Top Guiding Principle to Protect Against Web Browser Attacks and Ensure Browser Security
As per survey results, statistics says that out of several web browsers, Microsoft Internet Explorer is by far the most popular browser if we take the usability of all times. The most used version is 7.0. Mozilla Firefox holds the second place overall and its most popular version is 3.0. The Google Chrome comes on third position. Google Chrome is gaining popularity and Microsoft Internet Explorer is somewhat decreasing.
One of the key factors to browser security is ensuring whether browser is up-to-date and has the latest security patches. Each browser vendor has devised its own update methodology; relying on their own infrastructure to deliver updates. Furthermore, vendors have their own processes and procedures for handling, tracking, fixing and ultimately disclosing vulnerability information. Many statistics can be collected and analyzed by examining data from the execution of these processes. However, these statistics can be misleading when used to compare the relative security posture of the software.
Without the appropriate security patches applied, web browsers are as vulnerable to attack or exploit as other software. A fully patched web browser can still be vulnerable to attack or exploit if the browser plug-ins are not updated.
It’s important to remember that plug-ins is not automatically updated when the browser is patched. Cyber attackers are constantly searching for and finding programming errors and other flaws in web browsers and associated plug-ins. These vulnerabilities can be exploited, giving cyber criminals access to—and sometimes control over—your computer system.
Browser-based attacks can also originate from websites due to poor security coding of web applications or vulnerabilities in the software that supports websites. Attackers have been successful in compromising large numbers of trusted websites to deliver malicious applications to unsuspecting visitors. Attackers are then able to add scripts to a compromised website so that the website’s appearance does not change. These scripts may “silently” redirect you to another website without you even knowing about it. This redirection to another website may cause malicious programs to be downloaded to your computer. These programs are often designed to allow remote control of your computer by the attacker and to capture personal and confidential information such as credit card numbers; banking information and other data used for identify theft.
What can you do to protect against web browser attacks?
Below are a number of key steps you can take. Your information technology department and security office may have these implemented in your organization’s environment, but we encourage you to also apply these steps to your home computers/devices. This is especially critical if employees access their work network from their home computer:
- Keep your browser(s) updated and patched, and set to auto update.
- Keep your operating system updated and patched.
- Use anti-virus and anti-spyware software and keep them updated.
- Install a firewall and keep it updated and patched.
- Keep your applications (programs) updated and patched, particularly if they work with your browser (such as multi-media programs and plug-ins used to enable running of videos, for example)
- Block pop-up windows, as this may help prevent malicious software from being downloaded to your computer. (Note that the process for blocking varies depending on the browser you are using. Please refer to the links below for specific details.)
- Consider disabling JavaScript, Java, and ActiveX controls when not being used. Activate these features when necessary.
