Tuesday, January 12, 2010

Securing Your Internet Browser

The US Computer Emergency Response Team has a slightly old but nonetheless valuable document on how to secure one's Internet browser. Given the high level of risk associated with browsing the Internet, this form of security might be the single most important step you can take to keep your computer safe.

Browsers are serious applications. They just don't show you a picture of some remove web page, they are interacting with the web site's server in a variety of ways and they have the power to interact with your computer in ways similar to that of your operating system. In fact, some computer magazines have called the browser the new operating system. Great power brings great danger. The more a program can do for you the more it do against you.

The question of which browser is the most secure is frequently debated. Google Chrome now makes that claim because it has a system for isolating the activity of the web pages from the operating system. This isolation, called "sand boxing" is a system used by a number of applications, such as Java. It helps but is no guarantee of security. IE, frequently described as the least secure, can be made secure if the recommendations of CERT are followed. The problem with these solutions is that the end result is a browser that may not be able to do many of the activities expected of it. The best solution, in my opinion, is to make the default settings in IE strong and add sites you know well to the "trusted" list. These sites can do more because the browser allows them to access features that an untrusted site would not be allowed to use. If you go to a wide variety of new web sites each day, you might want to use Chrome, but if you only go to a handful of the same sites each day, a locked-down version of IE might be the best solution.

Even if you dislike IE, you should still read the instructions for making it more secure. Love or hate IE, the reality is that there are number of sites that only function with it. There are times that you have no option but to use IE.

Of course, the best form of security is common sense. The brain is still the best form of security software.


Friday, January 08, 2010

Living with Secunia

My last posting was about Secunia's online scanner. I've downloaded and used their personal software inspector. I have to say that I like it. It does not grab too much of the CPU yet it monitors the system quite effectively. Many applications these days automatically update. Secunia picks up on that and lets you know. This is useful so that you don't run home to put in a critical update when it has already been done.

There are a few things that can be annoying. The main one I have is that it keeps reporting a problem with a fairly unusual application -- in my case, a video camera monitor -- and offers a link to a fix. The fix is the same version as the problem. The video camera people probably will never update their application and given that their system running on my computer does not connect to the Internet, I'm not too worried. The solution I had to use is to "ignore" the application. I would rather not do that in the case there is actually a newer version at a later point.

Yet, given that most vulnerabilities are in the applications and not so much the OS, this tool is a must have. While most programs are getting better at auto-updating themselves, there are many applications out there that don't.

In the school environment, this system is also useful to discovering applications you might not have installed. When you seen an update pending for an application you didn't install or forgot to remove, this provides you a chance to take action. I like the fact that this scanner will tell you exactly where the offending application resides. Most updates don't do that.

I'm going to keep using this product!