Microsoft has made great strides in educating Windows users about the need to keep their systems secure by downloading and installing the most recent updates. (I still recommend that you set Windows' Automatic Updates to download but don't install, as I described in a blog post from last July.)
The irony of the heightened awareness of Windows updates is that malware is less likely to target vulnerabilities in Windows--or other PC operating systems, for that matter. These days, most viruses and Trojans use holes in your browsers, media players, or Web applications to breach your system's security. That's why it's imperative to keep these programs up-to-date, which is a subject I covered in a post from last April.
Google pushes updates to its Chrome browser automatically--without bothering to let you know about it (the current version is 2.0.172.30). You may think I'm a hypocrite for preventing Microsoft from loading its updates automatically and applauding Google for doing the same thing with its browser. Here's the difference: if a Chrome update causes the program to malfunction, I can simply use another browser, but if a Windows update screws up, my entire system's hosed until I fix it.
If you want to use Chrome to browse without leaving any tracks on your system, press Ctrl-Shift-N to open a new browser window in Chrome's incognito mode. The sites you visit subsequently will not appear in your browser history nor will terms you search for stay in your search history. You won't pick up any new cookies, either.
You'll find plenty of add-ons in the Privacy & Security section of the Firefox Add-ons page that give Firefox a similar stealth mode. You can also choose Tools > Clear Private Data to wipe your tracks in Firefox, but this setting erases all your history in the various categories. Chrome's incognito mode lets you retain the history you want and delete the history you don't want.
Google's Chrome browser lets you surf without leaving tracks on your system via its incognito mode.
(Credit: Google)I've been spending a lot more time browsing with Chrome lately, and not just because of its incognito mode. Chrome seems faster to me than Firefox or Internet Explorer, and I'm getting used to Chrome's streamlined interface. Firefox remains my default browser, however. The one Firefox security add-on I won't browse without is InformAction's NoScript (donationware), which lets you block JavaScript, Flash, and other scripts on a site-by-site and source-by-source basis.
The best way to enhance your privacy while using Firefox is to set the browser to delete cookies each time you close the program. To do so, click Tools > Options > Privacy, select "Always clear my private data when I close Firefox," and click OK.
Check "Always clear my private data when I close Firefox" in the browser's Privacy settings to maintain your Web privacy.
(Credit: Mozilla Foundation)So what about Internet Explorer? IE 8 is said to be more secure than IE 7, which in turn was said to be more secure than IE 6. Two facts remain: Internet Explorer uses ActiveX, which in my opinion is inherently insecure; and IE 8's security options are way too complicated. What do those slider controls mean, really? (Press Alt, click Tools > Internet Options, and choose either the Security or Privacy tab to see what I mean.)
Bonus tip: Encrypt Gmail
I've been using Gmail as my primary e-mail service for several years, but it wasn't until a couple of months ago that I started encrypting my Gmail correspondences. (In fact, encryption wasn't available in Gmail until a couple of months ago.) To use encryption in Gmail, click Settings in the top-right corner of the main window, scroll to the bottom of the General tab, select "Always use https," and click Save Changes. Note that this setting prevents the iGoogle Gmail widget from working, but that's a small price to pay for the added security.
Web privacy resources
For more information on the privacy options in Google services, visit the Google Privacy Center. Along with an FAQ and overview, you'll find privacy videos and specific privacy options for YouTube, Orkut, Blogger, Docs, and other Google services.
The SANS Institute's Internet Storm Center offers a daily Internet threat level (green, the last time I checked) as well as information on the sources of recent Internet-based attacks and extensive links to other Internet security sources.
For a soup-to-nuts look at browser security, read the United States Computer Emergency Response Team's article Securing Your Web Browser. The information was last updated more than a year ago but remains relevant. Some of US-CERT's browser-setting recommendations are overkill for regular, everyday browsing, so take the advice with the proverbial grain of salt.
The second of my three-part update of the 10-Step Security story I wrote three years ago shows that some tech advice stands the test of time. (A post earlier this week freshened up tips one, two, and three from that story, which focus on Windows updates and security features.)
