A Free Educational Resource Created by Carnegie Mellon University to Empower You to Secure Your Part of Cyberspace

Web Browsing

Visiting Web pages and seeking information on the World Wide Web

The page you're looking at right now is one of billions of documents, called Web pages, on the World Wide Web. The World Wide Web is the term for the network of computers that contain all these pages. To view these pages and navigate from one to another (which is called Web browsing) you need a Web browser application, such as Internet Explorer, Mozilla Firefox or Apple Safari.

A group of Web pages, or the main or "home" page associated with such a group, is called a Web site. Each Web page has its own address that helps you find it on the World Wide Web. This address (e.g., www.google.com) is called a Web address or uniform resource locator (URL). A Web address that sends you to a Web page when you click on it (e.g., www.google.com ) is called a Web link.

Making your Web browser more secure involves a trade-off between access and protection. On the one hand, you need to be able to get to the Web sites you want; on the other hand, you don’t want to let viruses or thieves into your computer. Some of the security threats listed below require you to make decisions about where you want to fall along the access-protection spectrum.

Web Browsing: security threats & prevention tips

  • Intrusion Accessing a computer without permission
  • Malware Programs that are designed to harm your computer
  • Phishing Using fake Web sites to trick you into giving away personal information
  • Spyware Software that sends information from your computer to a third party without your consent

Web Browsing: common problems and solutions

What browser features lessen the likelihood of an attack?

A Web browser is a computer's gateway to the Internet. There are other ways of connecting to the Internet, like connecting via telnet from a command prompt, but browsers have made that method obsolete, at least for most non-technical users. A browser makes connections over the Internet to access and display information, and in so doing is susceptible to a variety of attacks. Basic security features included in various browsers are outlined below.

Internet Explorer 6 (IE6): IE6's security is far inferior to that of IE7 and Firefox. It is highly recommended that users of IE6 or lower switch to IE7 or Firefox as soon as possible.

Internet Explorer 7 (IE7): IE7's security features are significantly better than IE6's. IE7 provides the following built-in features:

  • Anti-phishing filter
  • Pop-up blockers
  • Security status bar
  • Visual display of how secure the site is (green address bar – secure, white – unsecured)

Firefox: Firefox has similar default features to IE7's, with a few changes here and there:

  • Anti-phishing filter
  • Pop-up blockers
  • Visual display of how secure the site is (yellow address bar – secure, white - unsecured)
  • Alerts when a transaction changes from secured (https://) to unsecured (http://)
  • Security warnings are sent out before a downloaded program is actually run

Where Firefox really wins the race is in being open-source, which has led to many plug-ins being available that add more functionality and security to the browsing experience. A few examples are:

  • KeyScrambler Personal – Encrypts your keystrokes to protect you from keyloggers.
  • SecurePassword Generator – Helps you generate strong passwords.
  • SplitLink – Removes special symbols in URLs so you can better see where exactly a link is taking you.

How do I know a Web page I am viewing is secure?

Use secure Web sites for sharing personal information: If you are visiting a site where you're being asked for a credit card number or other sensitive information, make sure the Web site you are viewing is secure. First check the beginning of the address in your browser's address bar; it should be "https://" rather than just "http://". If it’s not, the site is not secure. The "https://" address can be spoofed, so also check to see if you have a lock icon in the status line in the bottom right-hand corner of the Internet Explorer window. If you don't, the site is not secure. Since this also can be spoofed, double-click on the lock icon and read the dialog box that appears. Try to confirm that the name on the digital certificate matches the site you think you are visiting. Taking these steps lowers your chances of being scammed.

Some browsers have features to ease the detection of secure Web pages. With Internet Explorer 7.0, the address bar turns green for a secure page, indicating the use of a secure SSL (https://) connection. Similarly, in Mozilla Firefox the address bar turns yellow to indicate that the page is secure.

