2015-12-13 Update
- I have moved away from Ghostery and now recommend Disconnect and Privacy Badger due to Ghostery’s border line belligerent update notices and frequent resetting of user preferences upon new releases.
- I have moved away from AdBlock Plus and now recommend uBlock Origin due to ABP “selling” access to get on their default whitelist.
Background
This article is intended to be a brief, concise, guide for beginner and intermediate web users regarding safe browsing habits and tips. This guide will give you a few tips that will make your browsing safer and generally make the work for a bad guy to get into your computer difficult enough that they will simply move on to easier prey.
Please note that nothing will make your browsing completely safe and secure. If your computer is connected to the internet and someone wants to get into your computer, given enough knowledge and time they can.
Details
- A Good Browser: the browser you use is very important. You may be used to one browser or another but it is well worth it to learn another if yours is not safe. For the last two years Chrome has lead the pack in regards to safety with Firefox very close behind. Microsoft’s Internet Explorer is generally not even in the ballpark and has consistently been there for the last 5+ years. The reason has two parts:
- IE was the most widely used browser, so if a bad guy knows how to hack into it he can hack more people
- Microsoft has been very slow to update their browsers to newer, better technology standards. I don’t mean they are slow to patch their browser, I mean they are slower at adopting new security standards (sand-boxing). Chrome and Firefox adapt much quicker which means they can implement better security practices quicker and this also makes a fast moving target for hackers as they address vulnerabilities quicker
- Browser Extensions: nearly all web pages have things embedded within them to track and monitor your usage of the sites you visit. Generally speaking, the things embedded within the pages are safe, but this is one of the most common things hackers target to get your data. There are 3 extensions everyone should use which will make your browsing much safer:
- a javascript blocker: NoScript is the market leader here, NoScript (and other script blockers) blocks javascript on a web page until you ‘allow’ it. Javascript is by far the most used tool by hackers to get at your information. NoScript simply blocks the script until you tell it to allow it.
- tracker blocker: Ghostery (or Disconnect) is a tracker blocker, this is similar to NoScript but rather than blocking JavaScript it blocks common/known bad tracking components such as cookies from sites that are known to be unsafe.
- ad blocker: AdBlock Plus is similar to Ghostery but primarily blocks ad related tracking items such as flash ads and pixel trackers.
- Disable Unused Features: the extensions above block common exploits which often exploit features of your browser that you do not even use. A quick and easy way to avoid the problem is to simply disable these features. Most users can disable the following features and find little to know impact to their web experience:
- java: most browsers come with a plugin for Java, generally speaking most user do not need this. If you use websites that require java you probably know enough about it to know to leave it on or turn it off and on when you need it. The average user should be able to disable Java and not see any difference. To do this in firefox simply go to:
Menu>Tools>Addons
. Select the Plugins tab in the left menu and you should see Java listed there. Select it and choose to disable it. If you need it back on simply enable it. - flash: a lot of sites use flash, more are moving away from it and opting for HTML5. I suggest to turn on Flash until you need it and simply turn it on when you need it. To do so, go to
Menu>Tools>Addons
. Select the Plugins tab again and Disable Flash (often listed as Shockwave Flash or something similar). If a page you try to visit complains about needing Flash or the need for a newer version simply re-enable flash.
- java: most browsers come with a plugin for Java, generally speaking most user do not need this. If you use websites that require java you probably know enough about it to know to leave it on or turn it off and on when you need it. The average user should be able to disable Java and not see any difference. To do this in firefox simply go to:
Although Chrome tends to lead in security, I choose and recommend Firefox due to its openness, security and bug related history, and privacy policies (see privacy article for more info). Most of the features I mentioned above are available in all browsers with exception to the Extensions. The extensions I listed are available for firefox and I believe most are available in Chrome as well.
If you would like more information about safe browsing and safe computing I highly recommend the Security Now! podcast which is a weekly podcast that does a great job of discussing safety and security related items.