Internet Explorer 8, Firefox 3, Google Chrome 4, Apple's Safari 4, and Opera 10 include features that block sites known to host malware and malicious downloads. All but Opera also let you browse without leaving any tracks. But just as important as these protections is ensuring that whichever browser you use is thoroughly patched.
Filtering out bad sites
Firefox's built-in antiphishing tool claims to update its bad-site database 48 times a day, according to Mozilla's Firefox security page. Firefox 3 uses Google's Safe Browsing service to automatically block sites that are known to host malware. The Google Code site describes how Safe Browsing works in Firefox.
To verify that attack-site blocking is enabled in Firefox, click Tools > Options > Security and make sure "Block reported attack sites" is checked.
Firefox will prevent known-bad sites from opening when "Block reported attack sites" is checked.
(Credit: Mozilla Foundation)The same feature is built into Google's own Chrome browser. You can ensure that malware-site filtering is on in Chrome by clicking the wrench icon in the top-right corner, choosing Options, and selecting Under the Hood. "Enable phishing and malware filtering" should be checked. The Google Chrome Help site describes the feature. (Hint: This page looks very similar to the description on the Google Code site.)
Google's Chrome browser blocks known-bad sites when "Enable phishing and malware protection" is checked.
(Credit: Google)The SmartScreen technology in version 8 of Internet Explorer blocks known-malicious downloads as well as bad URLs. Other new security features in IE 8 include automatic blocking of click-jacking and cross-site scripting attacks, automatic crash recovery, and highlighting of the actual domain name in the address bar. The Microsoft Security site describes the SmartScreen Filter and includes links to a SmartScreen FAQ and information for site managers.
Apple's Safari browser added phishing and malware blocking in version 3.2, which was released in late 2008; read about this and other security features in Safari 4 on the Apple Safari site. Likewise, Opera's Fraud Protection predates the phishing and malware filters in IE and Firefox and is enhanced in the latest version 10. But attack-site blocking is only one of Opera's many security features, which you can read about on the Opera site.
Browsing in private
To activate private browsing in Firefox 3, click Tools > Start Private Browsing, or simply press Ctrl-Shift-P. You can set Firefox to start in private-browsing mode by clicking Tools > Options > Privacy and check "Automatically start Firefox in a private browsing session." The Mozilla support site provides more information about this feature. Likewise, put IE 8 in private-browsing mode by clicking Safety > InPrivate Browsing, or by pressing Ctrl-Shift-P. You can also open a new tab and click either Browse with InPrivate or Open an InPrivate Window.
IE 8 also lets you control the information about your browsing habits that's shared with Web tracking services. To activate this feature, click Tools > InPrivate Filtering Settings and choose "Let me choose which providers receive my information." This opens the InPrivate Filtering settings dialog, where you can turn filtering off, choose which services to block from tracking you, or automatically block all trackers.
Internet Explorer 8's InPrivate Filtering lets you block some or all Web tracking services.
(Credit: Microsoft)You can open an incognito window in Google Chrome by clicking the wrench icon in the top-right corner and choosing "New incognito window," or simply press Ctrl-Shift-N. The incognito icon (a shadow figure in a fedora and glasses) appears in the top-left corner of the browser window. The Chrome support site offers a more detailed description of this feature.
Opera lacks an equivalent private-browsing capability but does offer private searching and other identity-blocking features, as described on the Opera site. To activate private browsing in Safari, simply click Safari Settings Menu > Private Browsing.
Automatic and not-so-automatic browser updates
Patching is a way of life with nearly all software, but especially with browsers and the media players associated with them: Adobe Reader, the Flash Player, Apple's QuickTime, and Sun's Java, among others. All of a browser's security features can be rendered useless by a piece of malware that takes advantage of an unpatched hole in the program.
Firefox 3 alerts users to the presence of an update and now also notifies you when your Flash Player is out-of-date. Internet Explorer 8 updates via the Windows Update/Microsoft Update services. Google Chrome made a splash by being the first browser to update itself in the background without requiring any prompting from users. Safari updates automatically via Apple's update service, which also serves up patches automatically for QuickTime, iTunes, and other Apple software. Opera also notifies you automatically when a new version is available.
But updating is too important to leave to others. Back in April, I described Secunia's Online Software Inspector and downloadable Personal Software Inspector, which identify out-of-date programs on your PC. The programs mentioned in that post have all been updated since, but Secunia's services should point you to the most recent versions.
(Note that Secunia sometimes reports a program as being out-of-date when in fact you have the latest version. On my PC, it continually reports my up-to-date Flash Player as being in need of an update, for example. But the free service Secunia provides is worth putting up with this and similar minor annoyances.)
