Browser security continues to be an absolutely vital part of providing safety and privacy to end-users and their systems. Browser-based attacks are easily the most common threat on the Internet today. Attacks range from old-style traditional exploits like buffer-overflows to modern, sophisticated attacks like Active-X injection, drive-by downloads of malware and exploitation of cross-site scripting attacks and other web applications issues to steal user credentials or even install arbitrary code. Users want Web 2.0 features and often choose performance and user-friendly functionality over safety and privacy.
Here are a few tips for end-users to make their browsers as secure as possible.
1. Keep your browser up to date.
This is the easiest of all the steps. It is also the one that removes the easiest of exploits from the attacker’s arsenal. Keep your browser up to date. They are issued periodically by all the major browser programmers and often close a number of known security issues. Many of the browsers have built auto-update capabilities, so if your browser has this, make sure it is turned on. If you are a user of Internet Explorer, the updates are delivered as a part of the regular Windows Update process. This can be configured to automatically execute as well. Modify your current settings using the same Control Panel interface as the firewall configuration.
2. Harden your browser against common attacks.
This is a very powerful process as well. It will make you safer by an exponential amount. However, the side effect will be that some web sites may not work properly. Generally though, there is a fantastic guide to making these configuration changes here. It was created by CERT and walks users through browser hardening, step by step. Follow their instructions and you will get a much safer browsing experience.
3. Be aware of social engineering tactics.
Even if you do follow the other two steps, social engineering will still be a possibility. Attackers use social engineering to trick users into doing things that they should not do, like opening a file, divulging their passwords, etc. You should always remain aware of social engineering tactics and strategies. Many of them are covered in the definition page linked above. Another good place to keep current on emerging social engineering attacks he the SANS incident center. They routinely cover emerging threats against both corporate and end-user systems.
So, there you have it. Three tips, that once enacted and followed, will make browser security a much more attainable process.