I’m asked about security when browsing the Internet on almost a daily basis. You may have accidentally installed some sort of fake antivirus by clicking on a scareware or phishing link. You may have been inadvertently forwarded to a pornographic or shady website. Then again, you may have had your credit card stolen. Regardless of how Internet savvy you are, everyone is susceptible to security flaws when browsing the web.
What is a web browser?
Some people still don’t exactly know what a web browser is or what it means to them. Instead of explaining all of this out in technical details, I’m not going to reinvent the wheel. Google posted an awesome short video on YouTube with a quick overview of what a web browser is.
Now, an easy way to tell what web browser you’re using is to go to http://www.whatbrowser.org/en/. It has the same video above, but should automatically detect your browser version and its released date to the left.
How do I secure my web browsing experience?
Now that you know what a web browser is, you should know how to safely use it.
There are several key security aspects when it comes to browsing the Internet. The first is of course your virus and malware protection.
Virus & malware protection
Make sure to always use an up-to-date antivirus program and regularly scan your computer for malware. I personally think that Microsoft Security Essentials is the best free antivirus program available at the moment. Another good anti-malware scanner is Malwarebytes’ Anti-Malware.
Your initial step in securing your browsing experience (as well as your computer in general) is to download an antivirus program and an anti-malware scanner, update their definitions daily, and run a scan of your computer at least weekly. You can find the links to download these applications on our helpful software page.
Use the right browser and secure it!
Most people still use Windows and most still browse the web with Internet Explorer. Virus creators and scammers want to affect as many people possible so they usually target the security flaws in the most popular operating system and Internet browser. Aside from that, Internet Explorer is inherently very insecure. Mozilla Firefox, Google Chrome, Opera, and even Safari are more secure than Internet Explorer when it comes to your browser’s default settings.
For 99% of users out there, Mozilla Firefox would be the best choice as a more secure browser to switch to. I tend to prefer Google Chrome to Firefox for speed and other functionality, so we’ll cover the steps for securing either browser for your computer.
Mozilla Firefox
- Download Mozilla Firefox here.
- Install Mozilla Firefox from the downloaded file (you can usually just accept all of the default options).
- After installation is complete, you’ll want to download a few security add-ons for Firefox. Open up your Mozilla Firefox browser if it isn’t already open.
- Download and install Adblock Plus here.
- Download and install WOT – Safe Browsing Tool here.
- Download and install Dr. Web anti-virus link checker here.
- Download and install BetterPrivacy here.
- Download and install NoScript here.
- Next, we’ll want to configure a few settings for Firefox.
- In Firefox, on the menu bar, click on “Tools” > “Options” > “Privacy”, and choose “Never remember history” from the drop down menu.
- Then, while in Firefox’s Options, click on “Security” and make sure the top three checkboxes are checked for “Warn me when sites try to install add-ons”, “Block reported attack sites”, and “Block reported web forgeries”. Also, make sure that the next two checkboxes are unchecked for “Remember passwords for sites” and “Use a master password”.
- Click the “OK” button at the bottom of the “Options” box to save the settings. We’ll go over why I recommend these settings a little later.
Google Chrome
- Download Google Chrome here.
- Install Google Chrome from the downloaded file and open the program.
- Next, we’re going to download some extensions for Chrome which are just like add-ons for Firefox.
- Download and install AdBlock here.
- Download and install the Browser Button for AdBlock here.
- Download and install FlashBlock here.
- Download and install Web of Trust here.
- Now, in Chrome, click on the wrench icon and then select “Options”. Click on the “Personal Stuff” tab and choose the “Never safe passwords” radio icon under the “Passwords:” section.
- Lastly, click “Close” at the bottom of the Options screen to save the settings change.
One last step to beef up the security of your web browser is to run it in Sandboxie.
Sandboxie is a fantastic little program that you can use to open your web browser in a “sandboxed” mode. While running your browser in a sandbox, Sandboxie won’t allow the web browser to write data to your system. Instead, it uses a separate area that Sandboxie creates to protect your system, program, and user files.
Click here to download and install Sandboxie.
Sandboxie should have automatically opened after installation. You shouldn’t need to edit any settings within the program, but when you close the Sandboxie window, it will give you a message that the program will continue to run in the taskbar, which is fine for it to do. The taskbar icon for Sandboxie should look like the image to the right.
After installation of Sandboxie, you should also notice a new icon on your desktop that looks like the image to the right. Whichever program you have set as your default browser should open up in “sandboxed” mode by double-clicking on this icon.
If your browser doesn’t open for some reason by default, you can edit the desktop shortcut to specify Mozilla Firefox or Google Chrome. To do this, right-click on the desktop shortcut and choose “Properties”. In the properties box, edit the text in the “Target” field from “default_browser” to “firefox” or “chrome” as shown in these two images.
