Of all the software out there, browsers are the most exposed and information rich. If a malicious hacker manages to break in, he can find out just about anything about you: address, credit card data, emails, passwords, browsing history, bookmarks etc.

This isn’t lost on cybercriminals. A Kaspersky study found that 48% of exploit attacks in Q1 2016 targeted browsers, almost as much as all the other categories combined.


Since this is a fairly in-depth article, you can use these links to easily navigate the page:

Safe Browser Settings for Chrome, Firefox, Internet Explorer and Microsoft Edge
Best Chrome, Firefox, Internet Explorer and Edge extensions for security
Tips, advice and best practices for a secure browser

Browser security is an important part in keeping your information safe.

Your browser is the window to the internet and also the first line of defence against malware threats. Some small tweaks to your browser security settings are all that you need to make your time online that much safer.
Here’s what you can learn to do by the end of the article:

  • How to keep advertisers from tracking you
  • How to stop your browser from automatically downloading malware
  • Block pop-ups and ads
  • How to avoid unsafe websites

Browser features and their security vulnerabilities

Browsers use many tools for various tasks, such as Java, Flash Player, ActiveX, etc. But these often come with security flaws, which cybercriminals exploit to get access to your PC. A quick rundown of these tools will help you figure out if you need them or not.

    • Deactivate ActiveX.  A browser add-on that comes preinstalled on Internet Explorer or Microsoft Edge and only works with these browsers. ActiveX acts as a middle man between your PC and Java/Flash based interactions in certain sites.

This creates security problems by giving malicious websites a window into your PC. What’s more, ActiveX is rarely used nowadays, so be on your guard if a site asks you to install it and accept the installation only if you are 150% sure that site is trustworthy.

    • Try to disable JavaScript. JavaScript is a programming language used by websites to run various programs and features. Sites such as YouTube or Google Docs need it to function, but so do advertising, pop-up software and a whole host of other spammy elements from the internet.

Cybercriminals use JavaScript in malicious ways in order to infect your device with malware and other harmful software.

If you disable JavaScript altogether you will get a much quicker and simplified browser experience, with little to no ads, pop-ups, greatly improved page load times and generally a cleaner Internet experience at the cost of specialized tools such as Google Docs or YouTube.

This doesn’t need to be as drastic as it sounds, since browsers do allow you to whitelist certain sites which can run JavaScript.

    • Delete Cookies. These are small data files stored on your browser. Websites use cookies in order to remember your accounts and passwords, browsing history and to track user behavior on their site.

Because of the information they contain, cookies are prime targets for cybercriminals, especially the ones that contain emails, account names and passwords.
When you disable and clear cookies you cut down on the personal data cybercriminals can obtain.
One thing you will want to keep in mind is that there are two types of cookies:

      1.  First party and third party cookies. First party cookies are placed by the site you visit, for instance you get a first party cookie by while visiting
      2. Third party cookies are placed by other sites, for example you get a cookie from while visiting

First party cookies are frequently used to remember your login information  so you don’t have to enter it every time you visit a site. But we can’t stress this enough, don’t allow your browser to save passwords!
Third party cookies are almost always placed on your computer by advertisers or marketers interested in tracking your movement online, so nothing bad will happen if you block them.

  • Browser extensions and add-ons add extra functionality to your browser such as ad blocking or search bars. However, these add-ons pose a security risk, since they can open up windows into your PC which can be exploited to inject malware.

Safe Browser Settings for Chrome, Firefox, Internet Explorer and Microsoft Edge

While no single setting can make your browser 100% safe, the ones we are proposing will go a long way into keeping you safe from a majority of cyber attacks.

Securing Internet Explorer

First, access the Tools icon in the top right corner and then press “Internet Options”.


Go to the Security tab.


Here you can see 4 internet zones, the “Internet” security zone contains all the websites that are not in the “Trusted/Restricted sites” zone, meaning 99,999999% of the internet. For this zone, it’s best if you change the security level from Medium to High.

A side effect of selecting “High” is that features such as flash pages or ActiveX scripts might be disabled on certain pages.

If you want a more hands-on approach, press the “Custom Level” button and select what features you want to enable/disable.

