Browser Security - How To Secure Your Internet Browsing: Guides & Extensions

Cyber Security Wiki Navigation:


Do Not Use Microsoft Internet Explorer AKA Microsoft Edge

Microsoft Internet Explorer has had major security issues throughout the years, including nearly every version or release.  Wikipedia has a full section dedicated to this, reproduced here:

Security vulnerabilities

Internet Explorer has been subjected to many security vulnerabilities and concerns: Much of the spywareadware, and computer viruses across the Internet are made possible by exploitable bugs and flaws in the security architecture of Internet Explorer, sometimes requiring nothing more than viewing of a malicious web page in order to install themselves. This is known as a "drive-by install". There are also attempts to trick the user into installing malicious software by misrepresenting the software's true purpose in the description section of an ActiveX security alert.

A number of security flaws affecting IE originated not in the browser itself, but ActiveX-based add-ons used by it. Because the add-ons have the same privilege as IE, the flaws can be as critical as browser flaws. This has led to the ActiveX-based architecture being criticized for being fault-prone. By 2005, some experts maintained that the dangers of ActiveX have been overstated and there were safeguards in place.[82] In 2006, new techniques using automated testing found more than a hundred vulnerabilities in standard Microsoft ActiveX components.[83] Security features introduced in Internet Explorer 7 mitigated some of these vulnerabilities.

Internet Explorer in 2008 had a number of published security vulnerabilities. According to research done by security research firm Secunia, Microsoft did not respond as quickly as its competitors in fixing security holes and making patches available.[84] The firm also reported 366 vulnerabilities in ActiveX controls, an increase from the prior year.

According to an October 2010 report in The Register, researcher Chris Evans had detected a known security vulnerability which, then dating back to 2008, had not been fixed for at least 600 days.[85] Microsoft says that it had known about this vulnerability but it was of very low severity as the victim web site must be configured in a special way for this attack to be feasible at all.[86]

In December 2010, researchers have been able to bypass the "Protected Mode" feature in Internet Explorer.[87]

Vulnerability exploited in attacks on U.S. firms

Main article: Operation Aurora

In an advisory on January 14, 2010, Microsoft said that attackers targeting Google and other U.S. companies used software that exploits a security hole, which had already been patched, in Internet Explorer. The vulnerability affected Internet Explorer 6 on Windows XP and Server 2003, IE6 SP1 on Windows 2000 SP4, IE7 on Windows Vista, XP, Server 2008 and Server 2003, and IE8 on Windows 7, Vista, XP, Server 2003, and Server 2008 (R2).[88]

The German government warned users against using Internet Explorer and recommended switching to an alternative web browser, due to the major security hole described above that was exploited in Internet Explorer.[89] The Australian and French Government issued a similar warning a few days later.[90][91] The first browser they recommended was Mozilla Firefox, followed by Google Chrome.[92][93]

Major vulnerability across versions

On April 26, 2014, Microsoft issued a security advisory relating to CVE-2014-1776, a vulnerability that could allow "remote code execution" in Internet Explorer versions 6 to 11.[94] On April 28, 2014, the United States Department of Homeland Security's United States Computer Emergency Readiness Team (US-CERT) released an advisory stating that the vulnerability could result in "the complete compromise" of an affected system.[95] US-CERT recommended reviewing Microsoft's suggestions to mitigate an attack or using an alternate browser until the bug is fixed.[96][97] The UK National Computer Emergency Response Team (CERT-UK) published an advisory announcing similar concerns and for users to take the additional step of ensuring their antivirus software is up-to-date.[98]Symantec, a cyber security firm, confirmed that "the vulnerability crashes Internet Explorer on Windows XP".[99] The vulnerability was resolved on May 1, 2014, with a security update.[100]

Complete Guide: Security, Privacy, & Hardening for Mozilla Firefox

This guide will give you step by step detailed instructions in order to make your Mozilla Firefox browser as secure and private as possible.  This guide will make your Firefox arguably harder than the TOR browser.  This is our recommended course of action, instead of trying to patch together your own set of secure browser extensions & settings.  Click Here to go to the full guide.

Browser Extensions For Security & Privacy

Many free & open source extensions exist for browsers that will assist in making your browsing a little more secure & private.  Below is a list of some of the better ones, along with links where you can download them.

Firefox

Chrome

  • Secure & Private Browsing With A VPN Service

    Most Internet Service Providers today blatantly log all of your activity on the web, including websites you visited, engagement on websites you visited, downloads, and uploads.

    All of the ISPs listed below state that they log all website browsing data in their privacy policies, linked here.

    Using a VPN service that you trust to provide you with no-logs, privacy & anonymity on your computer will make your browsing habits opaque to your ISP.  The Internet Service Provider will only know raw amounts of data going in and out, and even that will be somewhat obscured by the encryption of the VPN service.