Step 4: Ensure that you can see file extensions and all Windows system files in Windows Explorer and folder windows.
These days, you're less likely to encounter a dangerous executable file masquerading as a harmless type of file, but viewing file extensions and hidden files remains a good idea. The steps in the original article for making this change in XP are the same in Vista's version of Windows Explorer, though you may have to press the Alt key to show the Tools menu.
Step 5: Set the security level of Internet Explorer's Internet zone to High.
There's nothing stale about this advice. Of course, you should now be using IE 7 rather than IE 6, which is much less secure than its successor. The steps to reset your Internet zone security level are a bit different in IE 7: click Tools > Internet Options > Security, choose Internet in the box of zones at the top of the dialog box, move the security-level slider to High, and click Apply or OK.
Set Internet Explorer 7's Internet zone security level to High.
(Credit: Microsoft)As the original article stated, this security level will generate pop-ups whenever you try to open a site that's not on your approved list. To add sites to this list in IE 7, choose the "Trusted sites" icon in the zone box at the top of the Security dialog box, click the Sites button, type the site URLs in the top box one at a time, and click Add. Keep the option on the bottom to require server verification unchecked.
Add the sites you trust to Internet Explorer 7's whitelist.
(Credit: Microsoft)Step 6: Use the NoScript add-on to block scripts in Firefox on a page-by-page and element-by-element basis.
Of course, the simplest way to improve your chances of staying safe on the Web is to use a browser other than IE. I'm not saying Firefox, Opera, and other browsers don't have flaws of their own. It's just that those programs aren't targeted by the bad guys as often as IE is.
Giorgio Maone's NoScript add-on for Firefox lets you decide which scripts are allowed to run before the page loads. NoScript was relatively new back in 2005 when that article was written, but the program has stood the test of time. Note that the program's author accepts donations to offset the cost of maintaining and updating the application.
Another option for blocking Flash content in Firefox is by using Nicolas Martin's Flash Killer add-on. Apart from ensuring that no malware finds its way onto your PC via a Flash file embedded on a Web page, the program speeds up your browsing by blocking Flash ads from loading along with the regular content of the page.
In my next post, I'll revisit the last four tips in 10-Step Security, which deal with e-mail safety.
Microsoft's Internet Explorer remains the most popular browser in the world. This despite report after report calling the program less secure than Mozilla Firefox, Opera, and other free competitors.
Yet IE remains the preferred browser of nearly four out of five people surfing the Web. If you're one of the Web majority, there's one thing you can do to enhance your online security: Update to the latest IE release.
According to Net Applications, IE 6 accounted for more than 26 percent of the browser market in June 2008, while IE 7 was used by over 46 percent of all people on the Web. If your PC runs Windows 2000 or an earlier version of the OS, you can't upgrade to version 7 of IE. Unless your boss insists that you use the older version of the browser on XP or Vista, you've got no excuse for not upgrading to the safer IE 7.
Unfortunately, Microsoft updates the browser only once a month, and even then not all known holes in the browser will be plugged, as Michael Horowitz pointed out in his Defensive Computing blog last week (scroll down to read the updates).
Even with Microsoft's spotty update record, it pays to upgrade to IE 7, and to download and install all available security patches for that version of the browser. If you set Windows to download updates automatically but prompt you to install them, or to alert you when updates are ready to download (as I described in a previous post), click the update-alert icon when it appears in your system tray to open the Windows Update Control Panel applet. In Vista, choose "View available updates" in the right pane under the Install Updates button.
Click "View available updates" under the Install Updates button in Vista's Windows Update applet.
(Credit: Microsoft)Check the updates you want to install. Look specifically for security patches for Internet Explorer. Once you've made your selections, click Install.
Check the Windows (and IE) updates you want to add and click the Install button.
(Credit: Microsoft)As with all Windows updates, you may want to wait a day or two after an IE patch is released before installing it. Then keep an eye on the tech-news sites for reports of update-related glitches. If all appears to be well with the update, add it to your system. Remember what they say about the pioneers being the ones with the arrows in their backs.
- prev
- 1
- next