In the “Trusted sites” zone you can include websites that you know for sure are risk-free so you can select a lower security setting that enables all the features of a site.


In the “Restricted sites” zone, you can write down websites you know are dangerous so Internet Explorer can apply the maximum security settings while on the page.


Right next to the “Security” tab you will find the “Privacy” settings.


In here you will find settings related to Cookies. As we’ve said above, these remember personal information such as account names, emails and passwords and more. Click the “Advanced” button.

In this area, you can find two columns, first party cookies and third party cookies.

Session cookies are used on the same site to track the information from one page to another. On internet commerce websites for instance, session cookies are used to track your order from one page to the next until the moment you check out.

Our recommended setting is to block both first party and third party cookies, while disabling session cookies, unless you frequently use sites that need them to function properly.

Now press the “Sites” button and go to this menu.


Here you can write down what websites you allow to store or block cookies.

The last setting you should change in Internet Explorer can be found on the “Advanced” tab.


Scroll down on the list until you find “Enable third party browser extensions*” and uncheck it. Doing this will disable any browser extensions you may have, which is a good idea from a security perspective since many of them have been known to secretly track a user’s behavior  while also opening up potential security vulnerabilities.

Firefox hacks and tips for better security

If you use Mozilla Firefox and want to improve your browser security settings, press the hamburger menu in the top right corner and go to “Options”.


In the “General” tab, at the Downloads section, press “Always ask me where to save files”. This way, you won’t have a web location try to automatically save dangerous content to your computer. At the same time, this gives you the option to place suspicious content in a safe location where you can analyze it afterwards.


Next, go to the Privacy tab.

At the “Tracking” section press the blue text with “manage your Do Not Track settings” and check “Always apply do not track”. After you do this advertising, commerce and various other sites shouldn’t be able to track you across the web.


While in the Privacy tab, at the “History” section, choose “Firefox will never remember history”. This is especially important if you know your device may be used by other people.


For a more detailed control of your history section, select “Use custom settings for history”.


Check “Always use private browsing mode” so every time you close your Firefox browser it will clear browsing history, search results, cookies and download history.

The last changes you should make in Firefox can be found in the “Security” category.


First, make sure all of the four check boxes in the General section are checked in. This ensures that your browser will inform you whenever websites try to install malicious add-ons and other content.

In the “Logins” section you can set up a Master Password. Doing this is especially useful when multiple people have access to the computer, since it asks you introduce a master password before you can access logins.

This way, other people won’t be able to access your important accounts such as email. Once more, we cannot recommend this enough, but don’t let your browser remember your passwords.


Google Chrome tips and hacks for better security

To improve your Chrome security settings, go to the Settings area, which can be accessed in the top right corner of the browser.


If you are logged into Chrome, under the “Sign in” section you will see an option named “Set up sync…” which will take you to a list of options.


In the Encryption section, you can find “Encrypt all synced data with your own passphrase.”  This is a nifty setting, since it functions as a double password. If a malicious hacker learns your account info and password, they won’t be able to sync your search history, bookmarks and login information until they enter the passphrase.

This way, a hacker won’t be able to autofill your mail login or other accounts if they sign in with your Chrome account.

After you’re done setting up a passphrase, go to the bottom of the Settings page, where you can find a blue text that says “Show advanced settings…” click this to reveal more options.


In the Privacy section, check the option to “Send a “Do Not Track” request with your browsing traffic”. Normally, this should prevent sites from tracking your activity on the web, however numerous loopholes exist in the browser that allow a majority of websites to bypass this. Nevertheless, every bit of anonymity counts.

In the password section, we recommend you uncheck both “Enable autofill” and “Offer to save your web passwords.”  While it can be a hassle to write down this information every time, you won’t run the risk of cybercriminals getting their hands on the files containing such sensitive information.

In the Privacy section, you can find the “Content settings…” button. This will take you to a whole host of options that concern your privacy and anonymity on the web.


In the Cookies section, select “Keep local data only until you quit your browser”. If you are willing to cope with a loss in web browsing usability, you can select the “Block sites from setting any data” option. Lastly, we strongly recommend you check the “Block third party cookies and site data” to prevent advertisers and potential cybercriminals from tracking you on the web.

