One of the most frustrating security-related problems we deal with is users who install (or unknowingly end up...
with) all sorts of Web browser toolbars, which at best slow down machines and at worst open the door to malware. Short of installing draconian application whitelisting measures, what’s the easiest (and cheapest) way to keep browser toolbars off of users’ machines?
You are not alone in your frustration at the myriad of browser toolbars that suddenly appear on users’ machines. Many toolbars earn their revenue by delivering targeted advertising to the user, often via pop-up ads. Some change browser settings and monitor and report to their control servers on the sites a user visits, often without the user's knowledge or consent. Also, as attacks against Windows and Internet Explorer are becoming more difficult, hackers are turning to automating attacks against third-party browser plug-ins and other non-Microsoft applications. It’s difficult for firewalls to block browser extensions because they're integrated into the Web browser itself.
Interestingly, Mozilla announced in January 2011 it will be blocking the Skype toolbar add-on, which comes bundled with the Skype client, in all versions of its Firefox browser. Mozilla claims the current version of the Skype Toolbar is one of the top causes of crashes of Mozilla Firefox 3.6.13 and can potentially slow down the rendering of regular webpages.
If your organization uses Internet Explorer, you can use Group Policies to lock down certain IE features to improve performance and security. There are various settings you can configure to restrict which add-ons may be installed or run:
- Allow third-party browser extensions;
- Deny all add-ons unless specifically allowed in the Add-on List;
- Do not allow users to enable or disable add-ons.
To uninstall an existing toolbar from Internet Explorer, you need to use the Add or Remove Programs applet, while in Firefox you need to use the Extensions Manager. Adware toolbars can also be removed by running an adware removal tool such as XoftSpySE Anti-Spyware, which can remove unwanted browser add-ons as well as disable unwanted programs from launching at start-up.
Dig Deeper on Web browser security
Related Q&A from Michael Cobb
Expert Michael Cobb details how to argue for a multistep secure code review process, like Microsoft SDL, and the pros of secure coding practices. Continue Reading
Researchers developed a tool to help prevent improper certificate pinning that causes security issues. Expert Michael Cobb reviews the issue and the ... Continue Reading
Google Project Zero discovered a WPAD attack that could target systems running Windows 10. Expert Michael Cobb explains how the attack works and how ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.