Subscriber & Member Login

Login, or register today to interact in our online community, comment on articles, receive our newsletter, manage your account online and more!

So how secure is cstrains.com

1785 views
27 replies
1 rating 2 rating 3 rating 4 rating 5 rating
  • Member since
    December, 2007
  • From: Gateway City
  • 1,535 posts
So how secure is cstrains.com
Posted by yankee flyer on Monday, May 15, 2017 6:07 PM

Hey Guys

I use FireFox and Microsoft. FireFox always warns me that this is not a secure site.

I have Kaspersky as an anti virus protection.

Due to health issues I don't do much model train stuff,but I do enjoy the forum greatly.

So what gives? Are we protected or what?

Thanks

Lee

 

  • Member since
    October, 2006
  • From: Western, MA
  • 7,354 posts
Posted by richg1998 on Monday, May 15, 2017 6:12 PM

Probably anti virus Software. I get that here, the MRH train forums and a couple other sites. Not a big deal. Started happening a couple months or so with Windows laptop PC.

Does not happen to my iPhone, iPad or Linux laptop. Linux laptop uses Firefox as does my W10 laptop. Linux does not need anti virus.

Rich

N

  • Member since
    September, 2013
  • 1,506 posts
Posted by caldreamer on Monday, May 15, 2017 6:26 PM

I am paranoid about my computers security having retired from the U.S. Government. Every time I get a warning about a site I IMMEDIATLY back out and DO NOT proceed.  I know every trick in the book about cyber security and do not trust any site or email the I do not know.  If you are using amy of the Microsoft operating systems BEWARE, they are full of security holes that are very easy to exploit. Remember NO computer is totally secure.  There are things that you can do to protect your computer.  I use them all and still am very, very careful and wary of the internet.

  • Member since
    September, 2003
  • 9,207 posts
Posted by mlehman on Monday, May 15, 2017 6:44 PM

caldreamer
Remember NO computer is totally secure.

True, but...

It's a Firefox permissions thing. I ignore it. You can adjust your security settings and never have to see it again, probably.

My take on it is that it's more a matter of full disclosure than any imminent security threat that Firefox is warning about. The connection being used isn't up to the current standard of encryption on the web is all it rerally is.

It COULD be compromised, but that's more theorertical than a practical threat.

When hackers can get folks to open their virus-laden packages via some simple human engineering tricks (play of the day here was Subject lined "Congrats Mike, Open Immediatly" and it was supposedly from McDonalds. I've never given McDonald's my email and doubt they have any reason to send me a file I must open immediately...) why bother with having to go to that much trouble to get what you need,

Mike Lehman

Urbana, IL

  • Member since
    June, 2003
  • From: Culpeper, Va
  • 7,516 posts
Posted by IRONROOSTER on Monday, May 15, 2017 6:48 PM

I don't get warnings on this site.

But yes, I also stay from sites that are iffy, have protection, do backups, and monitor my financial accts regularly.  Don't open suspicious emails.  Etc. Etc.....

It's the world we live in.

Paul

If you're having fun, you're doing it the right way.
  • Member since
    February, 2005
  • From: Vancouver Island, BC
  • 20,840 posts
Posted by selector on Monday, May 15, 2017 7:04 PM

I never get any warnings, and have never had an issue with security here or on any other forum.  However, it seems I'm always reading posts in other forums from people asking why they're getting pop-ups of a certain kind.  The answer is that you have information sharing with google, microsoft, youtube, and about 250 other sites with large server farms who need advertising revenue.  When you go to their site after researching wearable tech at bestbuy, guess what ads you'll see if you don't have ad blockers.  No, seriously, take a wild guess.  It won't be ads for Q-Tips and nail polish remover.

Some security providers offer to prescreen sites to help protect their clients who enable that function. 

Too many careless people who insist they're among the best multi-taskers are propagating these viruses by doing too many things at once.  If they'd just take the time to actually think about what the email offers, and what its provenance is, they'd simply delete them...or at least do a scan of the attachments.

Run updates automatically.  Win 10 does a good job of keeping my system and all its various downloads and apps up to date.  Think Java and Adobe, for examples.

Keep a secondary security scanner up to date.  malwarebytes, spyhunter, superantispyware, and bitdefender are examples. 

I run CryptoPrevent from foolishit .com.  It's free, so like malwarebytes' free stuff, you must update manually once a week or so.  But it runs in the background and interdicts when your computer is attacked by ransomware.  Last November was my last attempt, according to my log.

