The importance of a good browser
Quick note:
This guide was bought over from HF because I thought that the guide should be able to benefit this forums as well. This guide is written by Poppins and any credit is given throughout the article.
Many people think that infections can happen via files that are downloaded. This is true, however people are lead into thinking that this is the only way that they can be infected. It is a common misconception that leads to the attitude:
Well this is true in most cases. Yet there is a major culperate in getting infected. This is your browser. Some people are not aware that there are exploits within the browser that will allow someone to run malicious code just from you visiting websites.
Every browser has flaws. Yet is recommended that you should use either:
Firefox OR Apple's Safari
Both rank low in vunerability reports. In order to stay secure it is often suggested that you should stay away from internet explorer. Internet explorer has a major exploit with activeX. This means just by visiting a site and running their activeX script (Pop's up at the top of the page) The site can download malware and adWare onto your computer.
Some tips for staying safe within your browser:
-Stay away from flash:
Flash has vunerabilitys that let malicious code run on your PC as well. However flash is still a major point in the internet today, So it is adviced you disable flash when visiting suspicious sites.
-Java:
On this forum alone there are tutorials on how to create a 'Java Drive-By.' A java drive by is a simple applet that when run, can run code and programs on your PC without your Knowledge. So the advice is NOT to run java on sites that you do not trust.
There are many ways to protect in the browser. One of the simplist ones is disabling certain things such as flash or javascript. This can be done in all browsers. However you will still be vunerable.
Firefox is a great way in which to secure your self because you can install 'add-ons' Which allow you to extend the browsers capability. A great addon for firefox is: 'NoScript.' This allows the end user to block scripts from running on a certain page within one click. This is much like disabling different aspects in the browser yet it is a lot easier. Installing NoScript is great for security. When you see a suspicious site, enable it then the site will not be able to run any unauthorized scripts or exploits, enabling you to read the site without worry.
Browser Saved passwords:
Saving your passwords in a browser is good if you keep forgetting. Although these saved passwords can not be exploited via a browser exploit (too my knowledge,) They can however be exploited using malware. The malicious code can retrieve a password almost instantly. Because of this, saving your passwords is not really advised. However if you insist upon remembering your passwords within a browser then a suggested one would be firefox because of its master password setting. The master password allows a user to implement a password that they will have to input every time the wish the browser to remember one. In order to access this:
If you insist on remembering your passwords i would suggest not remembering vital ones such as your email to prevent damage in possible attacks.
Updating your browser regularly (around once a month) Can play a part in providing extra protection. When new exploits are found then browser companies will attempt to patch this and release in a new version. Since every exploit cannot be found it is important that you update in order to keep up to date in providing protection against exploits.
Every browser however is as good as the next one if you know how to use it. Going to warez/adult sites while in an unsecured state and accepting prompts that may appear really isn't safe. Apply common sense and surf the internet cautiously and you will be fine.
Some Good addons (Firefox):
NoScript: As mentioned before noscript is great in ensuring that you are secure when viewing supicious sites.
Firebug: Firebug is an addon that will let you view the website code and what is running on that website at what time. Firebug is often used by web developers in order to find bits of code that are not working like they should be. It can also be used to find malicious code if you can program in HTML, CSS ETC.
WOT - Safe Browsing Tool: WOT Lets you see which websites are trusted and which are not when searching and viewing usinga simple traffic light system. The system lets you quickly see which websites to stay aware of. Maybe could be used in conjuction with NoScript.
Adblock Plus: The clue is really in the title with this one. This addon will block those pesky ads that appear on numerous sites. This helps minimilize the threat as some adverts use browser exploits to inject adware into your PC.
BetterPrivacy: Better privacy allows the user to stay safe of 'tracking cookies' That track clicks etc on sites. Tracking cookies are not always bad however. Google uses them to determine which sites you most search for then allows you to see better results from this.
Malware Search: Malware search is an instant malware searcher built into firefox. This is more to do with deleting and identifying malware than preventing it.
Thank you Paradoxum for this one
Remember: Take precautions when viewing suspicious sites and secure your browser against attacks.
-Poppins
Quick note:
This guide was bought over from HF because I thought that the guide should be able to benefit this forums as well. This guide is written by Poppins and any credit is given throughout the article.
