| In the present day, many people depend on the | | | | lets start of with Mozilla Firefox. Mozilla Firefox is an |
| Internet for just about everything. Whether it is | | | | open source software project; it offers customizable |
| shopping, looking for information or directions, social | | | | themes, personas, and add-ons. Since Firefox is |
| media, pay bills and more. Basically it is used for | | | | open source, it means that online security |
| everything, but what the basic user does not know | | | | researchers are always involved in fixing bugs and |
| is that the web browser that they might be using | | | | security. They mention on their website, that user |
| isn't secure. Many people buy a laptop, plug in the | | | | should keep their version of Firefox up to date. |
| power cord, connect to the Internet and they are on | | | | That they automatically will tell you when that update |
| there way browsing the World Wide Web. They | | | | is necessary, and they also suggests that users |
| don't make any security settings to their web | | | | update their plug-ins using their new tool that detects |
| browser, just using the default settings. What they | | | | outdated plug-ins. Firefox lets its users do private |
| don't know is that they are leaving their web | | | | browsing, which is really effective if you want to do |
| browser vulnerable for attacks and exploits. That's | | | | online banking using a shared/public computer. |
| were I come in, I am going to discuss the different | | | | Next, we will look at Google Chrome, which uses a |
| ways in which web browsing has become secure, the | | | | Webkit layout and application framework. It does |
| different ways exploits that are being used attack | | | | download updates for phishing and malware. It has |
| users. I will also talk about the different web | | | | multilevel security. Chrome also has a private |
| browsers and the various security features they | | | | browsing feature called, Incognito, in which, prevents |
| offer. Finally, I will give my opinion of which browser | | | | the browser from letting the website know you |
| I would recommend to my friends, family, and | | | | were there. Things like, preventing browser history, |
| peers. By the end of this article, readers should | | | | and cookies. |
| have an in-depth understanding of web browser | | | | Opera is a web browser, as well as an Internet |
| security and vulnerabilities/exploits. | | | | suite. It has a lot of features and can run on a |
| What is a Web Browser, and what makes it | | | | variety of platforms including, Windows, Mac OS X, |
| secure? According to itsecurity.com, a web browser | | | | Linux, FreeBSD, Solaris, and the iPhone. Opera |
| is "a software application that allows the user to | | | | security features include, encrypting data in either |
| view and interact with content on a webpage, such | | | | TLS or SSL 3, deleting private data, also checking the |
| as text, graphics or other materials." A web | | | | blacklist for phishing or malware. |
| browser makes access the Internet literally, one click | | | | Now it is time to look at the infamous Internet |
| of a button (maybe, a double click if you use | | | | Explorer. Most of us know by now that IE comes |
| windows). So, what makes web browsers | | | | installed on basically every PC now, and that it is the |
| secure? Is it the little lock you get on the top | | | | most used web browser on the market. Why do |
| corner of the address bar, or is it the green website | | | | so many people use IE? It has been know to have |
| certificate that appears? Does security patches and | | | | many problems with its past versions. So what |
| plug-ins really help secure a users web browser? In | | | | makes this new version better? Microsoft says that |
| most cases, security patches updates and security | | | | IE 8 has a new way to protect against phishing and |
| plug-ins can help secure your web browser, but it still | | | | malware, and their new Smart Screen Filter does |
| doesn't mean that you are out of the clear for | | | | that. It also implements Cross Site Script Filtering, |
| exploits and attacks. | | | | which detects malicious code on websites that may |
| Writers, Dübendorfer Frei and May M. Olimann | | | | be compromised. And, it also implements private |
| conducted a recent study, and they found that | | | | browsing. Since, IE is the most commonly used web |
| "approximately 45% of people surfing the Internet | | | | browser, it is common that their bugs and defects |
| were not utilizing the most secure version of their | | | | are detected quicker and easier by hackers, since it is |
| web browser". This is an astonishing number, | | | | used so much more. |
| when you think that half of the Internet users are | | | | Finally, we are going to review Safari. Apple |
| not using secure versions of their browsers and the | | | | developed Safari. It is said on the Apple website |
| number of hackers that are out there preying on | | | | that Safari has 150 features, and some of the |
| novice users. Users that don't know that a web | | | | security features are, phishing protection, safe |
| browser is like software and it to needs security | | | | downloads, parental controls, private browsing, |
| patches that are vulnerable to attack and exploits. | | | | pop-up blocking, secure encryption and |
| Although most web browser attacks are from | | | | standard-based authentication, just to name a few. |
| "not-trusted" websites, now attackers are exploiting | | | | Now after listing all of those features for those five |
| bad security coding, in which, they have had a great | | | | web browsers, I know your wondering that they all |
| deal of success in compromising some trusted | | | | sound like they listed the same thing. The fact of |
