Securing Firefox

How to avoid hacker attacks on Mozilla’s Firefox browser

Constant security problems with Microsoft’s Internet Explorer browser helped pave the way for Mozilla Firefox to emerge as an alternative browser for surfers.

However, Firefox users should be aware that hackers can exploit software flaws and design features to launch attacks.

The following configuration changes can disable various features and set up the browser to run in a secure state, limiting the damage from malware attacks.

To get started, select Tools, then Options.

In the General tab, you can manually set your home page and check to ensure Firefox is your default browser.

In the Privacy tab, select the Cookies sub-category. Here you can disable cookies or change your preferences for how the browser handles them. It is recommended that you enable cookies for the original site only. Also, by enabling the option ‘unless I have removed cookies set by the site’, a website can be “blacklisted” from setting cookies when its cookies are removed manually.
It is recommended that you do not use the Firefox feature to store passwords. If you decide to use the feature, be sure to use the measures available to protect the password data on your computer. Under Firefox’s Privacy category, the Passwords subcategory contains various options to manage stored passwords, and a Master Password feature to encrypt the data on your system. Use this option only if you decide to let Firefox manage your passwords.
Alternatively use Clipperz or RoboForm.

From the Content category, you can configure Firefox to block pop-ups and warn when websites try to install extensions or themes.

You should also Disable Java unless required by the site you wish to visit. You should determine if this site is trustworthy and whether you want to enable Java to view the site’s content.
Click on “Advanced” to disable specific JavaScript features.
It is recommended that you disable all of the options displayed in this dialog.

Firefox’s Downloads tab offers the option to change actions taken when files are downloading. Any time a file type is configured to open automatically with an associated application, this can make the browser more dangerous to use.

Vulnerabilities in these associated applications can be exploited more easily when they are configured to open automatically. Click the View & Edit Actions button to view the current download settings and modify them if necessary.

The Download Actions dialog shows the file types and the actions the browser will perform when it encounters a given file type. For any file type listed, click on either Remove Action or Change Action.

If you click on Change Action, select Save them on my computer to save files of that type to the computer. This helps prevent automated exploitation of vulnerabilities that may exist in these applications. Also scan them with an Anti-Virus program before executing them.

Firefox includes a feature to Clear Private Data to give users the option to remove potentially sensitive information from the web browser. Click on Tools, then Save Private data to find the settings (Ctrl+Shift+Del)

This is where you can configure Firefox to remove potentially sensitive data from the browser.
Place checkmark in the following boxes:
Browsing History
Saved Form Information
Cookies
Cache
Authenticated Sessions
Ask me before clearing private data.

CCleaner - clear your browsing history safely

I have covered this previously, but have added some new
information to this.

CCleaner is a freeware system optimization and privacy
tool. It removes unused files from your system - allowing
Windows to run faster and freeing up valuable hard disk
space by automatically cleaning the cache when run. It also
cleans traces of your online activities such as your
Internet history. It also only takes a few seconds to run
and remove these unwanted files from your pc.

There have been over 55 million downloads of this program

http://www.filehippo.com/download_ccleaner/

Internet Explorer
Temporary files, URL history, cookies, Autocomplete form
history, index.dat.

Firefox
Temporary files, URL history, cookies, download history.

Opera
Temporary files, URL history, cookies.

Windows
Recycle Bin, Recent Documents, Temporary files and Log
files.

Registry cleaner
Advanced features to remove unused and old entries,
including File Extensions, ActiveX Controls, ClassIDs,
ProgIDs, Uninstallers, Shared DLLs, Fonts, Help Files,
Application Paths, Icons, Invalid Shortcuts and more…
also comes with a comprehensive backup feature

Third-party applications
Removes temp files and recent file lists (MRUs) from many
apps including Media Player, eMule, Kazaa, Google Toolbar,
Netscape, MS Office, Nero, Adobe Acrobat, WinRAR, WinAce,
WinZip and many more…

This software does NOT contain any Spyware, Adware or
Viruses.

I set mine up as follows:
Click on the Cleaner Tab on the left and under Windows I
tick all boxes in Internet Explorer, Windows Explorer and
System. Under Advanced tick only the first 2 boxes. Then
click on the Applications tab and tick all.

Issues tab:
Unless you are competent at dealing with the registry then
leave this one alone and DO NOT run it.

