Browsing the web is one of the most dangerous activities when it comes to keeping your computer secure, the vast majority of all malware and worse infections come through web exploits, this article covers some of the best ways to improve your security.
The Web Browser
Using a modern web browser that is regularly updated is one the most important thing you can do, Mozilla Firefox and Google Chrome are two of the most popular but there are plenty of others out there that are just as good such as Opera, Vivaldi, Chromium and SeaMonkey.
Most of these have versions for mobile devices, although in my opinion it’s best to avoid doing anything important on a mobile device, particularly with Android.
A large percentage of malware is delivered through online advertising so it’s absolutely critical that you block it, white listing certain websites is also a bad idea since this can occur even on major websites like YouTube.
There are a variety of adblockers available, some of the most common being adblock plus and ublock origin, personally I recommend the latter as it uses less resources and allows no ads by default.
Another form of adblocking (also used for other purposes) is by using a custom hosts file, this stops the computer from connecting to the listed websites, this is best used in combination with an adblocker, one good hosts file can be found here along with usage instructions.
Plugins like Flash and Java are a big no if you’re looking for security, flaws in these can easily expose your system to serious infections, if you need to use them make sure you always have the latest version and keep it disabled until needed.
One way to make this simpler is to use a browser extension such as NoScript, this by default blocks all scripts so you have to manually accept them, this is a little time consuming but it only needs to be done on your first visit to each web site, in addition it allows you more control over what the website can do.
Cross-site Scripting (XSS)
A cross-site script is a script that reads or sends content to another website, one simple example being loading an image hosted on another web site, the problem with this is that without proper care and design it’s possible to exploit XSS to read private data or inject malicious code.
The risk of this cannot be emphasised enough, many major websites such as YouTube, Twitter and Facebook have been attacked using XSS, the best way to prevent this is to use a browser extension that by default blocks all cross-site requests such as RequestPolicy.
Perhaps the only true way to ensure security of your computer is to browse the web in a virtual machine, this is often time consuming to setup but is well worth the effort, this way you can be reasonably sure that even if you are infected the infection will be contained to the virtual machine, a lesser kind of virtual machine is a virtual sandbox which basically creates an isolated container, this isn’t nearly as secure as a virtual machine but is much quicker to setup.
Secure Operating System
If you’re using Windows then you’re going to be at significantly higher risk of infection, simply due to the number of users, the quickest way to boost security is to switch to Linux, BSD or Mac OS X (if you can afford it), this is not for everyone however but is well worth giving it a try, these can also be used in a virtual machine.
Use Anti-virus Software
Having some anti-virus software installed is very important, this is usually the final barrier stopping an infection, particularly as most now scan any changes made so malware and other nasty stuff is caught before it can actually cause any problems, this comes at a small impact to system performance but the loss is well worth it.
Anti-virus software should not be confused with anti-malware software, most anti-malware software deals with minor things such as adware and tracking cookies, anti-virus software will often ignore these so it’s good to have both.
In the event that a web site you used is compromised (all too common these days) it’s important that you have unique passwords for each website that you use, these can be hard to remember so a program like keepass is extremely useful, this also allows the use of much longer passwords helping to prevent dictionary attacks and brute force.
Always look at the URL before you click a link, unusual domains like .tk and domains in countries like russia and china (assuming you don’t live there) should be avoided.
If your browser has the option or there is an extension available you should disable automatic redirects, there have been many cases where a normal site has been hacked and changed to redirect you to the attack site.
Another common technique to catch people is drive-by downloads, this is where a download will randomly pop up when you reach an infected page (usually triggered by a script), always check the download name, size and file extension, if you’re even the slightest bit concerned scan it before opening, a final fail safe is to open any download in a virtual machine.
Another way to verify a download is to verify the checksum if available, any changes or corruption of the download will alter the resulting checksum, IgorWare Hasher is a free Windows tools you can use, Linux and BSD usually already have something installed.
HTTPS encrypts data being sent and received by your web browser with SSL, most websites support encryption but not all have it enabled by default, always be very aware when sending sensitive data that the website is using HTTPS, this is usually indicator by a padlock icon near the address bar and the URL starting with https://
A nice little browser extension is HTTPS Everywhere, this forces use of HTTPS where available among other features.
Most web browsers can remember your password to make things easier and quicker, however this is a big security risk that is often targeted by malicious scripts or software, so it’s strongly recommended that you disable it.
Many websites are now offering more advanced authentication using things like verifying your email address or sending you an SMS message rather than just password alone, this can be a bit annoying but for important accounts you should always enable it.
Good browsing security isn’t difficult, most of it comes down to common sense but hopefully you have learned something of use from this article.