copyright notice
accesses since January 4, 2007

Better-than-Nothing Security Practices™

for Securing Web Browsers

v 0.1

Hal Berghel

Jacob Uecker

Paul Braeckel

This web page is a checklist for securing the three most popular web browsers: Microsoft Internet Explorer, Mozilla Firefox, and Opera Web Browser. The general perspective taken within this document is to achieve a secure computing environment. The easiest way to achieve this level of security is to process the list for your particular browser, following the instructions for each item, and checking off each item along the way. Keep in mind that the points made in this checklist are only recommendations to help harden the web browser, they are not set in stone. You may find that a certain setting is too strict, in which case you may relax is particular setting. Keep in mind that this relaxing will impact the level security for your web browsing environment.

Each of these web browsers hold a different portion of the people who surf the World Wide Web. This amount of usage will typically dictate the amount of attention that creators of malware (a.k.a hackers) will give to the web browser. The general thought concept behind this checklist is for a web browser user to add an addition layer of defense between themselves and the World Wide Web. Please keep in mind that each browser is continually being updated to address security issues and provide its users with new functionality. This will result in new settings and typically the manner in which the settings are presented to the user. The checklist below were created with the newest versions of each browser and this version number is mentioned for your reference.

We take no responsibility whatsoever for the implications that these settings will have on your computer. It is suggested to try these setting changes on a test machine prior to changing your computing infrastructure. We have tried to provide the consequences of each setting, but there is no doubt many more exist.

Suggests and a comments are always welcomed.

The main intentions behind these settings are to protect the browser user from unknowingly providing personal information to a potential attacker, and to increase the user's awareness of their browsing environment. While browsing, the user is then able to make more intelligent decisions without the browser doing something they are unaware of in the background. It is common place for the browser developers to create options that facilitate the user's browsing experience, however these conveniences often take away from the security that should be considered while online. The checklist steps that below are followed by a detailed description of why the steps are necessary.

Copyright © 2003 by Hal Berghel, Jacob Uecker, Paul Braeckel. All Rights Reserved.

 

Microsoft Internet Explorer

Internet Explorer, also known as IE or MSIE, is the proprietary web browser packaged with all versions of Microsoft Windows. The browser is tightly incorporated in the operating system, and thus adjusting its security settings will result in securing other products that use the browser's engine (Microsoft Outlook, Microsoft Outlook Express, Microsoft Windows Updates...). As of October 2005, the most recent official release of Internet Explorer was version 6.0.2900.2180.xpsp_sp2_gdr and was used by 68.9% of the world's web surfers. The following suggestions for the Internet Explorer web browser will result in a more secure online experience. The end result restricts the functionality of the browser, however the side effect is a browser that is less prone to malicious software and online attacks. The settings to be adjusted are located in a tabbed formatted interfaced called Internet Options. To get to this options window, perform the following four steps:

      1. Open the Internet Explorer web browser.
      2. On the Toolbar menu, click Tools pull-down menu.
        • Note: The Toolbar menu is the bar at the top of the Internet Explorer window.
      3. Under Tools, click on the Internet Options... menu option
      4. This will provide the Internet Options window, which has a tabbed interface for adjusted the browser's settings.

Internet Explorer divides its Internet Settings into seven (7) tabs. We will be looking at the General, Security, Privacy, Content, and Advanced tabs. In the instructions that follow, all references are made to the options within the tabbed window unless specified.

  1. General Internet Options
    1. Temporary Internet Files
      1. Click on the General tab.
      2. In the Temporary Internet files box, click the button Delete Files....
      3. Click the Settings... button.
      4. In the Settings window:
        • Change the radio button for Check for newer versions of stored pages: to Every visit to the page .
        • Click the OK button.
      5. Click the OK button.
    2. Browser History
      1. Click on the General tab.
      2. In the History box, click the button Clear History.
      3. Change the value to the right of Days to keep pages in to zero (0).
      4. Click the OK button.
    3. Cookie History
      1. Click on the General tab.
      2. Click the Delete Cookies... button.
      3. In the Delete Cookies window, click the OK button.
      4. Click the OK button.
  2. Security Internet Options
    1. Browser Zones
      1. Click on the Security tab.
      2. There are four (4) zones listed under Select a web content zone to specify its security settings., click on the first zone Internet.
      3. In the Security level for this zone box, click on the Default Level button.
      4. Repeat these two previous steps for zones Local intranet, Trusted sites, Restricted sites .
      5. Click the OK button.
    2. JavaScript
      1. Click on the Security tab.
      2. Click on the Internet zone.
      3. In the Security level for this zone box, click on the Custom Level... button.
      4. In the Security Settings window:
        • Change the setting Java VM - Java permissions to Disable Java.
        • Change the setting Scripting - Active Scripting to Disable.
        • Click the OK button.
      5. Click the OK button.
  3. Privacy Internet Options
    1. Cookie Handling
      1. Click on the Privacy tab.
      2. Click the Advanced... button.
      3. In the Advanced Privacy Settings window:
        • In the Cookies box, check the checkbox in front of Override automatic cookie handling.
        • For the option First-party Cookies, select the radio button Prompt.
        • For the option Third-party Cookies, select the radio button Prompt.
        • Uncheck the check box in front of Always accept session cookies.
        • Click the OK button.
      4. Click the OK button.
    2. Pop-Ups
      1. Click on the Privacy tab.
      2. Check the checkbox in front of Block pop-ups.
      3. Click the Settings... button.
      4. In the Pop-up Blocker Settings window:
        • Set the Filter Level: to High: Block all pop-ups.
        • Click the Close button.
      5. Click on the Security tab.
      6. Click on the Internet zone.
      7. In the Security level for this zone box, click on the Custom Level... button.
      8. In the Security Settings window:
        • Change the setting Miscellaneous - user Pop-up Blocker to Enable.
        • Click the OK button.
      9. Click the OK button.
  4. Content Internet Options
    1. Saved Address Information
      1. Click on the Content tab.
      2. In the Personal information box, click on the AutoComplete... button.
      3. In the AutoComplete Settings window:
        • Uncheck the checkbox Web addresses.
        • Click the OK button.
      4. Click the OK button.
    2. Saved Form Information
      1. Click on the Content tab.
      2. In the Personal information box, click on the AutoComplete... button.
      3. In the AutoComplete Settings window:
        • Uncheck the checkbox Forms.
        • Click the Clear Forms button.
        • Click the OK button.
      4. Click the OK button.
    3. Saved Passwords
      1. Click on the Content tab.
      2. In the Personal information box, click on the AutoComplete... button.
      3. In the AutoComplete Settings window:
        • Uncheck the checkbox User names and passwords on forms.
        • Click the Clear Passwords button.
        • Click the OK button.
      4. Click the OK button.
  5. Advanced Internet Options
    1. There is a checkbox in front of each of these options to indicate if the option is enabled or disabled. A check indicates the option is enabled and no check indicates that the option is disabled.

