Step 4 - Secure Your Browser and Email Programs.

Step 4 - Secure Your Browser and Email Programs. Step 4 - Secure Your Browser and Email Programs.

   This step covers everything you can do secure your browser and email programs while keeping them functional and flexible. However, before we begin this step, I strongly, STRONGLY advise you to download and use another browser or email program if you currently use Microsoft Internet Explorer or Outlook. It would be easy to fill a book why. There are literally hundreds of security flaws in these two programs that can allow sites to load malicious code, like spyware or viruses, on your system or to track you about the Internet even with protective software. And many do just that. To make matters worse, many of these flaws are still unfixed, new ones are discovered daily, and, to top it off, some of these flaws are considered "features" by Microsoft, and so never will be patched. Let me take a few minutes to explain this a little.
   It cannot be overstated enough that these two products are responsible for a large percentage of, if not the vast majority of, privacy and security problems users like you face. In other words, you probably have no idea how many threats to your online security would be reduced or eliminated if you just stopped using these two programs. The technical details why are partly covered elsewhere on this site, but basically it part of the blame for the insecurity of IE/OE goes to Microsoft and part goes to the popularity of these programs.
   Microsoft deserves major blame, in part, because they loaded them with features, seemingly not giving much thought to the possibility that people can exploit these features for malicious purposes. (Remember this golden rule of security: "Feature" equals "Exploit"). Nor did Microsoft put any respectable security in with such features. For example, MSIE is set up to automatically download ActiveX controls. An ActiveX control is a piece of executable code that can be downloaded from a website, an email, or whatever, and is then run, supposedly to 'enhance your web-surfing experience.' Now, think about this for a second... why would you want some strange website downloading and running code on your computer to do whatever it wants? How do you know it's not spyware, a virus, or what have you? Unfortunately, most modern spyware and viruses work just this way because it's an easy way to get malicious code onto your system, and it can beat most kinds of firewalls like Zone Alarm. Usually, such malicious code comes disguised as a "browser toolbar". If you've ever had a strange toolbar suddenly appear in your browser, you've probably been the victim of this lovely "feature".
   At any rate, this is not to say that other browsers and email programs are totally bulletproof, but they are much safer compared to Microsoft's products. Plus, with the setup and securing instructions given below, they can be made even better.
   In fairness, part of the blame for MSIE's and MSOE's problems are also due to their immense popularity: since they come with Windows, they are on every Windows computer. Not to mention Microsoft makes these products for MacIntosh and users of other operating systems as well. Obviously, being the more popular, it's the software that hackers, crackers, virus, and spyware authors are going to target the most heavily for exploitation.
   I will, at some point, set up some Proof-of-Concept examples to show you just how scary Internet Explorer and Outlook are. In the meantime, I hope you understand how extremely dangerous MSIE and Outlook are. There are links to several security sites on the Resources page documenting these flaws, but they only scratch the surface of these problems, and they do not even cover the danger of the intentionally-made "features" of these products.
   Anyway, there are two browsers I currently have experience with and recommend highly, with explanations:
Mozilla is an excellent browser which also has email and a newsgroup reader. It is the best choice for you if you want a browser with no headaches. Netscape's line of browsers are actually based on Mozilla, but are nearly identical besides Netscape's brand name (and, in some cases, some alleged spyware included with the Netscape products -- Mozilla is safe though.) I've found the newer versions of Netscape to be painstakingly slow, but Mozilla is nice, fast, and easy. The only gripe I have is that it can sometimes take a second or two to open up to your Bookmarks (the equivalent of "Favorites" in Internet Explorer or AOL). Not a big deal, though. Mozilla also has a good email program and a half-decent newsreader built-in. Here are some links for extra info on Mozilla.

Opera bills itself as the fastest browser available, and it lives up to that claim. Unless you get the paid version of it, it serves you advertisements in the top-right, although DNSKong and Kerio will block the ads. Surprisingly, this can actually be a good thing: some trojans and viruses are known to kill the firewall. Seeing ads suddenly pop up in that window could be the first (and only) warning that your firewall is not running. To Opera's credit, they make no attempt to collect personal information from you and you have to know to where to go within the program if you want to. I strongly recommend not filling out any personal info. With that said, it's got some nice features. The built-in "mouse gestures" make navigating much easier than with other browsers (Mozilla can have them too with an optional plug-in, which, as far as I know, does not contain any spyware. But Opera has "mouse gestures" built right in). It is also a very "clean-feeling" browser. If you currently use Microsoft Internet Explorer, you probably will get adjusted to the look of Opera easily. Opera also has the ability to send/read email and newsgroups. And, once again, it is FAST! You can also get a no-Java version if you don't need Java.

