Menu
Browser security settings you gotta change
To prevent malware and avoid being tracked while you browse, you have to tweak the default security settings in Firefox, Google Chrome, and Internet Explorer.
When you go online, you always have to balance the risks with the rewards. The risks include being exposed to malware and being tracked. The default security settings for Chrome, Firefox, and Internet Explorer may expose you to more Internet dangers than you deem necessary to reap the Internet's rewards.
Here's how to set your browser to minimize your chances of picking up malware while using the Web, and of having your Internet activities monitored.
Beef up Chrome's security
Click the customize/control icon in the top-right corner of the browser window (three horizontal lines), then choose Settings. Select "Show advanced options" at the bottom of the window, and scroll to the Privacy settings. Make sure "Enable phishing and malware protection" is checked.
Here's how to set your browser to minimize your chances of picking up malware while using the Web, and of having your Internet activities monitored.
Beef up Chrome's security
Click the customize/control icon in the top-right corner of the browser window (three horizontal lines), then choose Settings. Select "Show advanced options" at the bottom of the window, and scroll to the Privacy settings. Make sure "Enable phishing and malware protection" is checked.
You can select the option to enable the "Do not track" request be sent to the sites you visit, but not all trackers honor your preference not to be tracked, so this option doesn't necessarily prevent your activities from being recorded. It's better to prevent being tracked by blocking ads and third-party cookies, and by allowing scripts to run on a site-by-site basis (see below for instructions).
I also uncheck the auto-fill and password-saving settings, but many people find the convenience of these features outweighs the potential risk.
I also uncheck the auto-fill and password-saving settings, but many people find the convenience of these features outweighs the potential risk.
Bonus usability tip: Improve your view
If you're like me and your eyesight isn't what it used to be, scroll down to "Web content" section, where you can choose one of five font-size options: very small, small, medium (the default), large, and very large. You can also automatically zoom pages down (from 25 percent) or up (to 500 percent). Choose the "Customize fonts" button to choose a new font in four categories: standard, serif, sans-serif, and fixed-width. The dialog lets you reset the minimum font size and choose a new encoding language.
Block third-party cookies and JavaScript
Choose the "Content settings" button. Under Cookies, select "Keep local data only until you quit your browser" and "Block third-party cookies and site data."
If you're like me and your eyesight isn't what it used to be, scroll down to "Web content" section, where you can choose one of five font-size options: very small, small, medium (the default), large, and very large. You can also automatically zoom pages down (from 25 percent) or up (to 500 percent). Choose the "Customize fonts" button to choose a new font in four categories: standard, serif, sans-serif, and fixed-width. The dialog lets you reset the minimum font size and choose a new encoding language.
Block third-party cookies and JavaScript
Choose the "Content settings" button. Under Cookies, select "Keep local data only until you quit your browser" and "Block third-party cookies and site data."
Under JavaScript, choose "Do not allow any site to run JavaScript." This will cause features on many sites not to work until you add the sites to your exceptions list. When you visit a site that uses JavaScript, a script icon appears. If you want to run scripts on the current site, click the script icon and choose "Always allow JavaScript on [site URL]." Refresh the page to load it with JavaScript enabled.
You can access your JavaScript exceptions list by clicking the script icon and choosing "Manage JavaScript blocking," or via the "Manage exceptions" button under JavaScript in Chrome's "Content settings" window.
Remove an exception by hovering over it and clicking the X on the right side of the entry, or by selecting the entry and choosing the Block option on the Behavior drop-down menu.
Don't let apps keep running after you close Chrome
At the bottom of Chrome's Settings window is an option to "Continue running background apps when Google Chrome is closed." This allows add-ons that regularly check for new information, such as email and news feeds, to run after you close Chrome.
To see which apps are set to keep running in the background after you close Chrome, click the customize/control icon in the top-right corner of the browser window (three horizontal lines) and choose Tools > Task manager. If any of your extensions run in the background, there will be an item in the dialog labeled "Background Page." That's according to Google's support site.
In my version of Chrome, there are no "Background Page" labels, so I don't appear to have any background apps. Google's support site indicates that after you close Chrome, icons will appear in the notification area of the Windows taskbar. You can disable background apps one at a time by right-clicking the app's taskbar icon and selecting Exit. According to Martin Brinkmann on the Ghacks.net site, this prevents the app from running in the background when you close Chrome subsequently.
Batten down the hatches in Firefox
To open Firefox's privacy options, click the settings icon in the top-right corner of the browser window (the icon has three horizontal lines). Choose Options in the drop-down menu, or press the Alt key and type T, 0. Click the Privacy tab, select the drop-down menu under History, and choose "Use custom settings for history." This brings the browser's history settings into view.
