Safer Browsing

In the last couple of posts we have been hinting at safer browsing for users. You might ask the question what does that mean? Well the answer is not so simple and requires multiple layers of defense or as it is called in the industry defense in depth. Again we don’t want to paint a dark picture of the cyber world but with news articles as the following:

Make it somewhat difficult to avoid entering the dark alley filled with malware. There are several ways to minimize the level of risk ranging from a simple approach to a more esoteric approach. In part I of this post we will be discussing the simple approach.

Step 1 [Keep your system up to date]

All OS vendors distribute upgrades to their software periodically ranging from daily to once a month. For example, Microsoft states “Security-related updates are released once a month. However, if a security threat occurs, such as a widespread virus or worm that affects Windows-based computers, Microsoft will release a corresponding update as soon as possible.” Others such as Apple release updates when they are available . There are several ways to make sure you are keeping up to date.

Microsoft Windows

  • Open Internet Explorer and select Windows Update from the Tools menu
  • Or enable automatic updates –>open the System icon in Control Panel (or right-click My Computer and select Properties), and choose the Automatic Updates tab

OS X

  • From the Apple menu, choose Software Update
  • Or enable automatic updates –> From the Apple menu , choose System Preferences, and choose Software Updates

Step 2 [Concept of least privilege]

People who have fallen victim to malware will appreciate the concept of least privilege.  This concept is defined by Wikipedia as “referring to the concept that all users at all times should run with as few privileges as possible, and also launch applications with as few privileges as possible.”  This will minimize the threat level given that malware in order to be effective needs to be executed with administrative privileges.

So what does this mean to you?  is quite simple create a regular user account that is not a member of the administrator group, that you can utilize for your everyday activities.  You can then utilize your administrative account when installing, updating, or deleting software.

Create a “limited user” account in Windows?

  1. Open Control Panel by clicking start button on your Desktop.
  2. Click User Accounts icon
  3. Click Create New Account
  4. Type any name for your new account, say “Secure”, click Next
  5. Select option “Limited”, click Next

Create a user account on OS X

  1. For OS X 10.4
  2. For OS X 10.5

Step 3 [Install and update your Antivirus scanning software]

Antivirus scanning software is still a viable security layer in thwarting yesterdays malware given the fact that most are still based on signature analysis, but some are moving towards a combination of signature and heuristic (pattern) analysis. There are several antivirus vendors out there, commercial and free such as:

Commercial (Windows and OS X)

  • Symantec
  • McAfee
  • Sophos

Free (Windows and OS X)

  • ClamAV or ClamXAV
  • AVG Free (Windows only)
  • Avira personal desktop edition (Windows only)

We understand that certain people will argue that OS X does not need any type of antivirus because it is built on top of a strong platform, but it is not impenetrable see milw0rm.

Step 4 [Personal firewall]

Personal firewalls have increased in usage.  They allow the ability to be selective on what traffic comes in and out from your computer. There are several products available in the market today, similar to antivirus software some are commercial while others are free.

Commercial (Windows only)

  • Symantec
  • McAfee
  • Sophos

Free (Windows only)

  • ZoneAlarm
  • Comodo
  • XP internal firewall

In this arena OS X already comes with a strong built in firewall, just remember to enable it. See the following on how to enable it:

Step 5 [Use Firefox with No script enabled]

Firefox web browser has gained a lot of popularity over the last couple of years.  Given its flexibily of being operating system agnostic and supporting extensions, it has become the counterpart to Internet Explorer and Safari, see the following trend information.  Extensions have really made this browser an attractive safer alternative.

You might ask the question what is “No Script?”  Directly from the developer’s website “The NoScript Firefox extension provides extra protection for Firefox, Flock, Seamonkey and other mozilla-based browsers: this free, open source add-on allowsJavaScript, Java, Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank), and provides the most powerful Anti-XSS protection available in a browse.”

The installation process is quite easy, just click here, select download and restart firefox.  After installing this extension some websites will look weird, and the reason is because there are many different components that are downloaded from any website.  Some components (Javascript, Java, Flash, etc) are safe while others can be at times malicious.  This script gives you the ability to protect yourself by giving you the power to choose what you download from a website.  For example, you can choose to accept everything by default from your bank site, but you will only accept certain things from other sites such as no web advertisement.