RSS

Internet Security

06.24.06

For unfamiliar terms, look in Matisse Enzer Glossary of Internet Terms.



Intro

Internet security is important because a lot of bad things can come to your computer from the internet. When I say internet security, I'm referring to safely surfing the web. So I'm focusing on how you surf the web and how you configure your browser. Unfortunately I can't cover all the different web browsers. I stopped using Netscape years ago when I saw that Microsoft Internet Explorer (IE) had features that Netscape didn't. I'm sure Netscape has some nice features too, but enough of that.

Browser Choice

Browser choice makes a big difference these days but no one browser is flawless. You can however avoid the more dangerous flaws and the more exploited flaws by choosing the right browser. I've chosen to use Firefox as my browser because of the features it has, like tabbed browsing, and more importantly because of the one feature it does not have, Active-X controls. IE allows Active-X controls to give some web sites more features but it is also a great vulnerability. Malicious software can be written to use Active-X to do things to your computer including the installation of viruses, trojans, worms, and that sort of stuff. I only use IE to update my Microsoft Windows XP operating system and MS Office suite. You can turn off Active-X in IE but then why use IE? You might as well use FireFox because it displays websites better and has more features.

Browser updates

A very important part of internet security is keeping your browser up to date like your operating system. Firefox's default settings include automatically checking for updates. Firefox seems to get needed updates sooner than other browsers because it is open-source software and many people work to improve it. The good thing about IE is that you can update it at the same Windows update site as your operating system or get updates with Window's automatic updates. Unfortunately Windows updates are usually updated only once a month. Just like the operating system, occasionally vulnerabilities are discovered in your browser. Updating your browser will put an end to those vulnerabilities.

Cookies

Another issue with the internet is the information websites can gather about you when you visit their site. They can track what sites you go to. One way to limit the information they gather is to limit cookies that web sites can put on your computer. If you're not familiar with internet cookies, they are little files that websites put on your computer for several purposes. Some are legitimate business purposes others are almost criminal. Almost any site that requires you to use a password probably puts an identifying cookie on your computer so you don't have to enter you password every time you do something on that site. But those advertisements on web pages can also put cookies on your computer. If you have a current version of IE you can limit the cookies that get into your computer by clicking on "Tools" menu at the top of the browser, and select Internet Options from the drop down menu. You'll get a new window with several tabs including the Privacy tab. Select the Privacy tab and click the Advanced button near the middle of that window. Check the box by "Override automatic cookie handling." Under First-Party Cookies, select Block. Under Third-Party Cookies, select Block. It's fairly safe to check the box by "Always allow session cookies." Session cookies only last as long as your browser is open. When you close the browser they are deleted.

There is a program called Spider Bite that will erase the traces of your web browsing. It clears all the cookies and clears a file called index.dat. Index.dat stores the web address of the sites you go to. It's very difficult to alter while the Windows Operating system is open. Spider Bite takes care of that.

Pop Ups/Pop Under

Yet another issue for internet security is Pop-ups and Pop-unders. These are the advertisements and other websites that pop open while you surf the web (that's a pop-up). Some open behind your other open windows so you don't find them until you close the other windows (that's a pop-under). There is a free solution to this problem. It's called Pop-up Stopper. It's a small, free program that can load when you turn on your computer. Every time a Pop-Up tries to get through your mouse will briefly turn into a red circle with a slash through the middle indicating the block. If you need the Pop-Up or new window to open, you just hold the CTRL key and click the link again. It's pretty safe and will save your computer from getting hijacked by advertisers.

Making IE more secure

If you insist on using Internet Explorer for browsing the web, there is something you can do to make it much safer. This technique is described very well by Steve Gibson in his Security Now Podcast episode #38 . Basically you set the general security settings to maximum and then add the sites you trust to the trusted sites list alowing you to use all the features on those sites. To do this, open Internet Explorer, open the Tools menu, and select Internet Options. Click on the Security tab. Then start with the Internet Zone by clicking Internet and set the security level to High. Then click on Trusted Sites and use the "Sites..." button to add sites to your list. Now all sites that are not listed in your trusted sites list will not be able to run scripts or code on your computer through your browser. This can be a bit of a pain to manage so it's better to just use Firefox.

Prevent Web Spyware

Whether you use FireFox or IE, don't forget to secure them both with Spyware Blaster and the Immunizer in Spybot Search & Destroy. They add known bad sites to the restricted site lists so you will be somewhat safer if you accidently find yourself on one of those malicious sites. You can find those programs on the Download Page.

Secure Flash

Recently (Jun 2006) another issue has come to light. Flash, a tool for viewing animation and other media on the web can be used to do things to your computer without you being aware. The good news is that there is a fix. Steve Gibson brought this to viewers attention on Leo Laporte's TV show, Call for Help episode #376. The good news is there is a way to manage Flash settings by going to Macromedia's Flash Settings page using your browser. One setting of note is on the second tab, storage settings. Make sure you uncheck the box for "Allow third-party Flash content to store data on your computer." This is set to allow such data by default. If you don't uncheck that box, a Flash advertisement on a website can ad data to your computer like cookies that can track you. However this data is not cleared when you clear cookies. Browse the other settings and change any that you'd like.