Another suggestion is to check the “Do not allow any site to run JavaScript”, but be sure to read the JavaScript section so you know what functionality you might lose, but also what benefits you will gain.

In the Plugin section, you can select the “Let me choose when to run plugin content”. This will give you more control over plugins and stop an infected plugin to pass the malware onto your PC.


In the “Downloads” section, check the option to “Ask where to save each file before downloading”.


Doing this will prevent a lot of malicious software from downloading itself automatically to your computer and gives you a greater sense of control of what gets on your PC.

Microsoft Edge security tips and tricks

For Microsoft Edge, press the three dot menu icon in the top right corner and select “Settings”. At the bottom of the menu, you will find the “View advanced settings” button.


Flash Player is a favorite hacking target for cybercriminals because of its numerous vulnerabilities, so it’s a good idea if you disable it altogether.  Some website features and pages might stop working, but on the upside, so will spammy and annoying page elements.

At the “Downloads” section, make sure the “Ask me what to do with each download” option is selected. This will prevent the browser from automatically downloading malware or other potentially dangerous software onto your PC.

In the “Privacy and security” section, deselect the “Offer to save passwords” and “Save form entries”. Security wise, it is of critical importance to close any possibilities cybercriminals might have of getting their hands on your valuable accounts, passwords and personal information.

Don’t forget to turn on the option to “Send Do Not Track requests”. Once you turn this on, your browser will notify third-party websites not to track you across the internet.

Best Chrome, Firefox, Internet Explorer and Edge extensions for security

While we are generally cautious of browser extensions since they can act as vehicles for malware, we’ve chosen 4 of them that can add an overall net benefit to your online security.

How to block ads, popups with Adblock Plus.

AdBlock Plus is a well-known browser extension that blocks ads and popups from interfering with your browser experience. Consider this as an alternative to the rather hardcore option of disabling JavaScript altogether.

Protect your online privacy and anonymity with

Disconnect, available for Mozilla Firefox, Google Chrome and Internet Explorer is a very useful extension which manages to block third party tracking cookies and you have the ability to control the scripts on the site using a simple toolbar menu. It also blocks your social media account from tracking your browsing history and private data.

Browse only safe sites with HTTPS Everywhere.

HTTPS Everywhere, available for Mozilla Firefox and Google Chrome, is a popular security tool for online browsing. HTTPS is the secure version of HTTP, with the S meaning “Secure”. In practice, this means that sites that use HTTPS encrypt the data between your browser and the website, making it much harder for cybercriminals to intercept your data.

What HTTPS Everywhere does is to always use HTTPS instead of HTTP. Since not all sites are optimized for HTTPS, there’s a small chance it will break the experience on some sites, but it can be easily fixed with a mention in the program’s toolbar.

Tips, advice and best practices for a secure browser

So far, we’ve gone through online browsing concepts, security settings for various browsers and some of the most useful browser extensions that can keep you safe when you browse the web. Next, we’d like to add some basic rules and guidelines that will keep malware and cybercriminals away.

  • Always update your browser. This is a point we cannot stress enough, and for good reason. The graph above is taken from, an industry leading service that specializes in detecting browsers threats, among other things. New browser vulnerabilities are discovered every day, so it’s more important than ever to keep your browser up to date in order to avoid a zero day attack.
  • Use a brand name antivirus. An important consideration when choosing antivirus software is whether or not it has a real-time scanning engine. This allows antivirus software to analyze as soon as you download them, limiting the time it takes for a virus to take effect. Find the best solution by checking the test results run by important names in the security industry, such as AV Comparatives, PC Magazine, AV-TEST or Virus Bulletin and select the best antivirus solution for you.
  • Stay away from phishing attacks. In a phishing attack, cybercriminals try to trick you into clicking malware infected links by posing as legitimate persons or businesses, such as your bank or internet service provider. The moment you click on a phishing link, malware infects your PC.
  • Don’t use the same password for all your online accounts. This way, a cybercriminal won’t be able to reuse the same password on all of your accounts.
  • Check if a website is https:// instead of http://. Sites that use https:// add an extra layer of security because they encrypt your data.
  • Keep your registration email separate from the work email. When you keep the account information email separate from the work email, you minimize the chance of cybercriminals locking you out of your project in case the security measures for your email get compromised.
  • Be careful when connecting to public and free wireless networks. One of the favorite methods used by online criminals to retrieve your credentials is by using wireless sniffers to access data sent over unprotected networks. One way to increase your security is by using a “private browsing” session, this way you make sure your credentials won’t be stored locally.
  • Monitor your bank account with Online Banking Alerts. This alerts you whenever you receive a payment or if money leaves your account. Very useful in case someone breaks into your banking account and wants to do an unauthorized payment.

