Web browser security

Windows 10 Security Guide > Web browser security

Nearly all viruses, spyware, other types of malware and hacking, occurs on the internet. The way everyone interacts with the internet is through a web browser. So one way or another, security problems arise because of what we do with browsers, the way browsers are used and the security flaws within browsers.

Windows 10 Security guide

This is part of a Windows 10 Security course
Go to the Courses Home Page

Yes, many malware and security issues are all the fault of web browsers!

We play a big part in that and by doing silly things we can cause malware to invade the system and cause problems with Windows, steal personal information, and even hold us to ransom by encrypting the files on the disk drive.

Beware of downloads

There is an endless source of software on the internet and there are tens of thousands of programs. Some of them seem excellent and they are very tempting, but should you download then and run them?

You should be aware that some downloads contain malware like viruses, spyware and adware. They can change the home page in the browser, show adverts, and redirect searches, they can lock your PC and demand a ransom.
How can you tell a bad download?

Free software sometimes contains unwanted extras. The developer has to make money somehow and it may be by bundling other items within the download, such as browser toolbars, advertising, and other things.

Security software is only of limited use because there is a gray area where something can be very irritating, but not actually malware, such as adverts. Security software may not block the install of software that contains adware and scanning the PC with security software might not find anything wrong.

Cracked software - commercial programs that you normally have to pay for - can be found on the internet for free download. Malware is sometimes hidden within cracked software. You think you are getting a commercial program for free and saving lots of money, but if it contains ransomware that locks your PC, malware steals personal information, or makes your PC unusable through slowdowns and pop-up adverts, it is not such a good deal.

Drive-by downloads - programs that are automatically downloaded simply by visiting a web page. You go to a website and unknown to you, a program is downloaded. It might even run automatically and infect your computer with malware. There isn’t much you can do if it happens without your knowledge. Just keep Windows, your browser and security software up to date.

Plug-ins, add-ons, and extras. When you visit a web page, sometimes you will see a pop-up message asking you to download, save or run a file. It might say that you need to install something to access the content on the page. It may be a trick to get you to download and run a program that installs malware.

Sometimes websites use Flash, Java or some other plug-in or add-on and will display a message that you need to install them. A variation of this is a message saying you need to update your plug-in or add-on. Never install them from the site because it might be a trick to install malware. Go to the developer’s site such as adobe.com for Flash and java.com for Java, install it, then return to the website you were viewing.

Avoiding malware is partly your responsibility - think carefully before downloading or installing any program.

 


Browse the web with Microsoft Edge

Edge is Microsoft’s replacement for the old Internet Explorer web browser. It provides more security and you will be safer browsing the internet with Edge than with Internet Explorer.

Some types of malware, adware, toolbars, and PUPs (potentially unwanted programs), target Internet Explorer, but not Edge. Both browsers are in Windows 10, but unless you have a problem with a particular website and you have to use Internet Explorer, always use Edge.

Unlike Internet Explorer, there are few security settings in Edge, but there are a couple worth mentioning.

1 Open Edge settings

Click the three dots in the top right corner to open the menu and click Settings.

Microsoft Edge web browser settings

2 Go to Advanced settings

Scroll down the panel to the Advanced settings section and click View advanced settings.

Microsoft Edge web browser settings

3 Configure the settings

Find and configure these settings in the Advanced settings:

  • Turn on Block pop-ups.
  • Turn off Use Adobe Flash Player
  • Turn on Send Do Not Track requests

Microsoft Edge web browser settings

Blocking pop-ups blocks adverts that pop up in windows when you are browsing. It is possible for a website to use a pop-up window for a legitimate purpose, such as logging in, but this is rare. Most pop-ups are adverts and other unnecessary items and they are best blocked.

Flash was once widely used, but it is becoming less common and is slowly disappearing from the web. In the past it has suffered from security flaws and if you can manage without it, your PC will be more secure. However, if your favourite websites still use it you might need to turn it on occasionally.

Web browsers can send a signal to websites telling them not to track your activities. Turning on this feature therefore increases your privacy. Bad websites ignore this request and track you anyway, but if you keep to reputable sites then this is a useful privacy setting.