Firefox is a top-notch browser that is almost as fast as Opera (and much faster than Internet Explorer!), yet Firefox is still a "Netscape-type" browser, so you won't have to worry much about compatibility issues. Although the privacy controls aren't quite as complete and convenient as Opera's, they're still pretty effective.

   Mozilla, Opera, and Firefox offer excellent cookie-control features, although I still recommend going through the steps on the Cookie-control page, later on.

   I will, at some point, evaluate and possibly include other browsers like K-Meleon. However, these are the three best modern, full-featured browsers on the market, in my experience. I have used Netscape 6+. It is, in my opinion, identical to Mozilla but bloated and slow, which is why I do not recommend it.

Click for a listing of some good email and newsreaders to replace Internet Explorer and Outlook. Most of these are much more user-friendly than the Microsoft products aside from being more secure.

   Again, it can't be stressed enough that switching to another browser and email program and giving IE/OE the heave-ho will do wonders for your security.

Setting up and Securing your Browser and Email Programs:

   Before we begin, there is an important thing you need to know: even if you don't or will stop using Internet Explorer and Outlook, follow the instructions for securing them anyway because some of their settings also apply throughout your whole computer. This is especially true for AOL users because IE settings controls AOL's security.
   Here, you will learn how to control cookies, disable JavaScript and spammer-friendly images in email and newsgroups, and reduce your vulnerability to worms and viruses.
   P.S. If you did download another browser as I recommended above, you may have to repeat the setup instructions in Step 3, the Proxomitron page, to make Proxomitron work. Don't worry, that's easy. All these instructions assume that the appropriate browser or email program is running.
   Ready? Let's do some securing!

For Internet Explorer 4 and above:

(Note: For a full explanation of Internet Explorer's poorly-documented Security and Advanced menus, and the security implications of each option, click here.

1. Click Tools in Internet Explorer then click Internet Options. (Alternatively, go into Internet Options by clicking Start, then Settings, then Control Panel and then Internet Options.)
2. You should be looking at the General tab. Click Delete or empty on your Temporary files. Also do this for your cookies unless you are sure you need to keep them. For a picture of what this looks like, click here.
3. At the History item, set this to 1 (one day.)
4. Click the tab along the top called Security.
5. Make sure the zone called Internet is highlighted. It looks like a globe. For a picture, click here.
6. Select Custom Settings.
7. In the Custom Settings menu, click Disable on anything mentioning ActiveX. Also set the settings regarding "paste" or "pasting" to Disable and set the item called Submit nonencrypted form data to either Disable or Prompt.
8. Set the item called Software Channel Permissions to High.
9. Select Disable for the item Allow sites to set permanent cookies. (IE 5 and 6 users: use the Privacy tab along the top, then click the Advanced button, and select Allow all First party cookies and Do not allow third party cookies. Make sure to uncheck the box called Always allow session cookies.) Click Ok.
10. Back in the Security menu, select LAN or Intranet. It has different names depending on the version of IE you have but they all mean the same thing.
11. Repeat items 7 through 10.
12. Again, you will be back in the security menu. This time, select Restricted and then, of course, Custom Settings. Make sure everything is disabled. In IE version 5 and above, you can simply select HIGH security from the box and click Reset.
13. If there are any sites which you want to allow to download ActiveX onto your machine (I think Yahoo Games uses them) then click the Trusted Sites field and click the button called Sites... Add in the names of any sites you want to allow. It is stongly recommended that all users enter the following into the Trusted Sites zone: *.windowsupdate.microsoft.com and lcick Add. You may have to uncheck the box called Require Server Verification (https).
14. Next, click the item along the top called Advanced.
15. Disable the item called Enable Install-On-Demand. You can also disable the feature called Automatically check for Internet Explorer updates if you want.
16. If plan on using Proxomitron from Step 3 and have already set IE up to use it, you can click Apply then Ok and move on to Step 5. If not, click the Connections tab.
17. From the tab at the top called Connections, select either the LAN Settings button (if you use a hi-speed connection) which is towards the bottom of this menu, you can use the Settings button near the top if you use a regular modem to connect to the Internet. You can do this for both if you want.
18. Check the box called Use A Proxy Server.
19. Click the Advanced button.
20. Where it says HTTP, put the word localhost in the left-most box, and in the right-most box (called Ports) put 8080. Also enter these same items under Secured if you set Proxomitron up to filter Secured pages.
21. Click Apply then Ok when done.