The browser wars are heating up again. Microsoft's touting the improved performance and security of Internet Explorer 8, dozens of new Firefox extensions are released every day, and, according to Apple, Safari 4 will be even faster than its speedy predecessor. Meanwhile, Opera just keeps chugging along at version 9.64, with version 10 beta 3 now available.
Just a few weeks ago, Google announced its plans to create an operating system based on Chrome. Considering that the browser itself is barely a year old, such plans may be premature. Then again, maybe not. But for right now, I'll keep looking for ways to make the Chrome browser more useful.
Last June, I described ways to change Chrome's default settings. Here's a look at ways to revamp the browser's interface and access some of its useful hidden features.
... Read more
The first thing I saw when I booted my PC yesterday evening was a notice that Google had prevented my default search setting from being changed. I certainly didn't want to switch from searching via Google by default. I hadn't even been considering a search change, regardless of Bing's pretty wallpaper.
The Google Toolbar prevented Windows Search from changing my default search setting without my permission.
(Credit: Google)To find out what program was trying to change my search default, I opened Vista's Event Viewer by pressing the Windows key, typing event viewer, and pressing Enter. I clicked Application in the left pane and scrolled to the approximate time the warning popped up. It took all of about two seconds to realize that Windows Search Service attempted to change my search default.
Vista's Event Viewer identified the Windows Search Service as the likely source of the attempt to change my search default.
(Credit: Microsoft)Well, I can't prove it based solely on the Event Viewer logs, but it's safe to say the search service is the prime suspect. I was relieved that Google prevented the change, but I couldn't recall asking the company to do so. I found the alert setting in the options of the Google Toolbar in Internet Explorer.
The Search tab in the Google Toolbar options lets you generate an alert whenever a program attempts to change your default search setting.
(Credit: Google)Ironically, I couldn't find a comparable setting in the latest version (5.0.20090324) of the Google Toolbar for Firefox, which is my default browser.
The Google Toolbar for Firefox lacks a setting that generates an alert and prevents programs when they attempt to change your default search setting.
(Credit: Google)Should you find your search default has been changed unexpectedly, resetting it is a breeze. In Firefox, type about:config in the address bar and press Enter. Browse to and double-click browser.search.defaultenginename. Type the name of any search service listed on the search drop-down menu and press OK.
To add a search engine to the list, click Manage Search Engines and then Get more search engines. Download your engine of choice and restart Firefox to see it among the search options on the menu.
To make the same change in Internet Explorer 8, click the down arrow to the right of the search box and choose Manage Search Providers. Make your selection and choose Set as default. Or choose Find More Providers, pick a search service, and click Add to Internet Explorer to broaden your IE search options.
To change your search default in Google's Chrome browser, click the wrench icon in the top-right corner, choose Options, and make your selection in the "Default search" drop-down menu near the bottom of the Basics tab. Unfortunately, there's no easy way to add search providers to Chrome's list, though you may see more options by clicking Manage, choosing one of the services listed, and clicking Add.
Chrome has quickly earned a reputation for being lightweight and fast. It can't offer anything like Firefox's useful extensions—yet. Still, there are plenty of ways to tweak Chrome's default settings to make it work more like you do.
Open to your home page
I never could get used to Chrome's New Tab page, which is the browser's default start page. It shows big thumbnails of several of the sites you've recently visited. Some people will like starting with this minihistory, but I've grown accustomed to seeing my home page when the browser opens.
To change this setting, click the Tools menu (the wrench icon in the top-right corner) and choose Options. Under the Basics tab, select Open this page and enter the URL of your preferred start page.
Set Chrome to open to your preferred start page rather than the New Tab page by changing this setting.
(Credit: Google)You can also set Chrome to start where it left off by choosing Restore the pages that were open last in the "On startup" section of this dialog box.
Put a Home shortcut on the toolbar
I return to my start page frequently during the day, so I like having a shortcut to that page on the toolbar. Chrome lacks this option by default, but you can return the familiar Home icon to the right of the address bar by selecting Show Home button on the toolbar under the Basics tab of the Toolbar Options dialog box.
Add bookmarks, history, passwords, and search settings from Firefox and IE
Some people have folders and subfolders full of bookmarks, many of which are gathering dust; I've got about a half dozen I return to all the time. Moving them from Firefox and Internet Explorer to Chrome took all of about a second and a half. You can also import your search-engine settings, saved passwords, and browsing history.
Move your bookmarks/favorites, search settings, passwords, and history from Firefox and IE to Chrome.
(Credit: Google)
Open certain downloaded file types automatically
It's probably safer not to let most types of the files you download to run automatically, especially when it comes to EXE files, PDFs, and nearly all media files. But I frequently download Word documents and Excel files from Google Docs and Spreadsheets, among other Web applications, and I prefer that they open without having to be double-clicked.
To set Chrome to open specific types of files automatically after they download, simply click the arrow to the right of the file in the download bar at the bottom of the screen and choose Always open files of this type.
Set specific file types to open automatically after you download them by selecting this option on Chrome's download bar.
(Credit: Google)
Bonus tip: Keep Chrome up-to-date
Chrome updates are pushed to your browser automatically, but there may be an update available that you can apply manually. Click the Tools icon and select About Google Chrome. If you see an Update button, click it to download the latest version. Restart the browser to apply the update.
Microsoft has made great strides in educating Windows users about the need to keep their systems secure by downloading and installing the most recent updates. (I still recommend that you set Windows' Automatic Updates to download but don't install, as I described in a blog post from last July.)
The irony of the heightened awareness of Windows updates is that malware is less likely to target vulnerabilities in Windows--or other PC operating systems, for that matter. These days, most viruses and Trojans use holes in your browsers, media players, or Web applications to breach your system's security. That's why it's imperative to keep these programs up-to-date, which is a subject I covered in a post from last April.
Google pushes updates to its Chrome browser automatically--without bothering to let you know about it (the current version is 2.0.172.30). You may think I'm a hypocrite for preventing Microsoft from loading its updates automatically and applauding Google for doing the same thing with its browser. Here's the difference: if a Chrome update causes the program to malfunction, I can simply use another browser, but if a Windows update screws up, my entire system's hosed until I fix it.
If you want to use Chrome to browse without leaving any tracks on your system, press Ctrl-Shift-N to open a new browser window in Chrome's incognito mode. The sites you visit subsequently will not appear in your browser history nor will terms you search for stay in your search history. You won't pick up any new cookies, either.
You'll find plenty of add-ons in the Privacy & Security section of the Firefox Add-ons page that give Firefox a similar stealth mode. You can also choose Tools > Clear Private Data to wipe your tracks in Firefox, but this setting erases all your history in the various categories. Chrome's incognito mode lets you retain the history you want and delete the history you don't want.
Google's Chrome browser lets you surf without leaving tracks on your system via its incognito mode.
(Credit: Google)I've been spending a lot more time browsing with Chrome lately, and not just because of its incognito mode. Chrome seems faster to me than Firefox or Internet Explorer, and I'm getting used to Chrome's streamlined interface. Firefox remains my default browser, however. The one Firefox security add-on I won't browse without is InformAction's NoScript (donationware), which lets you block JavaScript, Flash, and other scripts on a site-by-site and source-by-source basis.
The best way to enhance your privacy while using Firefox is to set the browser to delete cookies each time you close the program. To do so, click Tools > Options > Privacy, select "Always clear my private data when I close Firefox," and click OK.
Check "Always clear my private data when I close Firefox" in the browser's Privacy settings to maintain your Web privacy.
(Credit: Mozilla Foundation)So what about Internet Explorer? IE 8 is said to be more secure than IE 7, which in turn was said to be more secure than IE 6. Two facts remain: Internet Explorer uses ActiveX, which in my opinion is inherently insecure; and IE 8's security options are way too complicated. What do those slider controls mean, really? (Press Alt, click Tools > Internet Options, and choose either the Security or Privacy tab to see what I mean.)
Bonus tip: Encrypt Gmail
I've been using Gmail as my primary e-mail service for several years, but it wasn't until a couple of months ago that I started encrypting my Gmail correspondences. (In fact, encryption wasn't available in Gmail until a couple of months ago.) To use encryption in Gmail, click Settings in the top-right corner of the main window, scroll to the bottom of the General tab, select "Always use https," and click Save Changes. Note that this setting prevents the iGoogle Gmail widget from working, but that's a small price to pay for the added security.
Web privacy resources
For more information on the privacy options in Google services, visit the Google Privacy Center. Along with an FAQ and overview, you'll find privacy videos and specific privacy options for YouTube, Orkut, Blogger, Docs, and other Google services.
The SANS Institute's Internet Storm Center offers a daily Internet threat level (green, the last time I checked) as well as information on the sources of recent Internet-based attacks and extensive links to other Internet security sources.
For a soup-to-nuts look at browser security, read the United States Computer Emergency Response Team's article Securing Your Web Browser. The information was last updated more than a year ago but remains relevant. Some of US-CERT's browser-setting recommendations are overkill for regular, everyday browsing, so take the advice with the proverbial grain of salt.
- prev
- 1
- next