| websites. One of the various ways hackers do this | | | | the matter is that they did list very similar features, |
| is by, adding some scripts into the website's source | | | | but to me there is a clear-cut better browser. In |
| code. A script that does not change the | | | | one of my senior level classes we did a lab, which |
| appearance in anyway, shape or form. These | | | | consisted of four of these browsers in a typical |
| scripts can do various things including, a redirection to | | | | man-in-the-middle attack. And, when the attack |
| another website, tracking and storing cookies and | | | | was happening or not happening it was clear that |
| more. When a user gets redirected to another | | | | Firefox was correct each time. It gave security |
| website, they could be downloading dangerous | | | | warnings and described why it gave the warning, |
| programs/applications to their computer without | | | | allowed the user to be able to see the certificate and |
| knowing. According to itsecurity.vermont.gov | | | | wouldn't let you connect to the webpage unless you |
| threats/web_attacks, they noted that, "April 2008 | | | | click "yes, I understand the risk". |
| Panda Labs, a computer security and anti-virus | | | | So I hope that this article motivates web browser |
| publisher, announced that more than 280,000 web | | | | users, whether using a desktop, laptop, or |
| sites had been altered to redirect computers to | | | | Smartphone, to take one second and make sure that |
| malicious websites which would attack them in a | | | | you are browsing the Internet in a secure manner. |
| variety of different ways". Thus, making it really hard | | | | And, not just make sure that you changes some |
| for the average user (who is using IE that is not | | | | settings, sometimes it take a different type of |
| updated) to be able to be able to distinguish | | | | change, maybe even to a different web browser. |
| between a trusted and non-trusted website. And | | | | There are many hackers out there that are finding |
| hackers aren't just stopping there; they are getting | | | | new ways to exploits novice and intermediate users |
| better and more advance. They are beginning to | | | | using vulnerabilities in web browser. So make sure |
| more to new means of hacking like, smart phones, | | | | that your web browser are update, and your OS |
| not just the average desktop or laptop. Some | | | | Work Cited |
| other ways hackers are exploiting certain web | | | | Frei, S., Dübendorfer T., Ollmann G, May M., |
| browsers are insider attacks, bots, spyware, and | | | | "Understanding the Web browser threat: Examination |
| web applications exploits. | | | | of vulnerable online Web browser populations and the |
| So know I bet you are wondering what do you have | | | | ‘insecurity iceberg' " |
| to do to secure your web browser. Well first, | | | | "Chrome - Learn about Chrome." Google. Web. 19 |
| maybe make the switch from Internet Explorer to | | | | Apr. 2010. . |
| any other browser, except Netscape. Just that | | | | "Firefox Browser | The Safest Web Browser | Free |
| step alone could help out with your web browser | | | | Download." Mozilla | Firefox Web Browser & |
| security. But if you don't want to make to switch | | | | Thunderbird Email Client. Web. 19 Apr. 2010. . |
| or if you have one of the other web browsers, you | | | | Greene, Tim By. "Hackers Increasingly Target |
| could always keep your browser updated by using | | | | Browsers - PCWorld Business Center." Reviews and |
| the latest patches and plug-ins. And not only by | | | | News on Tech Products, Software and Downloads - |
| keeping your web browser updated, you have to | | | | PCWorld. Web. 19 Apr. 2010. . |
| keep your operating system updated with the latest | | | | "SANS: Top Ten Cyber Security Menaces for 2008." |
| updates. Your antivirus software should always be | | | | SANS: Computer Security Training, Network Security |
| updated, and applications like MS Office, iTunes, and | | | | Research, InfoSec Resources. 9 Jan. 2008. Web. 19 |
| others should also be frequently updated with the | | | | Apr. 2010. . |
| latest version. Make sure that you have a firewall | | | | "Storm Worm Is Basis for Most Cyber Attacks, Says |
| installed. A firewall that is installed in between your | | | | IBM - 14/02/2008 - Computer Weekly." | Information |
| CPU and the Internet can help with limiting attacks | | | | Technology News & UK IT Jobs. Web. 19 Apr. |
| and traffic that comes in and out of your network. | | | | 2010. . |
| Also, you would need to edit your browser's security | | | | "Web Browser Attacks | Information Security." |
| settings. This can be one of the easiest things to | | | | Welcome to IT Security | Information Security. Web. |
| do; you could disable Java, JavaScript, and some | | | | 19 Apr. 2010. . |
| ActiveX controls. Also, edit your privacy, pop-up | | | | "Opera Web Browser | Faster & Safer | |
| blocker and content settings. All of these steps and | | | | Download the New Internet Browsers Free." Opera |
| changes that I stated above could help you secure | | | | Browser | Faster & Safer Internet | Free |
| your web browser and your overall secure | | | | Download. Web. 19 Apr. 2010. . |
| experience on the Internet. | | | | "Security in Internet Explorer 8 | Safe Web Browsing | |
| Now it is time to evaluate some of the web | | | | Windows IE 8." Microsoft Corporation. Web. 19 Apr. |
| browsers. I am going to evaluate 5 web browsers | | | | 2010. . |
| (Firefox, Google Chrome, Opera, Internet Explorer, | | | | "Safari - 150 Features - Learn about the Features |
| and Safari), in which, I am going to go over some | | | | Available in the World's Fastest and Most Innovative |
| background information and some of the security | | | | Web Browser." Apple. Web. 19 Apr. 2010. . |
| features that each browser can implement. First, | | | | |