Browser Security

The browser has become the most important application on our computer. It connects us to the internet and morphs to perform almost any function we ask it to, whether it be compose an email, read the news, run a web app, shop, or read Facebook. It is critically important that our browser be as secure as possible, because in recent years it's become possible for a computer to be infected with malware just by visiting a website.

This post will go over some current threats that can propagate via your browser, and steps you can take to protect yourself.

First off, it has recently come to light that not all browser developers necessarily have your best interest in mind. It was discovered that under certain circumstances, Google Chrome is by default, capturing audio from your computer's microphone and sending it back to Google for analysis to enable "keyword" voice search features, such as "OK, Google." The trouble is that because they've implemented voice analysis server side and not locally, in order for them to be able to hear the keyword, all of this data has to be sent back to Google for analysis. Google has responded to these claims and is claiming it's opt in, but researchers are saying otherwise.

Our advice is don't use Chrome, instead use Firefox or if you're using a Mac, use Safari. Also, try out DuckDuckGo which is a search engine that values privacy above all. (We understand that unfortunately a small set of sites still require Internet Explorer, go ahead and use IE for these sites, but use Firefox or Safari for everything else).

Now that you have a secure browser installed, there a few more steps to take to make sure it's setup securely:

  • Make sure your browser is up to date. All browser developers have begun to automatically deploy updates so you are likely already up to date, but just make sure to approve any available updates as you are prompted to install them.
  • Browser Plugins like Flash and Java are still major attack vectors within browsers. Just this week Flash had a 0 Day vulnerability which is being actively exploited to spread malware, such as CrytpoWall 3.0. To secure plugins, do the following:
    • Consider whether you even need them. If they aren't needed, get rid of them. Sites that require Java are becoming rarer and rarer, so it's probably pretty easy to get rid of. Flash may be tougher, but it's is also not as important as it once was because because of HTML5 - even Youtube uses HTML5 Video by default now.
    • If you do need plugins, make sure they're up to date. You can check your Flash version here and Java here. Both of these have settings in the Control Panel that allow you to make sure they are automatically being updated - this is most likely enabled, it's been the default for a while.
    • Firefox and Safari have both begun blocking out of date plugins. If you ever get a notice like the one below it either means your Flash is out of date, or that there is a 0 Day vulnerability out that Firefox has determined is dangerous enough to block the plugin all together. Firefox Disabled Plugin
    • If you see this, try updating Flash. If there's no update available, hang tight until an update is released (you can whitelist sites in the meantime if needed).
    • If you really do need Flash but want some additional protection you can install the Flashblock extension on Firefox, or setting the Flash Player to "Block" in "Safari Security / Internet Plug-in" Settings. This will allow you to approve Flash to run on a site by site basis.
  • Ever notice that after you are on Amazon looking for new patio furniture that you begin to see ads for chairs you were looking at all across the web? That's due to tracking cookies. Tracking cookies are Third-party cookies that get loaded when you visit almost any site now that keeps track of the sites you've visited around the web. This seems to be getting worse and worse every day. Here are some steps you can take to limit this annoying behavior:
    • Enable the "Do Not Track" feature in your browser and disable 3rd party cookies:
      • Firefox: Firefox Security
      • Safari: Safari Security We've found that the "Allow from current website only" setting in Safari is very effective in preventing this issue.
    • To take it a step further you can install browser extensions like Ghostery or Adblockplus which block both Trackers and Ads.
    • It's not a bad idea to clear out cookies periodically, especially after making the above changes (this will remove any saved logins you might have had).

Of course in addition to these items you will want to make sure that you are running an active Anti-Malware application and that your Operating System is fully patched.

These are a few easy steps that you can take to help protect your computer and in turn your your electronic data. If you have any questions or if there's anything we can help with, please free to contact us.

Welcome to our new website!

We are very excited to introduce our new website!  Our previous website was showing its age and we decided a complete revamp was in order. 

As you can see we have a blog on this site.  This along with a newsletter will be used to disseminate information about things like security vulnerabilities and other happenings in the IT industry that are important for our clients.  We had previously sent out emails for things like this, but we feel this will be a more effective way to get this information out in a timely way.

If you're interested in signing up for our newsletter, you can do so by clicking here and entering your name and email address.  The newsletter will be sent out on a periodic basis just to let you know of new security vulnerabilities or other IT related topics that we feel are important.  We promise we won't "spam" you via the newsletter.  Our goal is to make it an informative tool for our clients and others who are interested.

So, go ahead and look around at let us know what you think!  Hopefully you will find our new site useful.  As always, if there's something we can help you with, please feel free to give us a call.