Posts Tagged ‘Internet-Explorer’

Protecting your privacy while browsing the web

Friday, December 8th, 2006

Hello,

 

I’ve been thinking of writing a post on how to protect yourself, as a web surfer, and the steps you can take to make sure no one will be able to know what sites you’ve been visiting on the net. I had the chance today to sit and write this article, so here it is:

 

1. Clean history when you finish: The history of a web browser can be invaluable resource to know what a person was surfing on the net. Anyone can simply open a browser after you finish browsing the net and show the list of the websites that you’ve been visiting. This can have a very bad impact on you. Imagine for instance, that you’ve been searching for a job on a specific website and some colleague was able to access this website to learn that you’re searching for a job. It can be very annoying when you discover that your secrets are exposed by some nosy guy.

While this can be very annoying and can put you in serious trouble sometimes, the solution is very simple. You can clean your web-browser history every time you finish browsing the web. Or better, you can set your browser to clean your history when closing (if the browser supports this feature). In Smart Bro, you can simply do that by enabling the auto-history cleaner which works every time you close Smart Bro and cleans all your traces.

 

2. Make sure no one can access your browser: leaving your machine on and unlocked can invite some people to sit on your desk and see what programs you’re running and what websites you’re surfing. In many situations, you’ll have to leave your machine quickly to handle an urgent matter. It’s a very good habit to lock your machine before leaving because this will prevent others from accessing your computer while you’re away. On Windows XP, you can use Ctrl+K to lock your machine quickly. In case you don’t want to do that, you can activate your browser protection (if available). Some browsers provide a feature that’s call “Boss Key” which hides the whole browser by pressing a single shortcut. In Smart Bro however, you can enable protection by just minimizing Smart Bro to the system tray. Now if another person tried to open Smart Bro, he’ll be asked to provide a password to enable him to see the browser content.

 

3. Avoid spyware: spyware is a piece of software that will install itself on your machine with one single goal, that’s is, collecting information about you and sending it back to its creators. The spyware is getting very hard to control these days, but installing a reliable anti-spyware software may help you minimize your risk to the minimum. A very important rule to keep in mind is that whenever a website asks you to install something then handle this with caution and ask yourself if you absolutely need this to be done and whether this is a reliable website or not. If the answer is no, reject the request.

 

4. Be aware of your bookmarks: be careful with what you add to your bookmark list. Some people will bookmark some websites without thinking about the fact that some person may take a look at their list of bookmarks (favorites). When a person does that, it’s the same as leaving his history on the machine which will give the sneaky guy a chance to read it. Some websites these days offer online book marking (like Yahoo!). You can use that to prevent this problem. This method will guarantee that you have your list of bookmarks with you where ever you go. You can also use protected favorites. Smart Bro allows you to add a bookmark group and set a password to enable it to open. So you can bookmark your websites and keep the links protected from being seen by others.

 

I hope these tips will help you protect your privacy from being exposed.

 

 

Browse the web smarter … use Smart Bro.

 

best regards,

Tony Sticks,

Mind Vision Software (MVS)

A quick evaluation of Internet Explorer 7

Monday, November 20th, 2006

 

 

Hi Guys,

 

I read an article about some of the problem in the new IE7, so enjoy …

 

>>

Putting aside specific issues (compatibility, printing, installation, etc)
noted by others, is my experience of the following typical – and is this the
way it is supposed to be? [on my HP Pavilion notebook, 3GHz HT Pentium, 1GB
RAM…]

Speed: pages seem to load more slowly than before. I know that the phishing
filter might be implicated in this, but surely checking and reporting on
phishing status should be independent of the presentation of the website
itself? (Load the page as fast as possible, and only when phishing search
complete update the icon). As to the effect of add-ins on speed… it was all
fine with IE6.

Responsiveness: Tabbed browsing seems rather pointless (apart from having a
single window) when one cannot work effectively with tabs because IE7 is
unresponsive while loading, e.g after a Ctrl-click on a link (to open a new
background tab) I am unable to click again until the new page has loaded! It
doesn’t seem that IE7 is multithreaded properly (or at all?). I am better off
with different browser windows because they all respond to events
independently.

Utility: principles of tabbed browsing, “Quick Tabs” etc. OK, but frequently
clicked items are favorites, file save as, etc. are on the LHS but tools,
home etc. is all on the right hand side on a toolbar that cannot be moved.
I’ve turned on the menu bar, that helps a bit, but this is typical of MS –
not merely providing a perceived “improvement” but not allowing me to work
differently if I happen to disagree.

Specific Functionality: I am annoyed that the security info no longer seems
to report on the encryption level: in IE6 I saw sites such as PayPal claiming
to use 128 encryption, but the report said only 40-bit (which I consider
woefully inadequate). I want to know how secure the security is…

Like many others I am reluctant to accept the risk of an uninstall to IE6,
so… if my experience is not atypical, when is IE 7.01 due?

 

That’s it for today, please keep in mind that you should

 

Browse the web smarter … use Smart Bro

 

Best regards,

Tony Sticks,

Mind Vision Software (MVS)

5 tips for better browser security

Tuesday, October 3rd, 2006

 

 

I read this article about secure browsing by Brent Huston. I thought it deserves sharing, so here it’s.

 

Note: this article talks to network administrators, but I think it can provide the end-user with a great deal of information about how to protect himself/herself from web attacks.