Netscape 4.79 and below:

1. Click on Edit.
2. Click Preferences.
3. You will be looking under the item called Navigator. Look to the right.
4. Where it says History, set this to 1. (Keeps history for one day at most.)
5. If you like, you can enter a new home page here. Enter the full address. Where it says Navigator Starts With, make sure you have Home Page selected.
6. You might have to click the little plus (+) sign next to the menu item called Navigator to reveal more options. Select Smart Browsing.
7. Uncheck "Enable What's Related".
8. Now, click the menu called Advanced.
9. On the right, uncheck the item called Enable JavaScript for Mail & News. Also make sure the item called Send email address as anonymous FTP password is unchecked.
10. Under Cookies, select the button called Only accept cookies that get sent back to the originating server.
11. Click the plus (+) sign next to the Advanced menu to reveal more items.
12. Select Cache.
13. Click the Clear Memory Cache and Clear Disk Cache buttons. Also, enter into the box called Disk Cache the number zero. Also enter this into Memory Cache if you want better privacy protection.
14. Skip to Step 17 if you already set up Proxomitron from Step 3. If you plan on using Proxomitron but didn't set it up for Netscape 4 on the Proxomitron page, click the button called Manual Proxy.
15. Click View.
16. On the menu that opens, in the item called HTTP enter
localhost in the left box and 8080 in the right box, the one called Ports. If you want to be able to allow Proxomitron to filter malicious stuff out of SSL (Secure) pages, also enter this info under the field labelled SSL. Make sure you have set Proxomitron to do this using the Instructions on the Proxomitron page. Then click Okay.
17. Select SmartUpdate from the menu options at left.
18. Uncheck the box called Enable SmartUpdate. Make sure the box called Require manual confirmation of each install is checked.
19. You are done.

For Mozilla and Netscape 6 and above:
1. Click on Edit.
2. Click Preferences.
3. You will be looking under the item called Navigator. Look to the right.
4. If you like you, can enter a new home page here. Enter the full address. Make where it says Navigator Starts With, make sure you have Home Page selected.
5. Where it says History along the menu tree along the left, select History. In the History menu, enter 1 in the Browsing history box. (Keeps history for one day at most.)
6. Click the little plus (+) sign next to the item called Privacy & Security along left to bring up that menu and select Cookies.
7. Check Enable cookies for the originating website only.
8. Check the box called Disable cookies in Mail & Newsgroups if it's not already checked.
9. Unless you need to keep cookies to log into webmail and shopping sites, check the button called Limit Maximum lifetime of cookies to: and then check the button called Current session. This will cause Mozilla/Netscape to automatically delete any stored cookies when you close the browser.
10. Click the menu called Images, and make sure the box at right called Do not load remote images in Mail & Newsgroups is checked.
11. For maximum privacy and security, you also might want to click the radio button called Accept images that come from the originating server only. This is an excellent and powerful privacy protection feature, but it may cause some websites to display incorrectly.
12. Select the Forms menu.
13. Uncheck Save form data from web pages when completing forms. This is a dangerous feature to leave on.
14. Click the Passwords menu. Unless you absolutely need it, make sure the box called Remember passwords is unchecked.
15. Click the Advanced menu. Make sure Send this email as anonymous FTP password is blank unless you require otherwise.
16. Click the plus sign next to Advanced to show more menus and select Scripts & Plugins.
17. Uncheck Enable JavaScript for Mail & Newsgroups. This is critical. Also uncheck Enable Plugins for Mail & Newsgroups unless otherwise necessary.
18. In the box called Allow Scripts to:, uncheck hide status bar. If you will not be using Proxomitron, also uncheck Open unrequested windows (pop-ups).
19. Next, select the menu called Cache.
20. Click the Clear Memory Cache and Clear Disk Cache buttons. Also, enter into the boxes called Memory Cache the number zero. For best privacy protection, also set Disk Cache to zero.
21. If you already set up Mozilla/Netscape 6+ to use Proxomitron onthe Proxomitron page, you can skip to item 24. Otherwise, if you plan to use it, select the menu item at left called Networks.
22. Select the button called Manual Proxy Configuration.
23. Under HTTP Proxy, put localhost (left box) and under Ports (right box) put 8080. If you want to filter out malicious code from SSL (Secured) pages, also enter this info into the line called SSL Proxy.
24. Finally, select the menu item called Software Installation. Unless you really want Mozilla/Netscape to do automatic installations, uncheck Enable software update.
25. Click Ok when done. Proceed to the next page unless you have another browser you want to set up.

