How to Build a Safe Turk Zone

Discussion in 'General' started by DCI, Jan 5, 2013.

  1. DCI

    DCI User

    Joined:
    Jan 4, 2013
    Messages:
    1,550
    Likes Received:
    0
    Hi. I am new to AMT and have only been doing HITs for about a week now. While I like a lot of things about it, the first thing that jumped out at me is how much of a security train wreck turking is. Links are not screened and workers are continuously following links that may or may not lead them to malicious sites. On top of that, a lot of tasks require additional software even though it is against the site's ToS. I'm not here to lecture anyone about what they should or shouldn't do though. I just thought I could provide some helpful tips to make tasks safer regardless of whether or not you are already careful. I have some experience with it, and I've been leeching off of the good HITs thread, so I figured its only fair.

    First off, everyone should understand that you don't have to download something intentionally in order to end up with malware on your computer. You can be exposed to bad things simply by following links, and there are really very few ways to avoid that without losing so much functionality of your browser that you wouldn't be able to do your tasks anyway.

    One way you can prevent malware is to use a more secure operating system than Windows. Both Mac and Linux OS are much more secure out of the box than Windows, and there is of course much much less malware that targets those OS in the first place. The down side to this route is that a lot of the various 3rd party helper scripts and software might no longer be available to you, and you also wouldn't be able to do anything that involved testing with software that is designed to be used in Windows. If that's not a big deal to you, then this is definitely the way to go in my opinion.

    Linux is free open source software that you can just download at any time. There are many different versions though. If you have no experience with it and have a system that's at least somewhat up with the times, I would go with Ubuntu. Its not my favorite, but its extremely easy to set up and fairly user friendly for someone that's new to it. You don't have to make a disk or anything. They have a windows installer that you can use to install Ubuntu right inside of windows and then just choose which you want to use when you boot up. You can get that here http://www.ubuntu.com/download/desktop/windows-installer If you're running on a very old junky computer, there are lots of minimal lightweight distros of linux that would be better. Out of those I would recommend Lubuntu. It works very well on computers with low resources and is pretty user friendly too. You'll have to actually make a disk and install on boot though.

    If you choose to use Windows to do your tasks, the best way to protect yourself from malware is by isolation. There's no way to completely prevent exposure, but you can quarantine and purge to protect your system. Two pieces of software that are free and effective at this are Sandboxie and Virtualbox.

    Sandboxie is a fantastic program that allows you to run any program inside of a quarantined area (the sandbox) and allow no interaction of that program with anything outside of the sandbox. So, if you run your browser inside of a sandbox and you are exposed to something malicious, your system still won't be affected, because anything that malicious process tries to do is just inside of a virtualization and not your real system. You have to specifically give something permission to come out. You can also set the sandbox to empty every time you use it, and even any changes that may have been caused to your browser itself will vanish.

    Chrome and IE both use some sort of watered down version of sand boxing that is more practical for everyday use, but nowhere near as secure as this. Also, as far as I know, Firefox has no sand boxing whatsoever.

    You can download Sandboxie here http://www.sandboxie.com/ (I would use the sandboxie mirror to avoid spam) and it is free to use. After 30 days there is a 5 second delay when you start a program with the free version, but its still very usable like that. There are a lot of different options you can mess with once you get used to it, but in the beginning all you really need to do is just make sure that you run your browser sandboxed when you're doing tasks or other risky things. You can also run any program you download inside of a sandbox or put addons on your sandboxed browser that will vanish when you're done with it.

    Virtualbox is a program that lets you install and run an entire virtual operating system inside of Windows (or Linux or Mac). By using this method you can create a devoted OS that you use only for tasks and that is completely isolated from the rest of your system. Virtualbox also has a built in feature that lets you take snapshots and save the machine state at any time, so you can even purge any malware that you may get inside of your virtual OS by reverting to the previous state.

    Virtualbox is free software from Sun/Oracle that you can download here https://www.virtualbox.org/ It would take a long time to do a full tutorlial, but basically the way it works is that you create a virtual hard drive and then install an operating system to it just like you would normally, except that its inside of the system you're using now. If you want Windows, then you just use your Windows disk, make a new Virtualbox, run the new box, and install Windows on it. You can make the drive as large as you want. Just pick dynamic allocation and it will expand and only take up as much room as you use. You might have to read up a little bit if you've never used it before, but really its pretty self explanatory once you get going, so I think it fine to just jump in and just Google if you hit a snag. Once you have it set up its easy as pie.

    Anyways, if you use one or more of these tools your computer will be much much more secure then if you just rely on some crappy antivirus and call it good. Your system is really exposed to a lot of potential danger, and at the same time you are using a real money account with sensitive information in it. Its worth the time investment to take simple steps to minimize your risk.