The first option in the History section lets you set privacy mode as your default for all browsing. Remember that privacy mode prevents a record of your Web activity from being saved on your local machine. It doesn't affect the information you share with the sites you visit and the third parties those sites contract with.
If you wish, you can uncheck the two options that allow Firefox to remember your browsing and download history, and your search and forms history. Personally, I leave these settings checked because the convenience of keeping a record is greater for me than the risk of a party gaining access to and misusing this information.
Give third-party cookies the boot
To keep sites and their partners from tracking you, click the drop-down menu next to "Accept third-party cookies" and choose Never. Next, click the drop-down menu next to "Keep until" and choose "I close Firefox."
Remove an exception by hovering over it and clicking the X on the right side of the entry, or by selecting the entry and choosing the Block option on the Behavior drop-down menu.
Don't let apps keep running after you close Chrome
At the bottom of Chrome's Settings window is an option to "Continue running background apps when Google Chrome is closed." This allows add-ons that regularly check for new information, such as email and news feeds, to run after you close Chrome.
To see which apps are set to keep running in the background after you close Chrome, click the customize/control icon in the top-right corner of the browser window (three horizontal lines) and choose Tools > Task manager. If any of your extensions run in the background, there will be an item in the dialog labeled "Background Page." That's according to Google's support site.
In my version of Chrome, there are no "Background Page" labels, so I don't appear to have any background apps. Google's support site indicates that after you close Chrome, icons will appear in the notification area of the Windows taskbar. You can disable background apps one at a time by right-clicking the app's taskbar icon and selecting Exit. According to Martin Brinkmann on the Ghacks.net site, this prevents the app from running in the background when you close Chrome subsequently.
Batten down the hatches in Firefox
To open Firefox's privacy options, click the settings icon in the top-right corner of the browser window (the icon has three horizontal lines). Choose Options in the drop-down menu, or press the Alt key and type T, 0. Click the Privacy tab, select the drop-down menu under History, and choose "Use custom settings for history." This brings the browser's history settings into view.
The first option in the History section lets you set privacy mode as your default for all browsing. Remember that privacy mode prevents a record of your Web activity from being saved on your local machine. It doesn't affect the information you share with the sites you visit and the third parties those sites contract with.
If you wish, you can uncheck the two options that allow Firefox to remember your browsing and download history, and your search and forms history. Personally, I leave these settings checked because the convenience of keeping a record is greater for me than the risk of a party gaining access to and misusing this information.
Give third-party cookies the boot
To keep sites and their partners from tracking you, click the drop-down menu next to "Accept third-party cookies" and choose Never. Next, click the drop-down menu next to "Keep until" and choose "I close Firefox."
The option in the Tracking section of the Firefox Privacy settings to "Tell sites that I do not want to be tracked" is not honored by all Web trackers, so the setting's effectiveness is uncertain. For what it's worth, I retain the default option not to tell sites anything about my tracking preferences.
When you block third-party cookies, you'll still be tracked by the sites you visit, most of which require cookies to be enabled to function properly. Even deleting all cookies when you exit doesn't prevent a record of your browsing to be recorded by the sites you frequent. They keep a record of your activities on their servers, so they remember you as soon as you sign in.
Keep Firefox's built-in security protections enabled
Under the Security tab in the Firefox options dialog, the settings to warn when sites try to install add-ons, block reported attack sites, and block reported Web forgeries are selected by default. The Mozilla support site provides more information about these security features.
Also on by default is the option to remember passwords for sites. I tend not to let Firefox save my passwords, but for many people, the hassle of remembering a different password (and user ID) for each site they visit is greater than the risk posed by someone gaining access to their stored passwords.
The Mozilla support site explains in detail the various privacy and security settings in Firefox. One of the articles on the site describes how to prevent Firefox from automatically making connections without your permission. While most of the automatic connections made by the browser are beneficial, some may be made by malware that has hijacked Firefox. Mozilla support recommends that you search various online forums for information on removing the malware.
When you block third-party cookies, you'll still be tracked by the sites you visit, most of which require cookies to be enabled to function properly. Even deleting all cookies when you exit doesn't prevent a record of your browsing to be recorded by the sites you frequent. They keep a record of your activities on their servers, so they remember you as soon as you sign in.
Keep Firefox's built-in security protections enabled
Under the Security tab in the Firefox options dialog, the settings to warn when sites try to install add-ons, block reported attack sites, and block reported Web forgeries are selected by default. The Mozilla support site provides more information about these security features.
