Your browser is your window to the web...and the door in...
Today, web browsers such as Google Chrome, Internet Explorer, Mozilla Firefox, and Apple Safari (to name a few), are installed on almost all computers. Because web browsers are used so frequently, it is vital to configure them securely. On this page I will take you through the basics of keeping your browser secure.
Often, the web browser that comes with an operating system is not set up in a secure default configuration. Not securing your web browser can lead quickly to a variety of computer problems caused by anything from spyware being installed without your knowledge to intruders taking control of your computer.
Ideally, computer users should evaluate the risks from the software they use. Many computers are sold with software already loaded. Whether installed by a computer manufacturer, operating system maker, Internet Service Provider, or by the shop you purchased it at, The first step in assessing the vulnerability of your computer is to find out what software is installed and how one program will interact with another.
Unfortunately, it is not practical for most people to perform this level of analysis. There is an increasing threat from software attacks that take advantage of vulnerable web browsers. I have observed a trend whereby new software vulnerabilities are exploited and directed at web browsers through use of compromised or malicious web sites.
This problem is made worse by a number of factors, including the following:
- Many users have a tendency to click on links without considering the risks of their actions. Web page addresses can be disguised or take you to an unexpected site.
- Many web browsers are configured to provide increased functionality at the cost of decreased security.
- New security vulnerabilities may have been discovered since the software was configured and packaged by the manufacturer.
- Computer systems and software packages may be bundled with additional software, which increases the number of vulnerabilities that may be attacked. Third-party software may not have a mechanism for receiving security updates.
- Many web sites require that users enable certain features or install more software, putting the computer at additional risk.
- Many users do not know how to configure their web browsers securely.
- Many users are unwilling to enable or disable functionality as required to secure their web browser. As a result, exploiting vulnerabilities in web browsers has become a popular way for attackers to compromise computer systems.
Since you can't depend on your browser being completely secure, your browsing habits have to be more secure. The most common internet browsers enable you to manage your settings such as allowing and blocking selected websites, blocking pop ups and browsing in private.
Respective browsers will tell you to do this in slightly different ways, so I recommend that you visit the security and privacy section of their websites, or the help area of the browsers themselves.
Some browsers also have the ability to identify fraudulent websites by default. Always ensure that you are running the latest version of your chosen browser that your operating system will support and always download and install the latest updates for that browser.
Web browsers are one of the most prevalent ways of access information on the Internet. They have become one of the most popular applications that you will find on a computer. However, due to the way web browsers work as well as their popularity, they have become targets for hackers and other cyber crooks who would like to take control of your computer and steal your data.
The most important thing to remember about cyber security is that people using their touchpad or mouse (you) are the last line of defence. Technologies such as anti-virus, safe browsers, firewalls, or anything else cannot help if you click on the wrong link or visit the wrong web site. In the world of superhero movies, every bad guy is an evil genius.
On the internet hackers, spammers, and phishers may be evil, but they're not required to be geniuses. They can make a healthy living just by exploiting known security holes that many users haven't bothered to patch or by relying on the propensity of millions of people to do things they've been told over and over not to do.
The upside is that you don't have to be a genius to avoid these common attacks either. Implement a few simple fixes, and you'll avoid most of the bad stuff out there.
The most insidious hijacked web pages are nearly impossible to spot. Tiny snippets of inserted code that don't display on the page can nevertheless launch devastating behind-the-scenes attacks. Trying to avoid such pages on your own is asking for trouble, especially since crooks like to hack popular sites - attacks against the site for Sony games is a well-known example.
New site-blocking features in Internet Explorer, Firefox and Opera for example provide some shielding. Those browsers expand on their previous anti-phishing features to block known malware sites as well, whether they're hijacked pages on legitimate sites or sites that were specifically created by cyber crooks. No browser completely eliminates the risk of landing on such pages, but every additional layer of protection helps.
Below, you will find some tips to help you safely browse the Internet.
- Ensure you have effective and up to date antivirus/antispyware application and firewall running before you go online. There are links to the most popular on the links page
- Don't rely on your browser to protect you from malicious websites. Browsers only warn you about sites but cannot stop you from going there. Even if you have high security settings and anti-virus software, visiting a risky web site can result in viruses, spyware or worse.
- Protect your online passwords by using different passwords for each site you are registered with. At a minimum, do not use the same password you use at work or on your bank for websites that are not as important - like. a newspaper site or similar. You can store your online passwords in a secure password escrow tool like 1password (Mac) or Roboform (Windows)
- Beware of windows or pages that prompt you to click a link to run software. Malicious web sites can create prompts that look like messages from your browser or computer. If you see a pop-up you think is risky, go to the company's web site for scans and downloads.
- When you use a search engine be very careful of the result you click on. Hackers use legitimate looking topics to trick you into clicking. Scrutinize the URL to ensure you are going to a legitimate web site. Watch for shortened URLs, and numbers, hyphens or special characters in a URL. Scammers manipulate URLs to trick users.
- Be wary of URL's posted in Facebook or sent via email. Use a search engine to identify the actual URL and check it against the one sent to you. If you use Firefox, consider installing the Add-on Adblock to reduce the number of adverts that show on the websites you visit..
- Do NOT give out personal information (identity or financial) unless absolutely sure that you need to - and, in that case, make sure it is over an encrypted link - https instead of http in the browser navigation bar as discussed on the websafety page
- Don't provide personal information to get something free online. Criminals may use this data to break into personal or work accounts.
- Don't click on any links from people you don't know, and always copy & paste links from an email to your browser from people you do know.
- Do NOT click on links in email. Sometimes a malicious site address is hidden in the link.
- Never trust free content. Free movie, music and video downloads often include pirated content and just as often this content contains viruses and malware.
- If you are using a web browser on a public computer (not your own computer), like the ones you find at an Internet Cafe, do NOT put any passwords or personal information into the browser. The information could get logged and saved to that computer for retrieval later by a cyber crook.
- Be cautious of convenient features such as auto-complete for forms or "remember your password". Websites can use hidden fields to steal the data from forms. Criminals can hijack your browsing session and steal your information if you stay logged-in to a site - so always remember to log out of a secure website when you have completed your transaction, and before you close the browser. Closing the browser does not necessarily log you out. Close your browser afterward to completely end the session.
- Patch, patch, patch. Make sure that your browser is up-to-date at the latest patch level and that other applications like Adobe Flash (a favourite target) are updated. Windows Update will patch Internet Explorer, Apple Software Update will patch Safari, and Firefox can be updated by going to Help -> Check for Updates. And always remember...if it looks to good to be true, it probably is.