Browser Security
There is a good bit you can do to tighten the security of your browser
by setting various Preferences. Here are my recommended Preference settings
for several browsers:
Firefox is the latest browser from the Mozilla Organization. It's ready to use "out of the box" but it also is very extendable - see Tools > Add-ons > Get Add-ons > Search to download various applets.
Here are some key Options for Firefox:
Open the Options dialog by clicking the Tools and Options menu items.
Then set the following [X means check, _ means do not check; Red=Security, Green=Goodie]:
- Privacy
Download Manager History
Remove Files: When Firefox exits (If you don't set this, your downloads will take longer and longer)
Cookies
X for the originating web site only
- Web Features
X Block Popup Windows
_ Enable Java
X Enable Javascript
You should also read and follow the advice given at Configure Firefox's settings to strengthen security; I differ with this article only about whether or not Java is safe to enable.
Netscape is now obsolete. Do yourself a favor
and upgrade to Mozilla or Firefox.
Mozilla version 1.7 and Firefox 1.0 seem very stable.
If you decide to stick with Netscape, the
settings for Mozilla mostly apply to NS 6.x and 7.x.
Whatever version of Netscape you use, you must turn off Java and Javascript
in Mail & News; and for NS 6x and 7.x turn off Plug-ins for Mail & News.
Mozilla is the
Open Source
browser upon which Netscape is based. But it is more user friendly than the
commercial AOL oriented Netscape. You can install a spell checker for version 1.2+ from
http://www.mozillazine.org/talkback.html?article=2677.
Here are some key Preferences for Mozilla:
Open the Preference dialog box by clicking the Edit and Preferences menu items.
Then set the following [X means check, _ means do not check; Red=Security, Green=Goodie]:
- Appearance
Text Only [more vertical real estate!]
- Navigator
- Internet Search
Search using Google
- Tabbed Browsing
X Hide the tab bar when only one tab is open
_ Load links in the background [you might want this on if you have a fast connection]
_ Middle or Control Click Open Tabs [interferes with PopupStopper]
X Control+Enter in the Location Bar
- Downloads
X Open a progress dialog
- Mail & Newsgroups
_ When Mail launches, show the start page
- Privacy & Security
- Cookies
- X Enable cookies for the originating web site only
- X Disable cookies in Mail & Newsgroups (if this choice is available)
- Popup Windows
- X Block unrequested popup windows
- X Play a sound
- X Display an icon
- Advanced
_ Enable Java
- Scripts & Plugins
X Enable Javascript for Navigator
_ Enable Javascript for Mail & Newsgroups
_ Move or resize windows
_ Raise or lower windows
_ Hide status bar
_ Change status bar text
_ Change images
_ Disable or replace context menus
_ Enable Plug-ins for Mail & Newsgroups
- Software Installation
X Enable software installation [needed to install spell checker]
X Check for updates
There are a number of additional preferences in the Edit > Preferences dialog box.
You can also edit your prefs.js file to change additional preferences.
This information is current for IE 6.x - other version are quite similar, but
the names of the settings may be different.
You are going to need to create custom levels for the 3 of the 4 Security
Zones. To start, click the Tools and Internet Options menu items to bring
up the Preferences dialog box. Click the Security tab. You will see 4 icons
near the top of the dialog box.
- Click the
icon, click Custom Level, and make
your setting look like this.
You might have already done this step when
restricting scripting in MS Outlook Express.
This disables Java, Javascript and Active-X for sites that you add to the
Restricted Zone. Click the Sites button and add URLs from sites that have
lots of popups, are non-commercial, that you visit but don't really trust, etc.
Examples:
http://*.doubleclick.net
http://www.fortunecity.com
- To be really safe, don't run Active-X without being prompted.
Click the
icon, click Custom Level, and
make your setting look like this.
- If you follow step #2 above, there are some sites where you will have to allow Active-X, and if you
don't, the prompting will drive you crazy and they still might not work.
Click the
icon, click the Custom Level,
and change the following:
- Disable "Download unsigned Active-X controls"
- Disable "Initialize and script Active-X controls not marked as safe
- High Safety "Java Permissions"
- Prompt "Display mixed content"
- High Safety "Software channel permissions"
Click the OK button.
Click the Sites button and un-check the checkbox at the bottom of the Sites
dialog box that requires https: for all sites in this zone.
Now enter the sites your trust (or are forced to trust).
Examples:
http://*.microsoft.com
http://*.etrade.com
http://*.cnn.com
http://www.howstuffworks.com
http://*.intellicast.com
http://*.mcafee.com
http://login.yahoo.com
http://mail.yahoo.com
This list may become quite long - but you will be more secure as you surf
the wild, wild web.
- While you have the Preferences dialog open, you might want to change your
Advanced options as well. Here's how I have
mine set currently.
Back to Leigh's Security Page
Permalink http://leighb.com/browsecu.htm [] Hosted by
Leigh Brasington
/ 
/ Revised 19 Oct 12
Firefox
Netscape
Mozilla
Microsoft Internet Explorer