RSS

20 Things I Learned About Browsers And The Web [Thing 13]

MALWARE, PHISHING,AND SECURITY RISKS

or, if it quacks like a duck but isn’t a duck

When you use an ATM downtown, you probably glance over your shoulder to make sure nobody is lurking around to steal your PIN number (or your cash). In fact, you probably first check to make sure that you’re not using a fake ATM machine. When you browse the web and perform transactions online, two security risks to be aware of are malware and phishing. These attacks are perpetrated by individuals or organizations who hope to steal your personal information or hijack your computer.

What exactly are phishing and malware attacks?

Phishing takes place when someone masquerades as someone else, often with a fake website, to trick you into sharing personal information. (It’s called “phishing” because the bad guys throw out electronic bait and wait for someone to bite.) In a typical phishing scam, the attacker sends an email that looks like it’s from a bank or familiar web service you use. The subject line might say, “Please update your information at your bank!” The email contains phishing links that look like they go to your bank’s website, but really take you to an impostor website. There you’re asked to log in, and inadvertently reveal your bank account number, credit card numbers, passwords, or other sensitive information to the bad guys.

Malware, on the other hand, is malicious software installed on your machine, usually without your knowledge. You may be asked to download an anti-virus software that is actually a virus itself. Or you may visit a page that installs software on your computer without even asking. The software is really designed to steal credit card numbers or passwords from your computer, or in some cases, harm your computer. Once the malware is on your computer, it’s not only difficult to remove, but it’s also free to access all the data and files it finds, send that information elsewhere, and generally wreak havoc on your computer.

An up-to-date, modern web browser is the first line of defense against phishing and malware attacks. Most modern browsers, for instance, can help analyze web pages to look for signs of lurking malware, and alert you when they find it.

At the same time, an attacker may not always use sophisticated technical wizardry to hijack your computer, but could instead find clever ways to trick you into making a bad decision. In the next few articles, we’ll look at how you can make wiser decisions to protect yourself when you’re online — and how browsers and other web technologies can help.

Advertisements
 

20 Things I Learned About Browsers And The Web [Thing 12]

BROWSERS AND PRIVACY

or, giving you choices to protect your privacy in the browser

Security and privacy are closely related, but not identical.

Consider the security and privacy of your home: door locks and alarms help protect you from burglars, but curtains and blinds keep our home life private from passersby.

In the same way, browser security helps protect you from malware, phishing, and other online attacks, while privacy features help keep your browsing private on your computer.

Let’s look more closely at privacy. Here’s an analogy: Say you’re an avid runner who jogs a few miles every day. If you carry a GPS device to help you track your daily runs, you create a diary of running data on your device — a historical record of where you run, how far you run, your average speed, and the calories you burn.

As you browse the web, you generate a similar diary of browser data that is stored locally on your computer: a history of the sites you visit, the cookies sent to your browser, and any files you download. If you’ve asked your browser to remember your passwords or form data, that’s stored on your computer too.

Some of us may not realize that we can clear all this browser data from our computers at any time. It’s easy to do through a browser’s Options or Preferences menu. (The menu differs from browser to browser.) In fact, the latest versions of most modern browsers also offer a “private” or “incognito” mode. For example, in Chrome’s incognito mode, any web page that you view won’t appear in your browsing history. In addition, all new cookies are deleted after you close all the incognito windows that you’ve opened. This mode is especially handy if you share your computer with other people, or if you work on a public computer in your local library or cybercafe.

All these privacy features in the browser give you control over the browsing data locally on your computer or specific data that are sent by your browser to websites. Your browser’s privacy settings do not control other data that these websites may have about you, such as information you previously submitted on the website.

There are ways to limit some of the information that websites receive when you visit them. Many browsers let you control your privacy preferences on a site-by-site basis and make your own choices about specific data such as cookies, JavaScript, and plugins. For instance, you can set up rules to allow cookies only for a specified list of sites that you trust, and instruct the browser to block cookies for all other sites.

Example of privacy controls in the browser

There’s always a bit of tension between privacy and efficiency. Collecting real-world aggregate data and feedback from users can really help improve products and the user experience. The key is finding a good balance between the two while upholding strong privacy standards.

Here’s an example from the real world: browser cookies. On one hand, with cookies, a website you frequently visit is able to remember contents of your shopping cart, keep you logged in, and deliver a more useful, personalized experience based on your previous visits. On the other hand, allowing browser cookies means that the website is collecting and remembering information about these previous visits. If you wish, you can choose to block cookies at any time. So the next time you’re curious about fine-tuning your browser privacy settings, check out the privacy settings in your browser’s Options or Preferences menu.

