read mail as html, it is better not even to open such messages. Malicious code may be embedded in the html that may try to run. I read all mail as plain text except for a newsletter I get that must be read in html to be able to follow links that are names of articles. If you read mail as plain text, nothing can run.
Also, using sites you expect to be safe and avoiding porn sites does not mean you won't be exposed to malicious code. Reputable
sites may be hacked or advertising on such sites may be hacked.
For that reason, I don't allow scripts to run except on sites where I intentionally want them to run. Firefox has an add on, noscript, that allows such control. I haven't played with it much and I don't know what is involved using it. But if it is at all complex, my recollection is that there is one simple command that allows you to turn blocking on when you want it on and off when you want it off.
If you can't do something on a site when it is blocked, turn blocking off and then reload the page. You will need scripts to run on many sites. But on many, such as on a lot of newspaper sites or others where all you want to do is read articles, you won't. Sites may load faster if scripts are off as another benefit.
Ari Sepulveda asked, "So, what exactly does good browsing hygiene entail? I've heard a lot about this over the years, but I've never really understood what it means."
This is an excellent question that has no absolutely precise answer, but there are some general guidelines.
Most of "good browsing hygiene" revolves around analyzing what you're clicking on before you click on it, most specifically links. These days, and for legitimate reasons, most links are not presented as what I call naked links, in full http plus address format, but using click through text. This is very convenient, as it tells you much more about what the intended point of clicking is, but it can also mask attempts to get you to click on something that "looks legit" but is intended to take you somewhere that will infect your machine with malware or spyware.
The first thing you need to do before even thinking about clicking any link is to, "Consider the source," as far as the person or entity who provided it to you. If you are browsing the New York Times website, or Amazon to shop, or eBay, or an e-mail message sent to you by a person you know or a company you do business with that doesn't set off your "something's not quite right about this message" radar, you can be quite safe in assuming that clicking links in those circumstances will be perfectly OK. One could drive oneself crazy checking each and every link one clicks when the chance of a malicious one coming from "a legitimate source" is really quite small. If you have any suspicion, then do double check. I know that there is some way, when you are sitting on a link presented via click-through text, to make your screen reader actually read the "naked" version of the link itself. When I hover over one the "naked" version of the link shows up in the status bar at the bottom of my web browser, but I'm somehow missing how to make NVDA read that information. The same things shows up there if I use the INSERT+F7 feature, list links, and then "Move To" a given link.
If you have any reasonable suspicion that a link might not be taking you where you think it might, it's worth getting the "naked" version of the link announced. If you have a link, for instance, that appears to be taking you to an eBay item listing, but when you have it announced doesn't include "rover.ebay.com" or "ebay.com" anywhere in the link you can almost be assured that someone's trying to take you down the garden path, and said garden won't be full of anything but cyber-weeds. This idea applies generally in that you can get a sense of whether you recognize where a link wants to take you. Here's a real-world example taken from the Spam folder of my own e-mail account (which was put there because Google's filter's already identified it as a suspicious e-mail). Let's presume it didn't get filtered, though. That e-mail has the title, "Attn:Your CVS ExtraCare-Store Card(s), Has Just Been-Updated. Must Be Confirmed by April 10th. #4413" The title itself should arouse suspicion, since it uses syntax (the parenthesis s is one give away, the weird hyphens another, and the "#4413" at the end a third), and it does. It contains a link where the click-through text reads, "Go Here to Confirm Your New CVS Extra-Care Reward-Card." First, the link itself is suspicious because it spells Extra Care as two words with a hyphen between (and, I know, this may not be something obvious if you can't see it, but I want to include all hallmarks) when CVS itself always uses a single word, ExtraCare, with the E and C capitalized, when referring to its program. It has a hyphen between reward and card, which is completely unnecessary, and it uses the singular while the message title used the parenthesis S bit. Finally, if you take yourself to that link and hover over it, what you get shown is a URL that is only 10 characters long and has CVS nowhere to be seen. All of these things tell you that someone is trying to take you somewhere and to get you to do something you should not be doing. In this case I'd suspect it's trying to get you to enter personal information as part of an identity theft scheme, but there's no way I'm clicking to find out.
What it boils down to is to, "Consider the source," take a closer look if the source may be OK but also might not be, and never to click unknown links from unknown sources, period.
Also, avoiding things like porn websites (not all are spyware/malware havens, but many are) or clicking through on anything in a pop-up that didn't clearly pop-up because you did something where a pop-up window would be expected, e.g., clicked on an "edit your contact information" button and the contact information comes up in a pop-up window, all of which you're doing on a website you already know to be legitimate.
Reasonable caution and looking out for yourself rather than trusting and/or falling prey to "Ooooooh, shiny!" syndrome in terms of clicking random links without seeing if they appear legitimate first. This forms the basis of good browsing hygiene.