    2. Advanced: Browsing Options
      1. Click on the Advanced tab.
      2. In the Settings: box, scroll down to the Browsing section.
      3. Check Automatically check for Internet Explorer updates .
      4. Uncheck Enable Install On Demand(Internet Explorer) .
      5. Uncheck Enable Install On Demand (Other) .
      6. Uncheck Enable offline items to be synchronized on a schedule .
      7. Check Notify when downloads complete .
      8. Uncheck Use inline AutoComplete .
      9. Click the OK button.
    3. Advanced: Java Option
      1. Click on the Advanced tab.
      2. In the Settings: box, scroll down to the Java (Sun) section.
      3. Uncheck Use JRE 1.5.0_04 for <applet> .
      4. In the Settings: box, scroll down to the Microsoft VM section.
      5. Uncheck Java console enabled .
      6. Click the OK button.
    4. Advanced: Security Options
      1. Click on the Advanced tab.
      2. In the Settings: box, scroll down to the Security section.
      3. Check Check for publisher's certificate revocation .
      4. Check Check for server certificate revocation .
      5. Check Check for signatures on downloaded programs .
      6. Check Do not save encrypted pages to disk .
      7. Check Empty Temporary Internet Files folder when browser is closed .
      8. Uncheck Enable Profile Assistant .
      9. Uncheck User SSL 2.0 .
      10. Check User SSL 3.0 .
      11. Check User TLS 1.0 .
      12. Click the OK button.
 
Mozilla Firefox

Firefox is an open source freeware product developed by Mozilla and evolved out of the Netscape family of products. As of October 2005, the most recent official released version of Mozilla's Firefox was 1.0.7 was used by 18.8% of the web surfers in the world. There are four categories of settings to be adjusted and are found within Firefox in the Firefox Option window. To get to this options window:

      1. Open the Firefox web browser.
      2. On the menu bar, click Tools .
      3. Under Tools, click on Options... menu option.
      4. This will provide the Options window, which has a tabbed interface for adjusted the browser's settings.

The left hand side of the Options Window shows five icons, or five categories of settings. We will be looking at Privacy, Web Features, Downloads, and Advanced. The options for each of these categories are listed in the right hand window when the icon is highlighted. In instructions that follow, all references are made to the options within the Options window unless specified.

 
Opera Web Browser

Opera is a freeware browser developed by Opera Software is Oslo, Norway. As of October 2005, the most official released version of Opera Software's Opera browser was 8.5 and 1.1% of the web servers in the world. The settings to be adjusted are found in the Opera Preferences window. To get to this options window:

      1. Open the Opera web browser.
      2. On the menu bar, click Tools pull-down menu.
        • Note: The Toolbar menu is the bar at the top of the Opera window.
      3. Under Tools, click on the Preferences... menu option.
      4. This will provide the Preferences window, which has a tabbed interface for adjusted the browser's settings.

Opera divides its Preferences into four (4) tabs: General, Wand, Web pages, Advanced. We will look at the settings under the General, Wand, and Advanced tabs. In instructions that follow, all references are made to the options within the Preferences window unless specified.

  1. General Preferences
    1. Pop-ups
      1. Click on the General tab.
      2. In the drop down list to the right of Pop-ups, select Block unwanted pop-ups .
      3. Click the OK button.
  2. Wand Preferences
    1. The Wand
      1. Click on the Wand tab.
      2. Uncheck the checkbox in front of Let the Want remember passwords .
      3. Click the Passwords button.
      4. In the Server manager window:
        • Uncheck the checkbox in front of Cookies .
        • Check the checkbox in front of Wand logins .
        • Remove each entry by clicking on it followed by clicking the Delete button.
        • Click the Close button.
      5. Click the OK button.
    2. Personal Information
      1. Click on the Wand tab.
      2. In the fields under Opera can auto-complete forms with your personal information, delete any personal information in these fields.
      3. Click the OK button.
  3. Advanced Preferences
    1. Java Options
      1. Click on the Advanced tab.
      2. In the list of advanced options on the land hand pane, click on the Content group of options.
      3. Uncheck the checkbox in front of Enable JavaScript .
      4. Uncheck the checkbox in front of Enable Java .
      5. Click the OK button.
    2. Downloads Options
      1. Click on the Advanced tab.
      2. In the list of advanced options on the land hand pane, click on the Downloads group of options.
      3. Under Download directory, click on the Choose button.
      4. In the Browse For Folder window:
        • Browse to the Desktop, which is typically the directory at the top of the directory tree.
        • Highlight this Desktop directory by clicking on it.
        • Click the Make New Folder button.
        • Type the name "Downloads" for this folder. This is the folder on your Desktop where all your downloads will now be saved.
        • Click the OK button.
      5. Click the OK button.
    3. Browser History and Cache Options
      1. Click on the Advanced tab.
      2. In the list of advanced options on the land hand pane, click History group of options.
      3. Change the drop-down menu for Typed in addresses to zero (0).
      4. Click on the Clear button to the right of Typed in addresses.
      5. Change the drop-down menu for Visited Addresses to zero (0).
      6. Click on the Clear button to the right of Visited Addresses.
      7. Change the drop-down menu for Memory cache to Off .
      8. Change the drop-down menu for Disk cache to Off .
      9. Click on the Empty now button to the right of Disk cache.
      10. Check the checkbox in front of Empty on exit .
      11. Click the OK button.
    4. Cookie Options
      1. Click on the Advanced tab.
      2. In the list of advanced options on the land hand pane, click Cookies group of options.
      3. Change the drop-down menu for Normal cookies to the Let me decide every time I receive one option.
      4. Change the drop-down menu for Third party cookies to the Let me decide every time I receive one option.
      5. Click on the Manage cookies... button.
      6. In the Server manager window:
        • Check the checkbox in front of Cookies .
        • Uncheck the checkbox in front of Wand logins .
        • Remove each entry by clicking on it followed by clicking the Delete button.
        • Click the Close button.
      7. Check the checkbox in front of the Delete new cookies when exiting Opera option.
      8. Uncheck the checkbox in front of the Accept cookies with incorrect paths option.
      9. Check the checkbox in front of the Use cookies to trace password protected pages option.
      10. Click the OK button.
    5. Security Options
      1. Click on the Advanced tab.
      2. In the list of advanced options on the land hand pane, click Security group of options.
      3. Click on the Security protocols... button.
      4. In the Security protocols window:
        • Uncheck the checkbox in front of the Enable SSL 2 option.
        • Check the checkbox in front of the Enable SSL 3 option.
        • Check the checkbox in front of the Enable TLS 1 option.
        • Check the checkbox in front of the Enable TLS 1.1 option.
        • In the list under Select ciphers to enable , uncheck all Cipher with Version SSL 2.
        • In the list under Select ciphers to enable , uncheck all Cipher less than 128 bit.
        • Click the OK button.
      5. Check the checkbox in front to the Warn me before submitting forms insecurely option.
      6. Click the OK button.

 


Detailed Descriptions


Internet Explorer: General Internet Options

Internet Explorer's General Options provides the user with options to handle information that has been previously stored by the browser and the space it uses to store this information.

