If not properly secured, Web browsers can serve as a gateway for malicious hackers who want to infect your network. Created in partnership with SearchWindowsSecurity.com, this learning guide identifies the inherent flaws of Internet Explorer and Mozilla Firefox, introduces viable Web browser alternatives, and provides tools and tactics to maximize your Web browsing security.
TABLE OF CONTENTS
Introduction to Web browser security
Internet Explorer
Mozilla Firefox
Other Web browsers
Patching Web browser vulnerabilities
More security learning resources
Security IT Downloads
Most enterprises either use Internet Explorer or Mozilla, however, if you thought those were your only options, you are mistaken. This section reviews Internet Explorer and Firefox basics and introduces another viable Web browser option.
Glossary definition: Internet Explorer (SearchSecurity.com)
Glossary definition: Firefox (SearchSecurity.com)
Glossary definition: Opera (SearchSecurity.com)
Learning center: Internet Explorer: Windows' Achilles' heel (SearchWindowsSecurity.com)
Learning center: Firefox (SearchWindowsSecurity.com)
Learning center: Internet Explorer 7 (SearchWindowsSecurity.com)
Microsoft Internet Explorer is also common target for browser hijacking. Internet Explorer 7.0 is expected to provide a significant upgrade to Microsoft browser security but, since it is still in beta, users are forced to use older, less secure versions of the browser. This section reviews IE's inherent flaws, and provides tools and tactics for security optimization.
Article: Exploit code targets Microsoft flaws (SearchSecurity.com)
Article: Microsoft releases 13 security patches, eight critical (SearchSecurity.com)
Article: 'Critical' flaws in Internet Explorer (SearchSecurity.com)
Article: Exploit code targets IE memory corruption flaw (SearchSecurity.com)
Article: Microsoft warns of fresh IE, Windows flaws (SearchSecurity.com)
Article: Fake BBC e-mails seek to exploit IE flaw (SearchSecurity.com)
Article: Microsoft warns of brand-new IE exploit code (SearchSecurity.com)
Article: IE 'object' tag flaw found (SearchSecurity.com)
Article: The four layers of Internet Explorer security (SearchWindowsSecurity.com)
Book chapter: State-based attacks: Session management (SearchSecurity.com)
Column: Security Bytes: IE7 defenses revealed (SearchSecurity.com)
Column: Security Blog Log: Surprise! IE 7 beta has a flaw (SearchSecurity.com)
Column: Security Blog Log: A week of vulnerabilities (SearchSecurity.com)
Column: Security Blog Log: Nash, still at helm, addresses IE fixes (SearchSecurity.com)
Column: Security Bytes: New IE flaw could enable phishing attacks (SearchSecurity.com)
Column: Inside MSRC: Microsoft details IE ActiveX update (SearchSecurity.com)
Column: Inside MSRC: ActiveX change goes permanent (SearchSecurity.com)
Column: IE 7 arrives, but does anyone care? (SearchSecurity.com)
Expert advice: Checking your default Internet browser (SearchWindowsSecurity.com)
Expert advice: Adjusting security settings in Internet Explorer 6.0 (SearchWindowsSecurity.com)
Expert advice: Run a secure IE6 after downgrading from IE7 (SearchWindowsSecurity.com)
Technical tip: Importing restricted sites into IE (SearchWindowsSecurity.com)
Technical tip: Optimizing Internet Explorer security settings (SearchWindowsSecurity.com)
Technical tip: Internet Explorer 7 adds security (SearchWindowsSecurity.com)
Technical tip: Internet Explorer 7: Browsing and security enhancements (SearchWindowsSecurity.com)
Technical tip: Internet Explorer 7: How it can make your life easier (SearchWindowsSecurity.com)
Technical tip: Ditch IE? (SearchSecurity.com)
Webcast: Exterminating browser parasites
Technical tip: Controlling Web surfing with Content Advisor (SearchWindowsSecurity.com)
Organizations tired of patching their IE browsers may consider migrating to Mozilla Firefox, a popular third-party browser that is generally thought to be more secure than IE. However, Firefox is not immune to attacks, and as the browser increases in popularity, it's likely to become a bigger target for attackers. This section outlines Firefox existing flaws, and compares Firefox's security features against the alternatives..
Article: Firefox still feels the love, despite flaws (SearchSecurity.com)
Article: New security hole in Firefox (SearchSecurity.com)
Article: Firefox 1.5 gets the sniff test (SearchSecurity.com)
Article: Firefox fans unfazed by IE 7 (SearchSecurity.com)
Column: Security Bytes: Exploit code targets older versions of Firefox (SearchSecurity.com)
Column: Security Bytes: Firefox flaw could expose sensitive data (SearchSecurity.com)
Column: Security Blog Log: Burning about Firefox recruitment (SearchSecurity.com)
Column: Security Blog Log: Dissecting Firefox 2.0 (SearchSecurity.com)
Opinion: Firefox security (SearchWindowsSecurity.com)
Review: Test drive: Firefox enhancements make IE look like an 'artifact' (SearchSecurity.com)
Technical tip: Where's the Firefox security button? (SearchSecurity.com)
Technical tip: Is Firefox spyware's next target? (SearchSecurity.com)
Technical tip: The pros and cons of migrating to Firefox (SearchSecurity.com)
Technical tip: How to prevent the risks of client-side caching (SearchSecurity.com)
Technical tip: Fighting browser-based spyware (SearchSecurity.com)
Not satisfied with Firefox or IE? Fear not, there are other third-party options, including Opera or Safari. In this section, review the pros and cons of these two Web browser alternatives and learn what you should expect if you're not using IE or Firefox.
Article: GreyMagic sings about Opera flaw (SearchSecurity.com)
Article: Spoofing flaw in multiple non-Microsoft browsers (SearchSecurity.com)
Article: Upgrading Opera browser prevents two serious vulnerabilities (SearchSecurity.com)
Column: Security Bytes: Turning servers into 'malcode pushers' (SearchSecurity.com)
Column: Security Bytes: Mac patch falls short of expectations (SearchSecurity.com)
Opinion: Browsing for alternatives (SearchSecurity.com)
Technical tip: Blocking spyware via the ActiveX kill bit (SearchSecurity.com)
Technical tip: Opera: Another contender in the browser wars (SearchSecurity.com)
Technical tip: Opera 9: Raising the bar in Web browser war (SearchSecurity.com)
By now, you may be asking "What can I do to fix these flaws?". To begin, on the second Tuesday of every month, Microsoft releases hotfixes for its newest flaws which almost invariably include Internet Explorer patches. This section provides patch management tools and tactics to secure IE, Firefox or your Web browser of choice.
Book chapter: What is patch management (SearchWindowsSecurity.com)
Book chapter: Curing the patch management headache (SearchSecurity.com)
Expert Advice: Are there any patch management products that track the patching process? (SearchSecurity.com)
Expert advice: Patch management techniques (SearchSecurity.com)
Expert advice: Patch deployment timeline (SearchSecurity.com)
Expert advice: Testing a security patch (SearchSecurity.com)
Technical tip: Checklist: Measuring patch management metrics (SearchWindowsSecurity.com)
Technical tip: Upgrading and patching Firefox: Security considerations for administrators (SearchWindowsSecurity.com)
| More security learning resources | |
Introduction to Web browser security