  • Member since
    October, 2005
  • 725 posts
Posted by betamax on Monday, May 15, 2017 7:17 PM

False positives are always a problem.  Sometimes your software is out of date and that causes it.  Or a plugin has issues. No method is perfect either.

Keeping your software up to date goes a long way.  Adblockers are good too. Setup your firewall, on your computer and your router (if it has one.)  

Install a good virus checker and keep it up to date! Too many don't bother, or they get the "free trial" version and leave it at that. Some will prevent redirects and warn you something is questionable on a web page, so you can make a decision.

Clearing out your cookies regularly is a good practice, and setting privacy permissions regarding them is a good idea too.

You can only do so much.  If you are running mswindows, your computer will be under assault within minutes of connecting to the internet.  There is only one solution to that issue.

 

 

  • Member since
    October, 2006
  • From: Western, MA
  • 7,354 posts
Posted by richg1998 on Monday, May 15, 2017 7:21 PM

I use to use AVG free anti virus but switched to malwarebytes about a year ago on my W10 PC.

Rich

N

  • Member since
    December, 2015
  • 1,988 posts
Posted by BigDaddy on Monday, May 15, 2017 7:31 PM

In Firefox to the left of the web addy for this page is an "i" in a circle. 

If you click on that it says connection not secure.  If you click right arrow and more info you see this page.  If my post on my Proto 2000 GP9 is not encrypted, I can live with that.

Henry

COB Potomac & Northern

By the Chesapeake Bay

  • Member since
    November, 2015
  • 23 posts
Posted by JimL on Monday, May 15, 2017 7:38 PM

yankee flyer

Hey Guys

I use FireFox and Microsoft. FireFox always warns me that this is not a secure site.

I have Kaspersky as an anti virus protection.

FWIW ...... The other day, I was watching the US Senate Intelligence Committee meeting. The Chairman asked the heads of our intelligence agencies if they would have Kaspersky Labs software on their computers. All gave a resounding "no."

  • Member since
    January, 2009
  • From: Maryland
  • 6,430 posts
Posted by ATLANTIC CENTRAL on Monday, May 15, 2017 8:10 PM

I use Google Chrome and Verizon/McAfee which comes with my Fios service - no problems here.

Sheldon

    

  • Member since
    February, 2005
  • From: Vancouver Island, BC
  • 20,840 posts
Posted by selector on Monday, May 15, 2017 8:53 PM

According to the techies from whom I purchased my last PC, the best antivirus softward out there is Windows Defender.  The guy told me not to purchase any others...they don't match Defender, which comes alredy bundled with your Windows product.

  • Member since
    May, 2010
  • 1,680 posts
Posted by mbinsewi on Monday, May 15, 2017 9:10 PM

I use Fire Fox, Windows 7 professional, and I agree with Mike Lehman.  I can still log in, and it shows up on other forum sites, like MRH.  It's a Fire Fox thing.  Fire Fox also does not support Java, as they feel they have better alternatives, so Java updates don't work on Fire Fox.

I use ESET, 8.0.30, and have had no problems.

Mike.

  • Member since
    September, 2003
  • 9,207 posts
Posted by mlehman on Monday, May 15, 2017 9:21 PM

JimL

 

 
yankee flyer

Hey Guys

I use FireFox and Microsoft. FireFox always warns me that this is not a secure site.

I have Kaspersky as an anti virus protection.

 

 

FWIW ...... The other day, I was watching the US Senate Intelligence Committee meeting. The Chairman asked the heads of our intelligence agencies if they would have Kaspersky Labs software on their computers. All gave a resounding "no."

 

It's probably safe to say that the security/anti-virus needs of the heads of US intel agencies are probably somewhat different than the average model railroader. Kapersky is a Russian company, but has a long reputation as good and effective anti-virus consumer program. I'd rather hope that the US intel chiefs use something other than an off-th-shelf consumer product no matter who makes it.

Mike Lehman

Urbana, IL

  • Member since
    November, 2015
  • 23 posts
Posted by JimL on Monday, May 15, 2017 10:09 PM

mlehman

 

 
JimL

 

 
yankee flyer

Hey Guys

I use FireFox and Microsoft. FireFox always warns me that this is not a secure site.

I have Kaspersky as an anti virus protection.