Change the above text to the text below:
Click the “Apply” button and then the “OK” button at the bottom of the properties box and the shortcut should open up your browser correctly now.
To verify that your browser is running in “sandboxed” mode, check for hash tags (#) around the title in the top bar of your web browser as shown below.
By performing these steps and installing these programs and add-ons, your browsing experience should be drastically more secure. The add-ons that we installed for Firefox or Chrome will either inform you of shady links and websites or block ads, flash, and other scripts from running in your browser. Each add-on easily allows you to add certain websites to the “allowed sites” or “whitelist” which will disable the add-on for that site. They also easily have an option to disable the add-on entirely, which I wouldn’t recommend.
Create long, secure passwords or passphrases for your online accounts
This is usually the most difficult step for most people. A good password is key to protecting your online accounts from brute force attacks or easily guessed account access. Unfortunately, no matter how secure your password is, a keylogger can send your password directly to a malicious source. This is why a good antivirus and antimalware program is the first recommendation!
As I mentioned above, we don’t recommend that you save your passwords in your web browser because some spyware can actually retrieve those from your browser’s settings without even needing a keylogger. This is how a lot of accounts become hacked (along with web and email phishing).
There are a couple of ways to go about creating a secure password.
- Create passwords with an automatic generator, such as the one here: http://www.pctools.com/guides/password/. I always recommend a password that is at least 8 characters long and that has a good mix of letters and numbers, as well as special characters.
- Create a long passphrase that is easy for you to remember.
Because of the additional length of a good passphrase, the need for numbers and special characters decreases. A good way to create a passphrase is to use a sentence as your password, such as the following examples:
- MyfavoriteplacetoeatisatAblyAsianinJasper!
- IthinkVincentVanGoghisthebestpainterever!
As you can see in the examples, these passphrases are both 42 characters long! They also use upper and lower case letters and has an ending punctuation, which is natural for the sentence and is easy to remember.
Some sites won’t allow passwords above a certain length, so in those cases, I would use a randomly generated password. For better security though, try using a long passphrase wherever possible. I will be going over passwords in the next 2 Minute QuickTips screencast, which should be uploaded this weekend!
I know this blog post has been a long read, but I really wanted to give as much detail and instruction as possible to help secure your online browsing experience. As always, if you ever need help with anything we cover in our posts, or if you have other questions, contact us today!
Hi, like your site a lot. Have been online since mid 80′s. I got one of the first viruses from my brother on a floppy disk in the early 80′s “stoned” after that I have been very security concious.
I have gone about 5 years with no security issue with me or my family but in the last 2 months 3 family members and 2 friends have had very bad malware including deleting files. They had updated antivirus. The 3 Family members had MSE updated and don’t intentionaly go to dodgy sites. All run Windows 7 x64 bit and we are behind a good NAT router.
I have now started rebuilding and upgrading computers and came across this site after quite a bit of research what you have to say seems to match what I worked out.
Other than privacy is there any need to run all the Firefox and Chrome addins if you run in Sandboxie as that protects the system and they just now fully support Win 7 64bit in their beta? The problem with the addins is it is quite inefficient and time consuming training the applications if sandboxie keeps me safe.
Can you do an update to this blog as things seem to have changed a lot in the last 12 months but the advice is probably about right?
The addin Wot requires scripting and I installed no script as advised, several attemps to get the page opening by tweaking no script failed so I am not sure if the addin or site http://www.mywot.com is safe anymore. As you say stop if unsure.
I see Internet Explorer is not covered and is generaly considered unsafe but quite a few sites need Internet Explorer. Now version 9 is out what advice and suggestions can you make on this?
I am sending a link to this post and your site to others, thanks very much for explaining these things in such a clear way.
Hi Ian,
Thanks for the feedback! I’ll be releasing an updated blog post on this topic very soon to cover some changes from this past year.
To answer your question, Sandboxie is a great security product especially for your web browser, so you wouldn’t necessarily have to run some of the other add-ins, such as NoScript. I still would recommend using these add-ins though because it gives the user more control over what they see and what they allow to run on the websites that they visit. To me, this is a very empowering feeling (sort of like learning to change the oil in your vehicle).
Also, as you mentioned, Sandboxie wasn’t available for some operating systems at the time. In situations where you can’t or don’t choose to use Sandboxie, I would definitely use these other add-ins for your browser.
I’m not sure why you had issues using Wot and NoScript at the same time as I’ve not run into this problem. You should just be able to allow the mywot.com domain in NoScript and both work in conjunction. If in doubt though, I would recommend defaulting to use NoScript.
As to Internet Explorer 9, it has some great new features, but still comes out-of-the-box with more security holes. I will talk more about the changes in IE9 in my new upcoming blog post.
Thanks again for giving us feedback and sharing our site with others!