Web Browser Security
One of the most critical points of entry to your computer or gadgets is your Web browser. Unfortunately, your Web browser can have hundreds of security holes that hackers can, and do, exploit. Maybe your browser isn’t updating, or perhaps you have add-ons or plug-ins installed that have their own security holes.
1. KEEP BROWSER UP TO DATE
One of the easiest ways to keep hackers away is to make sure your Web browser up to date. A lot of times, browsers like Microsoft’s Edge, Mozilla’s Firefox and Google Chrome issue patches and fixes for bugs they know about. Typically, they get most of them before hackers can have a field day exploiting vulnerabilities.
Fortunately, most browsers these days are automatically updated. For instance, if you installed Microsoft’s new Windows 10 operating system, its default setting is to automatically update your software and issue patches, including for its Edge browser.
Firefox and Chrome also have default settings for automatic updates. You just need to restart them occasionally for the latest updates to install. If you’re not sure if you’re set up for automatic updates, here’s how to check:
- Chrome: Google Chrome updates automatically, and turning that off isn’t easy. That’s good. But to make absolutely sure you’ve got the latest version, you can click on the Menu icon (little box with three horizontal lines in the upper right corner of your page). Choose “Help and About,” then “About Google Chrome.”
If you need to change the update settings, go to Menu>>Settings, and then click the “Show Advanced Settings” link. Click or un-click “Protect You and Your Device From Dangerous Sites” to turn automatic updates on or off.
- Edge: If you’re using Windows 10, go to Start>>Settings, then click “Update & Security.” Windows Update should say your device is up to date. If it’s not, choose “Advanced Options,” then “Choose How Updates Are Installed” and select “Automatic (recommended).”
- Internet Explorer: In Windows 8, using a mouse, right-click in the lower right corner of the screen and choose “Control Panel.” If you’re using a touch screen, swipe from the right of the screen and tap “Settings,” then “Control Panel.” In Windows 7 and Vista, go to Start>>Control Panel.
In Control Panel, click “System and Security.” Under “Windows Update,” choose “Turn Automatic Updating On Or Off.” Choose “Install Updates Automatically” from the drop-down menu.
- Firefox: Click the Menu icon (far upper right-hand corner; it’s three horizontal lines) and choose “Options” and then “Advanced” in the left-hand column. Select the “Update” tab on the right, and under “Firefox Updates,” make sure “Automatically Install Updates (Recommended: Improved Security)” is selected.
2. UNINSTALL UNNEEDED PLUG-INS
To do this in Windows 10, go to Start and select “All Apps.” That’s essentially Windows 10’s version of the Control Panel. That will list all the programs installed on your device. Right-click on the one you don’t want; then select Uninstall. In older versions of Windows, go to Start>>Control Panel, then under “Programs,” click “Uninstall a Program.” Select the plug-in you want to remove, and click Uninstall.
3. SECURE YOUR WEB BROWSER
Today, web browsers such as Microsoft Internet Explorer, Mozilla Firefox, and Apple Safari are installed on almost all computers. Because web browsers are used so frequently, it is vital to configure them securely. Often, the web browser that comes with an operating system is not set up in a secure default configuration. Not securing your web browser can lead quickly to a variety of computer problems caused by anything from spyware being installed without your knowledge to intruders taking control of your computer.
There is an increasing threat from software attacks that take advantage of vulnerable web browsers. We have observed new software vulnerabilities being exploited and directed at web browsers through use of compromised or malicious websites. This problem is made worse by a number of factors, including the following:
- Many users have a tendency to click on links without considering the risks of their actions.
- Web page addresses can be disguised or take you to an unexpected site.
- Many web browsers are configured to provide increased functionality at the cost of decreased security.
- New security vulnerabilities are often discovered after the software is configured and packaged by the manufacturer.
- Computer systems and software packages may be bundled with additional software, which increases the number of vulnerabilities that may be attacked.
- Third-party software may not have a mechanism for receiving security updates.
- Many websites require that users enable certain features or install more software, putting the computer at additional risk.
- Many users do not know how to configure their web browsers securely.
- Many users are unwilling to enable or disable functionality as required to secure their web browser. As a result, exploiting vulnerabilities in web browsers has become a popular way for attackers to compromise computer systems.