Check the guides below to learn how to protect your bank account, recognize online scams and malware infections.

This post was originally published by Aurelian Neagu in September 2014 and updated by Paul Cucu in October 2016.

JavaScript Malware

JavaScript Malware – a Growing Trend Explained for Everyday Users

malvertising attack

Are You Protected from The Biggest Threat Hiding Right in Your Browser?

Adobe Flash vulnerabilities
2015.06.29 SLOW READ

Adobe Flash vulnerabilities – a never-ending string of security risks


On the surface, most browsers appear very similar and apart from a few added bells and whistles, there appears to be little to distinguish between them.

But from a security perspective, there are differences, some subtle, some based on perception and some based on how the browsers are created.

If I am not wrong Google Chrome is the best browser.

To read more about browsers visit:

Chrome is a train wreck and almost as secure as a paper bag. I ran across a hacker using applications to steal passwords out of browsers. Chrome failed and barfed up all of my passwords. Firefox didn’t give up one spec of information.

This is super helpful. Thank you!

What I’m missing is something to randomize browser traffic more like the New Tab Randomizer addon *. But that is basic, one cannot add to the pool of random urls. Does anyone here have recommendation?


It was a very good post I read it completely, I also applied it’s features on my browsing style.
But I also write also a post with some info that I know already.
I you want to secure your site then please visit

There are some key points that are dangerously incorrect, or at least not properly illustrated:

“Be careful when connecting to public and free wireless networks. One of the favorite methods used by online criminals to retrieve your credentials is by using wireless sniffers to access data sent over unprotected networks. One way to increase your security is by using a “private browsing” session, this way you make sure your credentials won’t be stored locally.”

This advise confuses the differences between a wireless connection type, public, and a browser session type, public. These are completely separate concerns. For example, if using windows the public WiFi (and public wired) connection achieves the best security of any type. This article doesn’t describe this properly. You do NOT want to set up a private connection unless you absolutely know the security pre conditions and configurations necessary to make it secure. The public connection as a type is the best security scheme that users can achieve with little knowledge of the geeky secure requirements. It is counter intuitive and confusing, but thisis factual. Do some research on the subject, and you will learn why you should choose public connection type ALWAYS. wired or wireless! Now the article is probably referring to private BROWSER settings. And that would be correct. A private browser session ‘tends’ to be more private, but not particularly more secure than any other. What it really achieves is that the cookies and super cookies are more restrictive. But that is does not really provide exceptional or extraordinary security. For instance, I can surf a very insecure website in private browser mode, but still collect a significant risk of malware. On the other hand, if I force my CONNECTION type to always be public, my threat footprint is significantly lower. It has to do with services and ports that are disabled! A private browser setting cannot achieve this. Separately, I would advocate the use of a paid secure VPN, the business class version of chrome (not the standard user version…its a memory sieve!), a hardware gateway/firewall router such as sonicwall or Cisco, and the implementation of professional grade windows policies on the client machine governing user rights (restrictive) ..a windows thing. I would also advocate using a custom secured DNS service and hosts file with full file encryption, particularly with the swap file. I would also advocate never using WiFi at all ..or only for machines dedicated to ‘social only’ web browsing. Which to my final point: never use a machine to perform both social and sensitive (is, banking) actions. Dedicate a machine only to social and the other to sensitive/financial/work. And keep them DMZ from each other in the hardware firewall. Never share files between them. And login and email credentials, sign on, and login separate! And finally, never allow your work/banking data and dedicated email accounts registered to administer them to ever be used on an android or iOS smartphone or device. Always use two or even three factor author. A yubikey type of device is important for your most sensitive banking machine.

