Set Internet Explorer and Firefox to maximize your securityMarch 19, 2008 – 5:21 AM
Modern browsers are much better than their predecessors at keeping your Web activity private and your data safe. Still, you may not have your browser configured to provide optimum security. Take a few minutes to give Internet Explorer 7 and Firefox 2 a safety check.
Batten down IE7’s hatches
The version of IE7 for Vista adds the Protected Mode, which allows Web sites to access only the Temporary Internet Files folder on your PC. According to Microsoft, this feature is on by default for the Internet, Intranet, and Restricted zones, but disabled for the Trusted Sites and Local Machine zones. On my machine it was enabled for all zones. You’ll see “Protected Mode: On” in the status bar when it’s active, or click Tools > Internet Options > Security, and make sure “Enable Protected Mode (requires restarting Internet Explorer)” is checked at the bottom of each zone.
There have been some reports of Protected Mode causing problems, so if a particular page won’t load or run correctly, disabling this feature may solve the glitch, though I don’t recommend keeping Protected Mode off. The Web’s not getting any safer, and you need all the protection you can get.
Another great new feature in IE7–for XP and Vista alike–is the Phishing Filter. Why the filter is off by default I’ll never know. To activate it, click Tools > Phishing Filter > Turn On Automatic Website Checking > OK. Unfortunately, choosing Tools > Phishing Filter > Phishing Filter Settings merely opens the Advanced Internet Options dialog box, where you can scroll down to the Phishing Filter section under Security, only to find that your only two options are to disable the filter, and to “turn off automatic website checking.” But while you’re in the Advanced Options settings, make sure “Automatically check for Internet Explorer updates” is checked in the Browsing section. Click OK when you’re done.
Get into the habit of covering your browsing tracks on a regular basis. In IE7 you can wipe out your browser history, Temporary Internet Files, cookies, saved form data, and saved passwords at one time by clicking Tools > Delete Browsing History > Delete All. Or erase each category separately by clicking the appropriate button in the Delete Browsing History dialog box.
Stay safe while browsing with Firefox
Just because Mozilla’s open-source browser has a reputation for security doesn’t mean you can use it to visit any site on the Web without a care in the world. Last month I described NoScript, a free Firefox add-on (donationware, actually) that lets you decide which scripts can run on which Web pages on a case-by-case basis. If you use Firefox regularly and you haven’t added NoScript, download and install it, and in no time you’ll wonder how you ever browsed without it.
There’s another simple step you can take to improve Firefox’s security: Make sure you have the browser set to update automatically. The current version is 126.96.36.199; to check your copy’s version, click Help > About Mozilla Firefox, and look for the version number under the product’s name. To verify that the program updates automatically, click Tools > Options > Advanced > Updates, and make sure Firefox is checked under “Automatically check for updates to.” You may also want to check “Automatically download and install the update” under “When updates to Firefox are found.” I also check “Installed Add-ons” under the former, and “Warn me if this will disable any of my add-ons” under the latter.
Not long ago an attempt was made to spoof Firefox’s address bar to fool people into thinking they were on a site other than the one they were actually visiting when a link opened in a new window. The simplest way to avoid this is by setting Firefox to open links in a new tab rather than a new window: Click Tools > Options > Tabs, and make sure “A new tab” is selected under “New pages should be opened in.” You can also disable this feature by typing about:config in the address bar, pressing Enter, navigating to dom.disable_window_open_feature.location, and double-clicking it to change it to “true”.
Web sites often know the page you were on before you opened one of their pages. To block this referrer header, type about:config in the address bar, press Enter, navigate to network.http.sendRefererHeader, double-click it, and set the integer value to 0.