Here’s How To Get Solid Browser Security [Update 2017]
Step-by-step instructions on how to tweak your browser’s security settings
Of all the threats out there, browser security is often forgotten. This is tragic because browsers are a favorite target for malicious hackers. They’re the main way you interact with the Internet. You Google things, you visit blogs, buy online, pay your bills or browse Facebook.
If a malicious hacker breaks in, he will find everything about you.
Let’s just say that in Q2 2017, just Kaspersky, one security company, reported a whopping 79,209,775 unique URLs as malicious.
More alarmingly, the Trickbot banking Trojan that attacked bot users and corporations, got an upgrade. It now has the most advanced browser manipulation tools observed in banking malware. This was highlighted by Limor Kessem, executive security advisor with IBM.
Safe Browser Settings for Chrome, Firefox, Internet Explorer and Microsoft Edge
Best Chrome, Firefox, Internet Explorer and Edge extensions for security
Tips, advice and best practices for a secure browser
Browser security is essential for keeping your information safe.
Your browser is the window to the internet and also the first line of defence against malware threats. Some small tweaks to your browser security settings are all that you need to make your time online that much safer.
Here’s what you can learn to do by the end of the article:
- How to keep advertisers from tracking you
- How to stop your browser from automatically downloading malware
- Block pop-ups and ads
- How to avoid unsafe websites
Browser security features and their security vulnerabilities
Browsers use many tools for various tasks, such as Java, Flash Player, ActiveX, etc. But these often come with security flaws, which cybercriminals exploit to get access to your PC. A quick rundown of these tools will help you figure out if you need them or not.
- Deactivate ActiveX. A browser add-on that comes preinstalled on Internet Explorer or Microsoft Edge and only works with these browsers. ActiveX acts as a middle man between your PC and Java/Flash based interactions in certain sites.
This creates security problems by giving malicious websites a window into your PC. What’s more, ActiveX is rarely used nowadays, so be on your guard if a site asks you to install it. Only accept the installation if you are 150% sure that site is trustworthy.
Because of the information they contain, cookies are prime targets for cybercriminals. Doubly so for the the ones that contain emails, account names and passwords.
When you disable and clear cookies you cut down on the personal data cybercriminals can obtain.
One thing you will want to keep in mind is that there are two types of cookies:
- First party and third party cookies. First party cookies are placed by the site you visit, for instance you get a first party cookie by cnn.com while visiting cnn.com.
- Third party cookies are placed by other sites. You get a cookie from amazon.com while visiting cnn.com.
Third party cookies are almost always placed on your computer by advertisers or marketers interested in tracking your movement online, so nothing bad will happen if you block them.
- Browser extensions and add-ons add extra functionality to your browser such as ad blocking or search bars. However, these add-ons pose a security risk, since they can open up windows into your PC which can be exploited to inject malware.
Safe Browser Settings for Chrome, Firefox, Internet Explorer and Microsoft Edge
While no single setting can make your browser 100% safe, the ones we are proposing will go a long way into keeping you safe from a majority of cyber attacks.
Securing Internet Explorer
Securing Internet Explorer
First, access the Tools icon in the top right corner and then go to “Safety”. Here you have the most useful shortcuts.
A nifty trick is the InPrivate browsing, similar to Chrome’s browser Incognito mode. If you use InPrivate Browsing, data like passwords or search and page history will be deleted automatically when you close the tab. This will help you against prying eyes like coworkers sharing your PC, spouses trying to see what you’re planning to purchase and so on. It’s also useful if you use someone else’s PC and don’t want to affect their browsing history.
To do this, right-select the Internet Explorer icon on the taskbar and pick Start InPrivate Browsing.
But let’s visit Tools again.
Here you can see 4 internet zones, the “Internet” security zone contains all the websites that are not in the “Trusted/Restricted sites” zone, meaning 99,999999% of the internet. For this zone, it’s best if you change the security level from Medium to High.