Internet Explorer: Temporary Internet Files

Why do this?
When a webpage is accessed, the browser will save the webpage locally on the computer, this is referred to as caching the webpage. The next time this webpage is accessed, the browser will check if it has been previously cached, and if it has been cached, it will load the webpage from the locally cached copy. The intention here is to expedite the user's browsing experience, because the browser does not need to download the webpage again, however, this in effect leaves a trail of web pages that have been viewed by the browser. In order for the browser to reload the webpage, this cached information includes all of the necessary elements (HTML, images, scripts...) required to display the web page, saved as files. Like any other file on saved on the computer, this information may be accessed by searching the computers file system directories. By setting this value to zero, the cache is effectively disabled, and there are no temporary internet files cached on the computer. It is suggested that this cache be disabled to avoid anyone or any software, such as malware and spyware, from accessing the cache of the visited web pages, and harvesting information about the user.
What consequences will there be on my system?
The user's browsing experience will be slightly slower due to the browser downloading a webpage every time that the user wants to view this particular webpage. With faster Internet connections this is not as large a concern because the browser is able to quickly download the webpage resulting in no need for temporary browser files on the computer. However, this will be very obvious in a computer environment where the Internet connection is slower, such as with dial-up connectivity. Aside from this speed concern, it should be noted that when a browser uses the cached version of a webpage, it is displaying what has been previous downloaded, if updates have been made to this webpage, the user will not be viewing these updates. Therefore, by disabling the cache, the user will always be viewing the most recent updates to the web pages that they are accessing.
Return

Internet Explorer: Browser History

Why do this?
This browser will remember links to the websites that it has recently visited. This is convenient for the user because the browser has a track-record of the web pages they have visited, which may be referenced to recall sites that were of interest to the user. The concern is that this track-record may also be of interest to the someone or some software. By setting the value to zero, the browser history is in effect disabled. The result of disabling the browser’s history is that attackers, malware, and spyware are not able to harvest surfing trend information and other personal information about the user from the browser's history log.
What consequences will there be on my system?
This may have inconvenient for the user because they are not able to reference URL addresses in the Browser History of web pages that they have recently visited. However, the user may also achieve the history effect by creating Bookmarks for each desired URL address. It is suggested to keep these bookmarks external to the browser so this information is also not stored within the browser and potentially available to an attacker.
Return

Internet Explorer: Cookie History

Why do this?
Cookies and the manner in which the browser handles them are discussed in more detail in the Internet Explorer: Cookie Handling section. Clearing the Cookie History will delete any cookies that are currently saved within the web browser. This is suggested because it will give the user a clean slate with respect to cookies, and any remnants of personal information that may be stored within these cookies. As with any information stored within the browser, it is convenient for the user but also potentially accessible by an attacker.
What consequences will there be on my system?
If the user has previously accepted cookies from a what is viewed as a trusted website, the information that was saved by the cookie setting website will be lost. There is no set standard for the information that is set within a cookie, but it is generally viewed as a means to identify the user, actions that they have made, progress made will viewing the web site, usernames and passwords, the computer being used, and typically result in a customize appearance of the website for the user after the initial setting of the cookie. This is referred to as "saving state", which in laymen's terms basically means letting the webpage know what happen the last time the user interacted with it. If the webpage is not able to determine its state, it will not be able to provide coherent interaction with the user and the user will not be able to view the intended purpose behind the webpage.
Return

Internet Explorer: Security Internet Options

Internet Explorer's Internet Options determine how the browser will react to the content that is delivered by a website. When the user enters the URL of a website, they request the server that hosts the website to download whatever content that is associated with that particular web page. This may include Active X components, Java applets, JavaScript, software downloads, and pop-ups among other possibilities. Security options will dictate how the browser deals with each of these elements.

Internet Explorer: Browser Zones

Why do this?
The Internet Explorer approach towards security is a zone-based, which means that all websites are divided into one of four zones: Internet, Local intranet, Trusted sites, and Restricted sites. By default, the browser places all the websites initially into the Internet zone. The user is then able to re-allocate any web site addresses into any of these four zones, each of which has its own security settings and access privileges. By properly setting the security levels of each of these zones, Internet Explorer ensures that all websites will conform to and maintain a good level of security. For ease of use, the browser provides a predefined security settings called a Default Level of security, which is considered safe functional browsing and appropriate for surfing most web sites. The user may then adjust the security settings associate with each of the four zones as they see fit. It is suggested to set each of these zone to this default level of security. Extreme care should be taken when allocating a website to one of the four zones, because the Default Level of security for each of the zones is different; the Default Level for the Internet zone is much higher than the Default Level for the Trusted sites. It is suggest to keep all websites in the Internet zone.
What consequences will there be on my system?
The default settings are considered to be on the higher end of security spectrum, the user should not experience any changes in your browsing experience. However, in order to allow Internet Explorer to update itself via Microsoft's online updates, the user must allocate several websites as Trusted sites. This will allow the user to keep current on software updates. This may be achieved as follows:
    1. On the Internet Explorer Toolbar menu, click on the Tools menu.
    2. Under the Tools menu, click on the Internet Options... menu option.
    3. In the Internet Options window, click on the Security tab.
    4. Click the Trusted sites web content zone.
    5. Click the Sites... button./
    6. In the box under Add this Web site to the zone:, type http://*.windowsupdate.microsoft.com
    7. In the box under Add this Web site to the zone:, type http://*.windowsupdate.com
    8. Verify that these two site are listed in the box below Web sites:.
    9. Uncheck the checkbox in front ofRequire server verification for all sites in this zone.
    10. In the Trusted sites window, click the OK button.
    11. Click the OK button.
Return

Internet Explorer: JavaScript

Why do this?
JavaScript is a scripting language used to build web pages and integrated directly into the webpage's HTML code. The intention behind JavaScript is to elevate the work load on the server, allowing the user's computer to do some of the webpage processing, and to build advanced webpage features into the webpage. The result is that the user's webpage interaction is much more responsive since the webpage does not need to return to the web server in order to process webpage information. JavaScript is also able to create custom web page building blocks, such as form elements (drop down interactive menus, submit buttons...). Although there is an added benefit to the user for using JavaScript, the scripts are actually code snippets that is technically executed on the user's computer, without the user given the option to run or not to run the script. It is never a good idea for the user to let a webpage execute code on their computer without their consent. This is the source of numerous malware attacks. It is for this reason the suggested setting is to disable JavaScript with Firefox.
What consequences will there be on my system?
If JavaScript is disabled, Internet Explorer will not allow any of the functionality achieved through the embedded scripting. This will impact your browsing experience because the content provided by web sites for legitimate purposes will be blocked. The benefit though is that the potential threat from Java based malware is eliminated.
Return

Internet Explorer: Privacy Internet Options

Internet Explorer's Internet Privacy options determine how the browser will handle cookies and pop-ups that the website sends to the user, when the user requests a webpage.

