Securing your browser is not an easy task. There is a lot to understand about how a modern web browser works, and what about them leaves us vulnerable to malware, privacy threats and other attacks. The browser itself is not the only problem; browsers play host to software such as Flash or PDF readers that are vulnerable to …
Actually, flashblock is trivially easy to bypass.
@Mark C Casey
Useful little test, I tried it with Adblock, Noscript and Flashblock, (in combination and separately), the only one that blocked it was Noscript.
@ Bob Gateaux
I agree - you are 100% safe.
The only time that you are not safe is when you turn on your computer and connect that that internet thingy - using IE, Firefox, Chrome, Opera, et al.
@ Bob Gateaux
I would seem from your comments that you do not use any of the add-ons mentioned in the piece. On Firefox and Seamonkey on Linux at least, Adblock Plus, BetterPrivacy and No Script all inform you that a new version has been released and asks if you wish to install it. Simple.
"we just use the Internet Explorer and make sure we have the patch applied each month. Then we are safe."
Sooo, a new threat comes out, spreadable by a rogue flash advert you are not blocking and no patch has yet been released.
How are you safe?
I don't actually have a huge problem with ads as long as they are reasonably discreet.
What I don't like are the silly number of "trace" cookies and bits of java script (doing goodness-knows-what) that accompany most ads. And it is for THAT reason, I use an ad blocker.
I like the principle but if i may offer one possible point to ponder (hmmm a lot of P's there..) regarding the model WOT is based on, "only as strong as the weakest link" as such is not the weak link here the database of ratings?
So if I joined up as a member with the sole purpose of maliciously rating a number of Malware sites as a top rating, being sneaky and duplicitous I of course wouldn't do that to all my ratings just 1 in a 100 say. Doing this from a number of accounts (sneaky, sneaky) and over a few months could I not essentially mine this DB with a number of bad sites with good ratings?
Anyway just a thought and having absolutely no experience of WOT its all just supposition on my part from reading the Mywot website...so apologies if I have got something wrong..
Or, Anonymous could download WOT and poison the DB for a given site if they want. Yes, it has its flaws...but overall it's a lot more effort for the bad guys to game the system then they gain from it.
- don't run as windows admin
- disable everything, then if you need jscript/flash/etc, run it in a VM (I do this)
- appropriate for company security (hint hint), run a proxy with whitelist only browsing, force everything through proxy. Extend whitelist as necessary.
@Bob Gateaux: "Then we are safe". That just invites sarky comments but I'll refrain. It's not that simple. It's a numbers game and you need multiple facets of protection to be *reasonably* secure - there is no 'safe' as such.
Nice to see WoT getting a mention
I have been using the trio of AdBlock, NoScript and WoT for some time and fount that between the three of them, they provide multiple layers of defence against malicious web sites, form reducing your exposire to them in the first place (WoT), to guarding against risky content being loaded automatically (NoScript blocking PDFs and flash), and preventing injection of dodgy pop-up ads from third or fourth-party advertisers. It is not just about not wanting to see the adverts (which I don't anyway), but mitigating the risk that inherently untrusted content poses. To me, these utilities are as important as anti-virus software, a firewall, and keeping your system up to date with the latest patches. Each of these things deals with a different security vulnerability, in a different way. Overall, you get multiple layers of overlapping protection. The problem arises when a new exploit is found that has a gap in multiple layers (such as the recent shortcut vulnerability in Windows).
I know I'll get flamed for blocking adverts in my browser by those that think it is somehow the right of content providers to bombard me with them, simply because it provides the basis of their business model. However, I was never going to click on your adverts anyway (except possibly by mistake), so I am not part of the demographic that supplies your income.
The real security problem is that there will always be the uneducated majority that think that the default installation of Internet Explorer is risk-free because of claims in some print advert from Microsoft that they saw six years ago in a four-colour-glossy advert cunningly disguised as a computing magazine. Whilst these are the people who generate the revenue for advertisers, they are also the same people who fall for the scams and host the botnets. This arguably presents something of a conflict of interest to those pushing advertising as a source of web revenue. This is why, ethically, I rate the ethical values of advertisers rather lower than others may do.
From ad admin standpoint....
The most useful and vital thing one can do to secure the PC and network as a whole is to keep users from dodgy websites. Yes, there are legitimate and business-appropriate sites that can become (temporarily) vectors for malware but they are few, they are quickly rectified, and the sites are generally run by people that take an interest in seeing that it does NOT happen.
So the question becomes "How do I keep the users on the straight and narrow?" Look them in the eye and say "It's *my* network. The pictures of puppies from your cousin and the eee-lec-tron-ick greeting cards will still be in your web mail when you get home. Wait until then. I know every website you visit on your work machine, right down to what kind of adverts it has on it. If something bad comes in because of what you've done, I will know, I will be able to prove it to your management, and I will not hesitate to hang you out to dry." Combining this with a snapshot log from the user's traffic is particularly effective. It's far more effective than some abstract policy sopping up milk with a "work computers are for work purposes only" that provide no sense of personal accountability to God, root, or anyone else.
I'm not certain
... on the exact distinction between "God" and "root". Could you elaborate?
distinction between God and root
There is none on our network.
root is SYSTEM LORD.
End of discussion.
if root does not like your surfing habits, you get routed to /dev/hell, and lose ALL internet access. Then you have to explain to your manager why you can not do your job. (Don't worry, before you are routed to /dev/hell; your manager will already know why.)
As far as `white listing / black listing` goes, our net admin has a BIND server that takes care of it. Try to surf to a banned site, and you get logged.
Want a safe browser?
Text mode only
Total cookie control
No annoying flash
Ad-blocking in Chrome
AFAIK, Ad-blocking in Chrome merely hides the advert but does not prevent it from downloading and presumably executing.
Is there any kind of light-weight personal web proxy that you can run locally, that doesn't bother with caching (no point if it's on a single computer and the browser already caches) but that allows for inspecting/tweaking http requests/responses?
For example, I sometimes want to kill referers, tweak my user-agent string, and maybe block google-analytics when I'm testing a website locally. As it is now, Firefox is pretty flexible and probably has an extension for those things, but other browsers can be a bit more bothersome.
If you're after a ad-blocking proxy then I suggest http://www.proxomitron.info/
I used it before ad-blocking was available as an addable feature to the browser.
I run FreeBSD
Gets rid of all those pesky drive by download issues. Sometimes security by obscurity works - no-one is ever going to target FreeBSD desktop ;)
Mine's the one with G*E*E*K on the back.
- Vid Hubble 'scope scans 200,000-ton CHUNKY CRUMBLE ENIGMA
- Bugger the jetpack, where's my 21st-century Psion?
- Google offers up its own Googlers in cloud channel chumship trawl
- Interview Global Warming IS REAL, argues sceptic mathematician - it just isn't THERMAGEDDON
- Apple to grieving sons: NO, you cannot have access to your dead mum's iPad