Regardless of which web browser you use, there are steps which can be taken to further improve your browser security online, limit your exposure to malware, and keep your computer happily humming along. Joking aside, step one is ditching Internet Explorer – there are other options (Firefox, Chrome, Safari, Opera, etc.) which are far more secure. I’ll stop myself before I begin an out of control rant, but needless to say, even in the context of a browser like Firefox, there are steps you should take to improve browser security.
Useful Firefox extensions:
1) NoScript – Protects you against cross-site scripting attacks (XSS) and clickjacking. A useful plug-in, though a little heavy handed – for the first few days of using this, I often had to use the “allow site” function (the little icon, on your web browser status bar), to get my regular sites to load properly. Once you have those set though, you barely notice it’s running.
2) Adblock Plus – blocks advertisements and can block access to known malicious domains. It can also block flash and java, as you deem necessary. Given the many security vulnerabilities stemming from Adobe products (as evidenced by the ridiculous amount of updates they push out for their plug-in), this may be an important way to protect yourself online. If you’re interested, you can find a list of the top ten “internal vulnerabilities” (meaning from client computers mostly) here. Unsurprisingly Flash, Acrobat and Java top the list.
3) HTTPS Everywhere – this add-on provided by the Electronic Frontier Foundation makes HTTPS requests (secure http) to websites you access, where possible. Some sites like Google allow secure access, but don’t enable it by default. Using this plug-in, if you try to navigate to http://google.com you will be redirected to https://google.com.
4) Web of Trust – web of trust provides information on the site you are browsing, to provide some indication to the user, as to whether the site should be considered trustworthy or not. It provides an indicator that will turn green (site deemed ok) or red (site deemed a hazard) based on ratings by the web of trust community base, around the world.
4) LastPass – Allows you to securely store and manage your passwords, even generating secure passwords for your sites as needed. Far more secure than the built-in Firefox password management feature. I won’t go into too much detail, but I’ve written about LastPass previously here.
Some other important settings include:
Prevent Firefox from storing your site passwords:
By disabling Firefox’s built-in password manager, you are preventing your Firefox from storing passwords for the sites you browse, on your local machine. It’s generally not a good idea to have your passwords stored by your browser, especially if you work on a shared computer.
Prevent Firefox from storing information on the sites you browse:
Beyond all this – keep your browser up-to-date! The importance of this cannot be stressed enough. Security vulnerabilities are being patched all the time, and if you don’t keep up with the patches, you aren’t benefitting in any way from the work people are putting into improving your online security.
Carnegie Mellon’s Computer Emergency Response Team (CERT) has a long, but good write-up on how to browse securely here.
If you’re interested in securing Google Chrome, here’s a good write-up on security related extensions, courtesy of Tech Drive-in.