4 Crush those cookies

In the Cookies section, select Block only third party cookies.

Microsoft Edge web browser settings

Cookies are settings that websites can store on your computer, such as your username, preferences, membership details, likes, dislikes and pretty much any information they want. Usually they are useful and so cookies must be allowed. Blocking third party cookies limits what advertisers and others can store and it increases your privacy.

5 Use SmartScreen

Right down at the bottom, turn on Help protect me from malicious websites and downloads with SmartScreen filter.

SmartScreen filter is a feature in Edge that checks website addresses and downloads against a list of known bad ones. If a site is on the list, for example, Edge will display a warning before going to the website. It is a useful security feature, but it is not perfect because not every bad website and download is on its list.

This is part of a Windows 10 Security course
Go to the Courses Home Page


The dangers of browser extensions

Extensions, add-ons and plugins are all features of web browsers that enable extra features, capabilities and utilities to be added. They can be downloaded, installed, and used within the browser and some of them are excellent.

Edge, Chrome and Firefox browsers have them and many people rely on them to help with or to speed up common tasks.

For example, LastPass is an extension/add-on that remembers all your web passwords and it automatically enters them on web pages without you having to remember them or type them.

A password manager is an essential web browser extension or add-on everyone should have because it solves the problem of creating and remembering complex passwords for websites and services. It does it all for you. LastPass is not the only extension that does this and there are others.

Web browser extensions, add-ons and plugins can read everything on a web page, so they have the potential to spy on your web browsing activities and then pass this on to third parties on the internet.

They can also modify the contents of web pages and either hide elements or insert them. For this reason you must take care when installing them and avoid bad ones.

A common mis-use of a plugin, add-on or extension is to inject adverts into web pages and to cause pop-up adverts to appear inside or outside of the browser window. If you are seeing an excessive amount of adverts or pop-up windows, it is quite likely that you have a rogue browser plugin or add-on.

Where do bad plugins, add-ons and extensions come from?

They don't appear by magic and one way or another, they must be installed. Think carefully before installing any software on your PC. Can you trust it? Could it include hidden extras like browser plugins and add-ons?

It is common for browser plugins, add-ons and extensions to be bundled with other software, such as free software downloaded from the internet. When installing software you must pay attention and read every bit of text and think about each option.

Too often when installing software, people click Next, Next, Next, Finish, without reading the screens or checking for options.

This is how many bad plugins and extensions are installed - they rely on you either not paying attention during installation, not understanding the options, or not seeing the box you have to tick or clear to opt out.

Use a reliable source

Plugins, add-ons and extensions should be installed only from reliable sources. Do not install them from websites.

While browsing the web, you may come across a website that informs you that you need plugin/add-on/extension X. Do not install it from the website if it is offered.

Instead, go to the appropriate store and get it from there. Afterwards you can return to the website.

How to safely install Edge extensions

The safest way to install extensions in Edge is from the Windows Store.

  1. Open Edge and click the three dots icon in the top right corner to open the menu.
  2. Click Extensions on the menu.
  3. Click Get extensions from the Store.
  4. Click an extension to see more information or install it.

How to install Edge extensions

How to install extensions in Edge browser

 

Install Chrome extensions safely

The safest place to get extensions for Chrome is from the Chrome Web Store.

  1. Open Chrome and go to https://chrome.google.com/webstore
  2. Select Extensions on the left.
  3. Click an extension to see more information and to install it.

Chrome Web Store

 

Install Firefox extensions

The safest place to get Firefox extensions is from the Mozilla store.

  1. Open Firefox and go to https://addons.mozilla.org
  2. Click an extension to see more information and to install it.

How to install Firefox add-ons

 

How to remove browser extensions

You should occasionally check the extensions and add-ons that are installed in browsers and remove any that you don't use or suspect that may be causing problems, such as showing unwanted adverts.

