By virtue of the fact you’re reading this, the chances are you used a web browser to get here. A web browser is the program you use to search for, retrieve, and display any kind of written or visual information on the web. Browsers can also be used in the same way on private networks or intranets.
Some of the best-known browsers are Mozilla Firefox, Microsoft Internet Explorer, Google Chrome, Opera, and Apple Safari for Windows. The most widely-used browsers in the Windows world are Internet Explorer and Firefox. In the Mac world, Safari, Firefox, and Opera top the list.
Here are a few of the characteristics you want to be looking for in a browser that reflect higher security levels:
- Having secure default settings (settings that are inherently more secure, than less secure if they remain unchanged)
- A pop-up blocker to prevent you from accidentally accepting malware that’s delivered through pop-ups
- Privacy controls that let you browse without leaving a “data trail” on your computer
- Automatic patching whenever security updates are issued by the vendor
- Protection of log-on credentials (keeping passwords secure, etc.)
- Support for secure transactions (https protocol) to protect online financial transactions
You may also want to disable support for ActiveX controls, which are widely used by hackers to exploit weaknesses in web page coding, but be aware that this may adversely impact your web—viewing experience in some cases. (Helpful hint: You can get around this problem by using our LinkScanner® Safe-Surf program, which will spot and block ill-intentioned ActiveX code).
You can customize security zones for different user accounts on your computer. Microsoft Internet Explorer, for example, divides the world into the Internet, a Local Intranet, Trusted Site, and Restricted sites; other browsers have similar controls. Within each of these you can adjust security levels according to your preferences and perceived risk levels.
Hackers and browser vulnerabilities
In the eternal game of chess that is Internet security, hackers are quick to identify and exploit any vulnerabilities, or weaknesses in coding, they find in web browsers. As part of your browser research, check out browser security tests on the web – and make sure they’re recent – within the past couple of months. Security is a rapidly-changing landscape, and what was safe in the summer may be much more vulnerable by the fall.
For example, Ceznic’s “Web Application Security Trends Report, Q1-Q2, 2009” found Firefox to have the greatest number of vulnerabilities, followed by the iPhone implementation of Safari, Internet Explorer, and Opera. Firefox probably topped the list when the survey was done simply because of the number of plug-ins that can be used with it. Poorly-written and/or out-of-date extensions are easily exploited to allow malware access to a computer. However, Mozilla now incorporates a service that alerts users when plug-ins are out of date, so it would likely fare a lot better now.
On the web, you’ll find a number of reviews rating browsers, both from magazines and testing organizations – you’ll find a couple of good examples at http://www.infoworld.com/d/security-central/test-center-guide-browser-security-250 and http://news.cnet.com/8301-13880_3-10402239-68.html. Look at the comparison tables and focus on the functionality that’s important to you. This might include the breadth of features, the plug-ins or extensions available (Firefox is known for this), ease of use, speed, compatibility with your security software, and the support the vendor provides for the browser. While you don’t want to end up with a browser that’s so heavily secured it’s hard to do anything, you should keep in mind that the more features there are in a browser, or the more plug-ins that you use, the more code there is that can be exploited.
Ultimately, a secure browser is one that is (a) well-written (b) kept updated against vulnerabilities and most of all (c) used intelligently. Don’t be tricked into running malicious code by an offer that sounds too good to be true (it usually is). Be careful about the add-ons and plug-ins you use. If you are prompted to install third party software while browsing a site, check it out by going to that vendor’s website to download the program. Hackers often attempt to spread malware by disguising it as a useful plug-in.
LinkScanner adds a valuable layer of security on top of most browsers by spotting and stopping crimeware before it can get into your PC and activate. It works with most popular browsers, and it’s included in most of our commercial products – both for home and business users. Or home users can download a free version at linkscanner.avg.com.
Which browser do you use? Do you think it’s more secure than others? Why?
JR Smith, CEO, AVG Technologies