Google+ Badge

Sunday, June 29, 2008

Browsers, Key To Security?

Less like the key, really, than a car - browsers provide the means for traveling around the Internet to interesting destinations. Unfortunately, sometimes uninvited passengers climb in. On rare occasions, they even 'carjack' you.

So, what to do?

Users have options, starting with browser selection. Internet Explorer still has over 90% of the 'market' (an odd term for free software), but it's popularity is waning slightly. Firefox and others have inherently better security and the added advantage of running on Linux.

Even when not inherently better, other browsers and operating systems are less popular targets. Until both legislators and software vendors get really serious about security, it's possible to reduce your 'target area' by staying out of the limelight.

Education is another key to 'hardening' browser security.

There are dozens of options in Internet Explorer and other browsers that control what components triggered during surfing are allowed to do. Very few users have much knowledge about what they're for or the effects of setting them one way versus another.

For example, is it desirable to 'Allow ActiveX controls and plug-ins' to Run, or should that be set to Prompt? Individual judgments here, as in all aspects of security in life, have to be made. One factor is your tolerance for responding to prompts versus your willingness to risk infection. After all, you have to decide whom to let in your car, don't you?

It's an undesirable trade-off to be faced with, and one which we can hope someday won't be necessary. But in the interim, it isn't necessary to be a computer geek to experiment and read a bit to find out what these settings affect. The first time you're infected and lose a day recovering, you'll wish you'd spent the two hours finding out.

Proper use is the final leg of browser security. Do you practice 'safe browsing'? Some sites prompt to download ActiveX controls (little programs), dialers, adware and other dynamic content. Do you really know what's likely to happen when you say yes, or are you trusting the source? Trust is necessary, but as the old saying goes 'Trust, but keep your eyes open'.

Most users are unaware of the extent to which using a browser opens up their system to the rest of the world. Being on the Internet means not just seeing, but being visible. And accessing sites usually means being accessible. It isn't just harmless cookies that can be downloaded to your system. Once executable programs are downloaded they often have free rein to your entire system.

Back to education for a moment. Spend some time learning how to lock down your system, outside the browser settings, to make it more difficult for these errant programs to gain Administrator level privileges. Your time will be well re-paid.

So, be aware of what's happening when you navigate to a site. Download only from trusted sources. It's ok to be slightly suspicious of strangers. Don't pick up hitchhikers.

Ok, Mom's going to make some hot chocolate now. Then we'll decide if you can have the keys to the car.