Internet Explorer: Cookie Handling

Why do this?
A cookie is information that is sent by a webpage to your browser when a webpage is accessed, stored locally as a file on the user's computer, and used to identify the user or the actions that the user has performed. A copy of this cookies is then sent back by the browser to the server every time browser access a webpage on that particular server. Since it is theoretical impossible for a web server to track every user that accesses one of its web pages on the web server, a cookie is used to store information about the user's interaction with the webpage on the user's computer. This information stored in the cookie is typically unique to that the user's browsing experience. For example, a cookie may contain information for an online shopping cart to keep track of and tell the website what the person has chosen to purchase, or a cookie may contain a identification number that the web server uses to track the user's activity from visit to visit. Since this sensitive information is used to identify a user, disabling cookies will not allow the browser to accept cookies and potentially store sensitive personal information that might be accessed by an attacker. In reference to the examples, if an attacker where access a cookie that contained part numbers that a person was ordering from a website, the attacker could adjust the order, or if the attacker was able to steal the user's identification number for a website, they could impersonate that user by placing a copy of the cookie on their machine.
What consequences will there be on my system?
Since a large portion of web pages use cookies in order to store information about the user's interaction with the web site, disabling cookies will significantly impact the user's browsing experience. For example, many e-commerce sites and bulletin boards will be render unusable because they track user progress through cookie data. If it is necessary to view a webpage that requires cookies, the browser may be told to accept cookies from a website as follows:
  1. Click the Sites... button.
  2. In the Per Site Privacy Actions window, below Address of the web site: in the Per Site Privacy Actions window, enter the URL of the webpage that will be allowed to set cookies on the computer.
  3. Click on the Allow button.
  4. In the list below Managed Web sites:, confirm the entered website and the "Always Allow" setting.
  5. Click the OK.
This same process may be used to block cookies from a specified web site as well. It is suggested to remove all sites from this list of Managed Web sites that say "Always Allow" unless the user has decided to allow that particular website to set cookies. The user must keep in mind here that this will allow the entered web site to set cookies, so sensitive information may be available for a malware attack and caution should be taken to protect this information stored in the cookies.
Return

Internet Explorer: Pop-Ups

Why do this?
Pop-ups are windows that are automatically opened by the browser forcing the user to view the displayed information. Although some websites use pop-ups legitimately to show information that is pertaining to but not part of the website's information, generally they are used as online advertising and considered annoying. The default setting for Internet Explorer is for it to block pop-ups, and this is the suggested setting to reduce the annoying nature of a popup.
What consequences will there be on my system?
Some sites do make legitimately usage of pop-ups. For example, a text website might provide a link that, when clicked, would open a popup window to display an image that is referred to in the website text. If pop-ups are blocked, then Firefox would not allow the web site to open the popup and the link would appear to be functionless. You may enter a website as a trusted website, allowing it to open pop-ups, by performing the following steps:
  1. Click on the Settings... button to the right of Block Pop-ups.
  2. In the Pop-up Blocker Settings window that opens:
    • Enter the exact URL of the website you want to allow pop-ups into the box under Address of Web site to allow:.
    • Click the Add button.
    • Repeat this steps to add additional websites.
    • Click the Close button.
      • Click the OK button.
You will note that the website that you entered is listed on the Allowed sites: window. The website that you entered will be now be allowed to use pop-ups. If there are other websites listed in the Allowed sites: window, you can remove them as follows:
  1. Click on the Settings... button to the right of Block Pop-ups.
  2. In the Pop-up Blocker Settings window that opens:
    • Click on the Remove button.
    • Repeat this steps to remove additional websites.
    • Click the Close button.
  3. Click on the OK button.
Return

Internet Explorer: Content Internet Options

Internet Explorer's Internet Content options determine how the browser will authentification certificates and user information. Certificates are user to verify that communications between the browser and the server that the browser is communicating with are secure. User information is the information that the browser learns about the user from the user entering information into the browser and web forms.

Internet Explorer: Saved Address Information

Why do this?
As the user types a URL into the Internet Explorer address bar, they will be provided a list of matching URL address in the form of a list of URLs that match what they have typed. The intention here is to facilitate the user having to type in URLs that they visit before, they may type the first portion of the URL and then scroll down to the desired URL address. It is suggested to minimize the amount of information that the browser stores about the user, because any information that is known by the browse is stored as a file on the computer and may be accessible to prying eyes. This setting is very similar to the Browser History in the General Internet options, and the two should be used in conjunction with each other.
What consequences will there be on my system?
This may have a slightly inconvenient for the user since they are required to enter an entire webpage URL before every visit to a website. The benefit is the user's surfing trends are not stored by the browser and potentially accessible to malware attacks.
Return

Internet Explorer: Saved Form Information

Why do this?
The browser will remember information that is entered into webpage forms and the browser Search Bar. The intention here is to facilitate the user's web browsing experience by automatically making suggestions when you repeated enter form information. It is best to not allow the browser to save any information that is entered into a web form. Although it is convenient for the user to have the browser complete webpage forms, it is just as easy for malware to access this saved information.
What consequences will there be on my system?
This may have a slightly inconvenient for the user since they must enter webpage form information on every visit to a website, but otherwise have no effect on the user's browsing experience.
Return

Internet Explorer: Saved Passwords

Why do this?
The browser will remember user passwords that are entered into webpage login forms in its Password Manager. The intention here is convenience for the user not to recall their username and password when visiting sites that require them to login in order to access the webpage. For example, with this option is enabled, when the user enters a new username and password, the browser will prompt the user if they would like to save this information. If the user selects "Yes", the next time they start to input their username, they will be provided with a list from which they may select the username and the password will automatically be inserted. This may be very convenient for some users for example with online banking account; when they access this banking web site from the browser with their password saved, the browser will provide them enter their password. It is best to disable the browser's ability to recall user passwords. Although it is convenient for the user let the browser manage login information every time they access a website that requires login, it is just as easy for malware to access this saved information.
What consequences will there be on my system?
This may be a slightly inconvenient for the user since they must enter their password on each website that requires a password, but it will significantly reduce the ability of malware to capture their password information. There are password managers that are not associated with browsers and more secure at managing password information.
Return

Internet Explorer: Advanced Internet Options

Internet Explorer's Internet Advanced options provide the advanced user with the esoteric browser settings that allow the user to fine-tune their browsing experience to achieve, among other things, a more secure browsing experience. The areas that will be addressed are grouped under Browsing, Microsoft Virtual Machine, and Security. The settings are enabled or disabled by checking or unchecking the checkbox in front of the listed option. These settings should be adjusted only by the more advanced Internet Explorer user.

Internet Explorer: Java Option

Why do this?
Java is a popular platform-independent programming language that is able to create web applications, however it is a common target for malware authors. Malware takes advantage of the fact that it is executable code, which is typically automatically downloaded and executed on your computer. Numerous exploits exist that use Java to compromise a computer and the data stored on it. Disable Java within Internet Explorer by unchecking this feature, this is the suggested setting for this option due to Java's popularity as a language for creating malware.
What consequences will there be on my system?
Java is self standing application called an applet that is used to create interactive web content (games, animations, printing features...) and web based applications (mortgage calculators, image manipulations, virus scanners...). If java is not disabled, Internet Explorer will not allow any of the functionality achieved through the Java applets. This will impact your browsing experience because the content provided by web sites for legitimate purposes will be blocked. The benefit though is that the potential threat from Java based malware is eliminated.
Return

Internet Explorer: Browsing Options

Why do this?
When the user enters a legitimate URL in the address bar of the browser, the web server hosting the website for this URL downloads the contents of the webpage to the user's browser. These Browsing options determine how Internet Explorer will handling the advanced situations needed to process the downloaded web pages. The following settings are changed here: It is suggested to always use the most recently available updates software updates for the browser, to not allow the browser to perform any actions automatically, to not store website data on your computer, to be aware of the status of anything that is downloaded, and to not store information about the user in the browser. It is for these suggestions respectively that these Browser options are set.
What consequences will there be on my system?
These settings will restrict the browser's handling of downloads and storage of URL information that is entered into the browser's address bar. These options typically add a certain level of convenience to the browser for the user, however the side effect is that, if the browser is accessed by an attacker, all this information that is stored for convenience to the user is then available to the attacker. Therefore, the consequences to the user are convenience of browser usage.
Return

