One of the most frustrating security-related problems we deal with is users who install (or unknowingly end up...
with) all sorts of Web browser toolbars, which at best slow down machines and at worst open the door to malware. Short of installing draconian application whitelisting measures, what’s the easiest (and cheapest) way to keep browser toolbars off of users’ machines?
You are not alone in your frustration at the myriad of browser toolbars that suddenly appear on users’ machines. Many toolbars earn their revenue by delivering targeted advertising to the user, often via pop-up ads. Some change browser settings and monitor and report to their control servers on the sites a user visits, often without the user's knowledge or consent. Also, as attacks against Windows and Internet Explorer are becoming more difficult, hackers are turning to automating attacks against third-party browser plug-ins and other non-Microsoft applications. It’s difficult for firewalls to block browser extensions because they're integrated into the Web browser itself.
Interestingly, Mozilla announced in January 2011 it will be blocking the Skype toolbar add-on, which comes bundled with the Skype client, in all versions of its Firefox browser. Mozilla claims the current version of the Skype Toolbar is one of the top causes of crashes of Mozilla Firefox 3.6.13 and can potentially slow down the rendering of regular webpages.
If your organization uses Internet Explorer, you can use Group Policies to lock down certain IE features to improve performance and security. There are various settings you can configure to restrict which add-ons may be installed or run:
- Allow third-party browser extensions;
- Deny all add-ons unless specifically allowed in the Add-on List;
- Do not allow users to enable or disable add-ons.
To uninstall an existing toolbar from Internet Explorer, you need to use the Add or Remove Programs applet, while in Firefox you need to use the Extensions Manager. Adware toolbars can also be removed by running an adware removal tool such as XoftSpySE Anti-Spyware, which can remove unwanted browser add-ons as well as disable unwanted programs from launching at start-up.
Dig Deeper on Web Browser Security
Related Q&A from Michael Cobb
An old Java vulnerability was discovered to have been ineffectually patched. Expert Michael Cobb explains how this happened and what can be done to ...continue reading
Google's Certificate Transparency tool publicly logs certificates issued by CAs. Expert Michael Cobb explains how the log viewer works to improve ...continue reading
Crowning the most secure web browser is difficult, with research often turning up biased results. Expert Michael Cobb explains how to make a choice ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.