If you wish to run the Issues to clean the Registry, carry
out the following first:

Backup your Registry. Go to Start, Run and type in regedit
click on OK and the Registry Editor will then open. Go to
the top Tabs and click on File, scroll down until you see
Export, left click it and this will open Export Registry File
window. Save this file to your desktop and in the File Name
box enter Registry Backup File.
Click on Save and it should now be on your desktop.
Verify the file is a good copy, in the Registry Editor
window click on File, select Import, in new panel where it
says ‘Look in’ select desktop and then click on your saved
file then click ‘Open’. Once it says it has been read in
successfully, you have a good backup.
Now if you find that some programs are no longer running
in the way that they should, restore your Registry as detailed
above. CCleaner will also create backup copies of your Registry
and I suggest that if you do choose to run the Registry Issues
untick all of the boxes and tick one box at a time and run each
one separately.

Tools tab:
Here you will find a list of Uninstall options to remove
programs from your pc, use with caution. I prefer to use
the Add/Remove function or the programs own uninstaller.

Startup:
Lists all programs that are set to run when you boot up,
if you are unsure about deleting any of these then leave it
as it is.

Options tab:
Settings - Choose your language, untick Run CCleaner when
the computer starts, tick the next 3 boxes, then look at
the Secure Deletion, tick the radio button ‘Secure file
deletion (Slower) and set it to NSA (7 passes)

Cookies - entirely up to the individual, but I don’t save
any cookies.

Custom - You can drag and drop files or folders into the
window or browse for them and on the next run they will be
securely deleted.

Advanced - Untick boxes 1-3 tick all others.

Finally click on the Cleaner tab on the left and you have
the option to Analyze or Run Cleaner. When you are
comfortable using this program you won’t use Analyze, but
initially do use it to see what can be deleted and the
approximate size of files to be deleted.

Important
This will remove any saved passwords and usernames that
you have, so make sure that you have a copy of them all
before proceeding to clean.

http://www.filehippo.com/download_ccleaner/

Windows Media Player tutorial:

http://www.a1-ebooks.co.uk/tutorials/CCleanerSetup.wmv

Open a text document, enter the URL, username and
password, save this to floppy, external drive or print it
off. Do NOT save this text file to your hard drive.

There is an excellent program for saving your passwords
etc available from http://www.roboform.com/
I will cover this in more detail another time.

As always, back-up your system or create a restore point
before making any changes.

To your safety and security online
cotojo

MRU-Blaster Guide

MRU-Blaster is a program that does one large task - detect and clean the MRU (most recently used) lists on your computer.

This program is Freeware, although donations are accepted

goto: http://www.javacoolsoftware.com/mrublaster.html

Download this program, I suggest that you place a NewFolder on your Desktop and rename it 'Downloads'. You can then download the various programs that I pass on to you in one central location, and always make back up copies.

The additional plug-ins are described below and allow you to clean out your Temporary Internet Files and Cookies. MRU-Blaster enhances the protection of your privacy!

MRU-Blaster setup: Take care setting this up.

When installed go to Settings and tick boxes1,3,4,6,7,8,9, & 10 on the left hand side.
Tick boxes 3,5,6, 7 & 8 on right hand side, then Save Setting.

Click on 'Go To Plugins' then click cookie blaster. Do not save any cookies as they are used to monitor your internet activity.

Click on 'IE Temporary Internet File Cleaner', tick EnableSecure Deletion of Files and click radio button 'Specify a custom number of passes and set to 7. Then save Settings & Run Now.
Using this program frequently only takes a few seconds and removes traces of the Most Recently Used (MRU) lists on your PC. These lists contain details of the name/locations of the files you have accessed. Traces of these are left scattered through your registry and unless removed are there for all to find.

One very important thing - do NOT save your passwords on your hard drive and do NOT tick the boxes asking to remember your login details.
Open any text document and type in the URL, Username and Password for each site that you have a password for, save this to either a floppy disc, flash drive, or other removable media, Do NOT save this text file on your hard drive।

I will cover another program for using secure passwords in the near future.

goto: http://www.javacoolsoftware.com/mrublaster.html

Safe surfing everyone
cotojo

Securing Your Browser

Securing Your Browser
The way that your Web browser is configured provides a
front line to secure Web surfing. Though many of the
security features that relate to your browser are described
in other tutorials, these tutorials step you through a
complete assessment of your browser's security settings.

Important Note:
Make sure you back-up your system or create a Restore
Point before making any changes

Checking IE Connection Types

Step 1: Open Internet Options
Many of the security features of the Internet Explorer
browser can be set from the Internet Options window. To
open the Internet Options window, click on Tools, Internet
Options from the Internet Explorer window.