AVG, a free anti-virus software, includes features called the AVG Toolbar and the AVG LinkScanner, which will review the search results of popular search engines, such as Yahoo!, Google and MSN, and notify you of reliable and untrustworthy links. The toolbar displays a tick mark next to trusted sites and a red cross next to the harmful ones.

My browser opens many pop-up windows and sends me to an unexpected Web site.

Your computer is probably infected with spyware or adware. Not only a nuisance, these applications are also very invasive to your privacy. Sometimes spyware gets installed on your system automatically, usually if you do not have Windows Automatic Updates turned on. Sometimes, people accidentally install them while Web browsing by clicking on pop-up ads that tell them to download a certain application.

Several spyware removal applications, such as Spybot, Ad-Aware and Pest Patrol, address this problem. Take care to select a trustworthy application, as some resources actually install spyware on your system (fake anti-spyware). Deleting or disabling cookies will also prevent the computer from leaking any stored information to outsiders. For more information, see Web Browsing - Spyware.

How can I avoid viewing annoying pop-up windows?

Everyone at some time or another has come across annoying pop-up windows while browsing through the Internet. There is a simple way to block these pop-up windows by using the settings provided by your Web browser.

If you use the Mozilla Firefox browser, go to the Tools menu and select Options > Content Tab. Check the box labeled "Block pop-up windows" and then select the Apply button. Now the pop-up windows will be blocked.

If you use the Internet Explorer browser, go to the Tools menu and select Internet Options > Privacy tab. Check the box to turn on the pop-up blocker, and then select the OK button. Now the setting will be applied.

When entering a site, my browser reported a site certificate did not match the server’s.

It's always safer to abort this type of transaction. The cause could be either an innocent server misconfiguration or a case where the certificate has been stolen and is being used by the Web site to fool the user. The hostname on the server's certificate cannot be modified, and the Web browser automatically flags an error if does not match the name on the Web site's certificate.

I browse with caution, but my anti-virus scan showed my computer is infected.

Even though pop-up ads are the most popular and obvious means of installing spyware, it is quite possible to have less conspicuous malware, such as rootkits, installed on your system despite your safe Web browsing habits. Sometimes these problems stem from certain shortcomings in your browser, such as one case that has been reported for Internet Explorer .

Connect Safely from Different Places

Office

When browsing the Web at work, make sure to follow any policies your company may have regarding Internet use. The information provided here should be considered supplemental to any information that your systems administrator or IT department gives you. You might not have the right privileges on your computer at work to follow some of our recommendations, so contact your support and ask for their assistance when in doubt.

In particular, look for information on the following issues in your company's policies:

  • Whether employees are allowed to use the Internet for personal use as well as business purposes
  • When employees can use the Internet for personal use (lunch hours, after-hours, etc.)
  • If and how the company monitors Web use and what level of privacy employees can expect
  • What Web activity is not allowed. In many companies this includes: downloading offensive content, threatening or violent behavior, illegal activities, commercial solicitations (non-business-related)

Mobile

You can now use your cell phone or smartphone to browse the Web. Mobile devices suffer increasingly from malware, although manufacturers continue to release patches to fix security gaps. As a resource, refer to "Is My Mobile Device Safe" for trends and tips.

You must be careful to protect your privacy when browsing the Web from a mobile device. Many Web sites ask you to enter personal data to identify yourself, but there are ways for people to intercept this information and use it without your consent.

On the road

Wireless networks are now widely available in public places, which means you can browse the Web from nearly anywhere. While there are many advantages to being able to access the Internet away from home, there are also many risks. The vulnerability of wireless networks has made them attractive targets for hackers, so you need to be aware of the threats involved with using Internet access at cyber cafes, hotels, airports and other public places.

Privacy Issues

Privacy

Major Web sites usually have links to their privacy policies and terms of service in a footnote at the bottom of the main page.

Privacy Policy Link

On these pages you can read about the organization and how they use the information that you share with them. An organization called TRUSTe  verifies the privacy policies of such sites. Click on their icon to see information on that site's policy.

TRUSTe
My home page