    Sorry if this has already been done before. I hope that its helpful.
     
  2. AlexeiRoquentin

    Joined:
    Dec 3, 2012
    Messages:
    1,873
    Likes Received:
    0
    You're a gentleman and a scholar.
     
  3. razorbacks0121

    Joined:
    Oct 1, 2012
    Messages:
    2,241
    Likes Received:
    0
    Sounds like an excellent article that has some valid points. I agree if you don't set up a safe zone while Turking, your space is defiantly at risk of intrusion. Although, we have to worry about problems other then malware/spyware, viruses, and etc. We are making money online. Thus dealing with things financially alone, can always leave you at risk while online. Make sure that you use different passwords, for Mturk, the forum, email, and etc. I even use a completely different email and password on every program that I run. As far as viruses and malaware, problems downloading things, etc. I haven't had a problem with that while Turking in over three years. I have the following on my work (Turk) computer. McAfee total protection, McAfee file protection, SpyBot spyware, Windows Defenfender, and a Password Locked complete storage.

    I also use a dynamic IP address, and it constantly changes along with my internal network IP Address. And make sure you keep them cookies cleaned out!
     
    #3 razorbacks0121, Jan 5, 2013
    Last edited by a moderator: Jan 5, 2013
  4. paulstead

    paulstead User

    Joined:
    Dec 11, 2012
    Messages:
    1,066
    Likes Received:
    0
    @DCI, good on you for making this, and if you don't mind, I'd like to pitch in as well.

    Sandboxie and VirtualBox are great options if you're somewhat tech savvy and have a general idea of what you're trying to accomplish. If you're not all that tech savvy, or you just don't like the idea of running some software, just to run more software inside of it, there's a few options that you have to keep you a little bit safer.

    I've only used Linux a handful of times, and I think I used a Mac OS about 15 years ago, so I'll just leave those alone. As far as Windows goes, the biggest thing that you can do to keep your computer safe? Run Windows Update. Make sure that it's scheduled to run and automatically download and install updates for you, or make sure that at least once a week you're checking for and downloading/installing new updates. These are more often than not patches and updates to security flaws or weaknesses in the Operating System. Any known flaws or vulnerabilities are patched via these updates. Also make sure that the Windows Security System doesn't show any flags or notifications.

    Things that you should do on a regular basis:

    Clean up your cookies, as razorbacks said. You can do that with CCleaner, which is available here: http://www.piriform.com/ccleaner/download

    To clean up anything you may have picked up throughout the week, you can use Spybot Search & Destroy: http://www.safer-networking.org/dl/
    And because not everything is perfect, typically anything that Spybot misses, Malwarebytes Anti-Malware will pick up: http://www.malwarebytes.org/products/malwarebytes_free/

    I can't offer any advice on Anti-virus software, simply because I don't use any other than the Microsoft software. I never have, and don't imagine that I ever will. I do know that anything with McAfee and Norton in the title are massive resource hogs, and AVG is terrible regardless of what your local Geek Squad says.

    Another good idea if you plan to use different passwords for things is KeePass. It's a password manager that will keep track of what sites your passwords go to, saves them in a password protected encrypted database for you, and will even generate random passwords like 2s#d3!35Gd$7Sxc!! for you. You can get it here: http://keepass.info/

    Lastly, the best advice I can give you? Buy an external hard drive and keep anything important on it. Photos, documents, tax information, etc. There's new viruses/spyware/malware created every day, and you never know when your "security measures" might just not be enough. I also format my computers once every 4 to 6 months. Anything longer than that and I feel like there's just too much stuff that I can't keep track of what all of it is, what all of it does, and whether or not I put it there.

    /rant
     
  5. DCI

    DCI User

    Joined:
    Jan 4, 2013
    Messages:
    1,550
    Likes Received:
    0
    I wouldn't say that you need to be very tech savvy to use Sandboxie, Vbox, or Linux. Its just like most things. The first time you use it, it will seem a little tricky since you don't know what you're doing, but after that you've got it made. I think they are the best choices (not that you can't do other things in addition), because they are the most foolproof and least maintenance. For example, you don't have to worry about your registry with any of these things, because it can't be altered in the first place.

    Sandboxie is probably the easiest method for anyone that is really worried that they will have problems figuring things out. When you install it you get a shortcut on your desktop to run your default browser sandboxed, and the default settings are pretty good, so you can just keep it like it is out of the box and its pretty good.

    Some distros of Linux are very user unfriendly for new users, but the one linked is pretty easy. You just run a web installer and reboot. Once its installed there is nothing at all to do as far as security goes. Its already fine as is. You might run into some snags here and there if you used it as your every day OS for everything, but if you just used it for tasks it wouldn't be any big deal.

