Is your browser secure?
Choosing a browser is also a choice around security. Most of what we do on the computer today is in the browser: we read some news site, learn a new technology, chat with our friends, watch funny videos… As a big part of our online life in inside the browser, we need one that will protect us, protect our computer and our data.
When you look at the security of your browser, you need to give a closer look to three types of threats:
- Attacks on you (socially engineered attacks)
- Attacks on your computer, web browser, or add-ons to your web browser.
- Attacks on websites (for example, cross-site scripting)
How can I know if my browser is secure?
Here are some questions you need to ask yourself when you choose your browser:
- Does the browser have a feature that can help protect you from phishing sites?
- Does the browser benefit from Windows Operating System features that randomize the memory layout to make it harder for attackers to find their target?
- Does the browser have the ability to restrict an extension or a plugin on a per site basis?
- Does the browser process utilize Windows Protected Mode or implement a similar mechanism such that browser processes cannot modify parts of the system that it doesn’t have access to?
- Does the browser extend the sandbox such that it cannot read data from parts of the system that it doesn’t have access to?
- Does the browser benefit from Windows Operating System features that protect against arbitrary data execution?
- Does the browser have a system for auto updating browser extensions?
- Does the browser benefit from Windows Operating System features that protect against structured exception handling overwrite attacks?
- Does the browser automatically block insecure content from secure (HTTPs) pages?
- Does the browser filter out scripts on the client to help protect against XSS attacks?
- Does the browser implement content security policy that websites can use to mitigate XSS and CSRF attacks?
- Can the browser sanitize HTML to remove potentially problematic code?
- Does the browser have features that websites can use to help protect you from "click jacking" attacks?
I don’t want to think about all of this, can you just tell me if Internet Explorer 9 is secure?
I know. These are a lot of questions to ask, and if you are not a security expert of don’t know everything on the list, it’s a lot to check. There are five important things that I can tell you about Internet Explorer 9 that give me an entire trust level about this awesome and secure browser:
- Provides a better warning system for potentially dangerous downloads. A new feature, Application Reputation, helps you to make safer decisions when you download content from the Internet.
- Filters content that might be dangerous. The ActiveX Filtering feature allows you to choose which websites can run ActiveX controls. By allowing ActiveX controls only on the sites you trust, you can reduce the number of ways cybercriminals can harm you.
- Helps you avoid phishing scams and malware. SmartScreen Filter in Internet Explorer 9 helps protect you from websites that are suspected of hosting malicious content. When the SmartScreen Filter detects that a site may be unsafe, you will see an alert that will give you recommended actions.
- Protects your privacy from online tracking. Many websites use technology that tracks your activities as you browse the Internet. Internet Explorer 9 introduces Tracking Protection, a feature that helps to protect your privacy from third-party online trackers.
- Helps protect against cross-site scripting attacks. Cybercriminals look for vulnerabilities in website code so that they can insert malicious scripts which gather private information about site visitors.
So what can I do to stay safer online?
- Use secured connections: make sure you are opening secured connections to the pages; you do this by typing in "HTTPS" at the beginning of a URL. Most of the websites that ask you important information should use this protocol. If not, think about it.
- Use your best judgment: When you read email or surf the Internet, you should be wary of scams that try to steal your personal information (identity theft), your money, or both. Many of these scams are known as "phishing scams" because they "fish" for your information. More information here.
- Be sure to have the latest update for your operating system. Update your Windows machine here.
- Download a modern browser like Internet Explorer 9 here.
Do you have any tips and tricks for browsing safely? Share them with us!