Internet Explorer 8, Firefox 3, Google Chrome 4, Apple's Safari 4, and Opera 10 include features that block sites known to host malware and malicious downloads. All but Opera also let you browse without leaving any tracks. But just as important as these protections is ensuring that whichever browser you use is thoroughly patched.
Filtering out bad sites
Firefox's built-in antiphishing tool claims to update its bad-site database 48 times a day, according to Mozilla's Firefox security page. Firefox 3 uses Google's Safe Browsing service to automatically block sites that are known to host malware. The Google Code site describes how Safe Browsing works in Firefox.
To verify that attack-site blocking is enabled in Firefox, click Tools > Options > Security and make sure "Block reported attack sites" is checked.
Firefox will prevent known-bad sites from opening when "Block reported attack sites" is checked.
(Credit: Mozilla Foundation)The same feature is built into Google's own Chrome browser. You can ensure that malware-site filtering is on in Chrome by clicking the wrench icon in the top-right corner, choosing Options, and selecting Under the Hood. "Enable phishing and malware filtering" should be checked. The Google Chrome Help site describes the feature. (Hint: This page looks very similar to the description on the Google Code site.)
Google's Chrome browser blocks known-bad sites when "Enable phishing and malware protection" is checked.
(Credit: Google)The SmartScreen technology in version 8 of Internet Explorer blocks known-malicious downloads as well as bad URLs. Other new security features in IE 8 include automatic blocking of click-jacking and cross-site scripting attacks, automatic crash recovery, and highlighting of the actual domain name in the address bar. The Microsoft Security site describes the SmartScreen Filter and includes links to a SmartScreen FAQ and information for site managers.
Apple's Safari browser added phishing and malware blocking in version 3.2, which was released in late 2008; read about this and other security features in Safari 4 on the Apple Safari site. Likewise, Opera's Fraud Protection predates the phishing and malware filters in IE and Firefox and is enhanced in the latest version 10. But attack-site blocking is only one of Opera's many security features, which you can read about on the Opera site.
Browsing in private
To activate private browsing in Firefox 3, click Tools > Start Private Browsing, or simply press Ctrl-Shift-P. You can set Firefox to start in private-browsing mode by clicking Tools > Options > Privacy and check "Automatically start Firefox in a private browsing session." The Mozilla support site provides more information about this feature. Likewise, put IE 8 in private-browsing mode by clicking Safety > InPrivate Browsing, or by pressing Ctrl-Shift-P. You can also open a new tab and click either Browse with InPrivate or Open an InPrivate Window.
IE 8 also lets you control the information about your browsing habits that's shared with Web tracking services. To activate this feature, click Tools > InPrivate Filtering Settings and choose "Let me choose which providers receive my information." This opens the InPrivate Filtering settings dialog, where you can turn filtering off, choose which services to block from tracking you, or automatically block all trackers.
Internet Explorer 8's InPrivate Filtering lets you block some or all Web tracking services.
(Credit: Microsoft)You can open an incognito window in Google Chrome by clicking the wrench icon in the top-right corner and choosing "New incognito window," or simply press Ctrl-Shift-N. The incognito icon (a shadow figure in a fedora and glasses) appears in the top-left corner of the browser window. The Chrome support site offers a more detailed description of this feature.
Opera lacks an equivalent private-browsing capability but does offer private searching and other identity-blocking features, as described on the Opera site. To activate private browsing in Safari, simply click Safari Settings Menu > Private Browsing.
Automatic and not-so-automatic browser updates
Patching is a way of life with nearly all software, but especially with browsers and the media players associated with them: Adobe Reader, the Flash Player, Apple's QuickTime, and Sun's Java, among others. All of a browser's security features can be rendered useless by a piece of malware that takes advantage of an unpatched hole in the program.
Firefox 3 alerts users to the presence of an update and now also notifies you when your Flash Player is out-of-date. Internet Explorer 8 updates via the Windows Update/Microsoft Update services. Google Chrome made a splash by being the first browser to update itself in the background without requiring any prompting from users. Safari updates automatically via Apple's update service, which also serves up patches automatically for QuickTime, iTunes, and other Apple software. Opera also notifies you automatically when a new version is available.
But updating is too important to leave to others. Back in April, I described Secunia's Online Software Inspector and downloadable Personal Software Inspector, which identify out-of-date programs on your PC. The programs mentioned in that post have all been updated since, but Secunia's services should point you to the most recent versions.
(Note that Secunia sometimes reports a program as being out-of-date when in fact you have the latest version. On my PC, it continually reports my up-to-date Flash Player as being in need of an update, for example. But the free service Secunia provides is worth putting up with this and similar minor annoyances.)