 

 

FWIW ...... The other day, I was watching the US Senate Intelligence Committee meeting. The Chairman asked the heads of our intelligence agencies if they would have Kaspersky Labs software on their computers. All gave a resounding "no."

 

 

 

It's probably safe to say that the security/anti-virus needs of the heads of US intel agencies are probably somewhat different than the average model railroader. Kapersky is a Russian company, but has a long reputation as good and effective anti-virus consumer program. I'd rather hope that the US intel chiefs use something other than an off-th-shelf consumer product no matter who makes it.

 

Nope.

Again, FWIW .... they were talking about all of our PC's. It was at the end of the recent Russian investigation committee hearing, when the off-the-cuff question was asked.

I thought they were all serious. Quite serious.

Happy Railroading.

  • Member since
    March, 2009
  • From: Just south of the drift ice barrier
  • 9,610 posts
Posted by Sir Madog on Tuesday, May 16, 2017 12:06 AM

It´s definitively a Firefox issue. I had this last year, when this message appeared out of the blue.

Make sure you are using the latest release of Firefox - that should solve the problem.

   Ulrich     

People of my age don´t tan, they simply rust!


  • Member since
    August, 2004
  • 502 posts
Posted by pajrr on Tuesday, May 16, 2017 2:28 AM

Be careful...There are radical groups that plan to hijack everyones DCC systems and cause thousands of model train crashers...Oh the Humanity!

  • Member since
    June, 2009
  • From: QLD, Australia
  • 993 posts
Posted by tbdanny on Tuesday, May 16, 2017 4:20 AM

selector

According to the techies from whom I purchased my last PC, the best antivirus softward out there is Windows Defender.  The guy told me not to purchase any others...they don't match Defender, which comes alredy bundled with your Windows product.

Is this chap being paid to sell or promote Microsoft products? There are better products out there, as rated by multiple independant organisations (E.g. PCMag, TrustedReviews).  One article looking at it is here.  As such, I don't think that this advice is impartial.

One of the first things I do when setting up a new computer is to replace Defender with better software.  I usually use AVG (free version) for antivirus, and Spybot for anti-spyware.

The Location: Forests of the Pacific Northwest, Oregon
The Year: 1948
The Scale: On30
The Blog: http://bvlcorr.tumblr.com

  • Member since
    October, 2001
  • From: OH
  • 15,825 posts
Posted by BRAKIE on Tuesday, May 16, 2017 6:49 AM

While I update my antivirus daily and do daily virus scans I'm not overly concern because I have no personal or banking information on this computer. I don't open up junk mail period or those "Your PayPal account" phishing scares..

Really? Guest again its not on this e-mail addy.

Alas,no call from the IRS threating to take me to court.Crying 

If that call comes...Mischief

Larry

SSRy

Conductor

  • Member since
    December, 2007
  • From: Gateway City
  • 1,535 posts
Posted by yankee flyer on Tuesday, May 16, 2017 8:02 AM

Thanks Guys for all the input.

Even though I do get phone calls from the IRS Whistling  telling me I have to pay them I just hang up.

I have had someone tell me it's the typ of site that doesn't support encription

I suppose we just keep our fingers crossed.

Thanks

Lee

 

  • Member since
    September, 2003
  • 9,207 posts
Posted by mlehman on Tuesday, May 16, 2017 9:55 AM

yankee flyer
I have had someone tell me it's the typ of site that doesn't support encription

That'a pretty much what it is.

No big secrets here...Wink

Mike Lehman

Urbana, IL

  • Member since
    August, 2006
  • From: Franconia, NH
  • 2,612 posts
Posted by dstarr on Tuesday, May 16, 2017 10:10 AM

Well, the obvious thing is that anyone can read everything you post here.  All the snoopy ones need to do is sign up as a member, which is trivial.  So the intelligent person does not make post confessing to crimes, or even just badmouthing others. 

   The data encryption issue is new to me.  Firefox 51 and Windows XP don't complain on my computer.  Since data transmission is brief, a snooper would have to be monitoring your line 24/7 to catch anything.  And all they would learn is what posts here you viewed, which seems pretty harmless to me.  And if anyone is monitoring my web traffic 24/7 I got bigger troubles.

   Any website can attempt mischief such as planting ads,  running code on your machine, changing your default browser, and other bad things.  I've never noticed this website (trains.com) ever doing anything like that, and I have been a member for some years.  I don't worry about it. 

