Securing Your Browser

Securing Your Browser
The way that your Web browser is configured provides a
front line to secure Web surfing. Though many of the
security features that relate to your browser are described
in other tutorials, these tutorials step you through a
complete assessment of your browser’s security settings.

Important Note:
Make sure you back-up your system or create a Restore
Point before making any changes

Checking IE Connection Types

Step 1:  Open Internet Options
Many of the security features of the Internet Explorer
browser can be set from the Internet Options window. To
open the Internet Options window, click on Tools, Internet
Options from the Internet Explorer window.

Step 2:  Select Advanced Tab
The different types of secure connections that can be used
with Internet Explorer are configured on the Advanced tab
of the Internet Options window. Click on the Advanced tab,
then scroll down to the Security heading.

Step 3:  Check Fortezza Connections
On the Internet Options, Advanced tab, if the Use Fortezza
box is checked it means that Internet Explorer is
configured to allow secure connections to Web sites that
support Fortezza cryptography connections. Fortezza is used
by the U.S. Department of Defense a Fortezza Crypto Card
reader, a Fortezza Crypto Card, and related software
drivers. Needless to say, this is a rather specialized type
of connection, though it doesn’t hurt to have it turned on.

Step 4:  Check PCT Connections
The Private Communications Technology (PCT) protocol is
developed by Microsoft to provide secure connections to
sites that support that protocol. SSL is much more widely
used than PCT, so there is generally no reason to select
this protocol. Click on the Use PCT 1.0 box if you want to
allow secure PCT connections from Internet Explorer.

Step 5:  Check SSL Connections
Because most secure connections on the Web rely on Secure
Socket Layer (SSL) protocols, you should select both Use
SSL 2.0 and Use SSL 3.0 options on the Advanced tab of the
Internet Options window. SSL was a protocol that was
developed by Netscape Communications.

Step 6:  Check TLS Connections
The Transport Layer Security protocol is an open standard
that is much like the SSL protocol. To allow connections
using TLS, click on the Use TLS 1.0 button.

Step 7:  Apply Changes
After you have selected the secure connection types that
your browser supports, click on the Apply button to have
the changes applied to your browser.

Checking IE Cache Settings

Step 1:  Open Internet Options
As you browse the Web, your browser will typically store
the pages you have visited on your hard disk. This can
speed up your browsing by having data ready immediately
when you step backward and forward among the pages you
visit. The potential security risk is that if others are
using your browser they may be able to see the stored
content later. You can clear stored pages by setting an
option on the Internet Options page. From IE, click on
Tools, Internet Options.

Step 2:  Select Advanced Tab
Options for deleting stored Web surfing content in
Internet Explorer are configured on the Advanced tab of the
Internet Options window. Click on the Advanced tab, then
scroll down to the Security heading

Step 3:  Check Save Encrypted Pages
Presumably, data that has been encrypted during
communication between your browser and a Web site will tend
to be more sensitive. For example, data is encrypted during
online shopping and other financial transactions. To
prevent any encrypted data from being saved to your disk,
select the “Do not save encrypted pages to disk” check box
on the Advanced tab of the Internet Options window.

Step 4:  Check Empty Temporary Files
You can have all the Web content that is temporarily
stored on your hard disk be removed when you close your
browser. Click on the “Empty Temporary Internet Files
folder when browser is closed” check box to enable that
feature.

Step 5:  Apply Changes
After you have selected the secure connection types that
your browser supports, click on the Apply button to have
the changes applied to your browser.

Setting IE Security Zones

Step 1:  Open Internet Options
Internet Explorer allows you to set groups of Web sites to
have similar levels of security. These groups are referred
to as “Web Content Zones.” You can set up these content
zones from the Internet Options page. From IE, click on
Tools, Internet Options.

Step 2:  Select Security Tab
Options for setting content zones in Internet Explorer are
configured on the Security tab of the Internet Options
window. Click on the Security tab to begin setting these
options.

