A quick guide to web browser security - why the web browser is important, how it can be exploited and what you can do to improve its security
If you think of your computer or mobile device as a house, then the web browser is its window onto the 'scenery' of the Internet - great for enjoying the view, but if left unsecured, someone outside could also use it to gain entry to your device.
Attackers typically target the web browser to either hijack or snoop on the web traffic from it, or exploit it to access the device itself, and the files saved on it.
Though the web browser was only originally intended to display text documents, it has since become the de facto tool or framework for interacting with videos, images, forms, games and all the other content the Internet has to offer.
While it is very handy for the user to have a single program handle so many different types of media and functions, it also makes the web browser more complex to secure, as it leaves many 'weak points' that attackers can leverage to their own advantage.
These are the most commonly targeted aspects of a web browser:
Fortunately, there are relatively simple actions you can take to harden or improve the security of your web browser and make it more difficult for attackers to break through it. Though these steps won't make the web browser 100% impenetrable, they do make it much harder for an attack to succeed.
The easiest action you can take to harden your browser is to keep it updated to the latest version. All major browser vendors regularly release updates that offer new functionalities or improvement to existing features. When it comes to security, the most desirable features include:
Some browsers also include an auto-update function, so that you are notified and prompted to update it whenever a new version is released.
If possible, only use the web browser from a limited user account that does not have administrator privileges.
By doing so, even if malware is able to get past the web browser and infect the machine, the account's restricted privileges means that the malware has less freedom to manipulate the system.
Most web browsers allow you to customize the security-related settings. Though the controls differ for each particular browser, a useful rule of thumb to follow is to set all the settings related to the following as high as possible:
Disable or uninstall any plugins that aren't regularly used. You can always re-enable or install them again when you need them later, and in the meantime their removal reduces potential points of failure.
You can also install plugins specifically designed to improve the browser's security. There are numerous options available for all browsers, and some that are recommended by security professionals include:
The actions above focus on tweaking the web browser itself to be as secure as possible. You can also take steps to harden the computer or mobile device, and protect the communications between your machine and others over the Internet. In this way, you can build a multi-layered defense to protect your device and data from misuse or attack. These steps include:
In some cases, users either choose not to update or modify their browsers, or are expressly not allowed to do so. Some reasons for not using a newer version or using weaker security settings include:
In such cases, there are still workarounds that you can pursue to improve their own security. These include:
The most important thing is to find a workaround that is easy to maintain and convenient for you, since that makes it much more likely that you will actively improve the security of your web browser.