ALAN ZISMAN ON
TECHNOLOGY
Have you gotten this scary warning in your web browser?
By Alan Zisman © 2021-12-03
translated into Georgian by Ana Mirilashvili
A number of folks I know have gotten in touch concerned about getting a screen like this while trying to browse the Internet:
'Potential Security Risk Ahead' says Firefox.
Try to go to the same address in Google Chrome and you might see:
Scary, right? In both browsers, the blue default button simply backs away from the 'potential security risk' and there's no visible way to go ahead anyway.
(You may see differently worded scary messages depending on the web browser you're using (Chrome vs Firefox vs Safari, etc), your platform or operating system (Windows vs Mac, etc), whether you're browsing the web on a laptop or desktop computer, tablet, or phone - but they're all scary).
If that suddenly started happening when you tried to go to a web page that you'd accessed without problem in the past, you'd be worried, right? We all know there are dangers in browsing the Web.
And if not dangers, then scams - like the messages that many have seen (falsely) claiming that our computers are infected, and asking us to phone a number where you'll ultimately be asked to pay a couple of hundred dollars to remove non-existent malware. (See for instance the 2016 Microsoft Community discussion: Pop up message saying to call Microsoft Technical support for immediate help).
Both of the people who contacted me were worried - they'd both clicked on the Back option, but each imagined that there was a problem with their computer. Perhaps the computer was infected? Perhaps their operating system was too out of date? Did they need to buy a new computer?
For almost any mysterious tech problem, I suggest a few trouble-shooting steps:
-- Shut down the computer/tablet/phone, start up and try again. (A lot of people aren't sure how to shut down their device - turning off the screen (for instance, by briefly pressing the power button on a phone or tablet or closing the lid on a laptop) isn't enough. Find out how to shut down/restart your device! This cures a huge percentage of random problems. It even works with my car!
-- If it's a problem online, try using a different web browser. If you normally use Google Chrome or Firefox on your Windows PC or Mac, you have Microsoft Edge (Windows 10/11) or Microsoft Internet Explorer (Windows 7) or Safari (Mac) available... try going to the same place in that other browser. If it works, then the problem was with your original web browser. (Notice that I got similar warnings using both Firefox and Google Chrome and with Apple's Safari).
-- Or try on a different device - a different PC or Mac. Or your phone or tablet. (I got the same sort of warnings on my Mac (using Safari, Firefox and Chrome browsers), on my Windows PC (using Microsoft Edge browser) and on my iPad (using Safari)
-- If you suspect your device may be infected, run a scan. My prefered malware scanner is Malwarebytes - versions available for Windows, Mac, and Android. The free version is fine - the paid version runs automatically in the background, while the free version only scans when you manually run it. Let it clean up/quarantine/remove anything it wants.
None of the steps helped the folks reporting the scary black messages - but at least they let us know that Malwarebytes didn't think their computers were infected with anything.
I wondered whether this was the result of Chrome and other web browsers stepping up their war on the old http: web protocol - warning of potential security issues even when none exist - like the page you're reading right now. (See for instance: Google and HTTP). But not this time - the questionable web addresses started with the presumably safe https:.
So I pasted some of the text from the Google Chrome warning message into Google's search: "Attackers might be trying to steal your information". The first suggestion was a Google support page. It discussed how when trying to access an https web page, your web browser first asks for a digital certificate, which your browsers tries to validate. If the certificate isn’t set up correctly - for any of a number of reasons, "...this means data can’t be encrypted properly and therefore the site is unsafe to visit (especially those with logins or that process payment information). Instead of loading the site, it will deliver an error message, such as “your connection is not private.”
So the page you were trying to reach might have an out-of-date https certificate but actually be fine. Or it might be a problem. You might be okay viewing the page but might not want to trust entering your credit card information.
Reading between the lines: if you see this sort of warning message, the problem is not with your web browser, computer or device - it's an issue on the website's end.
You can choose not to go there, but feel secure that whatever the problem is, it's theirs, not yours!
If you get one of these scary-looking black warnings but want to go to the page anyway, you can still do so - knowing that there's a risk (but then, there's always a risk online!). Both the Firefox and Google Chrome messages have an Advanced button. If you click it, you'll see (in Firefox):
And in Chrome:
The default in both of these windows remains to Go Back. However, the Firefox message offers an option to Accept the risk and continue. And Chrome lets you Proceed to (your target location).
Both make it clear that your proceeding at your own risk. You may not want to enter credit card numbers or other personal information...
If you want, you can try this out (safely) for yourself... I found the same issue with an old link I'd saved to the Vancouver grocery delivery service Legends Haul - good quality food, but not cheap. That link - to https://shop.legendshaul.com/the-shop brought up the scary black messages. Clicking on the Advanced buttons and then proceeding to the page got me to a no-longer existing page on the Legends Haul website, showing a '404' error message. No infection, no huge problem. The correct current Legends Haul site is https://shop.legendshaul.com
The moral: the black warning messages look scary. And they may indicate a real problem - but with the website, not with your device.
If you're sure you're going to a legitimate web site, you may choose to proceed anyway.
But in any event, don't panic. (Feel free to get in touch).
Older blog postings....
Have you gotten this scary warning in your web browser?