Step 3:  Select Web Content Zone
There are four pre-defined Web content zones: Local
Intranet (for sites within your organization), Trusted
Sites (for sites you know are secure), Restricted sites
(for sites that are not secure) and Internet (for all other
Web sites). Click on one of those sites to set the level
and define the sites for that zone.

Step 4:  Select a Security Level
Click on the slider bar on the Security tab to set the
security level for zone you have selected. You can set the
security zone to Low, Medium-low, Medium, or High. Each
level is described when you select that level on the slider
bar. If you try to change to a less secure level than the
default for the zone, you will be warned.

Step 5:  Customize Security Level
If you want to fine tune any of the four preset security
levels, you can do so by clicking on the Custom Level
button. The Security Settings window appears. From that
window, you can select how different types of content are
handled (such as ActiveX controls, plug-ins, cookies, file
downloads, Java, etc.) when you try to download or start
that type of content. Click on OK when you are satisfied
with your settings.

Step 6:  Apply Changes
Click on the Apply button to apply the changes you made to
the Web content zones.

Enabling Content in Netscape

Step 1:  Open Preferences
Some types of content can pose a potential security risk
as you browse the Web. You can allow or disallow certain
types of content from the Netscape Preferences window. To
access this window, click on Edit, Preferences from the
Netscape window.

Step 2:  Select Advanced Preferences
From the Preferences window, click on the Advanced title
in the left column. Preferences that relate to the kinds of
content that can be displayed in Netscape and the ways that
cookies may (or may not) be accepted are displayed

Step 3:  Allow Java/JavaScript
By default, Java applets (small programs) and JavaScripts
(a series of commands) run in your browser when they are
encountered on the Web. Because these scripts can pose some
small security threat (and can also slow your browser), you
can choose to disallow these types of programs. Click on
the associated check boxes to turn off those features.
(Warning: some Web sites will not work with Java disabled.)

Step 4:  Enabling Cookies
Cookies are small files that a Web site stores on your
hard disk so it can identify you (and possibly your
personal information) the next time you visit the site.
Some people dislike Web sites knowing too much about them
and choose to turn cookies off (click on Disable Cookies).
Rather than accept all cookies, however, you can limit a
cookie’s use to the originating server or to be warned
before a cookie is accepted. (Warning: some sites won’t
work with cookies off.)

Step 5:  Applying Changes
Once you have changed the setting the way you want, click
on OK to have the changes take effect.

Setting Netscape Security

Step 1:  Open the Security Window
From the Netscape window, you can open a Security Info
window to find security information about the current Web
page. It can also be used to define how Netscape behaves
when it encounters potentially insecure situations. To open
the Security Info window from Netscape, click on the
Security icon in the toolbar (it looks like a small padlock).

Step 2:  Verify Web Page Security
When the Security Info page first appears, it tells you
two pieces of information about the current Web page. First
it tells you weather or not the page was encrypted and
second it verifies the Web address of the page you have
opened. To view details about the page, click on the Open
Page Info button.

Step 3:  View Page Information
When the Page Info page appears, you can view detailed
security information relating to the current Web page. If
it is a secure Web page, you can see the type of security
that is used with the page and who owns the certificate
that verifies the authenticity of the page. When you are
done viewing this information, close the page by clicking
on the X in the upper right corner of the window.

Step 4:  Set Security Warnings
If you are about to enter information about yourself into
a Web site, you probably want to make sure that the site is
secure. From the Security Info page, you can set Netscape
to warn when you enter or leave a secure site, as well as
when you view a page with some encrypted data or send
unencrypted information. (These features are on by
default.) To check these settings, click on Navigator in
the left column, then check how the values are set.

Step 5:  Apply Changes
To apply any changes you made to the Security Info page,
click on the OK button.

Why Do I Feel Like Somebody’s Watching Me?

Spyware is one of the fastest-growing internet threats.  According to the National Cyber Security Alliance, spyware infects more than 90% of all PCs today.  These unobtrusive, malicious programs are designed to silently bypass firewalls and anti-virus software without the user’s knowledge.  Once embedded in a computer, it can wreak havoc on the system’s performance while gathering your personal information.  Fortunately, unlike viruses and worms, spyware programs do not usually self-replicate. 

