You are here: Home / About UWinnipeg / Campus Services / Technology Solutions Centre / IT Security / Hardening Your Web Browser

Technology Solutions Centre - IT Security

Hardening Your Web Browser

Next to E-Mail, the web browser is the most widely used application on a computer these days. Unfortunately, It has also become one of the biggest threats to personal privacy.  Viruses, Spyware and malicious web sites make up only a few examples of threats to browser security. Other methods of compromising privacy are Cookies and complex scripting technology offered through Java applets, JavaScript and ActiveX protocols.

Cookies

Cookies are small text files that are sent to your system from web sites you visit. The contents and usage of these files vary, and can contain reference information such as dates and times you visited the site.  Other usages for cookies include holding customized settings you create when visiting web sites that are adjustable, such as web portals.

Cookies are sometimes used to track your browsing habits in an attempt to deliver web content that you might find appealing, such as banner ads. If you frequent a web site, a customized cookie could report all other sites you visited beforehand. The originating web site would then read the content from this cookie and then deliver relevant banner ads based your browsing habits.

Customize Cookie Settings - Internet Explorer
Customize Cookie Settings - Mozilla Firefox

Scripting Languages

Java, JavaScript and ActiveX controls are used to enhance one’s web experience. They provide automation, helper controls and functions for web-based programs, etc. What many don’t realize is that code written using these protocols is executable at the local system. This means that malicious scripts written in Java or ActiveX can be automatically downloaded and run on the local machine – many times without the user knowing it.

ActiveX is a Microsoft technology, designed to work with Microsoft products (Internet Explorer - IE). Since IE operates at system level with full administrative privileges, ActiveX has the capability to create, modify and delete local files and perform other actions that an administrator can. This threat makes hostile ActiveX controls extremely damaging, and is one method of how Spyware, Adware and or forms of malware get loaded on systems.

Java and JavaScript is less dangerous than ActiveX, but not totally immune to exploit. Java code launched on systems normally doesn’t have the access rights to the local system as ActiveX has. Versions of Java are freely downloadable (from Sun Microsystems) and will run independently from the browser software, reducing the threat even further.

Customize Scripting Settings - Internet Explorer
Customize Scripting Settings - Mozilla Firefox

Many websites will not function properly with scripting disabled.  The risks must be weighed accordingly when applying these changes.