Internet Explorer: Security Options

Why do this?
The Security options that are adjusted pertain to configuring the browser for secure communication with web servers.
  • Check for publisher's certificate revocation - Determines if the browser checks a software publisher to verify that its certificate has not been revoked before accepted the software. A certificate is Internet Explorer's method of identify software, so by checking the status of a certificate through a known verification site, the user may be certain that the software is valid. It is suggested to enable this setting.
  • Check for server certificate revocation - Determines if the browser checks a website's certificate to verify that it has not been revoked before accepted the website's certificate as valid. A certificate is Internet Explorer's method of software, so by checking the status of a certificate through a known verification site, the user may be certain that the site is not being spoofed or invalid. It is suggested to enable this setting.
  • Check for signatures on downloaded programs - Determines if the browser checks the identity when a program is downloaded. The identity takes the form of a signature used to verify that the downloaded file is what is suppose to be. When this option is enabled, the browser will display the confirmed information to the user when a download is initiated by the user. It is suggested to enable this option, because is easy for malware disguise itself as a legitimate file.
  • Do not save encrypted pages to disk - Determines if the browse stores the data needed to display secure websites in the Temporary Internet Files folder. If a browser is allowed to save secure information to the computer's temporary folder, this information will then be accessible to anyone who as access to this folder, including malware or any users of the computer, until the temporary files are erased. This information could include password information, credit card information, or an information that is saved on the computer during secure website communication (HTTPS). It is suggested to enable this option to avoid saving of this secure data.
  • Empty Temporary Internet Files folder when browser is closed - Determines if the browser's temporary storage of files need to display web pages is deleted when the browser is closed. It is suggested to enable this option to remove any temporary storage if the browser is set to save temporary internet files. Temporary files is a common place for malware to store files that it needs to perform an exploit, since the user sees these files as temporary and typically disregards them.
  • Enable Profile Assistant - Determines if the browser accepts requests for Personal Assistant from websites that send request user personal information. The browser will be default prompt the user prior to sharing any personal information with a website, however it is suggested to disable this setting to prevent accidental sharing of any personal information that may be saved by the browser.
  • User SSL 2.0 - Determines if the browser transmits and receives secure data through the Secure Sockets Layer Level 2 communications protocol. All secure websites support this communication standard, however there are exploits that also are able to take advantage of the Microsoft Secure Socket Layer library and compromise computers using SSL 2.0 encryption. These exploits are able to give malicious attackers access to the browser's computer and administrative rights on the affected computer. It is suggested to disable this option so that the browser does not use this insecure transmission.
  • User SSL 3.0 - Determines if the browser transmits and receives secure data through the Secure Sockets Layer Level 3 communications protocol. SSL 3.0 is intended to succeed SSL 2.0 and is therefore more secure. It is suggested to enable this option in order to force the browser to use this form of encrypted communication over SSL 2.0.
  • User TLS 1.0 - Determines if the browser transmits and receives secure data through the Transport Layer Security communications protocol, which is an open security communication standard. It is suggested to use this form of secure communications when available.
  • What consequences will there be on my system?
    These options may inhibit the browsing because they determine if communications are allowed between the browser and a website. It is very easy to intercept and modify communications between a browser and web server so it is suggested to force usage of secure communications and check that a websites has been certified prior to communicating with it. The result of this is to ensure that data is not stored to the hard drive where it is available to spyware. This will protect the user from some phishing scams and will make sure they only receive data from verified sources. As far as drawbacks are concerned, the user should not experience any change in their browsing experience, unless they are accessing secure websites that don’t support the enabled secure communications protocol.
    Return

    Firefox: Privacy Options

    These settings dictate how Firefox handles information concerning the user's browsing experience, in particular information about the user and the websites that the user visits. Typically, these settings provide features to make surfing more convenient for the user, and not imperative for using the browser. A general rule of thumb is that is not a good idea to let the browser gather information about its user. Although it provides a convenience to the user, this personal information must be stored locally on the browser's computer and is just as easily accessed by the browser as well as malware. The suggestions made for these settings will allow the user to secure their identity while online.

    Firefox: Privacy Option: History

    Why do this?
    This browser will remember links to the websites that it has recently visited. By setting the value to zero, the browser history is in effect disabled. The result of disabling the browsers history is that malware and spyware are not able to harvest surfing trend information and other personal information about the user from the browser's history log.
    What consequences will there be on my system?
    This may have a slightly annoying effect because the user is not able to look up URL addresses that they have recently visited. However, the user may also achieve the history effect by creating Bookmarks for each desired URL address.
    Return

    Firefox: Privacy Option: Saved Form Information

    Why do this?
    The browser will remember information that is entered into webpage forms and the browser Search Bar. The intention here is facilitating the user's web browsing experience by automatically making suggestions when you enter information again. It is best to not allow the browser to save any information that is entered into a web form. Although it is convenient for the user to have the browser complete webpage forms, it is just as easy for malware to access this saved information.
    What consequences will there be on my system?
    This may have be annoying for some users since they will have to enter their personal information into all web forms, but it will not impact the users browsing experience.
    Return

    Firefox: Privacy Option: Saved Passwords

    Why do this?
    The browser will remember user passwords that are entered into webpage login forms in its Password Manager. The intention here is convenience for the user not to recall their username and password when visiting sites that require them to login in order to access the webpage. For example, the user may allow the browser to save their password for their online banking account, and when they access this banking web site from the browser with their password saved, the browser will automatically enter their password. It is best to disable the browser's ability to recall user passwords. Although it is convenient for the user not to enter their login information every time they access the website, it is just as easy for malware to access this saved information.
    What consequences will there be on my system?
    This may be a slightly annoying on the user because they must enter their password on each website that requires a password, but it will significantly reduce the ability of malware to capture their password information. Firefox does allow the user to password protect the password information that it stores. In theory this will help protect the user's password information, however it best to disassociate your password information from the browser. There are password managers that are not associated with browsers and more secure at managing password information.
    Return

    Firefox: Privacy Option: Download Manager History

    Why do this?
    The browser stores shortcuts to all the recent downloads that are initiated by the user, such as office productivity software Microsoft Word, an Adobe PDF file, or hardware driver software. It is best to keep this list of downloaded files clear so that what is being downloaded may be used by malware or prying eyes.
    What consequences will there be on my system?
    Keeping this list of downloads clear will have no effect on the usage of the browser. It is general good practice to use the Download Manager to verify when a download is complete, and then clear the list afterwards.
    Return