A side effect of selecting “High” is that features such as flash pages or ActiveX scripts might be disabled on certain pages.
If you want a more hands-on approach, press the “Custom Level” button and select what features you want to enable/disable.
In the “Trusted sites” zone you can include websites that you know for sure are risk-free so you can select a lower security setting that enables all the features of a site.
In the “Restricted sites” zone, you can write down websites you know are dangerous. This way, Internet Explorer can apply the maximum security settings while on the page.
Right next to the “Security” tab you will find the “Privacy” settings.
In here you will find settings related to Cookies. As we’ve said above, these remember personal information such as account names, emails, and passwords and more. Click the “Advanced” button.
In this area, you can find two columns, first party cookies, and third-party cookies.
Session cookies are used on the same site to track the information from one page to another. On internet commerce websites, for instance, session cookies are used to track your order from one page to the next until the moment you check out.
Our recommended setting is to block both first party and third party cookies while disabling session cookies, unless you frequently use sites that need them to function properly.
Now press the “Sites” button and go to this menu.
Here you can write down what websites you allow to store or block cookies.
The last setting you should change in Internet Explorer can be found on the “Advanced” tab.
Scroll down on the list until you find “Enable third party browser extensions*” and uncheck it. This will disable any browser extensions you may have, which is a good idea from a security perspective. Many of them have been known to secretly track a user’s behavior. They also open up potential security vulnerabilities.
Firefox hacks and tips for better security
If you use Mozilla Firefox and haven’t upgraded yet, we highly recommend you do. Firefox has a pledge to help users against tracking and has pledged its support to privacy.
Firefox 57 Quantum brought a visual update to the classic browser. It also says it’s twice as fast as versions from the previous year, being optimized for modern processors.
If you want to edit your Firefox privacy settings, you can click on the top right icon. Or you can simply open a new tab and paste this address about:preferences#privacy.
So let’s see how you can secure your online browsing with Firefox. This guide applies to both the newest and previous Firefox versions, the interface did not receive a major overhaul.
In the “General” ta of the Downloads section, press “Always ask me where to save files”. This way, you won’t have a web location try to automatically save dangerous content to your computer. At the same time, this gives you the option to place suspicious content in a safe location where you can analyze it afterward.
Next, go to the Privacy tab.
At the “Tracking” section press the blue text with “manage your Do Not Track settings”. Check “Always apply do not track”. After doing this, advertising, commerce and various other sites shouldn’t be able to track you across the web.
While in the Privacy tab, at the “History” section, choose “Firefox will never remember history”. This is especially important if you know your device may be used by other people.
Of course, you can always use Firefox Private Browsing with Tracking Protection. Either visit the top right menu and select New Private Window or use the Ctrl+Shift+P keyboard shortcut.
If you want to have the same features and a better control of your history section, without Firefox Private Browsing, do this:
Check “Always use private browsing mode” so every time you close your Firefox browser it will clear browsing history, search results, cookies and download history.
The last changes you should make in Firefox can be found in the “Security” category.
First, make sure all of the four checkboxes in the General section are checked in. This ensures that your browser will inform you whenever websites try to install malicious add-ons and other content.
In the “Logins” section you can set up a Master Password. Doing this is especially useful when multiple people have access to the computer since it asks you introduce a master password before you can access logins.
This way, other people won’t be able to access your important accounts such as email. Once more, we cannot recommend this enough, but don’t let your browser remember your passwords.
Google Chrome tips and hacks for better security
First off, use the Chrome Cleanup Tool to scan and remove software that interferes with Chrome’s processes. It can clean-up toolbars, weird ads and random crashes.
To improve your Chrome browser security settings, go to the Settings area. It can be accessed in the top right corner of the browser.
If you are logged into Chrome, under the “Sign in” section you will see an option named “Set up sync…” which will take you to a list of options.
