Secure Your Browser(Beta)
[Drop down to Firefox Settings]Stiffen Internet Explorer security settings even if you use another browser. Internet Explorer is absurdly entwined with Windows, and butts in without your control.
AOL, Earthlink, and other ISP-branded browsers are usually just Internet Explorer behind a facade. Naturally, IE configuration changes directly affect them as well.[Drop down to Firefox Settings]
If you're using Internet Explorer 6:
My advice is upgrade to IE7, or switch to Firefox. :-) Or you could run IE 6 under reduced rights -- that will much more than double your security.
[Reduced rights][IE 6 security advice if you're not yet ready to switch.]
[Advice from Microsoft on how to toughen up IE 6.]
If you're using Internet Explorer 7 on Windows XP:
I still recommend that you switch to Firefox, but I'll have to admit, you'll do nearly as well with IE7.
[IE7 Settings][Reduced rights]
[Drop down to Firefox Settings]
If you're running Windows Vista you already have IE7:
IE7 on Windows Vista has some advantages compared to IE7 running on Windows XP. That makes the match between Firefox and IE7 pretty close if you run as a "Standard" user. I'd still choose Firefox though.
[IE7 Settings][Reduced rights]
[Drop down to Firefox Settings]
Security settings for IE7:
I don't have much experience with IE7. (I use Firefox as my primary browser.) I thought it would be easy to find tons of good advice online for IE7 though. I was wrong. Microsoft doesn't seem to offer much help either, maybe because they don't like the answer. ;-)
I found one Microsoft webpage that gives short, valid instructions that will provide good security. However, these settings will make IE7 tedious to use if you visit lots of different websites. Another item, "IE 7 needs tweaking for safety" by Brian Livingston, also gives good advice.
IE7 running on Vista (but not XP) is fairly secure without changes if you leave UAC enabled.
Answers.com links to more answers for your questions about IE7 security settings.My own setup for IE7 on Windows XP:
Here's how I set up IE7 for those rare occasions when I use it:
• I run IE7 under reduced rights.
• I set the security level to "Default" rather than "High".
That's it. I'm more secure with less fuss than if I used "High" as Microsoft recommends.
Firefox security settings:
The table below gives my advice for Firefox itself.
I strongly suggest that you also install these free Firefox Add-ons:• Adblock Plus,
• FlashBlock • McAfee SiteAdvisor
• And possibly NoScript.
I also run Firefox with reduced rights, which adds powerfull protection against all sorts of known and unknown threats.
- • attack vectors
- deception the #1 threat
- phishing #1 deception
- poisoned websites
- poisoned email
- email attachments
- downloads
- spam (scams and phishing)
- hackers and worms
- popup warnings
- • malicious content
- spyware
- viruses and worms
- trojans
- • backup is security job one
- • develop your "web smarts"
- don't get hooked
- guard against spyware
- be careful with email
- fear attachments
- surf safely
- • tighten security settings
- windows
- browsers
- email clients
- • defense tools and software
- firewalls
- hardware firewalls
- anti-virus
- anti-spyware/-malware
- all-purpose security suites
- • patch and upgrade software
- • bonus: double your security
- • test your protection
- • protect your privacy
- • WiFi security
Tight browser settings won't improve your security one iota if you don't use your head when dialog boxes pop up.
For example, if you're asked to allow an ActiveX control to run, ask yourself if you completely trust this site. You can usually view the page even if you don't allow it.
| You'll find most of the security related settings in "Options" under "Tools" in the Firefox Menu. | ||
|---|---|---|
| Tab | Option | Instruction |
| Main | Default Browser | Click "Check Now" to see if Firefox is the default browser. Answer "Yes" if it offers to make it the default. Check "Always check to see if Firefox is the default browser on startup" if you like. |
| Content | Block Popup Windows | Check: Popups are a primary attack vector. A straw colored notification strip will appear just below the tabs if a popup is blocked. You can always allow a popup if it's one you want to view. |
| Load Images | Check: You just about have to allow images for Firefox to be useable. There used to be an option to allow the originating site only. Too bad that's gone. | |
| Enable JavaScript | There is some risk from JavaScript, but you'll probably want to enable it. Many websites will not work if you do not. Alternative: enable it, but install the *indispensable* NoScript Firefox extension. NoScript disables Java and JavaScript, but allows you to enable them on a site-by-site basis. | |
| Enable Java | Disable this option. You may need to temporarily enable it to get a few trusted sites to work right. | |
| Security | Warn me when sites try to install add-ons | Check: You will need to allow specific sites when you want to install any Firefox plugins or extensions. A straw colored notification strip will appear at the top of the page when you try to start an installation. Allow the site to proceed if it's what you expected. You'll need to reinitiate the installation before anything will happen though. | Tell me if the site I'm visiting is a suspected | Check: This option protects against Phishing. I'd use the "Check against a download list..." because it's faster if not as thorough as Google. |
| Passwords | If you tell Firefox to remember passwords, be sure to answer "No"when you asked later on if you want to save your password for a sensitive website, like your bank. | |
| Advanced | Update | Enable the options to check for updates to Firefox and extensions and search engines. |
| Update | Check Firefox, Installed Add-ons and Search Engines. | |
| Encryption | Check "Use SSL 3.0" and "Use TLS 1.0". | |