 

Where does it come from?

Typically, spyware originates in three ways.  The first and most common way is when the user installs it.  In this scenario, spyware is embedded, attached, or bundled with a freeware or shareware program without the user’s knowledge.  The user downloads the program to their computer.  Once downloaded, the spyware program goes to work collecting data for the spyware author’s personal use or to sell to a third-party.  Beware of many P2P file-sharing programs.  They are notorious for downloads that posses spyware programs.

The user of a downloadable program should pay extra attention to the accompanying licensing agreement.  Often the software publisher will warn the user that a spyware program will be installed along with the requested program.  Unfortunately, we do not always take the time to read the fine print.  Some agreements may provide special “opt-out” boxes that the user can click to stop the spyware from being included in the download.  Be sure to review the document before signing off on the download.

Another way that spyware can access your computer is by tricking you into manipulating the security features designed to prevent any unwanted installations.  The Internet Explorer Web browser was designed not to allow websites to start any unwanted downloads.  That is why the user has to initiate a download by clicking on a link.  These links can prove deceptive.  For example, a pop-up modeled after a standard Windows dialog box, may appear on your screen.  The message may ask you if you would like to optimize your internet access.  It provides yes or no answer buttons, but, no matter which button you push, a download containing the spyware program will commence. Newer versions of Internet Explorer are now making this spyware pathway a little more difficult.

Finally, some spyware applications infect a system by attacking security holes in the Web browser or other software.  When the user navigates a webpage controlled by a spyware author, the page contains code designed to attack the browser, and force the installation of the spyware program.

What can spyware programs do?

Spyware programs can accomplish a multitude of malicious tasks.  Some of their deeds are simply annoying for the user; others can become downright aggressive in nature.

Spyware can:

1.            Monitor your keystrokes for reporting purposes.

2.            Scan files located on your hard drive.

3.            Snoop through applications on our desktop.

4.            Install other spyware programs into your computer.

5.            Read your cookies.

6.            Steal credit card numbers, passwords, and other personal information.

7.            Change the default settings on your home page web browser.

8.            Mutate into a second generation of spyware thus making it more

         difficult to eradicate.

9.            Cause your computer to run slower.

10.        Deliver annoying pop up advertisements.

11.        Add advertising links to web pages for which the author does not get paid.  Instead, payment is directed to the spyware programmer that changed the original affiliate’s settings.

12.        Provide the user with no uninstall option and places itself in unexpected or hidden places within your computer making it difficult to remove.

Spyware Examples

Here are a few examples of commonly seen spyware programs.  Please note that while researchers will often give names to spyware programs, they may not match the names the spyware-writers use. 

CoolWebSearch, a group of programs, that install through “holes” found in Internet Explorer. These programs direct traffic to advertisements on Web sites including coolwebsearch.com. This spyware nuisance displays pop-up ads, rewrites search engine results, and alters the computer host file to direct the Domain Name System (DNS) to lookup preselected sites. 

Internet Optimizer (a/k/a DyFuCa), likes to redirect Internet Explorer error pages to advertisements. When the user follows the broken link or enters an erroneous URL, a page of advertisements pop up.

180 Solutions reports extensive information to advertisers about the Web sites which you visit.  It also alters HTTP requests for affiliate advertisements linked from a Web site.  Therefore the 180 Solutions Company makes an unearned profit off of the click through advertisements they’ve altered.

HuntBar (a/k/a WinTools) or Adware.Websearch, is distributed by Traffic Syndicate and is installed by ActiveX drive-by downloading at affiliate websites or by advertisements displayed by other spyware programs.  It’s a prime example of how spyware can install more spyware.   These programs will add toolbars to Internet Explorer, track Web browsing behavior, and display advertisements.

How can I prevent spyware?

