ItsGeekToMe.co

Q: Had a pop-up from my Norton 360 that said I was connected to an “unsecured” net access site. Thing is, I was already on a secured site and hadn’t clicked on any other one when the message popped up. I couldn’t disconnect so I took the battery out of my lap-top. I’ve both Norton 360 and McAfee so how could this happen? Is there a way to avoid it in the future? Advice?

– Taxi T.
Fort Walton Beach, Florida

A:  Well, Taxi, it sounds to me like Norton 360 was correctly doing its job and warning you about what is called “mixed-mode content”.  You may believe you’re on a secure site, but there is much more going on here than meets the eye.

For a website to be truly “secure” your browser must connect to it using a secure version of the hypertext transfer protocol.  You can see if this is engaged simply by looking at the address bar of your browser, and seeing whether the URL there begins with HTTP or HTTPS.  If it has an S at the end, it is secure.  When present, it means that your connection to the indicated page is both encrypted and authenticated, and nobody between you and the distant website can unmask any of the data that are exchanged.

A warning such as the one you received indicates that not all of the content that was used to construct the web page image was delivered to your browser via that secure connection.  In the background, the page is drawing-in other resources, but doing so using the unsecure HTTP protocol.  Such content might include banner advertising, which is almost never delivered securely, page counters, background wallpaper, pictures, and more.  In these cases, the link to these resources (the instructions of where to go and fetch them) is delivered via the secure connection, but unless that link uses the secure protocol HTTPS, the content itself is delivered without the extra security.

Most web browsers will warn you about this so-called mixed mode content, but this warning can be disabled.  In fact, I provided instructions to do exactly that in a previous column (I.G.T.M. Issue 272, October 7, 2012), which is available on my website, and also contains a more in-depth discussion of mixed mode content.  If your browser didn’t warn you, but Norton 360 did, you might want to go back and check your browser’s security settings.

When you received that message, there might have been more information available to you. I wouldn’t be at all surprised to find that the dialog you referenced had a button or link labeled “Details” or “More information” which would have brought up the details of the non-secure content.  It is also possible that Norton 360 made a log entry with these details.  My point is that if the event is important enough to warrant popping-up a dialog to inform you that it occurred, it is probably also important enough to convey the details behind the message, even if that is not done overtly.  Sometimes you have to dig a little.

How to avoid it?  Well, there’s really not a way to control how the owner of a website puts the site content together.  Short of avoiding that site altogether, I can’t really tell you a way to avoid the problem.  My hope is that helping you to understand what it means will be enough to help you browse with confidence.