 

20 Things I Learned About Browsers And The Web [Thing 11]

BROWSER COOKIES

or, thanks for the memories

Cookie seems like an unlikely name for a piece of technology, but cookies play a key role in providing functionality that Internet users may want from websites: a memory of visits, in the past or in progress.

cookie is a small piece of text sent to your browser by a website you visit. It contains information about your visit that you may want the site to remember, like your preferred language and other settings. The browser stores this data and pulls it out the next time you visit the site to make the next trip easier and more personalized. If you visit movie website and indicate that you’re most interested in comedies, for instance, the cookies sent by the website can remember this so you may see comedies displayed at the start of your next visit.

Online shopping carts also use cookies. As you browse for DVDs on that movie shopping site, for instance, you may notice that you can add them to your shopping cart with

Logging in. Your shopping cart doesn’t “forget” the DVDs, even as you hop around from page to page on the shopping site, because they’re preserved through browser cookies. Cookies can be used in online advertising as well, to remember your interests and show you related ads as you surf the web.

Some people prefer not to allow cookies, which is why most modern browsers give you the ability to manage cookies to suit your tastes. You can set up rules to manage cookies on a site-by-site basis, giving you greater control over your privacy. What this means is that you can choose which sites you trust and allow cookies only for those sites, blocking cookies from everyone else. Since there are many types of cookies — including “session-only cookies” that last only for a particular browsing session, or permanent cookies that last for multiple sessions — modern browsers

Typically give you fine-tuned controls so that you can specify your preferences for different types of cookies, such as accepting permanent cookies as session-only.

In the Google Chrome browser, you’ll notice a little something extra in the Options menus: a direct link to the Adobe Flash Player storage settings manager. This link makes it easy to control local data stored by Adobe Flash Player (otherwise commonly known as “Flash cookies“), which can contain information on Flash-based websites and applications that you visit. Just as you can manage your browser cookies, you should be able to easily control your Flash cookies settings as well.

 

20 Things I Learned About Browsers And The Web [Thing 10]

SYNCHRONIZING THE BROWSER

or, why it’s ok for a truck to crush your laptop, part II

So you’re living in “the cloud”: congratulations! You use web apps for email, music, and almost everything. You save critical documents, photos, and files online where you can reach them from any Internet-connected computer, anywhere in the world.

If an 18-wheel truck comes roaring down the road and crushes your laptop to bits, all is not lost. You just find another Internet-connected device and get back to working with all that vital information you so smartly saved online.

But wait: What about all the bookmarks, browser extensions, and browser preferences that you use daily? Did they get crunched into oblivion along with your laptop?

The answer used to be “yes.” You’d have to forage for your favorite extensions all over again and gather all the websites you had painstakingly bookmarked. But no more! Many of today’s browsers, such as Firefox and Chrome, have begun building in a feature known as synchronization (“sync” for short). Sync lets you save your browser settings online, in the cloud, so they aren’t lost even if your computer melts down.

Sync functionality also makes life simpler if you use multiple computers, say, a laptop at work and a family desktop at home. You don’t have to manually recreate bookmarks of your favorite websites or reconfigure the browser settings on every computer you own. Any changes you make to your sync-enabled browser on one computer will automatically appear in all other synced computers within seconds.

In Chrome, for example, sync saves all bookmarks, extensions, preferences and themes to your Google Account. Use any other Internet-connected computer, and all you need to do is fire up Chrome and log in to your Google Account through the browser’s sync feature.Voila! All your favorite browser settings are ready to use on the new machine.

Regardless of how many computers you need to juggle, as long as you have an Internet connection and a modern browser that’s synced to the cloud, you’re all set to go. Even if every one of them gets hit by the proverbial truck.

 

20 Things I Learned About Browsers And The Web [Thing 9]

BROWSER EXTENSIONS

or, superpowers for your browser

Browser extensions let you add new features to your browser — literallyextending your browser.

This means that you can customize your browser with the features that are most important to you. Think of extensions as ways of adding new superpowers to what the browser can already do.

These superpowers can be mighty or modest, depending on your needs. For example, you might install a currency converter extension that shows up as a new

Button next to your browser’s address bar. Click the button and it converts all the prices on your current web page into any currency you specify. That’s helpful if you’re an avid backpacker who does most of your travel planning and booking online. Extensions like these let you apply the same kind of functionality to every web page you visit.

Browser extensions can also act on their own, outside of web pages. An email notifier extension can live on your browser toolbar, quietly check for new messages in your email account and let you know when one arrives. In this case, the extension is always working in the background no matter what web page you’re looking at — and you don’t have to log in to your email in a separate window to see if you have new messages.

When browser extensions were first introduced, developers often had to build them in unusual programming languages or in heavy-duty mainstream languages like C++. This took a lot of work, time and expertise. Adding more code to the browser also added to security concerns, as it gave attackers more chances to exploit the browser. Because the code was sometimes arcane, extensions were notorious for causing browser crashes, too.