I have banished the Yahoo Toolbar from my PCs. It's not that I have anything against Yahoo. I use many of the company's services.
It's just that for me, the shortcuts on the Yahoo Toolbar don't justify the lost screen space, especially on my 13.3-inch laptop display.
So imagine my surprise when I happened to find the Yahoo Toolbar listed among Firefox's add-ons. (It snuck in when another user of the machine downloaded the Yahoo IM client.)
You might be surprised by the add-ons and extensions that have wormed their way into your copy of Internet Explorer 7 or Firefox 3.
You can work your way through the list of add-ons in your favorite browser, disabling and uninstalling those you don't need. Or you can save time by opening IE 7 and Firefox 3 with all add-ons and extensions disabled.
To open Internet Explorer with no add-ons or ActiveX controls working, click Start > All Programs > Accessories > System Tools > Internet Explorer (No-Add-ons). (In Vista, a faster way to open IE with no add-ons is by pressing the Windows key, typing Internet Explorer, and choosing Internet Explorer (No Add-ons) in the resulting list of shortcuts.)
To disable all of Firefox's add-ons, you have to open the browser in its Safe Mode (no relation to Windows' own Safe Mode) by clicking Start > All Programs > Mozilla Firefox > Mozilla Firefox (Safe Mode). A quicker way is to press the Windows key (in XP, follow this by pressing R), type Firefox -safe-mode, and press Enter.
Disable all add-ons in Firefox by starting the browser in Safe Mode and selecting the "Disable" option.
(Credit: Mozilla)In the Firefox Safe Mode dialog box that appears before Firefox opens, click "Disable all add-ons" and choose the Make Changes and Restart button to run the browser with no add-ons or extensions enabled.
I can't tell you for sure that every feature of every Web site you visit will work as designed, nor can I say unequivocally that you'll be browsing faster with no add-ons enabled. But I made the rounds of my favorite sites in each browser's no-add-ons mode and didn't feel like I was missing anything. In fact, the only way I knew my add-ons were disabled in IE was seeing the Manage Add-ons option grayed out on the Tools menu.
The "Manage Add-ons" option on IE's Tools menu is grayed out when you open the browser with all add-ons disabled.
(Credit: Microsoft)Disabling add-ons and extensions one at a time is a snap in both Firefox and IE. In the former, click Tools > Add-ons, select an entry under the Extensions tab, and click Disable. To toss an extension, click Uninstall. You can disable (but not uninstall) Firefox's plug-ins by clicking the Plug-ins tab, selecting an entry, and clicking Disable.
In IE, you can turn off add-ons one by one by clicking Tools > Manage Add-ons > Enable or Disable Add-ons. You have your choice of four views on the Show menu at the top of the Manage Add-ons dialog box (the default is "Add-ons currently loaded in Internet Explorer"). To disable an add-on, select it and choose Disable at the bottom of the dialog box.
You have a choice of four views when enabling or disabling add-ons in IE's Manage Add-ons dialog box.
(Credit: Microsoft)One reason you may need to disable your browser's add-ons is to troubleshoot poor performance. Microsoft provides a step-by-step guide for fixing problems with Internet Explorer, and one of the steps is disabling your add-ons and re-enabling them individually until the problem recurs, at which time you've found the troublemaker.
You'll find more information about Firefox add-ons at the Firefox Support Knowledge Base.
To the short list of life's certainties--death and taxes--we can now add "Web threats."
Early indications are that there will be no quick fix for clickjacking, which enables a PC to be infected with malicious software simply by clicking a disguised link on a Web page. All browsers are equally vulnerable, and there appears to be no sure solution, at least in the short term. Even disabling JavaScript and other advanced Web features won't prevent an infection.
Does this mean you should cancel your broadband account and dig out the ham radio? I don't recommend it. In fact, reports such as these show the folly of believing that our Web browsing is ever completely safe. No hardware or software will ever be 100 percent secure.
Yes, keep your antivirus definitions up-to-date. Yes, use a firewall. Download and install Giorgio Maone's NoScript extension for Firefox (donation requested) to gain site-by-site control over the scripts that run in the browser.
But even these precautions are no substitute for common sense. Be careful about the sites you visit and the links you click. View your e-mail as plain text; Microsoft's support site provides instructions for doing so in Outlook 2003 and 2007. In Mozilla Thunderbird, simply click View, Message Body As, Plain Text.
Last, but definitely not least, every PC user must acknowledge that the day will dawn when their system crashes for good--whether due to a malware attack or (more likely) a hardware or software failure. Keep your data backed up. In addition to creating an image backup of your hard drive once or twice a year, using a program such as Acronis' $50 True Image Home (15-day free trial), use an online backup service to keep your important data files fresh.
- prev
- 1
- next