    Virtualbox requires the most effort of the 3, so I wouldn't recommend that as much for anyone that doesn't mind spending a little bit of time with the initial setup and to familiarize.
     
  6. paulstead

    paulstead User

    Joined:
    Dec 11, 2012
    Messages:
    1,066
    Likes Received:
    0
    Just to be clear, I wasn't trying to take anything away from your suggestions or imply that I didn't agree with you. I agree with you completely, I just don't imagine the majority of the users on here, at least from what I've seen, would have much interest due to the effort involved, so I was just trying to give them some alternative options.

    Edit: I hate how the internet always makes me sound like an asshole, no matter how I word something. I am in no way trying to be a dick.
     
  7. DCI

    DCI User

    Joined:
    Jan 4, 2013
    Messages:
    1,550
    Likes Received:
    0
    No worries. I didn't take it that way, and I agree that keeping software up to date and using keepass are also very good things to do regardless of whether or not someone does tasks. One thing that is nice about isolation methods is that they can never be out of date.
     
  8. aphotic

    aphotic User

    Joined:
    Oct 31, 2012
    Messages:
    1,530
    Likes Received:
    0
    There's a lot of good information in this thread and you make some valid points, Paul. My mother does some Turking (mostly surveys) and she is not tech savvy at all, so I assume there are others like her. She had problems understanding the browser tab concept at first. She would definitely not be able to run a VM.

    In regards to anti-virus, Microsoft Security Essentials is a great real time protector and it's free. I've heard anecdotally that it has problems securing XP and Vista, so for those systems there is Avast antivirus, which is also free. Using those, Malwarebytes Anti-Malware (also free) and common sense, I've been able to keep our systems virus & malware free for years.

    The sad thing is that nothing is 100% safe, which is why it's important to keep backups as mentioned.
     
  9. ewd76

    ewd76 User

    Joined:
    Oct 8, 2012
    Messages:
    1,133
    Likes Received:
    0
    Norton came free with my cable provider. It does take a lot of resources, but it works well.
     
  10. paulstead

    paulstead User

    Joined:
    Dec 11, 2012
    Messages:
    1,066
    Likes Received:
    0
    Don't get me wrong, I wasn't implying that it didn't work, or that it worked any better than anything else. It's just a pig when it comes to resources. And it always gave me a lot of false positives. It's like an overprotective mother.
     
  11. j0sh

    j0sh User

    Joined:
    Nov 7, 2012
    Messages:
    627
    Likes Received:
    0
    Very valid points. Thank you DCI and Paulstead for your inputs. When I first started turking, I used to be very paranoid about safety. Had to update virus protection and check windows update first thing, and clean out the cache at the end. Now lately I just go with the flow and leave those things on autopilot. I still only follow links that I trust i.e. qualtrics, surveymonkey, etc... and I never install anything aside from inquist.

    If I could throw in my 2 cents about backups. I use sugarsync.com for some cloud storage which they are now offering up to 32GB's free. Not to shabby and great if you never have the time to pull out the dusty external HDD. I am sure there are others, but I prefer them. Easy to use.

    Yeah well she's our piggy and we love her :) http://www.youtube.com/watch?v=M8pISIZfWpI
     
  12. ewd76

    ewd76 User

    Joined:
    Oct 8, 2012
    Messages:
    1,133
    Likes Received:
    0
    I don't see that SugarSync has 32 GB free. I see 30 GB for $4.99 a month or $49.99 a year. You can get a 30 day free trial.
     
  13. j0sh

    j0sh User

    Joined:
    Nov 7, 2012
    Messages:
    627
    Likes Received:
    0
    Hmm seems things have changed a bit on the web page. I have been using them for a couple of years and I ever really just use the client. Sorry.

    Try this. Go to the plans page https://www.sugarsync.com/plans/ and look at the bottom for the 5GB free plan. From there you can download and install the client. On the client in the bottom left corner it states up to 32 GB free. OFC there is a catch as you need to help sign up some folks but there are creative ways around that.
     
  14. shariqueahmer

    shariqueahmer Banned

    Joined:
    Jul 15, 2012
    Messages:
    223
    Likes Received:
    0
    damn it. missed the boat. should have taken that computer course.
     
  15. 2muchTurkin

    Joined:
    Jul 19, 2012
    Messages:
    1,281
    Likes Received:
    0
    Very nice information =] I myself have switched to Linux Mint and it works great. Installation is a breeze and it installs right next to windows so you have a dual booting option. My computer runs twice as fast as well. Happy safe turking everyone!
     

Share This Page