The points I am trying to urge here may seem extreme. But I want to remind anyone serious about security, the realities of the internet. Hacking, identity theft, and financial crimes on the internet is a 300 Billion dollar business a year. And the threats continue to climb. If you have something valuable, protect it. Don’t be fooled into thinking security is achieved with a few clicks if a mouse, or by pretending only a handful of browser settings will be all there is to it. There are literally hundreds of thousands of skilled thieves that are vastly more intelligent than you are. Don’t be an easy target.

If you really want better security, you have to pay for it. There is no other reasonable option for most users. Most people reading this, will probably not realize how important this really is. They will think: its too hard, I haven’t had a problem yet, this sounds overkill and paranoid, I’ll just buy some security software, install it and that will take care of it.

To.those people, ..good luck with that. You’ll need lots of it.

NoScript is a great Extension to add to FireFox so you can temporarily allow scripts to run on a web page you are viewing. (and there are other great FireFox security add-ons) It has “Whitelist” functionality too.

Hi Paul, It’s sad when you list ad blockers who have whitelists and mislead user trust such as Ad-block Plus and disconnect. They don’t even block cookies and allow all the major data brokers (whitelist) such as google, amazon, yahoo, experian, etc. If you do your homework you can easily find this out by doing a simple google search. There are other much more ethical and better protection from tracking such as f-secure, redmorph and ublock.

Hello Edward, thank you for taking the time to point this out to us and giving us your feedback. We’ll take these suggestions into account and modify the article.

Yes, this article is written too plainly, and confusing on some issues. Its a really bad idea to think this article addresses the entire gamut if threats. But to be fair, I haven’t really found a single website that actually describes thoroughly the entire set of schemes necessary to achieve optimal security. I know for instance, some prominent security experts, who know a fantastic level of technical computer security science, and yet frequently, security audits to the systems computers and networks they maintain reveal an amazing number of very 101 blunders they have not patched. The reality is there are a vast number if threats that need to be addressed to achieve a high Level of security. The average user at home, unfortunately, are using similar systems on the same threat environment and have few tools and knowledge to deter them. I periodically pen test home users as a white hat, and the results are absolutely disturbing. You really get the idea you are watching the biggest train wreck about to happen. Right now, of happens in seemingly random moments. But I predict very soon a very high number of simple users are going to get hit all at the sane time. Its just too easy.

Thanks a lot! just setup my chrome follow this guide.
and for Dwayne : i use google dns for a long time.

Guys Ou should read this blog about internet explorer security
I found it very useful and interesting

I am using Mac and when I decided to buy Mac I knew that one of the advantages is that it’s very safe and won’t be hacked, but actually what had happened is it was hacked once.

I read this post and all resources are really great but almost all are for windows. For internet security I started using several extensions such as
adblocker –
mywot –
Mozilla settings as you described in the article

But my question is, is that enough to have for being protected from browsing and will I be again hacked or not?

I want to be protected what suggestion you can do for my case, and mainly I would appreciate if that will be not only for being safe during searches but also my Mac will be protected.
(I don’t want to use‎ it makes my pc to work slow)

Hi Sona!

Indeed, Macs are a bit safer than Windows-based PCs, but that doesn’t mean they’re bulletproof.

A security approach that works for everyone is to build a system with multiple layers. We actually published a guide recently that explains exactly how to do it:

And because no one can offer a guarantee that you’ll never get hacked, the best solution is to back up your data in multiple locations. Even if your house burns down, you must know that you can retrieve and use that data. This is a key layer of data security.

I hope you’ll enjoy the guide and share it with those who need it!

Great resource thanks, although I would add what I think is the most important tip: Not running anything–particularly a browser–with admin privileges.

Precisely. Can I also mention use a more secure DNS provider like OpenDNS or Norton Connect Safe. Also run DNSCrypt.

This has made me re-think some stuff. If you don’t want to get your information stolen easily while on free Wi-Fi then you need a VPN. Go here to see the best ones compared to each other

Leave a Reply

Your email address will not be published. Required fields are marked *

188 queries in 1.102 seconds