How to improve security in Firefox, Chrome, and IE
Malware is most likely to reach your computer via your browser, according to the most recent Microsoft Security Intelligence Report. Credit: Microsoft Security Intelligence Report, Vol. 14
Like their counterparts in the real world, computer criminals are always looking for vulnerabilities they can exploit. Instead of an open window or unattended wallet, malware purveyors watch for holes in software that allow them to install their spying and stealing payloads onto the computers of unsuspecting users.
Otherwise-trustworthy sites can sometimes host malware that infects your machine simply by opening a Web page. That's why the most effective way to prevent a malware infection is to use a real-time anti-malware scanner, such as Microsoft's free Windows Defender. The program is available for Windows XP, 2003, and Vista. It is built into Windows 7 and Windows 8 and RT.
You can also protect your privacy by disabling third-party cookies and deleting your history when you exit. Unfortunately, there remains no reliable way to prevent sites and advertisers from collecting information about your Web activities, which renders your browser's do-not-track option useless.
Allow scripting on a site-by-site basis in Firefox and Chrome
In a post from October 2012 I described how to disable Java in IE, Firefox, Chrome, and Safari. The instructions in that article for IE 9 apply to version 10 of Microsoft's browser, although IE 10 doesn't include Java by default; you have to visit java.com to download and install the add-on. In fact, the latest versions of Firefox and Chrome also lack Java in their default configurations.
After you install NoScript and restart Firefox, the program's icon appears in the bottom-right corner of the browser window. When you visit a site for the first time, a text box is displayed at the bottom of the screen indicating that scripts are forbidden.
The NoScript extension for Firefox blocks a page's scripts from running until you grant permission.
Click the Options button on the right side of the text box to allow some or all scripts on the page, and to view blocked sites.
NoScript lets you decide which scripts to run on each page you open in Firefox.
When you first start using NoScript, the process of allowing trustworthy sites to run scripts can be tedious. After a couple of days, the interruptions dwindle. You also soon realize you can get what you need from many sites without having to enable scripting.
Allow scripts on a page-by-page basis by clicking the scroll icon on the right side of Chrome's address bar.
The free NotScripts Chrome extension allows you to select which scripts to allow and which to block on each page you visit, although the program doesn't offer the range of scripting controls available in NoScript. The Optimal Cycling site explains the add-on's limitations compared to NoScript. In a nutshell, Firefox and Chrome use fundamentally different designs, and Google may not be as forthcoming or cooperative as Mozilla.
Once the password is entered, a pyramid icon appears on the right side of Chrome's address bar. Click it to view a list of the scripts the extension has blocked and allowed on the current page. You can block or allow individual scripts or all on the page permanently or temporarily.
The NotScripts extension for Google Chrome lists the scripts that have been blocked and allowed on the current page.
Once some or all scripts on the page have been allowed, a green box appears on the pyramid icon. You can also access the extension's options and the vendor's home page from the drop-down menu. (Note that the Optimal Computing site opened very slowly when I tested NotScripts. As with most free programs, don't expect much support from the developer.)
Disable third-party cookies and delete history on exit
By default, Firefox, Chrome, and Internet Explorer allow third-party cookies to be saved on your computer and also save your browser's history. Both settings are potential threats to your privacy. Fortunately, changing these settings in the three browsers takes less than a minute.
To do so in Firefox, click Tools > Options > Privacy and choose "Use custom settings for history" in the drop-down menu under History. In the options that appear, uncheck "Accept third-party cookies" and check "Clear history when Firefox closes."
Change Firefox's privacy settings to block third-party cookies and clear history when the program closes.
To put a finer point on your privacy settings, click the Settings button and make your choices.
Firefox's settings for clearing history allow you to decide the information you want the browser to retain and to delete.
To block third-party cookies and delete history on exit in Chrome, click the options icon in the top-right corner of the browser window, choose Settings, select "Show advanced settings" at the bottom of the screen, click "Content settings," choose "Keep local data until I quit my browser," and check "Block third-party cookies and site data."
Chrome's content settings include options for deleting local data when you quit the browser and for blocking third-party cookies.
To clear Chrome's browsing data right away, click the options icon and choose Tools > Clear browsing data (or press Ctrl-Shift-Del). Make your selections and click the "Clear browsing data button."
Chrome's "Clear browsing data" options let you decide the type of data to delete and how far back the deletions should extend.
Set Internet Explorer to delete your history each time you close the browser by clicking the gear icon in the top-right corner of the browser and choosing Internet Options. On the General tab, check "Delete browsing history on exit." This setting affects temporary files, history, cookies, saved passwords, and the data you enter in Web forms.
Block third-party cookies by choosing the Privacy tab in the Internet Options dialog. Click the Advanced button under Settings, check "Override automatic cookie handling," select Block under Third-party Cookies, and click OK twice.
Internet Explorer's option to block third-party cookies is accessed via the Advanced Privacy Settings dialog.
Can you trust your browser's "do not track" setting?
All three browsers now include the option to send a message to sites indicating that you don't want them to track you. Unfortunately, there's no assurance the sites receiving this information will honor your request. I will gladly sidestep the debate raging between privacy advocates, online advertisers, and browser developers. Lee Matthews examines the current state of browser do-not-track settings in an article on Geek.com.
Until a trustworthy do-not-track option is available, I'll stick with blocking third-party cookies and deleting my browser history each time the program closes. If you'd rather send the sites you visit a "please don't track me" message, follow these steps:
In Firefox, click Tools > Options > Privacy. Under Tracking, select "Tell sites that I do not want to be tracked."
In Chrome, click the options icon in the top-right corner of the browser window, choose Settings, and select "Show advanced settings." Under Privacy, click "Send a 'Do Not Track' request with your browsing traffic."
In Internet Explorer 10, the do-not-track option is on by default in Windows 7 and 8. Unfortunately, the setting is being ignored, as Dante D'Orazio reported last October on The Verge.
To access IE's do-not-track option, click the gear icon in the top-right corner of the browser window, select Internet Options > Advanced, and scroll to the Security section. There you will find the option to "Always send Do Not Track header" checked by default. To enable IE's tracking protection, click the gear icon, choose Safety > Tracking Protection, and select Enable. Note that you'll also have to choose a tracking-protection list or create one yourself.
Last week Susan Fulton examined the lack of progress toward a single do-not-track standard in an article on the American Civil Liberties Union site. Since there's no guarantee any browser's do-not-track setting will prevent sites from tracking you, there's currently no point in enabling the feature.