There are a couple things you can do to prevent spyware from infecting your computer system.  First, invest in a reliable commercial anti-spyware program.

I recommend you follow this link  http://www.linkbrander.com/go/34613 and read more and you can also scan your PC for free. There are several others on the market including stand alone software packages such as Lavasoft’s Ad-Aware available for free at http://www.lavasoft.de/products/ad-aware_se_personal.php or Windows Antispyware.  Other options provide the anti-spyware software as part of an anti-virus package.  This type of option is offered by companies such as Sophos, Symantec, and McAfee. Anti-spyware programs can combat spyware by providing real-time protection, scanning, and removal of any found spyware software.   As with most programs, update your anti virus software frequently. 

As discussed, the Internet Explorer (IE) is often a contributor to the spyware problem because spyware programs like to attach themselves to its functionality.  Spyware enjoys penetrating the IE’s weaknesses.  Because of this, many users have switched to non-IE browsers.  However, if you prefer to stick with Internet Explorer, be sure to update the security patches regularly, and only download programs from reputable sources.  This will help reduce your chances of a spyware infiltration.

 

And, when all else fails?

Finally, if your computer has been infected with a large number of spyware programs, the only solution you may have is backing up your data, and performing a complete reinstall of the operating system.

Surfing the Web Anonymously

Surfing the Web Anonymously – Questions to Ask

When you surf the web it is possible to learn information about you even when you don’t want to advertise who you are. This is true even if your system contains no virus or malware software. Specifically information that is easily available online includes your IP address, your country (and often more location information based on IP address), what computer system you are on, what browser you use, your browser history, and other information. It gets worse. People can get your computer’s name and even find out your name if your machine supports programs like finger or identd. Also, cookies can track your habits as you move from machine to machine.

How do people get this basic information about you?
When you visit another web site, information about you can be retrieved. Basically, information is intercepted and used by others to track your Internet activities.

How do you stop this from happening?
First of all, it is possible to surf the web anonymously and thereby stop leaving a trail for others to find. Note that this is not fool-proof, but it makes it much harder for people to know who you are. There are products called anonymous proxy servers that help protect you. The anonymous proxy server replaces your Internet address for its own. This has the effect of hiding your IP address and making it much harder for people to track you.

How do I get an anonymous proxy server?
There are many vendors who sell anonymous proxy servers. There are also free proxy servers available to you.

Three such products are YouProxy, ShadowSurf and Guardster.

Guardster offers various services for anonymous and secure access to the web, some paid as well as a free service.

YouProxy allows you to browse the internet securely. You can unblock popular social networking sites such as MySpace, Bebo, Facebook, YouTube, Friendster and many other sites. Feel free to browse 24/7 and don’t forget to tell your friends!

ShadowSurf ShadowSurf provides anonymous surfing at their site for free. Go to it and you will find a box to enter a URL that you want no one to track. There are many others, but here are three that are frequently used.

Another interesting product, given the recent news about the Google search engine filtering its findings for the Chinese government, is Anonymizer. This company, among others, recently (Feb 1st, 2006) pressed that it “is developing a new anti-censorship solution that will enable Chinese citizens to safely access the entire Internet filter free” (http://www.anonymyzer.com/consumer/media/press_releases/02012006.html).

With AnonyMouse you can unblock popular social networking sites such as MySpace, Bebo, Facebook, YouTube, Orkut, Friendster and many other sites. It’s a free web based proxy server which hides your IP and allows you to surf in complete anonymity without installing anything on your PC.

Does an anonymous proxy server make you 100% safe?
No. Still, you are much better off if you use such technology.
What other things should I be concerned about when trying to keep my private information private?

Three other items come to mind when trying to keep your information private.

First, you can use an encrypted connection to hide your surfing.

This article does not go into detail on this, but search the web and you will find a lot of information on this.

Secondly, delete cookies after each session.

Third, you can configure your browser to remove JavaScript, Java, and active content. This actually leads to limitations, so you need to think about the cost/benefit of this course of action.

Anything else?

Wishing you happy and safe surfing!