    Firefox: Privacy Option: Cookies

    Why do this?
    A cookie is identifying information that is sent by a webpage to your browser and stored locally as a file on your computer when a webpage is accessed by that browser. A copy of this cookie is then sent back by the browser to the server every time browser access that server. Since it is theoretical impossible for a website to keep track of all of its users, the intention behind cookies are to store its user information on the user's computer. This information is typically unique to that the user's browsing experience. For example, a cookie may contain information for an online shopping cart to keep track of and tell the website what the person has chosen to purchase. Since this sensitive information is used to identify a user, disabling cookies will not allow the browser to accept cookies and potentially store personal information that might be accessed by malware.
    What consequences will there be on my system?
    Since a large portion of web pages use cookies in order to store information about the user's interaction with the web site, disabling cookies will significantly impact the user's browsing experience. If it is necessary to view a webpage that requires cookies,
    1. Check the checkbox in front of Allow sites to set cookies.
    2. Check the checkbox in front of for the originating Web site only.
    3. In the drop down box after Keep Cookies:, select until I close Firefox.
    4. Uncheck the checkbox in front of Allow sites to set cookies.
    5. Under the cookies option, click on the Exceptions button.
    6. In Address of the web site: in the Exceptions window, enter the URL of the webpage that you would like to set cookies on your computer.
    7. Click on the Allow button.
    8. Click the OK.
    This will allow the entered web site to set cookies, so sensitive information may be available for a malware attack and caution should be taken to protect this information stored in the cookies.
    Return

    Firefox: Privacy Option: Cache

    Why do this?
    When a webpage is accessed, the browser will save the webpage locally on the computer. The next time this webpage is accessed, the browser will check if it has been previously saved, and if it has been saved, it will load the webpage from the locally saved copy. The intention here is to expedite the user's browsing experience, because the computer does not have to download the webpage again. This information includes all necessary components (HTML, images, scripts...) necessary to display the web page and is stored locally in a temporary directory on the computer. This information may be accessed like any file on the computer by searching the computers file system directories. By setting this value to zero, the cache is disabled. It is suggested that the cache be disabled to avoid malware and spyware from accessing the history of the visited web pages.
    What consequences will there be on my system?
    The user's browsing experience will be slightly slower because the browser must download a webpage every time that the user wants to see the webpage. This will not be as apparent with faster Internet connection because the browser is able to quickly download the newest version of the webpage, and the need to store temporary files on the computer is not necessary. However, this will be very obvious in a computing environment where the Internet connection is slower, such as with dial-up connectivity. In this situation, the user may elect to allot a certain amount of disk space for caching of web pages; the default disk space that Firefox allots is 50MB. In this situation, it is suggested that the user Clear the cache when closing the browser to avoid having these temporary internet files on the computer.
    Return

    Firefox: Web Features Options

    Firefox: Web Features Option: Block Popup Windows

    Why do this?
    Pop-ups are windows that are automatically opened by the browser forcing the user to view the displayed information. Although some websites use pop-ups legitimately to show information that is pertaining to but not part of the website's information, generally they are used as online advertising and considered annoying. The default setting for Firefox is for it to block pop-ups, and this is the suggested setting to reduce the annoying nature of a popup.
    What consequences will there be on my system?
    Some sites do make legitimate usage of pop-ups. For example, a text website might provide a link that, when clicked, would open a popup window to display an image that is referred to in the website text. If pop-ups are blocked, then Firefox would not allow the web site to open the popup and the link would appear to be functionless. You may enter a website as a trusted website, allowing it to open pop-ups, by performing the following steps:
    1. Click on the Allowed Site button to the right of Block Popup Windows.
    2. In the Allowed Sites window that opens, enter the exact URL of the website you want to allow pop-ups into the box under Address of web site:.
    3. Click the Allow button.
    4. Repeat this steps to add additional websites.
    5. Click the OK button.
    You will note that the website that you entered is listed on the Allowed Sites window with an Allow status. The website that you entered will be now be allowed to use pop-ups. If there are other websites listed in the Allowed Sites window, you can remove them as follows:
    1. Highlight the website by click on its URL in the list of sites on the Allowed Sites window.
    2. Click on the Remove Site button.
    3. Repeat this steps to remove additional websites.
    4. Click on the OK button.
    Return

    Firefox: Web Features Option: Allow web sites to install software

    Why do this?
    Firefox allows the user to add functionality and customize their browser by installing modules of software in the form of extensions, add-ons, and themes. It is generally not a good idea to allow websites to install software on your computer; it is far too easy to be install malicious software disguised as something legitimate. This functionality may be disabled by unchecking the checkbox in front this feature, and this is the suggested setting.
    What consequences will there be on my system?
    Disabling this feature will also not allow the user to update their browser as Firefox issues software updates. The user is able to create a list of trusted sites from which to allow software to be installed. To view this list, perform the following steps:
    1. Click on the Allowed Site button to the right of Allow web sites to install software.
    2. In the Allowed Sites window that opens, enter the exact URL of the website you want to allow pop-ups into the box under Address of web site:.
    3. Click the Allow button.
    4. Repeat this steps to add additional websites.
    5. Click the OK button.
    One suggested website to add as trusted is "update.mozilla.org". You will note that the website that you entered is listed on the Allowed Sites window with an Allow status. The website that you entered will be now be able to install software. If there are other websites listed in the Allowed Sites window, you can remove them as follows:
    1. Highlight the website by click on its URL in the list of sites on the Allowed Sites window.
    2. Click on the Remove Site button.
    3. Repeat this steps to remove additional websites.
    4. Click on the OK button.
    The user should be very skeptical of the sites that they allow to install software. It is common practice for malware to emulate trusted sites.
    Return

    Firefox: Web Features Option: Load Images

    Why do this?
    The default setting for Firefox is to load the images on a web page in order to allow for a pleasant surfing experience. Some websites, however, load images from a server other the one hosting the website, such as with a third party advertising site. A potential side effect of allowing these third party images is web bugs or other hidden graphics. A web bug is a obtrusive graphic used for monitoring web traffic, profiling a persons surfing habits, profiling what type of browser being used, counting the number of hits for a web pages and is typically loaded from a web server other than the one hosting the web page. In order to avoid these web bugs, it is suggested to enable loading images for the originating web site only.
    What consequences will there be on my system?
    There are no consequences for enabling this feature, unless the websites that you visit server web pages from more than one web server. If the user encounters a server while surfing that they would like to block image loading, they may manually block that server as follows:
    1. Right click on the image on the web page being viewed.
    2. In the context menu that appears, click Block Image from < server name >.
    3. Click on Tools on the Firefox menu bar.
    4. Click on Options....
    5. Click on the Web Features icon.
    6. Click on the Exceptions button to the right of Load Images.
    7. In the Exceptions window, the site the you blocked will be listed.
    Return

    Firefox: Web Features Option: Enable Java

    Why do this?
    Java is a popular platform-independent programming language that is able to create web applications, however it is a common target for malware authors. Malware takes advantage of the fact that it is executable code, which is typically automatically downloaded and executed on your computer. Numerous exploits exist that use Java to compromise a computer and the data stored on it. Disable Java within Firefox by unchecking this feature, this is the suggested setting for this option due to Java's popularity as a language for creating malware.
    What consequences will there be on my system?
    Java is self standing application called an applet that is used to create interactive web content (games, animations, printing features...) and web based applications (mortgage calculators, image manipulations, virus scanners...). If java is not disabled, Firefox will not allow any of the functionality achieved through the Java applets. This will impact your browsing experience because the content provided by web sites for legitimate purposes will be blocked. The benefit though is that the potential threat from Java based malware is eliminated.
    Return

    Firefox: Web Features Option: Enable JavaScript

    Why do this?
    JavaScript is a scripting language used to add functionality to web pages and thus integrated directly into the webpage's HTML code. The intention here is alleviate the work load on the server and allow your computer to do some of the work, additionally, the user's webpage interactions is much more responsive because the webpage does not need to return to the web server in order to process information. JavaScript is used to create allot of custom web page building blocks, such as form elements (drop down interactive menus, submit buttons...). Although there is an added convenience for using JavaScript, it is still code that is technically executed on your machine without your consent. It is for this reason the suggested setting is to disable JavaScript within Firefox.
    What consequences will there be on my system?
    Many web sites depend on JavaScript, so disabling it will impact presentation of the web pages on your computer. There is an Advanced button in the Web Features options that will allow the user to allow or disallow certain tasks that JavaScript typically performs. If you see fit to use JavaScript in order to gain this functionality but control its abilities, adjust these settings.
    Return
    make a note somewhere that these settings should be checked on a regular basis to promote consistency of settings.

