Securing Browsers

Web browsers are installed on almost every computer today (and oftentimes, many computers have more than one browser). Examples of web browsers include Apple’s Safari, Microsoft Edge, Google Chrome, and Mozilla Firefox.

Because web browsers are used often and because they are on almost every computer, they are often the target of cyberattack. Web browsers usually are not configured to be secure by default, and this may especially be the case if the computer in question is not managed by your workplace’s IT department. 

One recent, real-world example is that of Cisco WebEx. Cisco WebEx is a virtual meeting platform where users can gather in a virtual space to hold conferences, training sessions, online events and even virtual support group sessions. Cisco WebEx is used in many businesses and even in some departments at Ohio State.

In January 2017, Cisco discovered that the browser plugins had a vulnerability that allowed arbitrary code to be run from the browser (a pretty severe problem). The means attackers could take command of the computer, perhaps the worst case scenario. This particular vulnerability has since been patched, but is an example of how the more complex a system becomes, the more vulnerable that system is.

Update, update, update!

Always be sure to keep browsers updated (turn on auto-update if it's avaliable). As versions get older, the chance of vulnerabilities being exploited increases. Also, plugins, encryption protocols and other components may not work with older browsers and will cause the program to instead revert to an older, less secure component.

Safe browsing habits.  

Mobile code is code that is designed to run in your browser. Examples of mobile code include Java, JavaScript, and ActiveX. Therefore, it is a good idea to disable these in your web browser to prevent the possibility of running harmful code.

Just like a safe car could be operated by an unsafe driver, a web browser can only do so much to protect users from themselves! Here are some tips:

  • Don’t follow links in webpages, email messages, and documents without knowing what they link to.
  • Don’t fill in interactive forms from a web page that you don’t know or trust

Manage your plugins/extensions/add-ons.

Third party developers may offer additional functionality and convenience through their add-ons/plugins/extensions, or programs that are built upon the browser itself. The danger of using something developed by a third party is that even if the browser is secured, the application from the third party may not be secured. Also, there have been numerous instances of third-party developers having their apps hijacked on the marketplace (their credentials were stolen). A general principle of information security is to follow the rule of least possible permissions: users and applications should have only those permissions and access that allows them to do their job, and nothing more. Following this principle, it may be a good idea to disable and remove those plug-ins, extensions, and add-ons that you don’t use or are not necessary.