   General computer survival skills will try to protect you from all the crap running around the Internet.  I'm told that a new computer will be attacked withing 10 minutes of going on line.  And Windows is like swiss cheese, full of holes the malware can work thru. 

   My list of things to do;

1.  Don't use Internet Exploder, it is especially vulnerable.  Use any other browser (Firefox, Chrome, etc).

2.   Have an anti malware program or two.  Malwarebytes, AVG, Spybot, and for really tough cases, Combofix.  Run them now and then, say monthly.

3.   Do your patches.  MicroSoft and every one else issue patches on a regular basis.  Download and apply them, or turn on Windows Update and it is sipposed to do it automatically. 

4.  Do some backup.  CD's are cheap.  Do some house keeping.  Uninstall programs you don't use and never plan to use.  Run CCleaner to find and zap junk files.  The malware has to live on disk somewhere, the more junk files clutter up the disk, the more cover they give to malware. 

Good luck.  Happy web surfing.

 

  • Member since
    February, 2005
  • From: Vancouver Island, BC
  • 20,840 posts
Posted by selector on Tuesday, May 16, 2017 12:54 PM

tbdanny

 

 
selector

According to the techies from whom I purchased my last PC, the best antivirus softward out there is Windows Defender.  The guy told me not to purchase any others...they don't match Defender, which comes alredy bundled with your Windows product.

 

 

Is this chap being paid to sell or promote Microsoft products? There are better products out there, as rated by multiple independant organisations (E.g. PCMag, TrustedReviews).  One article looking at it is here.  As such, I don't think that this advice is impartial.

One of the first things I do when setting up a new computer is to replace Defender with better software.  I usually use AVG (free version) for antivirus, and Spybot for anti-spyware.

 

Probably NOT impartial, but then the page you linked to is sponsored.  So, probably NOT impartial.

However, I do run Kaspersky, and I have always been suspicious that Windows Defender might not be up to snuff.  I had an incident shortly after dropping my previous security system and felt that Windows Defender had let me down. Kaspersky has served me very well for over two years now.  So, I am inclined to agree with you...it works, not the best, and some others are demonstrably better.  If you don't want to spend the money on annual subscriptions, it will suffice for the most part. 

  • Member since
    February, 2008
  • From: Potomac Yard
  • 1,756 posts
Posted by NittanyLion on Tuesday, May 16, 2017 1:09 PM

JimL

 

 
mlehman

 

 
JimL

 

 
yankee flyer

Hey Guys

I use FireFox and Microsoft. FireFox always warns me that this is not a secure site.

I have Kaspersky as an anti virus protection.

 

 

FWIW ...... The other day, I was watching the US Senate Intelligence Committee meeting. The Chairman asked the heads of our intelligence agencies if they would have Kaspersky Labs software on their computers. All gave a resounding "no."

 

 

 

It's probably safe to say that the security/anti-virus needs of the heads of US intel agencies are probably somewhat different than the average model railroader. Kapersky is a Russian company, but has a long reputation as good and effective anti-virus consumer program. I'd rather hope that the US intel chiefs use something other than an off-th-shelf consumer product no matter who makes it.

 

 

 

Nope.

Again, FWIW .... they were talking about all of our PC's. It was at the end of the recent Russian investigation committee hearing, when the off-the-cuff question was asked.

I thought they were all serious. Quite serious.

Happy Railroading.

 

Its both.  

Sensitive government systems don't use off the shelf software and intelligence has to be over-cautious.  The country of origin isn't particularly relevant, as an avenue for a threat.  I was at a crisis simulation a few years back, where the event was a massive cyberattack and the breach was an American employee at an American company, in a US manufacturing plant, that enabled the attack.

  • Member since
    December, 2009
  • From: Michigan
  • 302 posts
Posted by lifeontheranch on Tuesday, May 16, 2017 1:40 PM

Don't freak out about the site not secure warnings. It is part of the general Internet migration trend from http to https (SSL/TLS) that is in progress. It is encryption of the data transfer between browser and server. Read about it here if you are really bored: https://en.wikipedia.org/wiki/Transport_Layer_Security

Encryption is essential if sensitive data is being transferred such as banking and shopping. For a web site like MRR the only semi-sensitive data you transfer is your username and password. In the unlikely event those get sniffed by an evil bot, nothing really bad will come of it assuming you don't use the same UN/PW on other sensitive sites.