    Firefox: Downloads Options

    These options determine how Firefox handles downloaded files. The setting made for these options will determine how secure the user's system is in respect to what is downloaded from the Internet to the user's computer.

    Firefox: Downloads Option: Download Folder

    Why do this?
    This allows the user to select one folder in which to save all the downloads from the Internet. It is suggested to save all downloads that you initiate to a centrally located folder. This facilitates scanning of downloaded files, since they are centrally located. Keep in mind that these downloads are not the temporary files that Firefox keeps when downloading web pages.
    What consequences will there be on my system?
    There are no consequences to saving to other locations, however, the user is better able to manage their system by saving all downloads to one file folder.
    Return

    Firefox: Downloads Option: Download Manager

    Why do this?
    This allows the user to see the download process take place, allowing the user to cancel the download if the need arises, and they can also verify that the download has occurred. Additionally, it also recalls all the files downloaded by Firefox so the user is able to keep record of what has been downloaded and easily accessed the downloaded file by viewing the Download Manger. To view the Download Manager:
    1. On the Firefox menu bar, click on Tools.
    2. Click on Downloads.
    What consequences will there be on my system?
    There is not consequences to not using disabling the Download Manager, however, the user is better able to manage their system because they have a reference for all the downloads.
    Return

    Firefox: Downloads Option: File Types

    Why do this?
    This option allows Firefox to automatically perform a specified action for a downloaded file based on the file's file type. When a file is downloaded, if the user has associated an executable with the file extension of the downloaded file, Firefox will launch the executable to load the downloaded file. If there is no association with the downloaded file's extension, Firefox will save the file to the specified download Folder. This is something that is built into Microsoft Internet Explorer; however, it is suggested not to automatically perform actions on download files so all files should be removed from this list. Firefox will reference this list every time a file is downloaded; if the file type is not on this list it will add it to the list and prompt the user for an association for this new file type. It is suggested that the user select Save to Disk.
    What consequences will there be on my system?
    There are no consequences with adjusted this setting, in fact it will allow the user to better manager their system because they will have to manually associate the downloaded file with the executable to run it.
    Return

    Firefox: Advanced Options

    The advanced options contain settings specific to an advanced user, allowing them to tweak the browser to its highest security level.

    Firefox: Advanced Option: Software Update

    Why do this?
    Firefox is able to check for updates for itself, installed extensions, and installed themes, and notify the user when new updates are available for downloading. Mozilla continuously provides updates that address both functionality and security updates to it users. It is suggested to allow Firefox to automatically check if are available, and install them when they are available. It is good practice to always use the latest version of Firefox software in order to ensure maximum stability and security of the browser.
    What consequences will there be on my system?
    There are no consequences from enabling the Software Updates feature. There are however consequences from being out of date with Firefox updates.
    Return

    Firefox: Advanced Option: Security

    Why do this?
    This security setting specifies if the browser uses secure transmission of information through Secured Sockets Layer(SSL) and Transport Layer Security(TLS) to communication with secure websites. Although it would make the browser the most versatile by selecting each of the available options, it is suggested to use the newest versions of each of these methods of secure transmissions and to always use secure transmission when available. The reason for this is because there exists exploits that are able to compromise SSL 2.0 encryption, giving the attacker elevated user rights on the infected computer
    What consequences will there be on my system?
    There should be no noticeable changing in the browsing experience as a result of selection these options, but the Firefox will be using the most securely encrypted communication available with those sites that allow it.
    Return

    Firefox: Advanced Option: Certificates

    Why do this?
    Certificates contain the information for encryption and decryption for communication between the browser and secure sites. Simple stated, certificates allow the user to identify themselves. This setting dictates how the browser will react when a websites prompts it for a certificate. It is suggested to adjust Firefox to always prompt the user to manually select a certificate when a web site requests a secure session. This also allows the user to be aware of the start of the secure session.
    What consequences will there be on my system?
    This setting will have no visual changes in the operations of the browser.
    Return

    Firefox: Advanced Option: Validation

    Why do this?
    When using certificates, it is best to make sure that those used by Firefox are not obsolete, this is referred to as validation. The Online Certificate Status Protocol (OCSP) is the method used to check the validation every time that a certificate is used. It is suggested to enable Firefox to check the validity of certificates every time they are used.
    What consequences will there be on my system?
    This setting will have no visual changes in the operations of the browser, however the level of secure communication will be heightened because the browser will check for a certificate's validity each time the certificate is viewed or used.
    Return

    Opera: General Preferences

    The General preferences pertain to the browsers basic operation. For the purposes of securing the browser, the handling of Pop-ups will be addressed.

    Opera: General Preferences: Pop-ups

    Why do this?
    Pop-ups are windows that are automatically opened by the browser forcing the user to view the displayed information. Although some websites use pop-ups legitimately to show information that is pertaining to but not part of the website's information, generally they are used as online advertising and considered annoying. For example, a legitimate pop-up may be a login page for a website. The available settings for controlling pop-ups are: Open all pop-ups, Open pop-ups in background, Block unwanted pop-ups, Block all pop-ups. Base on this setting, the Opera browser will try and distinguish between user requested and unwanted automatically pop-ups. The suggested setting to reduce the annoying nature of a popup is Block unwanted pop-ups .
    What consequences will there be on my system?
    Some sites do make legitimately usage of pop-ups. For example, a text website might provide a link that, when clicked, would open a popup window to display an image that is referred to in the website text. If pop-ups are blocked, then Firefox would not allow the web site to open the popup and the link would appear to be functionless.
    Return

    Opera: Wand Preferences

    The Wand preferences handle the browser's password manager and storage of the user's personal information.

