How to secure your browser

Even if you recognize and ignore phishing emails, statistically, sooner or later you will visit an infected website. Previous research has shown that 0.45% of all websites are infected (your millage may vary). With all the recent drive-by infections, percentage might have increased. The internet is becoming a bad neighborhood. Email attachments aren't the biggest concern for viruses anymore. It's your browser now. So let's see how to protect ourselves.

Some of my old tips :

• Using the browser as a non-administrator account or within a Sandbox (free tools such as AMUST Defender or Sandboxie)
• Use a host-based firewall that blocks inbound and outbound connections per application.
• Patch your system, not only the operating system and browser, but also plug-ins and non-browser applications. Several tools exist that make this assessment easier. One of these tools is the Secunia Software Inspector
• Disabling JavaScript might be another very effective method to stop attacks. Most attacks we observed did need JavaScript to be enabled. Disabling JavaScript, however, might not be feasible as it would severely impact the functionality of many legitimate web sites. Some tools address this problem by globally disabling JavaScript, but selectively enabling it for certain trusted site. NoScript for the Firefox browser is an example of such a tool.
• Use openDNS as it provides some anti-phishing protection
  
• Don't be mainstream: The tests we conducted show that a simple but effective way to remove yourself as a targeted user is to use a non-mainstream application, such as Opera. As mentioned above, despite the existence of vulnerabilities, this browser didn’t seem to be a target.

Let add the tips from TSSCI security:

CERT has an excellent document on Securing your web browser! They cover IE, Firefox, and Safari — three secure references for the three most popular browsers.

However — as good CERT’s guide is, you won’t want to miss our past blog posts on safe/secure browsing, which are stacking up like hot-cakes:

• 8 Firefox extensions towards safer browsing
• Firefox + httpOnly? While we’re at it
• Client-side attacks: Protecting the most vulnerable
• Protecting the systems - Day 12 ITSM Vulnerability Assessment techniques
• Firefox 3 first impressions
• Security and safe browsing for Firefox

Out of interest, I wanted to have another look at some browser statistics. Diversity is good and Firefox is still my favorite browser. Firefox made some good progress but has stagnated (or stabilized) for the last 6 months. Of course, Firefox 3 might tip the balance a little more. I have tested it and it's rendering is really fast. I haven't switched completely as since it's still a beta. Pick your favorite poison.

2008	IE7	IE6	IE5	Fx	Moz	S	O
March	21.9%	30.1%	1.1%	37.0%	1.1%	2.1%	1.4%
February	21.5%	30.7%	1.3%	36.5%	1.2%	2.0%	1.4%
January	21.2%	32.0%	1.5%	36.4%	1.3%	1.9%	1.4%

2007	IE7	IE6	IE5	Fx	Moz	S	O
December	21.0%	33.2%	1.7%	36.3%	1.4%	1.7%	1.4%
November	20.8%	33.6%	1.6%	36.3%	1.2%	1.8%	1.6%
October	20.7%	34.5%	1.5%	36.0%	1.3%	1.7%	1.6%
September	20.8%	34.9%	1.5%	35.4%	1.2%	1.6%	1.5%