Department of Software
The University of Babylon
LECTURE NOTES ON Browser Protection
By
Dr. Samaher Hussein Ali
College of Information Technology, University of Babylon, Iraq
Samaher@inet.uobabylon.edu.iq
21 December 2013
Def. of Browser
A web browser (commonly referred to as a browser) is a software application for
retrieving, presenting and traversing information resources on the World Wide
Web. An information resource is identified by a Uniform Resource Identifier
(URI/URL) and may be a web page, image, video or other piece of content.
Hyperlinks present in resources enable users easily to navigate their browsers to
related resources.
• Note 1:
The major web browsers are:
Google Chrome, Opera , Internet Explorer, Mozilla Firefox, and Safari.
21 December 2013
Dr. Samaher Hussein Ali
Notes of Lecture 14
Def. of Browser & Browser security
 Another Def. of Browser: A software program that allows a person to explore
the Internet in an easy to use way. Navigating the Internet through a series of
links the user is able to browse the Internet.
 Browser security is the application of Internet security to web browsers in
order to protect networked data and computer systems from breaches of
privacy or malware.
Q: How can we Protection of the browser from intruding without deleting the
history?
There are several ways in which we can make that your browser user security for our
personal information on whether there was more than one person using the same
computer through
 First: Hush adds protected bookmarks to Chrome’s incognito :mode
 Second: Private Browsing
 Third: Proxy Servers for Private Browsing
21 December 2013
Dr. Samaher Hussein Ali
Notes of Lecture 14
How can protect my Browser?
Protect browser from others who tracking the history is so important will be either by the following :
1.
using the private browser which don’t save any history of your browser sits , many browsers
supports this feature like chrome browser and Mozilla browser ,to active private Mozilla browser
will be by the following Steps:
Type “about;config” on Address bar
careful. I promise!” ,
2.
then warning window will appear then click on “I’ll be
then type “ Browser.private ”
make it True.
you can protect your Chrome Browser by create multi user window and each window have
username and password .
By the following:
•
Go to setting
21 December 2013
add new user
type the name and give password for each user.
Dr. Samaher Hussein Ali
Notes of Lecture 14
How to Secure Your Web Browser From Type Internet Explore
Microsoft Internet Explorer (IE) is a web browser integrated into the Microsoft Windows
operating
system.
Removal
of
this
application
is
not
practical.
In addition to supporting Java, scripting and other forms of active content, Internet
Explorer implements ActiveX technology. While any application is potentially vulnerable to
attack, it is possible to mitigate a number of serious vulnerabilities by using a web browser
that does not support ActiveX controls. However, using an alternate browser may affect
the functionality of some sites that require the use of ActiveX controls.
Note1:
that using a different web browser will not remove IE, or other Windows components
from the system. Other software, such as email clients, may use IE, the Web Browser
ActiveX control (Web OC), or the IE HTML rendering engine (MSHTML). Results from the
CERT/CC
ActiveX
workshop
in
2000
are
available
at
http://www.cert.org/reports/activeX_report.pdf. Here are steps to disable various
features in Internet Explorer 7. Note that menu options may vary between versions of IE,
so you should adapt the steps below as appropriate.
21 December 2013
Dr. Samaher Hussein Ali
Notes of Lecture 14
How to Secure Your Web Browser From Type Internet Explore
 In order to change settings for Internet Explorer, select Tools then Internet Options…
 Select the Security tab. On this tab you will find a section at the top that lists the various security zones
that Internet Explorer uses. More information about Internet Explorer security zones is available in the
Microsoft document Setting Up Security Zones. By selecting the High security setting, several features
including ActiveX, Active scripting, and Java will be disabled. With these features disabled, the browser
will be more secure. Click the Default Level button and then drag the slider control up to High.
21 December 2013
Dr. Samaher Hussein Ali
Notes of Lecture 14
How to Secure Your Web Browser From Type Internet Explore
For a more fine-grained control over what
features are allowed in the zone, click the
Custom Level button. Here you can control the
specific security options that apply to the
current zone. For example ActiveX can be
disabled by selecting Disable for Run ActiveX
controls and plug-ins. Default values for the
High security setting can be selected by
choosing High and clicking the Reset button to
apply the changes.
The Trusted sites zone is a security zone for sites
that you think are safe to visit. You believe that the
site is designed with security in mind and that it can
be trusted not to contain malicious content. To add
or remove sites from this zone, you can click the
Sites… button. This will open a secondary window
listing the sites that you trust and permitting you to
add or remove them. You may also require that only
verified sites (HTTPS) can be included in this zone.
This gives you greater assurance that the site you
are visiting is the site that it claims to be.
21 December 2013
Dr. Samaher Hussein Ali
Notes of Lecture 14
How to Secure Your Web Browser From Type Internet Explore
We recommend setting the security level for the Trusted
sites zone to Medium-high (or Medium for Internet
Explorer 6 and earlier). When the Internet Zone is set to
High, you may encounter web sites that do not function
properly due to one or more of the associated security
settings. This is where the Trusted sites zone can help. If
you trust that the site will not contain malicious content,
you can add it to the list of sites in the Trusted sites zone.
Once a site is added to this zone, features such as ActiveX
and Active scripting will be enabled for the site. The benefit
of this type of configuration is that IE will be more secure by
default, and sites can be “whitelisted” in the Trusted sites
zone to gain extra functionality.
The Privacy tab contains settings for cookies.