In the Encryption section, you can find “Encrypt all synced data with your own passphrase.” This is a nifty setting since it functions as a double password. If a malicious hacker learns your account info and password, they won’t be able to sync your search history, bookmarks, and login information until they enter the passphrase.
After you’re done setting up a passphrase, go to the bottom of the Settings page, where you can find a blue text that says “Show advanced settings…”. Click this to reveal more options.
In the Privacy section, check the option to “Send a “Do Not Track” request with your browsing traffic”. Normally, this should prevent sites from tracking your activity on the web. However numerous loopholes exist in the browser and they allow a majority of websites to bypass this. Nevertheless, every bit of anonymity counts.
In the password section, we recommend you uncheck both “Enable autofill” and “Offer to save your web passwords.” While it can be a hassle to write down this information every time, browser security best practices dictate you to say no to Autofill passwords.
In the Privacy section, you can find the “Content settings…” button. This will take you to a whole host of options that concern your privacy and anonymity on the web.
In the Cookies section, select “Keep local data only until you quit your browser”. If you are willing to cope with a loss in web browsing usability, you can select the “Block sites from setting any data” option. Lastly, we strongly recommend you check the “Block third-party cookies and site data” to prevent advertisers and potential cybercriminals from tracking you on the web.
In the Plugin section, you can select the “Let me choose when to run plugin content”. This will give you more control over plugins and stop an infected plugin to pass the malware on your PC.
In the “Downloads” section, check the option to “Ask where to save each file before downloading”.
Doing this will prevent a lot of malicious software from downloading itself automatically to your computer. It also gives you a greater sense of control of what gets on your PC.
Microsoft Edge security tips and tricks
For Microsoft Edge, press the three-dot menu icon in the top right corner and select “Settings”. At the bottom of the menu, you will find the “View advanced settings” button.
Flash Player is a favorite hacking target for cybercriminals because of its numerous vulnerabilities. It’s a good idea if you disable it altogether. Some website features and pages might stop working. On the upside, so will spammy and annoying page elements.
At the “Downloads” section, make sure the “Ask me what to do with each download” option is selected. This browser security feature prevents the browser from automatically downloading malware or other potentially dangerous software onto your PC.
In the “Privacy and security” section, deselect the “Offer to save passwords” and “Save form entries”. Security wise, it is of critical importance to close any possibilities cybercriminals might have of getting their hands on your valuable accounts, passwords, and personal information.
Don’t forget to turn on the option to “Send Do Not Track requests”. Once you turn this on, your browser will notify third-party websites not to track you across the internet.
The nuclear option: get Epic Privacy Browser instead
No matter how much you fiddle with browser privacy settings, some things can slip. If you want the best, most radical solution, try Epic Privacy Browser.
These are just a few of its features. It even features a free built-in VPN that will protect your browsing history from your ISP and secure you on public WiFi.
Another option: Comodo Dragon Internet Browser
Based on Chromium and developed by Comodo, an antivirus maker, the Dragon Internet Browser is a light, fast choice to the big browsers on the market. In essence, it’s the best Chrome can offer, with another layer of security on top.
Not ready to make the jump yet? Here’s:
Best Chrome, Firefox, Internet Explorer and Edge extensions for browser security
While we are generally cautious of browser extensions since they can act as vehicles for malware, we’ve chosen 4 of them that can add an overall net benefit to your online security.
How to block ads, popups with special extensions
AdBlock Plus is a well-known browser extension that blocks ads and pop-ups from interfering with your browser experience. It also had security issues in the past, but remains a popular choice for basic browser security,
However, we highly recommend using uBlock Origin, a free, open-source extension for Chrome, Chromium, Edge, Firefox, Opera, and Safari. What makes it better than AdBlock Plus? It’s more customizable and uses fewer resources. Pro-tip: a simple uBlock exists, but Origin completely unrelated. It is also widely regarded as the best version.