Many people think that infections can happen via files that are downloaded. This is true, however people are lead into thinking that this is the only way that they can be infected. It is a common misconception that leads to the attitude:
Quote:Well if i don't download anything, or a scan before, then i'll be fine.
Well this is true in most cases. Yet there is a major culperate in getting infected. This is your browser. Some people are not aware that there are exploits within the browser that will allow someone to run malicious code just from you visiting websites.
Every browser has flaws. Yet is recommended that you should use either:
Firefox OR Apple's Safari
Both rank low in vunerability reports. In order to stay secure it is often suggested that you should stay away from internet explorer. Internet explorer has a major exploit with activeX. This means just by visiting a site and running their activeX script (Pop's up at the top of the page) The site can download malware and adWare onto your computer.
Some tips for staying safe within your browser:
-Stay away from flash:
Flash has vunerabilitys that let malicious code run on your PC as well. However flash is still a major point in the internet today, So it is adviced you disable flash when visiting suspicious sites.
-Java:
On this forum alone there are tutorials on how to create a 'Java Drive-By.' A java drive by is a simple applet that when run, can run code and programs on your PC without your Knowledge. So the advice is NOT to run java on sites that you do not trust.
There are many ways to protect in the browser. One of the simplist ones is disabling certain things such as flash or javascript. This can be done in all browsers. However you will still be vunerable.
Firefox is a great way in which to secure your self because you can install 'add-ons' Which allow you to extend the browsers capability. A great addon for firefox is: 'NoScript.' This allows the end user to block scripts from running on a certain page within one click. This is much like disabling different aspects in the browser yet it is a lot easier. Installing NoScript is great for security. When you see a suspicious site, enable it then the site will not be able to run any unauthorized scripts or exploits, enabling you to read the site without worry.
Browser Saved passwords:
Saving your passwords in a browser is good if you keep forgetting. Although these saved passwords can not be exploited via a browser exploit (too my knowledge,) They can however be exploited using malware. The malicious code can retrieve a password almost instantly. Because of this, saving your passwords is not really advised. However if you insist upon remembering your passwords within a browser then a suggested one would be firefox because of its master password setting. The master password allows a user to implement a password that they will have to input every time the wish the browser to remember one. In order to access this:
- Press ALT To display the menu bar
- Click on the Tools dropdown Menu
- click on the Options Item
- Now Open the 'Security' Tab
- Check the box next to: 'Use a master password.'
- Now set a password that will be remembered. Do not forget it! Make it simple yet hard to guess.
If you insist on remembering your passwords i would suggest not remembering vital ones such as your email to prevent damage in possible attacks.
Updating your browser regularly (around once a month) Can play a part in providing extra protection. When new exploits are found then browser companies will attempt to patch this and release in a new version. Since every exploit cannot be found it is important that you update in order to keep up to date in providing protection against exploits.
Every browser however is as good as the next one if you know how to use it. Going to warez/adult sites while in an unsecured state and accepting prompts that may appear really isn't safe. Apply common sense and surf the internet cautiously and you will be fine.
Some Good addons (Firefox):
NoScript: As mentioned before noscript is great in ensuring that you are secure when viewing supicious sites.
Firebug: Firebug is an addon that will let you view the website code and what is running on that website at what time. Firebug is often used by web developers in order to find bits of code that are not working like they should be. It can also be used to find malicious code if you can program in HTML, CSS ETC.
WOT - Safe Browsing Tool: WOT Lets you see which websites are trusted and which are not when searching and viewing usinga simple traffic light system. The system lets you quickly see which websites to stay aware of. Maybe could be used in conjuction with NoScript.
Adblock Plus: The clue is really in the title with this one. This addon will block those pesky ads that appear on numerous sites. This helps minimilize the threat as some adverts use browser exploits to inject adware into your PC.
BetterPrivacy: Better privacy allows the user to stay safe of 'tracking cookies' That track clicks etc on sites. Tracking cookies are not always bad however. Google uses them to determine which sites you most search for then allows you to see better results from this.
Malware Search: Malware search is an instant malware searcher built into firefox. This is more to do with deleting and identifying malware than preventing it.
Thank you Paradoxum for this one
Remember: Take precautions when viewing suspicious sites and secure your browser against attacks.
-Poppins
WhiteHat Hacker, Infection Control and HJT Team Trainee
Poppins™
Originally from: Hackforums.net