Remove Edge extensions

  1. Open Edge and click the three dots icon in the top right corner to open the menu.
  2. Click Extensions on the menu.
  3. Let the mouse hover over an extension, then click the gear icon on the right.
  4. Click the button to turn off the extension, then click the Uninstall button

Uninstall Edge extensions

 

Remove Chrome extensions

  1. Right click an icon at the right side of the address box and select Remove from Chrome.
  2. Alternatively, go to the Chrome menu, select More tools, Extensions. Click the Trash icon.

Uninstall Chrome extensions

 

Remove Firefox add-ons

  1. Open Firefox and click the menu button.
  2. Click Add-ons.
  3. Click Extensions on the left.
  4. Click the Remove button next to the extension to remove.

Uninstall Firefox add-ons

 

Summing up

Well-known and popular extensions, add-ons and plugins from the appropriate store are almost certainly safe. If thousands of other people have installed one and no-one has reported any problems, then go ahead and install it.

Avoid extensions, add-ons and plugins that have few users or that you have never heard of.

Always install them from Windows Store (Edge), Chrome Web Store (Chrome) or Mozilla (Firefox).

Never install anything from a website or alternative store.

This is part of a Windows 10 Security course
Go to the Courses Home Page


Clean Internet Explorer, remove malware

Internet Explorer is in Windows 10 for compatibility reasons. If you come across a website that does not work in Edge, the idea is that you can run Internet Explorer and use that instead.

This can be useful on occasions, but the need to use Internet Explorer is decreasing month by month.

Edge, Chrome and Firefox are superior in many ways, so avoid Microsoft's old browser if you can.

Some malware, adware and PUPs (potentially unwanted programs), change Internet Explorer’s home page and search engine, adds toolbars and show advertising. Even if you do not use it, it is worth checking occasionally to make sure that nothing has been installed in it.

Malware can be installed into Windows and installed separately in Internet Explore. It must therefore be uninstalled from both places too.

Uninstall toolbars and software

Right click the Start button and select Programs and Features. This opens Programs and Features in the Control Panel

Look at each program listed and uninstall anything that might be a toolbar, a search helper or search protect. Double click any suspected item and follow the instructions to uninstall it.

Programs and Features in the Windows Control Panel

There are so many variations of malware, adware and PUPs that it is impossible to say what to look for. Conduit and Trovi are two common irritations in Internet Explorer for example, but there are others.

Clean the browser

Click Internet Options in the Control Panel

Select the General tab and in the Home page section delete everything and enter the home page you want to use, such as http://www.bing.com

In the Start-up section select Start with home page.

Click the Tabs button and under When a new tab is opened, open: select either A blank page or Your first home page.

Internet Options for Internet Explorer in the Windows Control Panel

Select the Advanced tab and click Reset followed by Restore advanced settings.

Internet Options for Internet Explorer in Windows

Remove add-ons

Select the Programs tab and then click Manage add-ons.

Select Toolbars and Extensions on the left and on the right, select each item and remove it or disable it using the button below.

Manage Internet Explorer add-ons

Select Search Providers on the left and on the right, select the one you want to use and click the Set as default button below. Select each of the others and click the Remove button below.

Manage Add-ons for Internet Explorer in Windows

 

Clean up other browsers

Other web browsers are cleaned in a similar manner. The menu options in Chrome and Firefox are different to Internet Explorer, but the technique is the same.

  1. Delete unwanted software from Programs and Features in the Control Panel.
  2. Reset the browser's home back back to whatever you want.
  3. Delete any add-ons or extensions in the browser.
  4. Delete unwanted search engines and set the default to whatever you prefer.

 

Web Browser Action Points

  • Use Edge instead of Internet Explorer
  • Think carefully before downloading anything. Could it be malware?
  • Stick to the the Microsoft, Chrome and Mozilla stores for extensions and add-ons
  • Install only well-known extensions and add-ons used by lots of other people
  • Don’t install anything from a website, even if it asks you to. If necessary, go to the developer’s website, such as Adobe for Flash

 


Go to Windows 10 Security Guide contents
Go to Courses Home Page



notepad Save 50% on RAWinfopages online courses! Get 50 Shares A Day - PDF with 50 places to promote your blog/website daily!
Join our FREE newsletter!