Protect your online privacy and anonymity with Disconnect.me
Disconnect, available for Mozilla Firefox, Google Chrome and Internet Explorer is a very useful extension which manages to block third-party tracking cookies and you have the ability to control the scripts on the site using a simple toolbar menu. It also blocks your social media account from tracking your browsing history and private data.
Ghostery is available on Chrome, Firefox, Opera and Safari. It’s an impressive tracking blocker that really turns you into a virtual ghost. By eliminating trackers it speeds up the browsing experience. It also removes all clutter and retargeting advertisements. Bought a vacuum cleaner and now your Facebook, browser, and Skype are filled with ads for it? This is remarketing advertisement and Ghostery can kill it in its tracks.
Privacy Badger is available only for Chrome and Firefox. It does block some advertising, but it’s mostly focused on educating you and other users. Electronic Frontier Foundation supports it, which is a major bonus.
Browse only safe sites with HTTPS Everywhere.
HTTPS Everywhere, available for Mozilla Firefox and Google Chrome, is a popular security tool for online browsing. HTTPS is the secure version of HTTP, with the S meaning “Secure”. In practice, this means that sites that use HTTPS encrypt the data between your browser and the website. It makes it harder for cybercriminals to intercept your data.
What HTTPS Everywhere does is to always use HTTPS instead of HTTP. Since not all sites are optimized for HTTPS, there’s a small chance it will break the experience on some sites. This can be easily fixed with a mention in the program’s toolbar.
Tips, advice and best practices for a secure browser
So far, we’ve gone through online browsing concepts, security settings for various browsers. We also highlighted some useful browser extensions that can keep you safe when you browse the web. Next, we’d like to add some basic rules and guidelines that will keep malware and cybercriminals away.
- Always update your browser. This is an aspect of browser security we cannot stress enough. The graph above shows how popular browser hacking is. Browser vulnerabilities are discovered every day, so it’s more important than ever to keep your browser up to date in order to avoid a zero-day attack.
- Use a brand name antivirus. An important consideration when choosing antivirus software is whether or not it has a real-time scanning engine. This allows antivirus software to analyze as soon as you download them. It limits the time it takes for a virus to take effect. Find the best solution by checking the test results run by important names in the security industry, such as AV Comparatives, PC Magazine, AV-TEST or Virus Bulletin, Here’s how to select the best antivirus solution for you.
- Stay away from phishing attacks. In a phishing attack, cybercriminals try to trick you into clicking malware-infected links by posing as legitimate persons or businesses, such as your bank or internet service provider. The moment you click on a phishing link, malware infects your PC.
- Don’t use the same password for all your online accounts. This way, a cybercriminal won’t be able to reuse the same password on all of your accounts.
- Check if a website is https:// instead of http://. Sites that use https:// add an extra layer of security because they encrypt your data.
- Keep your registration email separate from the work email. When you keep the account information email separate from the work email, you minimize the chance of cybercriminals locking you out of your project in case the security measures for your email get compromised.
- Be careful when connecting to public and free wireless networks. One of the methods used by online criminals to retrieve your credentials is by using wireless sniffers. These access data sent over unprotected networks. One way to increase your security is by using a “private browsing” session. Your browser won’t store your credentials locally.
- Monitor your bank account with Online Banking Alerts. This alerts you whenever you receive a payment or if money leaves your account. Very useful in case someone breaks into your banking account and wants to do an unauthorized payment.
Now that you’re updated on browser security, we put together more cybersecurity guides for you:
- The Top 10 Most Dangerous Malware That Can Empty Your Bank Account
- 15 Steps to Maximize your Financial Data Protection
- Top Online Scams Used by Cyber Criminals to Trick You
- 10 Warning Signs that Your Computer is Malware-Infected
This post was originally published by Aurelian Neagu in September 2014. It received the relevant updates by Paul Cucu in October 2016 and Ana Dascalescu in November 2017.