Step 2: Select Advanced Tab
The different types of secure connections that can be used
with Internet Explorer are configured on the Advanced tab
of the Internet Options window. Click on the Advanced tab,
then scroll down to the Security heading.

Step 3: Check Fortezza Connections
On the Internet Options, Advanced tab, if the Use Fortezza
box is checked it means that Internet Explorer is
configured to allow secure connections to Web sites that
support Fortezza cryptography connections. Fortezza is used
by the U.S. Department of Defense a Fortezza Crypto Card
reader, a Fortezza Crypto Card, and related software
drivers. Needless to say, this is a rather specialized type
of connection, though it doesn't hurt to have it turned on.

Step 4: Check PCT Connections
The Private Communications Technology (PCT) protocol is
developed by Microsoft to provide secure connections to
sites that support that protocol. SSL is much more widely
used than PCT, so there is generally no reason to select
this protocol. Click on the Use PCT 1.0 box if you want to
allow secure PCT connections from Internet Explorer.

Step 5: Check SSL Connections
Because most secure connections on the Web rely on Secure
Socket Layer (SSL) protocols, you should select both Use
SSL 2.0 and Use SSL 3.0 options on the Advanced tab of the
Internet Options window. SSL was a protocol that was
developed by Netscape Communications.

Step 6: Check TLS Connections
The Transport Layer Security protocol is an open standard
that is much like the SSL protocol. To allow connections
using TLS, click on the Use TLS 1.0 button.

Step 7: Apply Changes
After you have selected the secure connection types that
your browser supports, click on the Apply button to have
the changes applied to your browser.

Checking IE Cache Settings

Step 1: Open Internet Options
As you browse the Web, your browser will typically store
the pages you have visited on your hard disk. This can
speed up your browsing by having data ready immediately
when you step backward and forward among the pages you
visit. The potential security risk is that if others are
using your browser they may be able to see the stored
content later. You can clear stored pages by setting an
option on the Internet Options page. From IE, click on
Tools, Internet Options.

Step 2: Select Advanced Tab
Options for deleting stored Web surfing content in
Internet Explorer are configured on the Advanced tab of the
Internet Options window. Click on the Advanced tab, then
scroll down to the Security heading

Step 3: Check Save Encrypted Pages
Presumably, data that has been encrypted during
communication between your browser and a Web site will tend
to be more sensitive. For example, data is encrypted during
online shopping and other financial transactions. To
prevent any encrypted data from being saved to your disk,
select the "Do not save encrypted pages to disk" check box
on the Advanced tab of the Internet Options window.

Step 4: Check Empty Temporary Files
You can have all the Web content that is temporarily
stored on your hard disk be removed when you close your
browser. Click on the "Empty Temporary Internet Files
folder when browser is closed" check box to enable that
feature.

Step 5: Apply Changes
After you have selected the secure connection types that
your browser supports, click on the Apply button to have
the changes applied to your browser.

Setting IE Security Zones

Step 1: Open Internet Options
Internet Explorer allows you to set groups of Web sites to
have similar levels of security. These groups are referred
to as "Web Content Zones." You can set up these content
zones from the Internet Options page. From IE, click on
Tools, Internet Options.

Step 2: Select Security Tab
Options for setting content zones in Internet Explorer are
configured on the Security tab of the Internet Options
window. Click on the Security tab to begin setting these
options.

Step 3: Select Web Content Zone
There are four pre-defined Web content zones: Local
Intranet (for sites within your organization), Trusted
Sites (for sites you know are secure), Restricted sites
(for sites that are not secure) and Internet (for all other
Web sites). Click on one of those sites to set the level
and define the sites for that zone.

Step 4: Select a Security Level
Click on the slider bar on the Security tab to set the
security level for zone you have selected. You can set the
security zone to Low, Medium-low, Medium, or High. Each
level is described when you select that level on the slider
bar. If you try to change to a less secure level than the
default for the zone, you will be warned.

Step 5: Customize Security Level
If you want to fine tune any of the four preset security
levels, you can do so by clicking on the Custom Level
button. The Security Settings window appears. From that
window, you can select how different types of content are
handled (such as ActiveX controls, plug-ins, cookies, file
downloads, Java, etc.) when you try to download or start
that type of content. Click on OK when you are satisfied
with your settings.

Step 6: Apply Changes
Click on the Apply button to apply the changes you made to
the Web content zones.

Enabling Content in Netscape

Step 1: Open Preferences
Some types of content can pose a potential security risk
as you browse the Web. You can allow or disallow certain
types of content from the Netscape Preferences window. To
access this window, click on Edit, Preferences from the
Netscape window.

