How to Browse the Internet Safely
Learn how to browse the internet safely by following our 6 tips for safe internet usage and personal information protection.
Client-side security (your web browser) and server-side security (the website you’re visiting) are intrinsically linked to one another. As a web development firm it’s our job to ensure that our clients’ websites and web applications are secure by implementing features such as firewalls, DDoS protection, strong passwords, automated backups, and general file integrity checks. However, we also consult our clients’ teams on client-side security best practices and guidelines, as well.
User security is arguably one of the larger attack vectors that is exploited by hackers in any given year. Weak passwords, fishing email attacks, and other social engineering hacks are often the main gateways for hackers to access personal information and exploit online systems and applications. Today I am going to teach you some very simple techniques that will help mitigate online exploits against your personal information, and hopefully by the time you’re done reading this you will feel a bit more empowered and be a lot more safe.
Note: These tips are not a guarantee to safeguard your personal information, and we do not make any claims that by following these tips you will be 100% safe. As with any form of technology or online application, there is always an inherent risk of compromise due to the public-nature of the internet. Please proceed to use these tools and browse the internet at your own risk. And always make offline backups as necessary.
Use a Sandbox or Anti-Exploit Kit
When considering how to browse the internet safely, it’s extremely important that you do so in a “sandbox” of some sort. This is to ensure that any malware you may run across in your browser actually remains enclosed within your browser and does not spread into your entire computer. This is a technique called “sandboxing”, and it refers to the methodology of keeping all application activity enclosed within a protected virtual space called a “sandbox”. Many pen-testers (people who test for vulnerabilities) use sandboxes to conduct studies on malware that they stumble across in the wild.
Let’s say that you hypothetically visit a website which unbeknownst to you had malware on it. Well, normally that malware would come into your browser through an exploit which in turn would infect your entire operating system. However, if you were utilizing sand-boxing capabilities, then the likelihood that the malware would be able to break outside of your internet browser and infect your OS would be quite slim. The idea here is that any malware that you may have accidentally caught in the wild would only exist within the encapsulated sandboxed environment. And then once that sandbox was destroyed, the malware would be destroyed along with it.
If you would like to use an internet browser with built-in sand-boxing capabilities, then the preferable choice would be Google Chrome.
If you would like to use a program that offers sand-boxing capabilities for more than just the web browser, you could look into Sandboxie or Malwarebytes Anti-Exploit Kit. Sandboxie is a program that creates a protected environment around applications, while Malwarebytes Anti-Exploit kit detects common behavioral patterns of malware exploits and attempts to thwart them in real time.
Either way, creating a protected “sandbox” environment for your web browser(s) is a great way of adding an extra layer of armor, as well as keeping any malware contained within a secure private environment and away from your personal documents.
Utilize Browser Privacy Addons
The following browser addons are very useful in conjunction with a sandbox, antivirus program, and VPN to provide stronger web browser based defenses against common attack vectors. We feel that the following web browser addons will help allow you to browse the internet safely, and give you some peace of mind.
HTTPS Everywhere (by Electronic Frontier Foundation) is a plugin that forces websites which utilize SSL (secure socket layer) to make this the preferable connection type. Meaning, when you connect to a website with the prefix “https” (like https://www.imaginemonkey), your connection between that website and your computer is encrypted, and only the two endpoints share the credentials to read the information passed along between them.
Self-Destructing Cookies is another great utility that can automatically delete cookies saved in your history after a specific time-frame, as well as delete cookies from websites which you did not actually visit yourself (known as 3rd party cookies). Cookies are files generated by websites which store personal information about you and your account that is then saved on your computer. Cookies can help websites remember search history about you, store your passwords for faster login-access, and also track your movements online to help tailor advertisement patterns.
Ublock Origin is a nifty adblocking program which has an open-source filter list for protection against common malware infected advertisement networks. Just last year some very big named websites were infected with a cryptolocker variant due to a malvertising campaign which targeted popular advertising networks.
Privacy Badger blocks spying ads and invisible trackers and has been released by the EFF (Electronic Frontier Foundation) as a free addon for Mozilla Firefox and Google Chrome.
Use a VPN (Virtual Private Network)
The internet is a public place, meaning that your private computer is connecting to public networks and accessing information over a public infrastructure. A VPN (virtual private network) can be thought of as a secured tunnel from your computer to your ISP and finally to the destination (website) that you are trying to access. All of the information enclosed within this connection from your computer to the end-point is encrypted – meaning that anyone playing a Man-In-The-Middle attack (snooping into the connection) would only see scrambled bits of information. Without a VPN, all of the data that you transmit from your computer, smartphone or tablet is sent in plain text over the wire.
By utilizing a VPN service, you basically become a part of a private network of connections which mask your traffic, your IP address and your personal information from public hotspots, websites and anyone snooping over the wire onto your traffic. Many large corporations and institutions utilize VPN services as a way to securely transmit data from multiple end-points. The following services are some of the more popular solutions, but are not endorsed or affiliated with Imagine Monkey, Inc in any way.
Use an Antivirus and or Malware Scanner
Most certainty, one of the most important aspects to online security is the use of an antivirus program in conjunction with a malware scanner like Malwarebytes. While Windows does do a great job of detecting and quarantining malware with its built-in “Windows Defender” platform, it still may not be a bad idea to utilize a 3rd party solution in case you’d like a bit more control over your scanning, filter preferences, and virus quarantine chest. The following services are some of the more popular solutions, but are not endorsed or affiliated with Imagine Monkey, Inc in any way.
Use a Password Manager
According to Fortune Magazine, an analysis of the worst passwords of 2015 included a 2nd place winner as being “password”, with other finalists in the running being “football”, “baseball” and “princess”. I suppose you can’t blame people these days, what with every single application and website requesting some variation of a password, most people just cannot be bothered to remember a complicated string of numbers and letters. Luckily, however, there is a solution!
Enter, the password manager. A simple, lightweight utility that allows you to generate random passwords and save entries into a local encrypted file directly on your computer. This way, if one account becomes compromised and your password is linked to your email, then those hackers wouldn’t be able to infiltrate other services you used because you would be generating randomly complex passwords for each account that you have.
For more information on password managers, be sure to checkout:
Update Your Software/Programs/Applications
As a user, “software update” notifications may be pretty annoying to you, but as developers these are very important updates and patches that we send out when we find bugs or holes in our software which could potentially be exploited. This is why one of the most important tips that you should keep in mind is to always keep the software on your computer, tablet and phone up-to-date and current. I would say that outdated software and social engineering are generally neck-and-neck attack vectors for hackers to target users online. So, if you have an outdated copy of Firefox, or if Windows has been nagging you to install some patches, it’s always a great idea to keep those software applications as up-to-date as you possibly can.
While none of us can fully protect ourselves 100% of the time every time, at least be mindful of the fact that each time you visit a website or enter in personal information to a website, you are putting your trust into a number of systems – any of which can be used against you to steal your personal information or to compromise your computer. This is why diligence, common sense, and a few simple steps to protect yourself can go a long way in browsing the internet safely.
For further reading on how to browse the internet safely, please refer to the following article:
For more information on the vast library of open-source browser addons for Mozilla Firefox, please visit:
Featured image credit goes to: www.perspecsys.com