Today, most browsers let developers write extensions in the basic, friendly programming languages of the web: HTML, JavaScript and CSS. Those are the same languages used to build most modern web apps and web pages, so today’s extensions are much closer cousins to the web apps and pages they work with. They’re faster and easier to build, safer, and get better and better right along with the web standards they’re built upon.

To discover new extensions, check out your browser’s extensions gallery. You’ll see thousands of extensions that can help make browsing more efficient or just plain fun — from extensions that let you highlight and scribble notes on web pages while you’re doing research, to those that show nail-biting, play-by-play sports updates from your browser’s interface.

 

20 Things I Learned About Browsers And The Web [Thing 8]

PLUG-INS

or, pepperoni for your cheese pizza

In the early days of the World Wide Web, the first versions of HTML couldn’t deliver fancy content like videos. Text, images, and links were pretty much the limit.

Plug-ins were invented to work around the limitations of early HTML and deliver more interactive content. A plug-in is an additional piece of software that specializes in processing particular types of content. For example, users may download and install a plug-in like Adobe Flash Player to view a web page which contains a video or an interactive game.

How much does a plug-in interface with a browser? Curiously, hardly at all. The plug-in model is a lot like picture-in-a-picture on TV: the browser defines a distinct space on the web page for the plug-in, then steps aside. The plug-in is free to operate inside that space, independent of the browser.

This independence means that a particular plug-in can work across many different browsers. However, that ubiquity also makes plug-ins prime targets for browser security attacks. Your computer is even more vulnerable to security attacks if you’re running plug-ins that aren’t up to date, because out-of-date plug-ins don’t contain the latest security fixes.

The plug-in model we use today is largely the one inherited from the web’s early days. But the web community is now looking at new ways to modernize plug-ins — like clever ways to integrate plug-ins more seamlessly so that their content is searchable, linkable, and can interact with the rest of the web page. More importantly, some browser vendors and plug-in providers now collaborate to protect users from security risks. For example, the Google Chrome and Adobe Flash Player teams have worked together to integrate Flash Player into the browser. Chrome’s auto-update mechanism helps ensure that the Flash Player plug-in is never out-of-date and always receives the latest security fixes and patches.

 

20 Things I Learned About Browsers And The Web [Thing 7]

A BROWSER MADRIGAL

or, old vs. modern browsers

Crabbed old and modern browsers

Cannot live together:

The modern browser is faster, featureful, and more secure

The old browser is slow, and at worst, a dreadful danger

Malicious attacks it cannot endure.(with apologies to Shakespeare)

Most of us don’t realize how much an old and out-of-date web browser can negatively impact our online lives, particularly our online safety. You wouldn’t drive an old car with bald tires, bad brakes, and an unreliable engine for years on end. It’s a bad idea to take the same chances with the web browser that you use daily to navigate to every page and application on the web.

Upgrading to a modern browser — like the latest version of Mozilla Firefox, Apple Safari, Microsoft Internet Explorer, Opera, or Google Chrome — is important for three reasons:

First, old browsers are vulnerable to attacks, because they typically aren’t updated with the latest security fixes and features. Browser vulnerabilities can lead to stolen passwords, malicious software snuck secretly onto your computer, or worse. An up-to-date browser helps guard against security threats like phishing and malware.

Second, the web evolves quickly. Many of the latest features on today’s websites and web applications won’t work with old browsers. Only up-to-date browsers have the speed improvements that let you run web pages and applications quickly, along with support for modern web technologies such as HTML5, CSS3, and fast JavaScript.


Third and last, old browsers slow down innovation on the web. If lots of Internet users cling to old browsers, web developers are forced to design websites that work with both old and new technologies. Facing limited time and resources, they end up developing for the lowest common denominator — and not building the next generation of useful, groundbreaking web applications. (Imagine if today’s highway engineers were required to design high-speed freeways that would still be perfectly safe for a Model T.) That’s why outdated browsers are bad for users overall and bad for innovation on the web.

Not that anyone blames you personally for staying loyal to your aging browser. In some cases, you may be unable to upgrade your browser. If you find that you’re blocked from upgrading your browser on your corporate computer, have a chat with your IT administrator. If you can’t upgrade an old version of Internet Explorer, the Google Chrome Frame plug-in can give you the benefits of some modern web app functionality by bringing in Google Chrome’s capabilities into Internet Explorer.

Old, outdated browsers are bad for us as users, and they hold back innovation all over the web. So take a moment to make sure that you’ve upgraded to the latest version of your favorite modern browser.

The latest stable versions of the major modern browsers are Firefox 3.6, Safari 5, Google Chrome 7, Internet Explorer 8, and Opera 10.63. 

 
 
%d bloggers like this: