1. Is Anything Safe?
Technology news today bombards readers with dire warnings about the dangerous, unsafe condition of the Internet, reporting on botnets, identity theft, malware, viruses, trojans and rootkits, just to name a few. Advice ranges from overly simplistic (You be careful out there) to simply wrong (If you use this product, you'll never have a problem) to hopelessly technical (Go in and edit these Registry keys, then run a command line utility, and then…). Most users I speak with either ignore the news or load a favorite browser and ignore the news.
I was inspired to write this article after reading a post to a software security thread that said the poster had switched browsers every two weeks due to announcements in the press that the browser he was currently using had a "fatal flaw" and had now had run out of browsers to use. He was assured by numerous commentors that if he would just use [browser name], everything would be fine, but it struck me that everyone was missing the forest for the trees:
Security is not supplied by the browser. The browser is part of your overall security strategy.
My day job is working for an IT services firm that provides (among other things) security and security consulting to state and local governments in the Western US. One of my responsibilities is to figure out how to keep 35,000+ desktops safe for browsing. My husband is the program manager for a company that develops security products for servers. As a result, I've learned a lot about browsers, operating systems, security software, and various technologies used on the Internet. I've also had to learn a lot about avenues of attack, types of malicious exploits, and how to make your machine an unappealing target.
The purpose of this article is to give HASA visitors some solid information and reasonable steps to take to stay safe while browsing. From visitation statistics for the last year, the most common OS/Browser combination with HASA readers is Windows/IE, quickly followed by Windows/Firefox. The two combinations account for 76%+ of all HASA visitors. Windows users running IE or Firefox will be the focus of this article.
This focus is not meant to slight the other browser and OS combinations used by HASA visitors. There are excellent reasons to prefer OSX or Linux as your operating system, or to prefer one browser over another. This article speaks to HASA visitors about what they are currently using and gives them the knowledge to take proactive steps to secure their systems. The goal is to make your browsing experience secure regardless of your software preferences. No matter what you use while you are browsing, the information in this article will help you increase your online safety. Unless there is a documented security reason, I will not advise you to change to a different product, though I encourage readers to upgrade to more recent versions of their existing products if they are available.
The first four chapters of this article talk about how your computer gets attacked:
The next four chapters discuss system security starting with your operating system, going through system updates, and ending with user management:
- Operating Systems
- OS and Program Updates
- Firewall/Security Software
- Administrators, Standard Users and UAC
There are two chapters addressing PDFs and Flash, which are the two biggest sources of malware delivery on the Internet:
The next four chapters, the bulk of the article, look at the two most popular browsers, Internet Explorer and Firefox, and go step-by-step through how to tighten their security. It ends by explaining how to use your newly secured browser:
The article ends with a list of what steps to take in which order to get the greatest security on your machines, starting with updating your browser version all the way to upgrading your machine to the newest operating system.
I encourage HASA readers to read the entire article first to get a feel for how all the security parts fit together, then walk through the final section "What Do You Do First?" and perform each security step in order and based on what you are able to change on your own system.
This is a work of fan fiction, written because the author has an abiding love for the works of J R R Tolkien. The characters, settings, places, and languages used in this work are the property of the Tolkien Estate, Tolkien Enterprises, and possibly New Line Cinema, except for certain original characters who belong to the author of the said work. The author will not receive any money or other remuneration for presenting the work on this archive site. The work is the intellectual property of the author, is available solely for the enjoyment of Henneth Annûn Story Archive readers, and may not be copied or redistributed by any means without the explicit written consent of the author.