When you're out and about with your
laptop, you probably like to
frequent spots where you know you can score easy access to the
Internet via a
hotspot. When you're outside your own home
network,
though, which you've probably secured with a password against
strangers, you're often at your most vulnerable. You never know who
you're sharing a network with.
Fifteen years ago the
floppy
disk was the most common vector used by
malware writers to spread
viruses, and in more recent years
e-mail has been the primary vector.
But the trend now seems towards spreading malware and exploiting
vulnerabilities using malicious code on Web sites which exploit
browser
vulnerabilities.
To minimize the risk of succumbing to a Web-borne
attack then, it’s essential that you use the Web as safely as
possible, and the first thing to decide upon is a browser. The two
most popular choices are Microsoft's
Internet Explorer and Mozilla
Firefox, and there's some debate about which one is more secure.
It's certainly true that Explorer is used by far more people than
Firefox (due to it’s being part of the
Windows operating system) so
one could argue that, all things being equal, choosing the minority
browser is the sensible choice because it offers a smaller (and thus
less tempting) pool of potential victims to malware writers.
Ensuring that the browser is up to date can help minimize
security risks, but perhaps the most interesting feature of Firefox
from a security perspective is the possibility of enhancing the
browser's security with the addition of browser extensions or
add-ons. Of course any add-ons risks adding new vulnerabilities, but
if they protect against known problems at the expense of possibly
adding as-yet unknown ones, then the trade-off may well be worth it.
With that proviso, here are some important ones to consider
for anyone browsing the Web outside a trusted network, to protect
against Web-based exploits, and more general security risks. All are
available from http://addons.mozilla.org. |
Key Terms To
Understanding Laptop Security:
Related Articles
on Webopedia:
|
NoScript
This Firefox extension allows the user to enable or
disable Java, JavaScript, Flash, Silverlight and other plug-ins (which could
be malicious) for all sites unless the sites are specifically marked as
trusted, directly from the status bar. These can also be temporarily allowed
on any given site without adding it to a whitelist. NoScript also protects
against Cross Site Scripting attacks, and ClickJacking (also known as UI
Redressing) attacks that cause users to click on buttons which are obscured
by other page elements.
CS Lite
This simple add-on allows users to selectively or globally block
cookies from websites, and view edit and delete them directly from the
status bar. It does for cookies what NoScript does for scripts and plug-ins.
ShowIP
ShowIP helps against phishing attacks by displaying the
IP address of the current website in the status bar at the bottom of the
browser. While this is of limited use in itself (unless the user happens to
know the IP address of the web site they want to visit,) right clicking on
the IP address shown in the status bar brings up a number of options,
including running a whois lookup to confirm the registered owner of the IP
address concerned.
WOT (Web of Trust)
The WOT add-on gives a
trustworthiness rating for sites that users visit based on feedback from
other WOT users, access from a WOT button in the address toolbar. The button
itself changes color depending on the trustworthiness of the site, giving an
instant warning when a user visits a site that may be a source of malware.
For some sites, such as those rated dangerous, WOT brings up a warning
screen with the options to proceed to the site, add it to a white list, or
to find out more information about the nature of the dangers that other
users have reported.
Foxmarks
There’s always a danger with
laptop computing that bookmarks for sites on your desktop computer won’t be
available on your laptop. If you then type in the address of the site
manually there’s the possibility that you could misspell it, and end up on a
malicious Web site inadvertently. Foxmarks prevents this by syncing your
laptop and desktop bookmarks, so you can access frequently visited sites via
bookmarks which are known to work. Foxmarks can also sync Web site passwords
(protected by a PIN) so that passwords stored on a desktop machine by
Firefox’s password manager are also available without having to write them
down for use on the road. This also makes it more practical to change
passwords frequently and store them within Firefox without having to worry
about keeping the password stores on different computers synchronized.
Master Password Timeout
Firefox has the
ability to remember and enter passwords for sites you may visit, and these
passwords can be protected with a master password. If the master password is
long and not guessable but stored in your head (i.e. not written down) then
having Firefox remember passwords can be a very secure solution. The problem
is that once the master password is entered Firefox gives you access to
passwords without prompting for the master password until it detects five
minutes of inactivity. This is a potential security risk if you leave the
laptop unattended for a minute or two in a public place. To prevent this,
Master Password Timeout allows you to specify your own, shorter timeout
period. The master password can also be “logged off” manually from the Tools
menu once Master Password Timeout is installed.
FireGPG
The use of encryption and digital
signatures are important ways of maintaining the security of communications
which are sent over insecure channels such as the Internet , when a VPN is
not available. FireGPG allows users to encrypt, decrypt, sign and verify the
signature of text from within Firefox from a FireGPG item in the Tools menu.
It also adds buttons to the Gmail web page carrying out the same functions.
Note: FireGPG requires that GnuPrivacyGuard (GPG) is installed on the laptop
computer.
|
DID YOU KNOW...
According to IBM Internet Security Systems X-Force team 2008
Trend & Risk Report "the number of vulnerabilities affecting Web
applications has grown at a staggering rate. In 2008,
vulnerabilities affecting Web server applications accounted for
54 percent of all vulnerability disclosures and were one of the
primary factors in the overall growth of vulnerability
disclosures during the year." |
By Paul Rubens
Last updated June 26, 2009
Article
courtesy of
PracticallyNetworked.com
Laptops and Notebooks - Is There a Difference?
Is there really a difference between a laptop and
notebook computer?
The Difference Between Laptop and Desktop Memory
RAM is the "working memory" storage area within the
computer. All data on the computer is stored on the hard drive, but in
order for the CPU to work with the data during normal operations, the
data the computer uses and works with is read into the working memory,
which is the RAM chips.
Browser Shortcuts For Internet Explorer, Chrome and Firefox
Keyboard shortcuts save time and help you get
exactly where you want to be in seconds. Here are some useful keyboard
shortcuts you can use while surfing the Web with the Internet Explorer,
Mozilla Firefox or Google's Chrome browser.
Windows Remote Desktop: Connecting via Client and Browser
In this tutorial, we'll go step-by-step to show you
how to connect to a remote computer.
PracticallyNetworked.com
PracticallyNetworked.com provides easy-to-understand help for
small-network builders. The site contains how-to information for setting
up and debugging home-office and small-business networks. Users can also
find extensive troubleshooting information, tips on getting applications
to work through firewalls, product reviews on network hardware and
software, and more.
PracticallyNetworked.com Discussion Forums
If network connections, sharing computers, router problems or other
networking issues are bogging you down, then the
PracticallyNetworked.com discussion forum is the place to be. Here
you'll find help and support for all your network-related problems. |
