X

Browser security and privacy tips

Simple ways to keep malware off your PC and snoops at bay while using the Web.

Dennis O'Reilly Former CNET contributor
Dennis O'Reilly began writing about workplace technology as an editor for Ziff-Davis' Computer Select, back when CDs were new-fangled, and IBM's PC XT was wowing the crowds at Comdex. He spent more than seven years running PC World's award-winning Here's How section, beginning in 2000. O'Reilly has written about everything from web search to PC security to Microsoft Excel customizations. Along with designing, building, and managing several different web sites, Dennis created the Travel Reference Library, a database of travel guidebook reviews that was converted to the web in 1996 and operated through 2000.
See full bio
Dennis O'Reilly
3 min read

Microsoft has made great strides in educating Windows users about the need to keep their systems secure by downloading and installing the most recent updates. (I still recommend that you set Windows' Automatic Updates to download but don't install, as I described in a blog post from last July.)

The irony of the heightened awareness of Windows updates is that malware is less likely to target vulnerabilities in Windows--or other PC operating systems, for that matter. These days, most viruses and Trojans use holes in your browsers, media players, or Web applications to breach your system's security. That's why it's imperative to keep these programs up-to-date, which is a subject I covered in a post from last April.

Google pushes updates to its Chrome browser automatically--without bothering to let you know about it (the current version is 2.0.172.30). You may think I'm a hypocrite for preventing Microsoft from loading its updates automatically and applauding Google for doing the same thing with its browser. Here's the difference: if a Chrome update causes the program to malfunction, I can simply use another browser, but if a Windows update screws up, my entire system's hosed until I fix it.

If you want to use Chrome to browse without leaving any tracks on your system, press Ctrl-Shift-N to open a new browser window in Chrome's incognito mode. The sites you visit subsequently will not appear in your browser history nor will terms you search for stay in your search history. You won't pick up any new cookies, either.

You'll find plenty of add-ons in the Privacy & Security section of the Firefox Add-ons page that give Firefox a similar stealth mode. You can also choose Tools > Clear Private Data to wipe your tracks in Firefox, but this setting erases all your history in the various categories. Chrome's incognito mode lets you retain the history you want and delete the history you don't want.

Google Chrome incognito mode
Google's Chrome browser lets you surf without leaving tracks on your system via its incognito mode. Google

I've been spending a lot more time browsing with Chrome lately, and not just because of its incognito mode. Chrome seems faster to me than Firefox or Internet Explorer, and I'm getting used to Chrome's streamlined interface. Firefox remains my default browser, however. The one Firefox security add-on I won't browse without is InformAction's NoScript (donationware), which lets you block JavaScript, Flash, and other scripts on a site-by-site and source-by-source basis.

The best way to enhance your privacy while using Firefox is to set the browser to delete cookies each time you close the program. To do so, click Tools > Options > Privacy, select "Always clear my private data when I close Firefox," and click OK.

Mozilla Firefox Privacy settings
Check "Always clear my private data when I close Firefox" in the browser's Privacy settings to maintain your Web privacy. Mozilla Foundation

So what about Internet Explorer? IE 8 is said to be more secure than IE 7, which in turn was said to be more secure than IE 6. Two facts remain: Internet Explorer uses ActiveX, which in my opinion is inherently insecure; and IE 8's security options are way too complicated. What do those slider controls mean, really? (Press Alt, click Tools > Internet Options, and choose either the Security or Privacy tab to see what I mean.)

Bonus tip: Encrypt Gmail
I've been using Gmail as my primary e-mail service for several years, but it wasn't until a couple of months ago that I started encrypting my Gmail correspondences. (In fact, encryption wasn't available in Gmail until a couple of months ago.) To use encryption in Gmail, click Settings in the top-right corner of the main window, scroll to the bottom of the General tab, select "Always use https," and click Save Changes. Note that this setting prevents the iGoogle Gmail widget from working, but that's a small price to pay for the added security.

Web privacy resources
For more information on the privacy options in Google services, visit the Google Privacy Center. Along with an FAQ and overview, you'll find privacy videos and specific privacy options for YouTube, Orkut, Blogger, Docs, and other Google services.

The SANS Institute's Internet Storm Center offers a daily Internet threat level (green, the last time I checked) as well as information on the sources of recent Internet-based attacks and extensive links to other Internet security sources.

For a soup-to-nuts look at browser security, read the United States Computer Emergency Response Team's article Securing Your Web Browser. The information was last updated more than a year ago but remains relevant. Some of US-CERT's browser-setting recommendations are overkill for regular, everyday browsing, so take the advice with the proverbial grain of salt.