    Opera: Wand Preferences: The Wand

    Why do this?
    The browser is able to remember user passwords in its Password Manager call the The Wand. The intention here is convenience for the user in that the browser manages their username and password for web sites that require the user to login in order to access the webpage. For example, with this option is enabled, when the user enters a new username and password, the browser will prompt the user if they would like to save this information. If the user selects elects to utilize the browsers Password Manager, the next time they visit that web site, they may login by simply clicking on the Wand button, which is on the address bar to the left of the URL. This may be very convenient for some users for example with online banking account; when they access this banking web site from the browser with their password saved, the browser will provide their password information. It is best to disable the browser's ability to recall user passwords. Although it is convenient for the user to allow the browser to enter their login information, it is just as easy for malware to access this saved information. To elaborate on how Opera prompts the user to save a password, when the user enters their username and password into a login webpage, the browser will prompt the user if they want the Wand to save this information. The user is given four options by the browser to handle their password: For this page, For entire server, Never on this page, and Never on entire server. It is suggested to select Never on entire server from this provided list of options. To verify that the browser will not save user password for this server:
    1. On the menu bar, click Tools pulldown menu.
      • Note: The Toolbar menu is the bar at the top of the Opera window.
    2. Under Tools, click on the Preferences... menu option.
    3. This will provide the Preferences window, which has a tabbed interface for adjusted the browser's settings.
    4. Click on the Wand tab.
    5. Click on the Passwords button.
    6. In the Server manager window, look for the domain URL of the login website and click on it.
    7. In the expanded list of websites below this domain URL will be the URL of the login page, to the right of the URL should be the option Never on entire server .
    To avoid confusion, it is suggested to remove all websites from the Opera Server Manager for Wand logins, but the user may instead verify that all listed login URL state Never on entire server.
    What consequences will there be on my system?
    This may be a slightly annoying for the user since they will be required to enter their password on each website that requires a password, but it will significantly reduce the ability of malware to capture their password information. Opera does allow the user to set a password to protect the information stored by The Wand. In theory this will help protect the user's password information, however it best to disassociate your password information from the browser. There are password managers that are not associated with browsers and more secure at managing password information.
    Return

    Opera: Wand Preferences: Personal Information

    Why do this?
    It is common to enter your personal information into web forms, such as when shopping at e-commerce sites. Opera is able to store this personal information, allowing you to enter this information in the web forms by either selecting it from drop down lists or by right clicking the input field and selecting Insert Personal from the context menu. The intention here is facilitating the user's web browsing experience by automatically entering commonly entered fields. It is best to disable this option and not allow the browser to save any personal information about the user. Although it is convenient for the user to have the browser complete webpage forms, it is just as easy for malware to access this saved information.
    What consequences will there be on my system?
    This may have be annoying for some users since they will have to enter their personal information into all web forms, but it will not impact the users browsing experience.
    Return

    Opera: Advanced Preferences

    The Advanced preferences handle all the fine details about the user's browsing experience. These settings help to create another barrier between your computer and potential attackers, and help to upgrade the security that Opera employs so it is harder for an attacker to exploit your system. This settings includes how the browser handles the webpage content provided by a website, any user initiated downloads, the browser's history, and the browser security.

    Opera: Advanced Option: Java Option

    Why do this?
    JavaScript is a scripting language used to add functionality to web pages and thus integrated directly into the webpage's HTML code. The intention here is alleviate the work load on the server and allow your computer to do some of the work, additionally, the user's webpage interactions is much more responsive because the webpage does not need to return to the web server in order to process information. JavaScript is used to create allot of custom web page building blocks, such as form elements (drop down interactive menus, submit buttons...). Although there is an added convenience for using JavaScript, it is still code that is technically executed on your machine without your consent. It is for this reason the suggested setting is to disable JavaScript within Opera. Java is a popular platform-independent programming language that is able to create web applications, however it is a common target for malware authors. Malware takes advantage of the fact that it is executable code, which is typically automatically downloaded and executed on your computer. Numerous exploits exist that use Java to compromise a computer and the data stored on it. Disable Java within Opera by unchecking this feature, this is the suggested setting for this option due to Java's popularity as a language for creating malware.
    What consequences will there be on my system?
    Many web sites depend on Java and JavaScript, so disabling them will impact presentation of the web pages on your computer. There is a JavaScript button in the Content options of the Advanced Preferences that will allow the user to either allow or disallow certain tasks that JavaScript typically performs. If you see fit to use JavaScript in order to gain this functionality but control its abilities, adjust these settings. The benefit though that the potential threat from Java based malware is eliminated.
    Return

    Opera: Advanced Option: Downloads Options

    Why do this?
    This allows the user to select one folder in which to save all the downloads from the Internet. It is suggested to save all downloads that you initiate to a centrally located folder. This facilitates scanning of downloaded files, since they are centrally located. Keep in mind that these downloads are not the temporary files that Opera keeps when downloading web pages.
    What consequences will there be on my system?
    There are no consequences to saving to other locations, however, the user is better able to manage their system by saving all downloads to one file folder.
    Return

    Opera: Advanced Option: Browser History and Cache Options

    Why do this?
    This browser will remember links to the websites that it has recently visited. By setting these values to zero, the browser's history is in effect disabled. The result of disabling the browser's history is that malware and spyware are not able to harvest surfing trend information and other personal information about the user from the browser's history log. When a webpage is accessed, the browser will save the webpage locally on the computer. The next time this webpage is accessed, the browser will check if it has been previously saved, and if it has been saved, it will load the webpage from the locally saved copy. The intention here is to expedite the user's browsing experience, because the computer does not have to download the webpage again. This information includes all necessary components (HTML, images, scripts...) necessary to display the web page and is stored locally in a temporary directory on the computer. This information may be accessed like any file on the computer by searching the computers file system directories. By setting these values to Off, the cache is disabled. It is suggested that the cache be disabled to avoid malware and spyware from accessing the history of the visited web pages.
    What consequences will there be on my system?
    This may have a slightly annoying effect because the user is not able to look up URL addresses that they have recently visited. However, the user may also achieve the history effect by creating Bookmarks for each desired URL address. The user's browsing experience will be slightly slower because the browser is then forced to download a webpage every time that the user wants to see this particular webpage. With faster Internet connections this is not as large a concern because the browser is able to quickly download the webpage resulting in no need for temporary browser files on the computer. However, this will be very obvious in a computer environment where the Internet connection is slower, such as with dial-up connectivity.
    Return

    Opera: Advanced Option: Cookie Options

    Why do this?
    A cookie is identifying information that is sent by a webpage to your browser and stored locally as a file on your computer when a webpage is accessed by that browser. A copy of this cookies is then sent back by the browser to the server every time browser access that server. Since it is theoretical impossible for a website to keep track of all of its users, the intention behind cookies are to store its user information on the user's computer. This information is typically unique to that the user's browsing experience. For example, a cookie may contain information for an online shopping cart to keep track of and tell the website what the person has chosen to purchase. Since this sensitive information is used to identify a user, disabling cookies will not allow the browser to accept cookies and potentially store personal information that might be accessed by malware.
    What consequences will there be on my system?
    Since a large portion of web pages use cookies in order to store information about the user's interaction with the web site, disabling cookies will significantly impact the user's browsing experience. For example, many e-commerce sites and bulletin boards will be rendered unusable because they track user progress through cookie data.
    Return

    Opera: Advanced Option: Security Options

    Why do this?
    There exist exploits that are able to exploit the Microsoft Secure Socket Layer library and compromise machines using SSL 2.0 encryption. These exploits can give malicious attackers access to your computer including administrative rights, which allow the attacker to execute code without the user knowing. Disabling SSL 2.0 encryption will keep your machine safe from this exploit.
    What consequences will there be on my system?
    These options will result in more pop-up warnings from Opera, and inaccessibility of older, very insecure sites. As for SSL2, your browsing experience will remain mostly unchanged. Most browsers and servers have the ability to use different encryption methods should others fail.
    Return