Also on by default is the option to remember passwords for sites. I tend not to let Firefox save my passwords, but for many people, the hassle of remembering a different password (and user ID) for each site they visit is greater than the risk posed by someone gaining access to their stored passwords.
The Mozilla support site explains in detail the various privacy and security settings in Firefox. One of the articles on the site describes how to prevent Firefox from automatically making connections without your permission. While most of the automatic connections made by the browser are beneficial, some may be made by malware that has hijacked Firefox. Mozilla support recommends that you search various online forums for information on removing the malware.
Put Firefox's Site ID button to work for you
On the far left of the Firefox address bar is the Site Identity Button intended to indicate at a glance that the connection to the site is encrypted, and that the site itself has been verified. Click the icon to view information about the current site and connection.
A gray globe is shown when the site hasn't provided any identifying information and the connection is unencrypted or only partially encrypted, but the site itself doesn't ask you to share any "sensitive" information.
An orange warning triangle is displayed when the site doesn't supply identifying information and doesn't use a completely encrypted connection, but you've shared some sensitive information with the site previously despite the risks.
A gray padlock indicates that the site's identity has been verified and the site uses an encrypted connection, but the actual ownership of the domain has not been verified. There's no guarantee that the party who owns the domain is the actual company the domain purports to be.
Finally, a green padlock appears when the site uses an Extended Validation certificate that verifies that "paypal.com" is actually owned and operated by PayPal, for example.
Enable Internet Explorer's privacy and security features
To access IE's privacy settings, click the gear icon in the top-right corner of the browser window and choose "Internet options." Under the General tab, check "Delete browser history on exit," or choose the Settings button and enter the number of days you wish to retain your browsing history in the control displayed under the History tab.
The other tabs let you adjust the amount of system memory that's available for temporary files, caches, and databases.
Click the Security tab to adjust the security level for IE's four "zones." I keep the default medium-high setting for the Internet zone and leave checked the option to enable Protected Mode. Choose the "Custom level" button to put a finer point on IE's security settings.
Under the Privacy tab in IE's settings dialog, the default is set to Medium, which blocks some third-party cookies and restricts some first-party cookies. To block all third-party cookies, click the Advanced button, check "Override automatic cookie handling," and select Block under Third-party Cookies.
On the far left of the Firefox address bar is the Site Identity Button intended to indicate at a glance that the connection to the site is encrypted, and that the site itself has been verified. Click the icon to view information about the current site and connection.
A gray globe is shown when the site hasn't provided any identifying information and the connection is unencrypted or only partially encrypted, but the site itself doesn't ask you to share any "sensitive" information.
An orange warning triangle is displayed when the site doesn't supply identifying information and doesn't use a completely encrypted connection, but you've shared some sensitive information with the site previously despite the risks.
A gray padlock indicates that the site's identity has been verified and the site uses an encrypted connection, but the actual ownership of the domain has not been verified. There's no guarantee that the party who owns the domain is the actual company the domain purports to be.
Finally, a green padlock appears when the site uses an Extended Validation certificate that verifies that "paypal.com" is actually owned and operated by PayPal, for example.
Enable Internet Explorer's privacy and security features
To access IE's privacy settings, click the gear icon in the top-right corner of the browser window and choose "Internet options." Under the General tab, check "Delete browser history on exit," or choose the Settings button and enter the number of days you wish to retain your browsing history in the control displayed under the History tab.
The other tabs let you adjust the amount of system memory that's available for temporary files, caches, and databases.
Click the Security tab to adjust the security level for IE's four "zones." I keep the default medium-high setting for the Internet zone and leave checked the option to enable Protected Mode. Choose the "Custom level" button to put a finer point on IE's security settings.
Under the Privacy tab in IE's settings dialog, the default is set to Medium, which blocks some third-party cookies and restricts some first-party cookies. To block all third-party cookies, click the Advanced button, check "Override automatic cookie handling," and select Block under Third-party Cookies.
The Content tab provides access to IE's Family Safety content controls and to the browser's AutoComplete settings. Among the AutoComplete options are the program's password-management controls. To adjust the options, click the Settings button under AutoComplete and make your selections.
You'll find more security options listed under the Advanced
tab in IE's settings dialog (scroll to Security in the Settings window to view
them). The option to "Send Do Not Track requests to sites you visit in
Internet Explorer" is checked by default. Unchecked by default is the
option to "Empty Temporary Internet Files folder when browser is
closed."