By Alan Zisman © 2021-12-03
translated into Georgian by Ana Mirilashvili
A number of folks I know have gotten in touch concerned about getting a screen like this while trying to browse the Internet:
'Potential Security Risk Ahead' says Firefox.
Try to go to the same address in Google Chrome and you might see:
Scary, right? In both browsers, the blue default button simply backs away from the 'potential security risk' and there's no visible way to go ahead anyway.
(You may see differently worded scary messages depending on the web browser you're using (Chrome vs Firefox vs Safari, etc), your platform or operating system (Windows vs Mac, etc), whether you're browsing the web on a laptop or desktop computer, tablet, or phone - but they're all scary).
If that suddenly started happening when you tried to go to a web page that you'd accessed without problem in the past, you'd be worried, right? We all know there are dangers in browsing the Web.
And if not dangers, then scams - like the messages that many have seen (falsely) claiming that our computers are infected, and asking us to phone a number where you'll ultimately be asked to pay a couple of hundred dollars to remove non-existent malware. (See for instance the 2016 Microsoft Community discussion: Pop up message saying to call Microsoft Technical support for immediate help).
Both of the people who contacted me were worried - they'd both clicked on the Back option, but each imagined that there was a problem with their computer. Perhaps the computer was infected? Perhaps their operating system was too out of date? Did they need to buy a new computer?
For almost any mysterious tech problem, I suggest a few trouble-shooting steps:
-- Shut down the computer/tablet/phone, start up and try again. (A lot of people aren't sure how to shut down their device - turning off the screen (for instance, by briefly pressing the power button on a phone or tablet or closing the lid on a laptop) isn't enough. Find out how to shut down/restart your device! This cures a huge percentage of random problems. It even works with my car!
-- If it's a problem online, try using a different web browser. If you normally use Google Chrome or Firefox on your Windows PC or Mac, you have Microsoft Edge (Windows 10/11) or Microsoft Internet Explorer (Windows 7) or Safari (Mac) available... try going to the same place in that other browser. If it works, then the problem was with your original web browser. (Notice that I got similar warnings using both Firefox and Google Chrome and with Apple's Safari).
-- Or try on a different device - a different PC or Mac. Or your phone or tablet. (I got the same sort of warnings on my Mac (using Safari, Firefox and Chrome browsers), on my Windows PC (using Microsoft Edge browser) and on my iPad (using Safari)
-- If you suspect your device may be infected, run a scan. My prefered malware scanner is Malwarebytes - versions available for Windows, Mac, and Android. The free version is fine - the paid version runs automatically in the background, while the free version only scans when you manually run it. Let it clean up/quarantine/remove anything it wants.
None of the steps helped the folks reporting the scary black messages - but at least they let us know that Malwarebytes didn't think their computers were infected with anything.
I wondered whether this was the result of Chrome and other web browsers stepping up their war on the old http: web protocol - warning of potential security issues even when none exist - like the page you're reading right now. (See for instance: Google and HTTP). But not this time - the questionable web addresses started with the presumably safe https:.
So I pasted some of the text from the Google Chrome warning message into Google's search: "Attackers might be trying to steal your information". The first suggestion was a Google support page. It discussed how when trying to access an https web page, your web browser first asks for a digital certificate, which your browsers tries to validate. If the certificate isn’t set up correctly - for any of a number of reasons, "...this means data can’t be encrypted properly and therefore the site is unsafe to visit (especially those with logins or that process payment information). Instead of loading the site, it will deliver an error message, such as “your connection is not private.”
So the page you were trying to reach might have an out-of-date https certificate but actually be fine. Or it might be a problem. You might be okay viewing the page but might not want to trust entering your credit card information.
Reading between the lines: if you see this sort of warning message, the problem is not with your web browser, computer or device - it's an issue on the website's end.
You can choose not to go there, but feel secure that whatever the problem is, it's theirs, not yours!
If you get one of these scary-looking black warnings but want to go to the page anyway, you can still do so - knowing that there's a risk (but then, there's always a risk online!). Both the Firefox and Google Chrome messages have an Advanced button. If you click it, you'll see (in Firefox):
And in Chrome:
The default in both of these windows remains to Go Back. However, the Firefox message offers an option to Accept the risk and continue. And Chrome lets you Proceed to (your target location).
Both make it clear that your proceeding at your own risk. You may not want to enter credit card numbers or other personal information...
If you want, you can try this out (safely) for yourself... I found the same issue with an old link I'd saved to the Vancouver grocery delivery service Legends Haul - good quality food, but not cheap. That link - to https://shop.legendshaul.com/the-shop brought up the scary black messages. Clicking on the Advanced buttons and then proceeding to the page got me to a no-longer existing page on the Legends Haul website, showing a '404' error message. No infection, no huge problem. The correct current Legends Haul site is https://shop.legendshaul.com
The moral: the black warning messages look scary. And they may indicate a real problem - but with the website, not with your device.
If you're sure you're going to a legitimate web site, you may choose to proceed anyway.
But in any event, don't panic. (Feel free to get in touch).
Older blog postings....
| About This Blog... I've been writing about computers, software, Internet and the rest of technology since 1992, including a 17 year (1995-2012) stint as 'High Tech Office' columnist for Business in Vancouver. This blog includes thoughts on technology, society, and anything else that might interest me. Comments, emailed to alan@zisman.ca are welcome - and may be published in whole or part. You can follow me on Facebook for notice of new blog postings. |
 |