Web Browsers

Now we will take a look at the big three Web browsers and what you can do with each of them to make your surfing experience a little less dangerous.

Internet Explorer

Microsoft’s Internet Explorer is now the most used Web browser around. While it is a good Web browser, it has several holes that can be plugged to make it more secure. First off, make sure you have downloaded and installed all the security related updates available from the Windows Update site. Microsoft is constantly releasing updates for IE and it’s in your best interest to make sure you have these installed. There is an alternate location, which allows you to download the update files for installation locally: http://www.microsoft.com/windows98/downloads/corporate.asp. This is important if you have a couple of Windows systems and don’t want to run Windows Update on each one, or if you are like me and reinstall Windows on a regular basis and want to have the updates readily available. For NT users I recommend going to the Microsoft Downloads section and doing a search for “security_patch” as the keyword.

For all users of Microsoft products, I recommend heading over to this site: http://www.microsoft.com/technet/security/notify.asp and signing up for the e-mail notification program. Microsoft will then e-mail you every time an update is available. In addition, it might be a good idea to bookmark this site: http://www.microsoft.com/technet/security/current.asp, the TechNet listing of all the Microsoft Security Bulletins.

Now let’s look at Internet Explorer. We will focus on IE 5 but you can do many of the things we discuss with version 4 as well. Everything will be done using the Internet Options menu. This can be accessed via Tools/Internet Options. Let’s start with the Advanced tab.

Under the Browsing section, I recommend you uncheck the Enable page hit counting, and uncheck Install On Demand. However, if you decide you want to use the Windows Update site to automatically install your updates, you will need to recheck this option before you head over to the Windows Update site. One of the reasons you want to do this is that unchecking Install on Demand helps you prevent unwanted programs being installed on your system. Unchecking the Enable page hit counting prevents servers from determining what pages you are viewing even if you are viewing the pages from cache or through a proxy.

Now let’s head over to the Security tab. Make sure the following items are checked:

  • Check for publishers certificate revocation
  • Check for server certificate revocation
  • Do not save encrypted pages to disk
  • Empty Temporary Internet Files folder when browser is closed
  • Use Fortezza
  • Use PCT 1.0
  • Use SSL 2.0
  • Use SSL 3.0
  • Use TSL 1.0
  • Warn about invalid site certificates
  • Warn if changing between secure and not secure mode
  • Warn if forms submittal is being redirected.

Having these checked helps to ensure that when you are viewing secured sites, you are indeed secure. In addition, you probably want to be aware if a site or server has had their security certificate revoked.

 

Make sure all the other options are Unchecked.

Let’s go back to Internet Options and go to the Security tab. A great feature of IE is the ability to place different sites into different zones.

First let’s head over to the Restricted Sites zone. Click on Custom Level and disable every option that is listed. This is especially important if you use Outlook or Outlook Express as your e-mail client, as we will discuss later on. Once you are done, head over to the Internet Zone.

The Internet Zone is where most, if not all of your web browsing will be taking place. This is where you will have to begin making some decisions on just how important your safety and privacy is. Once again, click on Custom Level and look over the options you have. We will examine ActiveX first.

For good or bad, ActiveX is a big part of Internet Explorer, but thankfully IE lets you decide what you want to do with it. This is what I recommend doing with ActiveX: In Download Signed ActiveX controls choose Disable or Prompt; under Download unsigned ActiveX controls, choose Disable; under Initialize and script ActiveX controls not marked as safe, choose Disable; under Run ActiveX controls and plug-ins, choose Disable or Prompt; and finally under Script Active X controls marked safe for scripting, choose Disable or Prompt.

Now we will deal with cookies. Here I recommend disabling cookies stored on your computer. As for Allow per session cookies (not stored), choose Enabled or Disabled. Disabled will make you safer, but enabling per session cookies will make it easier to use some sites, and when you exit IE these cookies are automatically removed. You may wonder why I don’t recommend the prompt option. Well, I have been to many sites that keep trying to place cookies, and these countless messages get very annoying.

Next we need to consider downloads. You probably want to download stuff from the Net so you can keep the File Downloads enabled – just be careful what you download. For Font downloads I recommend the Prompt setting.

Under Microsoft VM, choose Disable Java.

Under Miscellaneous, I recommend disabling everything except the following: under Drag and drop or copy and paste files, I recommend setting it for Prompt; under Software channel permissions, select High; and under Submit nonencrypted form data choose Enabled or Prompt.

Finally, under Scripting, disable everything.

Ok, what does all this mean? Well know you have taken some major steps to ensure your Web browsing is safe. However, you have also disabled some major browser settings and sites such as Windows Update and Hotmail will no longer function as well as many e-commerce sites. What should you do now? Well, you have to weigh the value of the sites versus your safety and privacy. If you decide that there is a site you want to use but these setting won’t allow it, IE offers you the ability to make it a trusted site, so lets head over to the Trusted Site area.

Use the Trusted Sites section for sites that you have decided are safe and trustworthy and require some of the functions we have disabled. Make sure you choose wisely when adding a site to this list. Go ahead and click on Custom Level, and let’s take a look at the options available. Sites in this section are automatically under low security settings – I recommend you beef that up to medium at least, then examine the settings on an individual basis and decide if you like the default medium settings. However, make sure you set the ActiveX settings for Downloading unsigned ActiveX controls and Initialize and Script ActiveX controls not marked as safe to Disabled. When you add sites to your Trusted section you may need to make sure the box next to Require server verification (https:) for all sites in this zone is unchecked, otherwise you will only be able to add secured sites to your Trusted Sites section.

Ok, now you have made Internet Explorer more secure. Earlier we talked about making sure everything was disabled under the Restricted Sites section and we said that this was especially important to users of Outlook and Outlook Express. Recently there have been issues with HTML e-mail including embedded cookies that allow you to be tracked. What you want to do now if you have Outlook is as follows: go to Tools/Options/Security and in the Secure Content section make sure you select Restricted Sites. With Outlook Express follow these steps: go to Tools/Options/Security and in the Security Zones section choose Restricted sites zone.

Finally, we will discuss getting rid of your cookies. If you have followed the recommendations made previously, you should not be getting many cookies added to your system. But if you have decided to still allow cookies, or have decided to follow the above advice and want to rid yourself of the cookies you already have, it’s a fairly simple process. Windows contains a Cookies folder, but for some reason when you delete the cookies from it they stay in your Temporary Internet Files folder. However, when you delete the cookies from your Temporary Internet folder they are also deleted from the Cookie folder. So how do we rid ourselves of these cookies? It’s fairly easy to do. Choose Tools/Internet Options. Under the Temporary Internet files sections, choose Delete Files and then OK. This will clear your browser cache. Now click Settings/View Files. Here you will see all the cookies on your system. You can examine them and keep those you want and delete the rest, or delete all of them.

 

Leave a Comment: