Stop using your web browser security wrong


Chances are good you’re not using your browser with a strong enough eye on security. Jack Wallen offers up some advice to the average user on how to browse safer.

Image: Sergey Nivens/Shutterstock

For the love of privacy and security, stop! You’re using the default settings in your web browser, thereby assuming the companies that created the software either know what’s best for you or don’t have ulterior motives for how they set security options in their products.

But ultimately, the onus isn’t really on the developers or distributors of the web browsers. You are in charge of your security, and you alone have the power to make the most out of it. When you just assume the out-of-the-box experience is completely secure, you are at the mercy of a company that produces products for the masses. What those companies want is to release a product that works for the largest number of users, a baseline. Of course, everyone’s use-case is different, so one person’s security might not be another’s. In the end, when you accept the defaults, you’re accepting configurations that work for the majority of sites on the planet (in theory). 

SEE: Security incident response policy (TechRepublic Premium)

Thing is, that’s not always the most secure way of going about things. And a big part of the problem is that not all web browsers are created equal. Some browsers have more advanced security features available, while others scrape by with the bare minimum. Some browsers have become so problematic that security is the least of their worries. Some browsers are developed by companies with a very bottom-line driven motivation. And, finally, some browsers are created by companies that do not want to relinquish control to the end-user.

I’ll leave it up to you to draw the necessary conclusions as to who the fingers of blame should be pointed to.

Fortunately, you do have the ability to help yourself out with browser security. And I’m going to help you out. What I’m not going to do is show you how to configure every single thing for every single browser (as that would take me forever). What I’m going to do, however, is show you what you need to look for in your browsers and a few tips on browser usage (so you can avoid certain issues).

Don’t save passwords

The first thing I’m going to tell you is to never allow your browser to save usernames and passwords. Yes, I know that makes it exponentially more difficult for you as a user, but when you have your browser save your usernames and passwords, you’re adding yet another layer that can be used against you. This is especially true for browsers that sync data to or through a third-party host (such as Google Chrome syncing browser passwords to your Google account). 

Don’t do that. Just don’t. Yes, it will cause you an extra step for every single site you visit that requires login credentials, but you’ll be safer for doing so. To make this easier, install a password manager (and use it).

Convenience is often the enemy of security.

Install extensions with care

I cannot tell you how many times I’ve been troubleshooting a user’s computer, only to find they’d installed some coupon extension that actually turned out to be malware. Yes, there are a lot of extensions available for nearly every web browser on the market. But the adage, “If it’s too good to be true …” applies. 

Sure, browser extensions can add functionality to your browser, but that doesn’t mean you should install them. In fact, with regards to extensions, always err on the side of caution. Unless you absolutely need that added functionality, do not install it. And if you decide to go ahead and install it, do a bit of research before hitting Install. It only takes a single piece of malicious code to either bring down your computer or steal your data.

My guess is that coupon code extension isn’t worth the hassle.

Enable HTTPS-Only Mode

Some browsers, such as Firefox, offer an HTTPS-only mode. What this does is prevent you from going to sites that use the less-secure http protocol. These HTTPS-only mode features don’t completely block you from visiting those sites, but they do warn you that you’re about to be directed to a less secure site.

For example, with Firefox, you go to Settings | Privacy & Security and then click Enable HTTPS-Only Mode in all windows (Figure A).

Figure A

browserseca.jpg

Enabling HTTPS-Only Mode in Firefox.

Enable DNS-Over-HTTPS

Another setting you’re going to want to take care of is enabling DNS Over HTTPS. What is this feature? DNS-Over-HTTPS hides your DNS queries from third-party observers so they cannot sniff out your packets and see what you’re searching for or what sites you’re about to access. 

Most of the major web browsers allow you to enable this functionality, and it should be considered a must-do for every browser you use. For example, give my piece “How to enable DNS-over-HTTPS in Firefox” a read to find out how to do this in Firefox.

Click with caution

Finally (and this cannot be overstated), use caution when you click links. Anytime you receive a link in an email or other type of message, it is on you to check if that link is legitimate or not. If you default to trusting those links, you’re only one click away from ransomware or malware. 

For example, I received a suspicious email in Thunderbird. First, I don’t allow my email client to automatically load images. But I can clearly see the READMORE button. If I hover my cursor over that button, the associated URL appears in the lower-left corner (Figure B). 

Figure B

browsersecb.jpg

Revealing a link within an email.

If that link isn’t associated with whoever sent the email, then I’m not clicking it. Period. Even on the Linux platform, I wouldn’t visit suspect links. I cannot impart to you how important it is that you do not click such links without taking precautions.

Just don’t do it

As much as you want to believe the default settings or the way you typically use your browser will keep you safe, you’re probably wrong. It’s a dangerous world out there in the vast WWW, and there’s always someone looking to steal your information, your identity, your money or all of it. Do not go gently into the world wide web, otherwise, you’ll fall prey to rather nefarious doings.

Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.

Also see



Source link