Cookies are text files placed on your computer by
various sites that you visit either directly (first-party)
or indirectly (third-party) through ad banners
21 December 2013
Dr. Samaher Hussein Ali
Notes of Lecture 14
How to Secure Your Web Browser From Type Internet Explore
You can then evaluate the originating site, whether
you wish to accept or deny the cookie, and what
action to take (allow or block, with the option to
remember the decision for all future cookies from
that web site). For example, if visiting a web site
causes a cookie prompt from a web domain that is
associated with advertising, you may wish to click
Block Cookie to prevent that domain from being
able to set cookies on your computer, for privacy
reasons
By selecting the Sites... button, you can manage the
cookie settings for specific sites. You can add or
remove sites, and you can change the current
settings for existing sites. The bottom section of this
window will specify the domain of the site and the
action to take when that site wants to place a cookie
on your machine. You can use the upper section of
this window to change these settings.
21 December 2013
Dr. Samaher Hussein Ali
Notes of Lecture 14
How to Secure Your Web Browser From Type Internet Explore
Alternatively, if you do not wish to receive warning
dialogs when a site attempts to set a cookie, you can
use Internet Explorer's pre-set privacy rules. Click
the Default button and then drag the slider up to
High. Note that some web sites may fail to function
properly with the High setting. In such cases, you
may add the site to the list of sites for which cookies
are allowed, as described above
The Advanced tab contains settings that apply to all
of the security zones. We recommend that you
disable the Enable third-party browser extensions
option. This option includes tool bars and Browser
Helper Objects (BHOs). While some add-ons can be
useful, they also have the ability to violate your
privacy. For example, a browser add-on may
monitor your web browsing habits, or even change
the contents of web pages in an attempt to gather
personal information.
21 December 2013
Dr. Samaher Hussein Ali
Notes of Lecture 14
How to Secure Your Web Browser From Type Internet Explore
Internationalized Domain Names (IDN) can be
abused to allow spoofing of web page addresses.
This can allow phishing attacks to be more
convincing. More details about IDN spoofing can
be found in Vulnerability Note VU#273262. To
protect against IDN spoofing in Internet Explorer,
enable the Always show encoded addresses
option. This will cause IDN addresses to be
displayed in an encoded form in the Internet
Explorer address bar and status bar, which will
remove the visual similarity to the spoofing target
address.
We also recommend that you disable the Play
sounds in webpages option. Sounds in web pages
are rarely integral to web page content, and may
also introduce security risks by having the browser
process additional untrusted data. This option is
for Internet Explorer's ability to natively handle
sounds. It will not interfere with other software,
such as Adobe Flash or Apple QuickTime.
21 December 2013
Dr. Samaher Hussein Ali
Notes of Lecture 14
How to Secure Your Web Browser From Type Internet Explore
Under the Programs tab, you can specify your
default applications for viewing web sites, email
messages and various other network related
tasks. You can also disable Internet Explorer from
asking you if you would like it to be your default
web browser here.
the links below show where to find
information for four popular web browsers:
 Opera - http://www.opera.com/support/tutorials/security
 Mozilla SeaMonkey http://www.mozilla.org/projects/seamonkey
 Konqueror - http://www.konqueror.org
 Netscape - http://browser.netscape.com
21 December 2013
Dr. Samaher Hussein Ali
Notes of Lecture 14
which information InPrivate Browsing discards when you close the browser
The following table describes which information InPrivate Browsing discards when you close the
browser and how it is affected during your browsing session
21 December 2013
Dr. Samaher Hussein Ali
Notes of Lecture 14
How do I open a new Private Window If I use the firefox?
There are two ways to open a new Private Window.
Open a new, blank Private Window
 At the top of the Firefox window, click the Firefox button and select New Private
Window. A new Private Window will open.
 Right-click on any link and choose Open Link in New Private Window from the context
menu. A new Private Window will open with the link you selected.
21 December 2013
Dr. Samaher Hussein Ali
Notes of Lecture 14
How do I open a new Private Window If I use the firefox?
 Important: When in Private Browsing mode, the Firefox button will be purple.
You may also have other windows open that are not Private Browsing
windows.
21 December 2013
Dr. Samaher Hussein Ali
Notes of Lecture 14
How do I open a new Private Window If I use the Firefox?
How do I always start Firefox in Private
Browsing?
There
is
a
setting
in
the Options window that automatically
enables Private Browsing whenever you
start Firefox.
Note: If you enter Private Browsing this
way, the Firefox button won't turn purple
but Firefox will still not retain your history
as described above.
1. At the top of the Firefox window, click
on the Firefox button and then select
Options
2. Select the Privacy panel.
3. Set Firefox will: to Never remember
history.
4. You will see a message that Firefox
needs to restart to enable this feature.
Click OK and Firefox will restart in
permanent Private Browsing mode.
21 December 2013
Dr. Samaher Hussein Ali
Notes of Lecture 14
Notes:
Note 1:
Private Browsing doesn't make you anonymous on the Internet. Your
Internet service provider, employer, or the sites themselves can still track what
pages you visit. Private Browsing also doesn't protect you from spyware that
may be installed on your computer
Note 2:
If you create new Bookmarks while using Private Browsing, they will not be
removed when you stop Private Browsing.
Note 3:
If you save files to your computer while using Private Browsing, they will
not be deleted when you stop Private Browsing. However, any files you open in
an external application will be cleared from the system's temporary folder, and
none of the files you download will appear in the Downloads list.
21 December 2013
Dr. Samaher Hussein Ali
Notes of Lecture 14