 

 

>>

My intent in this week’s column is to review the top ways to harden a web-browsing environment, and not cover the entire breadth of browser security. Moreover, I’m sidestepping the argument about what browser is more secure by suggesting that you look more programmatically at what we can do to protect users regardless of browser choice. So here goes …

 

#1. Enable only the browser technologies you need. If you don’t need Active X, Java or the like, configure the browser or web gateways to turn them off. If someone must go to WhizBangActiveXsite.com, they can either do so on their own systems at home; you could build a few web-browsing kiosks on a separate network segment, or use something like a Live CD environment for them. Then, users can visit the web sites that they “need” without endangering the organization. However, be careful with doing this for key technologies like Javascript as it may break things that you really need.

 

Tony: Please notice that you can easily stop Java, Javascript and ActiveX very easily in Smart Bro by unchecking the required items from the “Content” menu.

 

#2. Install up-to-date anti-virus and anti-spyware on every system (servers too). I know this is about browser security, but these components are the critical additional layers of defense against browser attacks. Put them on servers, because administrators have been known to browse from a server in “urgent situations”. This might be forbidden by policy, but trust me, during penetration tests, we have compromised more than a few servers by the admins surfing to a client exploit site. It happens, so guard against it.

 

#3. Prevent users from loading arbitrary browser plugins and enhancements. Each new plugin and enhancement brings some form of risk. It could be malware code disguised as a plugin, or it could be a plugin technology that later turns out to be exploitable. I know this seems to minimize the user experience, but minimization is required to secure their working environment. If they want, or “need”, to use some plugin – make the decision carefully. Lab test them before you agree to let them in the enterprise.

 

#4. Keep browsers up to date. Just like the OS, you must keep them patched. Users should be taught how to do this, or it should be automatic. Make sure this happens often enough to really be useful in protecting against threats. Once a month is likely not often enough. Once a week or so, may be more likely to be truly helpful. Test browser versions occasionally and spot check them by log reviewing your web gateways. Help the offenders understand the risk and bring them back into the fold by reinforcing to them how and why their browsers must be up to date. Be vigilant.

 

#5. Teach your users to make better web-browsing choices. Hold lunch and learns and explain the threats, the common solutions and how to better secure and use a web-browser. They can apply these skills at work, and at home. Both will pay off for them and your organization since they will better protect your data – no matter it is used. Don’t just do the training once, try and have an ongoing program of awareness that reinforces security concepts and focuses on things like browser security and client-side attacks. The smarter they get about security, the better.

 

That’s the top five. There are certainly more technical things you can do, but it would take a book to explain all of the options. Check out the browser vendor sites for more tips. Each browser vendor has tips for hardening their browser and increasing web-browser security. Familiarize yourself with them and then help users apply the changes you deem useable. In the meantime, patch against the current issues and pay attention to the alert mechanisms you follow. Browser vulnerabilities are coming fast and furious these days, and it looks like the issue is here to stay.

 

<<

 

I hope you enjoyed this valuable article. Thanks for your time and please have a nice day.

Browse the web Smarter … use Smart Bro

 

Tony Sticks,

Mind Vision Software (MVS)

FireFox is potentially more vulnerable to attack than Internet Explorer!

Friday, September 22nd, 2006

 

Mozilla Web browsers are potentially more vulnerable to attack than Microsoft’s Internet Explorer, according to a Symantec report.

But the report, released Monday, also found that hackers are still focusing their efforts on IE.

The open-source Mozilla Foundation browsers, such as the popular FireFox, have typically been seen as more secure than IE, which has suffered many security problems in the past. Mitchell Baker, president of the foundation, said earlier this year that its browsers were fundamentally more secure than IE. She also predicted that Mozilla Foundation browsers would not face as many problems as IE, even as their market share grows.

Symantec’s Internet Security Threat Report Volume VIII contains data for the first six months of this year that may contradict this perception.

According to the report, 25 vendor-confirmed vulnerabilities were disclosed for the Mozilla browsers during the first half of 2005, “the most of any browser studied,” the report’s authors stated. Eighteen of these flaws were classified as high severity.

“During the same period, 13 vendor-confirmed vulnerabilities were disclosed for IE, eight of which were high severity,” the report noted.

The average severity rating of the vulnerabilities associated with both IE and Mozilla browsers in this period was classified as “high”, which Symantec defined as “resulting in a compromise of the entire system if exploited.”

The Mozilla Foundation did not immediately respond to requests for comment.
 

This proves my theory about FireFox and its ability to take the heat from hackers. Sooo… 🙂

 

Browse the web smarter … use Smart Bro

 

Tony Sticks,

Mind Vision Software (MVS)

Favorite FireFox extensions – We still need IE

Sunday, September 17th, 2006

 

 

I read this post and it clearly shows that you simply can’t stop using the Internet Explorer engine.

 

Quoting

Joel on Software talks about his favorite FireFox Extensions. I was already using two of the three, but did not know about IETab.

“IETab takes advantage of the fact that Internet Explorer is available as an ActiveX control, which is available to be embedded in any Windows application, to open certain websites in Firefox using Internet Explorer. Whenever a website comes up complaining that you need to get “Netscape 4.0 or some other modern browser” you can just right click on the tab and it’ll pop up right in Firefox being rendered by Internet Explorer. You can set up a list of websites that always come up in IE tabs.”

An excellent addition. It allows me to avoid having to load IE separately for certain Microsoft sites. Well done!

 

Well my friend, you can get the best of all worlds by using Smart Bro.

 

Browse the web smarter … use Smart Bro.

 

Tony Sticks

Mind Vision Software (MVS)