Recently Firefox (ver 51 onward) and Chrome (ver 56 onward) began automatically displaying a message anytime user info is about to be sent via http. IE is only used to download a real browser so I have no idea what it does. Firefox displays a lock icon in the address bar (green or slashed gray) and a text warning at the data field. Chome displays a text warning in the address bar. You can see if a site uses encryption by looking at the address bar. Encrypted transmissions will have https:// whereas unecrypted will have http:// or nothing at all in front of the site URL. If you have the need to validate a site's security credentials you can do so here: https://cryptoreport.websecurity.symantec.com/checker/

cs.trains.com does not have a SSL certificate and is not https hence you get the warnings. Doesn't matter though. It is just a forum. No nuclear secrets being transferred.

 

  • Member since
    April, 2015
  • 57 posts
Posted by DRfan on Thursday, May 18, 2017 10:30 AM

[quote user="lifeontheranch"]

Don't freak out about the site not secure warnings. It is part of the general Internet migration trend from http to https (SSL/TLS) that is in progress. It is encryption of the data transfer between browser and server. Read about it here if you are really bored: https://en.wikipedia.org/wiki/Transport_Layer_Security

Encryption is essential if sensitive data is being transferred such as banking and shopping. For a web site like MRR the only semi-sensitive data you transfer is your username and password. In the unlikely event those get sniffed by an evil bot, nothing really bad will come of it assuming you don't use the same UN/PW on other sensitive sites.

Recently Firefox (ver 51 onward) and Chrome (ver 56 onward) began automatically displaying a message anytime user info is about to be sent via http. IE is only used to download a real browser so I have no idea what it does. Firefox displays a lock icon in the address bar (green or slashed gray) and a text warning at the data field. Chome displays a text warning in the address bar. You can see if a site uses encryption by looking at the address bar. Encrypted transmissions will have https:// whereas unecrypted will have http:// or nothing at all in front of the site URL. If you have the need to validate a site's security credentials you can do so here: https://cryptoreport.websecurity.symantec.com/checker/

cs.trains.com does not have a SSL certificate and is not https hence you get the warnings. Doesn't matter though. It is just a forum. No nuclear secrets being transferred.

 

Exactly, Chrome also identifies this as an unsecure site which it is.  One comment, while this is just a forum, hackers can gain access to harvest e-mails and possibly passwords.  If folks use the same password or their e-mail as their userid on multiple sites including those that are important (such as your bank, credit card or say an account at your perferred online hobby dealer), it could be a real problem.
 
As far as Kaspirsky goes, I have used it for over 12 years.  I have found Symantic and other popular anti-virus program to be extremely memory hungry and almost impossible to fully uninstall from your system (they tend to burrow themselves in the PCs registry).  
  • Member since
    February, 2007
  • From: Shenandoah Valley The Home Of Patsy Cline
  • 1,768 posts
Posted by superbe on Thursday, May 18, 2017 11:46 AM

I don't know the reason why, but I have had no warnings and I use both MS Edge and Chrome.

My security is with Windows Defender, Malware, and McAfee.

Bob

  • Member since
    December, 2009
  • From: Michigan
  • 302 posts
Posted by lifeontheranch on Thursday, May 18, 2017 12:28 PM

DRfan
Exactly, Chrome also identifies this as an unsecure site which it is.  One comment, while this is just a forum, hackers can gain access to harvest e-mails and possibly passwords.  If folks use the same password or their e-mail as their userid on multiple sites including those that are important (such as your bank, credit card or say an account at your perferred online hobby dealer), it could be a real problem.

Precisely. That is why I said "In the unlikely event those get sniffed by an evil bot, nothing really bad will come of it assuming you don't use the same UN/PW on other sensitive sites." Reusing usernames and passwords across different sites is a really, really bad idea. It practically invites trouble. Want to see something scary? Go to the below site and try entering your email address or usernames.

https://haveibeenpwned.com/

 

Subscriber & Member Login

Login, or register today to interact in our online community, comment on articles, receive our newsletter, manage your account online and more!
Popular on ModelRailroader.com
Model Railroader Newsletter See all
Sign up for our FREE e-newsletter and get model railroad news in your inbox!
ADVERTISEMENT
ADVERTISEMENT

Search the Community

ADVERTISEMENT
Find us on Facebook