Step 2: Select Advanced Preferences
From the Preferences window, click on the Advanced title
in the left column. Preferences that relate to the kinds of
content that can be displayed in Netscape and the ways that
cookies may (or may not) be accepted are displayed

Step 3: Allow Java/JavaScript
By default, Java applets (small programs) and JavaScripts
(a series of commands) run in your browser when they are
encountered on the Web. Because these scripts can pose some
small security threat (and can also slow your browser), you
can choose to disallow these types of programs. Click on
the associated check boxes to turn off those features.
(Warning: some Web sites will not work with Java disabled.)

Step 4: Enabling Cookies
Cookies are small files that a Web site stores on your
hard disk so it can identify you (and possibly your
personal information) the next time you visit the site.
Some people dislike Web sites knowing too much about them
and choose to turn cookies off (click on Disable Cookies).
Rather than accept all cookies, however, you can limit a
cookie's use to the originating server or to be warned
before a cookie is accepted. (Warning: some sites won't
work with cookies off.)

Step 5: Applying Changes
Once you have changed the setting the way you want, click
on OK to have the changes take effect.

Setting Netscape Security

Step 1: Open the Security Window
From the Netscape window, you can open a Security Info
window to find security information about the current Web
page. It can also be used to define how Netscape behaves
when it encounters potentially insecure situations. To open
the Security Info window from Netscape, click on the
Security icon in the toolbar (it looks like a small padlock).

Step 2: Verify Web Page Security
When the Security Info page first appears, it tells you
two pieces of information about the current Web page. First
it tells you weather or not the page was encrypted and
second it verifies the Web address of the page you have
opened. To view details about the page, click on the Open
Page Info button.

Step 3: View Page Information
When the Page Info page appears, you can view detailed
security information relating to the current Web page. If
it is a secure Web page, you can see the type of security
that is used with the page and who owns the certificate
that verifies the authenticity of the page. When you are
done viewing this information, close the page by clicking
on the X in the upper right corner of the window.

Step 4: Set Security Warnings
If you are about to enter information about yourself into
a Web site, you probably want to make sure that the site is
secure. From the Security Info page, you can set Netscape
to warn when you enter or leave a secure site, as well as
when you view a page with some encrypted data or send
unencrypted information. (These features are on by
default.) To check these settings, click on Navigator in
the left column, then check how the values are set.

Step 5: Apply Changes
To apply any changes you made to the Security Info page,
click on the OK button.

How many spyware items are infecting your computer?

I just had, by mistake, a plug-in called Intelligent Explorer attach
to my browser. What a nightmare! I have another article on this
topic, but this brings home a point. Spyware or adware items are
continually infecting computers. Most computers have no protection
from them. Most frightening is the frequency of them. From the
InfosecWriters web site, "According to a 2004 survey by America
Online and the National Cyber Security Alliance, 91% of users
questioned were familiar with the term spyware. Only 53% believed
their computers were infected, but a scan found that 80% of their PCs
had some type of spyware installed on them." It goes on to say,
"...The average number of spyware components per computer was 93 with
one computer having well over a thousand."

What is Spyware?

Butte College (www.bctv.butte.edu/support/spyware.html) offers this
definition:

“The term ‘spyware’ is broadly defined as any program that gets into
your computer without permission and hides in the background while it
makes unwanted changes to your user experience.

Spyware is generally not designed to damage your computer. The
damage it does is more a by-product of its main mission, which is to
serve you targeted advertisements or make your browser display
certain sites or search results.

At present, most spyware targets only the Windows operating system
(Internet Explorer).”

To be fair, spyware can be harmless, for example tracking cookies
don’t do much. While such things infringe on your privacy, they don't
really harm anything. Others, however, are extremely dangerous.

So what do you do about it?

No spyware program seems to do everything, but there are a lot of
goods solutions out there that can help. Here is a list of some of
the top Spyware tools to look at:

1) Try Ad-Aware 6.0 Professional from LavaSoft (there is also a free
version with less functionality)

2) Spybot Search & Destroy from PepiMK Software

3) Xoftspy form Pareto Logic

4) Spyware Guard from Javacool Software is a free program

5) Pest Patrol (now part of Computer Associates by acquisition)

6) McAfee Anti-Spyware

One thing is for certain: you do need to take spyware seriously.
For some reason, too many people out there think anti-virus solutions
are the end-all solution. They are not.

And, when all else fails?

Finally, as drastic as it seems, if your computer has been infected
with a large number of spyware programs, the only solution you may
have is backing up your data, and performing a complete reinstall of
the operating system.