How to browse the web safely in 2010 and hopefully a few more years yet
Browsing is now so commonplace that it represents an 'always open' door
to intruders and in many cases, simply VISITING a 'bad' SITE can CAUSE an
INFECTION! That is why so many spam e-mails simply have a tempting link inside them!
To reduce these threats there are many, many opinions and options but
one approach which will defeat many of the attacks can be used with any
of the protective technologies and make the consequences significantly
Using two browsers may sound tricky and complex but the underlying value
of not sharing ANY information between your most important group of sites
and any other that you might happen to visit is so worthwhile it not simply
justifies the effort - it helps surfers to make conscious decisions about
many other aspects of security which will also be of benefit to them.
Many technical people will be saying 'this is old news' because they
switched to using Firefox (or Opera, Chrome etc..) several years ago.
The difference about this approach is that you actually use Microsoft's
Internet Explorer (MS IE) for YOUR MOST VALUABLE SITES which will be
controversial given the bad press that MS IE has had over the past decade.
|In the bottom right of an IE7 window the above
shows the default Zone of 'Internet' while
visiting an 'unknown', unclassified site
This designation and associated privileges are
importantly under YOUR control, the image
below shows a site that HAS BEEN Trusted.
Turning the tables on malware-ridden sites by *exploiting* MS Internet Explorer
The 'trick' is to exploit the one crucially beneficial feature of MS IE that
has never been adequately promoted - the ability to designate web sites
to ZONES that have very, very different security characteristics.
Most importantly it is possible to set the default security for any NEW web
site to be very restrictive and therefore ONLY your trusted sites can have
the use of the rich plethora of facilities within MS IE.
Needless to say - Microsoft has never dared to change most of those
defaults because it 'breaks' web sites - i.e. they don't work or display
properly if they are deprived of these privileges.
Doing this it turns MS IE from a potential death-threat into a safe
environment BUT ONLY to interact with those sites that you trust both their
integrity and their competence. Obviously that means that you categorically
would not add any 'social networking' site or any similar type of site
to those that you trust in MS IE.
The image to the right
is usually anchored to
the right of that above
|The above shows the 'https' with a green background
while visiting a site which has what is called 'Extended Validation'
which is better regulated than ordinary security certificates
At the very, very least you would only allow sites that can demonstrate
their authenticity and commitment to integrity by having a 'green certificate'
(see images to right)
telling you that your interactions with their site are secure.
The use of an alternative browser for all other web browsing is now
mainstream - the EU recently forced MS to prompt users to make such a
choice. Firefox is now a de-facto second browser that all web developers
have to support on any new web development but Google's Chrome and a
browser called Opera are credible alternatives, see
browser share for their demographics.
How easy is it to use and maintain this dual-browser approach
As you would expect - this appraoch has been evaluated and used 'in anger'
by our staff and a small number of our customers for more than a year with
plenty of feedback in the early days of usage.
The most important aspects of this to implement are:
- Set-up of the zones - this can be as simple as one change to a setting
in 'Internet Options' in your Control Panel - make the Security Setting of
the 'Internet Zone' to be 'High' - the same as 'Restricted Sites' if you want
to check what you are doing matches MS options
- The other is making it easy to Add a site to an IE Zone because although there
is likely to be less than a dozen sites that are in any way 'trusted'
adding them isn't as easy as it should be
Additional benefits of the dual-browser approach
All browsers have an option (somewhere under Tools) to check that 'they'
are the facility you wish to use when browsing the web.
By choosing the NON-MSIE browser to be the (default) one it then means
that if you click on a link in an e-mail or almost anywhere other than
within MSIE you will find that your alternative (e.g. Firefox, Chrome
or Opera) is used to launch the site.
This in itself is an improvement to your security in that those links can
often be 'forged' to make them appear benign whereas the actually can lead
to very dangerous sites which can infect your PC as soon as you arrive
Further reading and thoughts for the advanced user
What about sites that ask for credit card or other payment details
Many sites ask for these details and it would be WRONG to trust
them in the context of the above proposal because 80% of them are
likely to be untrustworthy from a technical perspective and even if that
was 20% - all it takes is ONE bad apple. Retailers tend to have very
'Lean and Mean' I.T. departments whereas banks can't afford to take that risk.
Just in case the reader didn't notice the problem - from memory it was
10 million customer account details stolen from TK-Max that set the record
a year or two ago.
The solution to the online payment issue is to limit your losses and
have them 'insured' at the same time - have a separate credit card which
is only used on-line and have the credit limit set to the lowest amount
that makes it viable for you.
Make sure that the card you choose for the purpose has a good 'promise'
on refunding any debits that arise from on-line fraud.
Making use of the Status Bar in IE to show the Zone
When the status bar is enabled (under View) the images above (on the left)
showing the Zone are visible. One key benefit of naming the domains that you
trust is that it is a relatively exact match and if someone has tried to trick
you with a mispelt word then the web site will show up as 'Internet' - i.e. Unknown!
Obviously if this happens then GO NO FURTHER as it is probably a
'bad' site attempting to get you to compromise your PC.
Use of the trusted Zone and/or the LAN (Local Area Network) Zone
To keep the above simple the author has not highlighted the fact that there are
TWO zones which can be used to give privilege to designated sites.
This is because the case is becoming more and more compelling to use dual browsers
as a barrier to all sorts of attacks, even if only crudely exploiting cross-site
scripting (Google "XSS exploit") which might simply steal your login details for
other sites - see below.
This means that use of the intermediate (LAN) zone for 'semi-serious' web sites
should not be tolerated because they could compromise one of those that you REALLY
want to remain secure such as on-line banking, investments etc..
Launching browsers with limited user privilege to avoid infections
This part of the guide is of great relevance to XP users but with the advent of Windows
Seven it is less of a problem.
When our company is asked to secure a Windows XP PC then there are two approaches
to be taken - the ultimate is to provide the user with a 'limited user' account
which they use for day to day work, obviously including browsing.
This is how Microsoft intended XP to be used - but in the early days - too many
hardware and software vendors did not make the changes needed for this to be
viable - Wireless 'dongles' were a classic example.
After almost a decade Windows XP can usually be made to work adequately for most
day to day work even as a LIMITED USER - this is the most secure approach.
When the user wishes to retain greater control over the system and doesn't want
want to log in and out to switch accounts to do so then we have a small extension
to Windows XP which launches a variety of programs with reduced privilege -
MS IE, Firefox, Outlook Express, Messenger, Thunderbird, NetMeeting and several
more. This is intended to stop basic web-based intrusions from making changes
to your Windows XP system. As a simple example if you accidentally launched a
program from your web browser that was trying to install software or makes
changes to the registry itself then it would normally be blocked.
This latter approach is not as robust as the 'pure' Microsoft Windows XP approach
but has certainly stopped many such cases even if most of them WERE legitimate
it has stopped several that were not.
With Windows Vista - User Access Control (UAC) allowed the switch between
'Limited User' and 'Administrator' via a pop-up which should not be onerous
and therefore should be adhered-to and thought given whenever the pop-up arises.
Microsoft are keen to point out that Windows 7 is even more secure and much
less onerous - we may need to wait until 2011 before we can judge how that has
turned into reality or not...