In the past, we had shared some extensions for secure browsing on Chrome. But, here in this guide, I’d like to go a little broader. I’d like to explain to you the basics of security in browsers (no matter what web browser you use) and also add some cool tips that will give you complete safe browsing experience. This guide is simplified for the Average Joe.
The Security Basics
What is HTTPS?
Well, you can read about it on Wikipedia but I’d like to explain it here in real simple words. What HTTPS actually does is, it secures the communication between the server of the website you’re accessing (that has HTTPS) and the client (which is you using the PC). How does it secure that? Using encryption. Encryption basically just creates a secret new language that only the server and the client can understand. That way no one (even hackers) will know what is passing through the connection. Not every website can get a HTTPS/SSL certificate. Each and every content gets analyzed first. And, necessary security checks are done. Also, a security check is done by all the browsers. Some websites try to create HTTPS connection that has a mixture of encrypted and unencrypted content. That is why you get such errors as below.
Types Of Attacks
Most browser-based attacks done by hackers make use of Javascript. Developers use Javascript to make their websites dynamic and do stuff (like the ones listed below) that HTML can’t. For example a pop-up on a button click. You can’t do it without Javascript. Below are some attacks that hackers can perform on your browser using a malicious website (a website you don’t trust). There are many but these are the most prominent right now.
1. Click-Jacking
This is a type of attack make use of a button on a website. A malicious code is inserted in button-click and when the user clicks on the button the code gets executed. It doesn’t matter that you got your desired stuff on that button click but it might have also inserted some other undesired entities. Well, most browsers prevent such attacks. But, you need to be cautious before you click a button on an untrusted website (Especially download links and torrents).
2. XSS (Cross Site Scripting):
Here the hacker encodes malicious content (javascript) in such a way that that user finds it to be trustworthy and uses that content and the code gets executed which will allow the attacker to get all the user credentials (like username, passwords, settings, etc.). For example, you’re logged into some website with username ‘Mahesh’ and you get a message from ‘Suresh’ (that contains malicious javascript encoded) and when you read the message the script gets executed and it is now easy for the attacker to hijack your user session because he has your login details. Well, this attack also can be prevented by most browsers but some scripts are encoded in such a way that they can even fool the web browsers.
3. CSRF (Cross Site Request Forgery):
Let me just directly tell you the example. You’re on a shopping website and bought something. And, malicious code is already on your system (that might have entered by the above two methods). So, this malicious code will run a process in the background that will grab the specific URL from the browser through which the product was bought. It will manipulate the URL to do something malicious and request the website to run it. And, the website will run it because the website knows it’s the user logged in requesting to process the URL. But, it’s actually the code that’s running in the background requesting for it.
Let Common Sense Prevail
So, after reading the above attacks who do you find to be the culprit? Attacker? Javascript? Web browser? Actually, it’s YOU. You are the one that clicked that download button, you are the one that got lured by an email sent by a cute girl (that contained the malicious code) even though it was in the SPAM folder. Well, mistakes are made by everyone and who here cannot be fooled? So, to prevent yourself from getting duped by such attacks, you can do one thing. Turn off Javascript. It’s practically impossible for any attacker to attack your computer system (using a web browser) without Javascript. Only turn on Javascript for the sources and websites you trust. There are many extensions and plugins out there that you can use to turn off Javascript on the website. Also, browsers like chrome give you inbuilt options to turn off Javascript for a specific website. You can use ScriptSafe extension for Chrome and NoScript for Firefox. Also, Adblock plus can work as a backup for these plugins. As it will protect you from malicious ad-clicks. Do you love the Microsoft’s Edge browser? Here’s how you can make it ad-free.
Use a Password Manager
We’ve shared enough about this topic here on GT. Here are some quick links to get you started if you don’t use a Password Manager.
What is a Password Manager? – Wikipedia (If you don’t trust us, you surely trust this one.)Why use a Password Manager? – We’ve shared some great features of LastPass (a Password Manager) which will give you a clear idea.Which Password Manager should you use? – We’ve done many comparisons between different password managers. Like LastPass Vs 1Password, 1Password vs Dashlane and KeePass vs LastPass.
Just start using a Password Manager if you aren’t already. It will make you web browsing much safer.
Anti-Malware + Antivirus
First off, if you don’t know what is the difference between Virus and Malware then read this explainer. Or else, here’s quick overview: Computer Virus: The name itself explains it. It spreads its infection to others. One infected file (virus itself with malicious code) will infect other files and those files will, in turn, affect other files. Thus, spreading the malicious code Malware: This is a software program that performs actions on behalf of you without you knowing it. Also, Malware can be categorized into Spyware and Adware. They both belong in the category of Malware.
So, why use Anti-Malware with an Antivirus?
This is one of the best things I’ve learned to keep my PC secure. This will surely keep your PC away from Viruses and Malware. What you have to do is just use your favorite Antivirus (I rely on Windows Defender. And, I never regretted). Along with that use an Anti-Malware (I use MalwareBytes). This will add two-fold security to your PC. If Windows Defender (or your Antivirus software) misses a virus or malware then the Anti-Malware will surely catch it. So, if anything malicious gets downloaded from your Web browser then it will be surely be terminated by these two. I’ve explained about it deeply on my blog.
How to Find If a Site is NOT Safe?
There are few website out there that can help you find if a website is trustworthy. You can use scnaurl.net or Norton’s Safe Web. You can add the URL of the website or a specific URL like a download link. Also, Google scans each and every URL that is shown in the search results. You can use their technology to check if the website is safe or dangerous. Visit their Transparency Report Diagnostics Page.
You are Your Own Worst Enemy
I had mentioned this earlier that you are yourself are the culprit. You are letting the attacker attack your browser/system. The malicious code won’t even enter your system if you don’t respond to malicious websites. All you have to do is just make sure that what you’re doing is recommend by a trusted source or website. And, of course, you can definitely trust us. ALSO SEE: How to Keep Your Android as Secure as Possible The above article may contain affiliate links which help support Guiding Tech. However, it does not affect our editorial integrity. The content remains unbiased and authentic.