4. ENABLE CLICK-TO-PLAY PLUG-INS
Adobe Flash. There have been many holes in Flash and we recommend that you disable or at least limit this Plug-In.
It’s called click to play. Instead of a plug-in always running, you have to click on it to activate it. Here’s how to do that.
- Chrome: Menu (horizontal lines in the upper right corner)>>Settings. Click “Advanced Settings” at the bottom of the screen. Under “Privacy,” choose “Content Settings.” Under “Plug-ins,” choose “Let Me Choose When To Run Plug-in Content.”
- Edge: This browser doesn’t really have click-play. You have to disable and re-enable plug-ins manually.
- Windows 10: Right-click on the Start menu and choose “Control Panel.” Click “Network and Internet” and then under “Internet Options” click “Manage browser add-ons.” Click the “Manage add-ons” button and then highlight a specific plug-in in the “Toolbars and Extensions” area. If a plug-in is enabled, click the “Disable” button in the lower-right corner.
If you’re just interested in Adobe Flash, in Edge, click the icon with the three dots in the upper-right corner, then select “Settings.” Click the “View Advanced Settings” button and you’ll see the “Use Adobe Flash Player” option. Turn this off when you don’t need to use Flash.
- Internet Explorer: In the far top right corner, click on the little gear icon and choose “Manage Add-Ons.” Highlight a specific plug-in in the “Toolbars and Extensions” area. If a plug-in is enabled, click the “Disable” button in the lower-right corner.
- Firefox: Menu (horizontal lines in the upper right corner)>>Add-Ons. Choose “Plugins” in the left-hand column. Next to each plug-in, you’ll see a drop-down menu. Change each one to “Ask To Activate.”
5. GET RID OF UNNEEDED BROWSER EXTENSIONS
Browser plug-ins and browser extensions are easy to confuse. Plug-ins handle video or other content that the browser can’t handle on its own. Extensions are bits of code that add new features to the browser.
Extensions have a downside, though. Many of them need your passwords to do their job. That opens up extensions to hackers, who use extensions to install malware.
A couple of tips: Before you install an extension, make sure it’s coming from a trustworthy source and has been around for a while. Second, be sure to review your extensions every once in a while, to weed out the ones you don’t need anymore. If you’re not using an extension, or you suspect it’s not from a reliable company, delete it. Here’s how:
- Chrome: Go to Menu>>More Tools>>Extensions, then click “Remove” on each extension you don’t need.
- Edge: Microsoft’s new browser is going to start introducing extensions sometime this year.
- Internet Explorer: This browser does not support extensions.
- Firefox: Menu>>Add-Ons. Choose “Extensions” in the left-hand column, then select the ones you don’t want and click “Remove.”
6. RUN ANTI-EXPLOIT SOFTWARE
While most security software is great at detecting and stopping the millions of viruses out there before they can install, security holes in your browser and other programs give viruses a better chance to slip past unnoticed. Unfortunately, you don’t even know there’s a security hole in a program until the developer releases an update. Until now.
Software companies are starting to release anti-exploit programs. This watches your programs for signs that someone might be trying to use them to sneak on to your system. Then it blocks those attempts.
If you think of your main security program as the castle wall and the army guarding it, an anti-exploit program is someone watching for traitorous citizens trying to open the backdoor.
One mistyped letter could lead to ID theft. Missing just a few letters in a web address can cost you the money in your bank account, or start an all-out identity theft attack, because of a type of fraud called “typosquatting.”
The typosquatter’s URL will usually be one of four kinds, all similar to the victim site address:
- A common misspelling, or foreign language spelling, of the intended site: exemple.com
- A misspelling based on typos: xample.com or examlpe.com (xample.com redirects to a scam site that tries to trick you into downloading malware, it is not suggested you visit it)
- A differently phrased domain name: examples.com
- A different top-level domain: example.org
An abuse of the Country Code Top-Level Domain (ccTLD): example.cm by using .cm or .om. A person leaving out the letter o or c in .com in error could arrive at the fake URL’s website.
Once in the typosquatter’s site, the user may also be tricked into thinking that they are in fact in the real site; through the use of copied or similar logos, website layouts or content. The fraudulent site is trying to get you to login with your user name and password or download malware with a fake “flash updater” pop-up, for example.