For Opera 5 and above:

1. Click File, then Preferences. (Make sure you do not select Quick Preferences!
2. Under the Personal Information menu (may not be in Opera 7 and above) make sure everything is blank.
3. In the Advertising menu, make sure everything is set to Unspecified.
4. Click the Network menu.
5. If you already set up Proxomitron on the Proxomitron page, skip to item 7. Otherwise, click the button called Proxy servers.
6. Check the box next to HTTP. In the left box, put localhost and in the right box (Port) put 8080. If you want Proxomitron to filtered malicious code from SSL (Secured) webpages, also enter this info in the line called HTTPS. Click Ok then, when back in the main menu, click Apply.
7. Select the History & Cache menu.
8. Hit the two clear buttons and the Empty Now button.
9. If you want to disable Opera's cache (which will reduce it's speed -- the cache is why Opera lives up to the claim of being so fast) then set the History and the Disk Cache boxes all to zero.
10. Select the menu called Privacy & Security.
11. Under Cookies, select in the top pick-list Automatically accept all cookies.
12. In the lower box, select Do not accept third-party cookies.
13. Below the cookies menus, make sure Throw away new cookies on exit and Display warning for illegal path are checked. Only uncheck the former if you absolutely want cookies.
14. Under Privacy in this menu, uncheck Enable referrer logging and Use cookies to trace password protected pages. Disabling Automatic redirection by unchecking it is a very powerful privacy-protection tool, but it can be annoying to use on some sites.
15. Click Apply. Then click Ok. You're all done securing Opera. I'm going to show you a really neat privacy-protection feature of Opera, but don't use it now. Click File, then select Delete Private Data. Check everything except Clear history of transferred files. If you plan on using Opera for email too, check Clear all e-mail account passwords. Normally, if you clicked Ok (don't do that now, or you will exit the browser!), the browser would close down and delete all potentially sensitive data it stored. You would normally want to exit the browser this way. Now that you've seen how to use this feature, click Cancel.

Outlook (all versions):

1. Click Tools.
2. Click Options.
3. Select the tab called Read. Check the box called Read all messages in plain text.
4. Select the Security tab.
5. Check the button called Restricted Sites Zone. (Note: if you use Outlook for email, you must follow the security procedures for Internet Explorer, above, even if you do not use Internet Explorer!
6. Make sure the box called Do not allow attachments which potentially may be a virus is checked.
7. Click Apply then Ok. Continue configuration of other email clients if you use them.

Eudora 5 and above email client:

1. Click Tools.
2. Select Options at the bottom.
3. Select Display.
4. Uncheck the box at right called Automatically download HTML graphics.
5. Under Viewing Mail, uncheck Use Microsoft's Viewer and make sure Allow executables in HTML content is unchecked.
6. Find the item along the left called Automation.
7. Uncheck Automation enabled from the machine if it isn't already. Only allow this to be checked if you are in a network environment which requires it.
8. Scroll down to Extra Warnings and make sure that the two items pertaining to Launch a program are checked.
9. Click Ok when done and move on.

Pegasus Email Client:

1. Click Tools.
2. Click Preferences.
3. Find the menu item called Hyperlinks and select it.
4. On the right, if you use Internet Explorer as your browser, check the box Use the non-standard URLs expected by Internet Explorer.
5. Click to select the menu above this, called Content Viewers.
6. Click Add.
7. In the menu that pops up, select 'Attachment-Type information'.
8. Select from the pick-list Visual Basic. Now click the button on the lower half of the menu called Do not run any application, and issue no warning (fail silently). Click Ok.
9. Repeat items 6 through 8 for the following items in the pick-list: Program-Source, Gif Image, JPEG Image, PCEXE. You may not have all these.
10. Repeat items 6 through 8, this time selecting the Filename extension button. In the matches this: box, put EXE, DLL, JS, XML.
11. Click Apply then Ok when done. Move on to the next Step.

Click here to go back to Step 3.                                              Click here to go on to Step 5.
In case you get lost, this page is located at http://www.oocities.org/yosponge/browser.html