10 tips for a secure browsing experience

Your browser is one of the easiest ways for malware to penetrate your network. Here are 10 ways to practice safe surfing in Google Chrome, Microsoft Edge, and Mozilla Firefox.

Cybrain / Getty Images

The web browser is an old piece of software, with lineages tracing back to the 1990s. It’s your portal to the cloud, your interface with Salesforce, AWS, Azure and countless other cloud services.

It’s also one of the most insecure apps you will ever use, with a whole manner of malicious attacks targeting the browser since Microsoft, Apple and various Linux vendors have effectively secured their respective operating systems.

Web browsers are not set up in the most secure means with the default configuration. They tend to be configured for maximum performance, and the performance and security don’t always go together. This is true of both preloaded browsers with the computer and ones you may download.

Here are some setting suggestions, including how to enable or disable them in the three major browsers (Microsoft Edge, Google Chrome and Mozilla Firefox).

1. Get security browser extensions

We’re going to start off contradicting ourselves, as suggestions #1 and #2 directly contradict each other. The call is yours to make. Browser extensions or add-ons are small plug-in applications to add functionality to your browser. All three have hundreds if not thousands of extensions for a variety of actions.

Among them are security and privacy extensions to protect your online privacy and security. They range from blocking access to known malicious websites to enabling HTTPS for everything to blocking cookies and IP addresses.

The Electronic Frontier Foundation (EFF), a nonprofit organization dedicated to protecting privacy and security recommends HTTPs Everywhere, in part because it created it. HTTPs Everywhere lives up to its name by forcing the browser to use HTTPS instead of the default, unsecured HTTP.

The EFF also makes Privacy Badger, which learns about and blocks secret trackers that track you across the web and even on different devices as you use your browser. It can be set to block all trackers, including cookies. Finally, the EFF makes and promotes uBlock Origin, an ad and tracking blocker. It stops ads on a page from loading so it makes the browser faster.

One last extension to consider is LastPass Password Manager, a password manager that lets you store all your passwords safely and gives you secure access from every computer and mobile device.

To access the plugins/extensions library of your browser:

  • In Chrome – Select the Menu from the upper right (three dots), go down to the More Tools sub menu and select Extensions.
  • In Firefox – Select the Menu from the upper right (three lines) and go down to Add-ons. You will be connected to the extension store.
  • In Edge – Select the Menu from the upper right (three dots), go down to the Extensions option. You will see a link that says “Get extensions from Microsoft Store.”

2. Disable extensions

Herein lies the contrarian advice. While many extensions come from reputable companies or developers and perform a useful function, some are written by unscrupulous developers and are designed to spy on you or outright hijack your web browser.

Google recently removed dozens of extensions from its stores involved in information theft. An extension can also be exploited by malware, and not just a poorly written one. JavaScript has many legitimate uses but a whole lot of exploits, too.

Universal banning of extensions isn’t feasible. Some of your users will need extensions and there are plenty of good ones – there are more than 25 for Salesforce alone. But if you have some users who need maximum protection, a total ban is possible.

  • In Chrome – Right click the icon, go to properties section and add --disable-extensions to the Target window.
  • In Firefox – Like Chrome, add -safe-mode at the end of the link in the Target window. This disables everything.
  • In Edge – Like Chrome, add –extoff to the Target window

3. Disable saved passwords

All of the web browsers offer some kind of built-in password manager to save your usernames and passwords. Given how many accounts we all have it’s an obvious feature, but it also represents a danger, especially if the laptop is lost or stolen. Stored credentials on your PC can be stolen by malicious software because login/password information is not that well protected. That’s why there are so many password managers out there.

  • In Chrome – Open settings, select Passwords, and uncheck Offer to Save Passwords and Auto Sign-in.
  • In Firefox -- Click the Menu button, then select Preferences. Select Privacy & Security on the left pane. Scroll down to Logins and Passwords and select the Saved Logins button.
  • In Edge -- In Microsoft Edge, select Settings and select Passwords & Autofill, then use the toggle to turn off all three functions.

4. Use a strong antivirus

This should be obvious -- but all too often it isn’t. The top antivirus products out there not only have a constantly updated database of known malware but also a database of known dangerous or malicious sites that try to inject malware into visitor’s computers, and they will stop the page from even loading. Browser protection should be a mandatory checkmark for evaluating an antivirus product.

5. Disable autofill

Autofill is a feature that automatically fills out forms on web pages with your previously saved user information. It detects common fields like name, email address, physical address, and phone number. While it is convenient and time-saving to autofill all of your contact info without having to retype it there are very real risks. One developer has even published a simple phishing example on GitHub to show how easily your personal information can be exploited.

  • In Chrome -- Click Menu, then Settings, and select Autofill. Go into the Addresses and More section and toggle the setting to off.
  • In Firefox – Click Menu, Options, then Privacy & Security. Uncheck the box Forms and Autofill.
  • In Edge – Click Menu, Settings, and Profiles, then select Addresses and more. Turn it off from there.

6. Use a sandbox

A sandbox is an application that blocks software applications from accessing the hard disk. The entire app only exists in the memory space occupied by the sandbox and when the sandbox is closed, the app is wiped from memory without ever touching the disk. Some of these tools are simply virtual machines but they have the same effect of blocking disk writes.

Microsoft introduced a simple app called Windows Sandbox with the Windows 10 May 2019 Update but only for Windows 10 Pro or Enterprise. The Home edition does not have it. You enable it by going into Windows Features in the Control Panel and checking the box next to the name, then reboot. As a security measure, Windows Sandbox does not carry over any of the personalized features like favorites and themes, by design.

You have several choices for sandboxing/virtualization software.

7. Manage browser cookies

Browser cookies are a small piece of data a website stores on your web browser when you visit that website so it can remember you and your interactions. Cookies by themselves are not bad but can become a problem if you get infected with malware and the malware steals cookie information.

Cookie tracking can be reduced but not completely prevented. And because some websites need it to function properly, you may not and should not disable it entirely. But if you want to disable cookies completely:

  • In Chrome – Click Menu, then Settings, then Advanced at the bottom of the page. Under "Privacy and security," click Site settings, then Cookies. Next to "Blocked," turn on the switch.
  • In Firefox -- Go to Tools in the menu bar and click Options. In Options, under Enhanced Tracking Protection, select Custom, and in the Cookies pulldown menu you can block all cookies.
  • In Edge -- Click on Menu, then Settings, then Site Permissions. Select off for “Allow sites to save and read cookie data” and turn on “Block third-party cookies.”

You also have the option of deleting certain cookies or blocking specific sites from these Option windows.

8. Update your browser. Or don’t

Browsers makers are always pushing out updates, but to make sure you get it, you should do a manual check. In all three browsers, go into their Menu and select Help or About. That forces a version check and then asks for a restart.

Caveat emptor: A browser update is usually an upgrade that comes with new/improved features, bug fixes and security patches. But the two most recent Firefox upgrades (versions 74 and 75) have been awful, introducing serious bugs and breaking features that previously worked. So it can’t hurt to wait before upgrading to see if there are problems.          

9. Use a 64-bit web browser

64-bit programs have greater inherent protection against malware attacks because of something called address space layout randomization (ASLR). ASLR is a memory-protection process to protect against buffer-overflow attacks by randomizing the memory location where system executables are loaded into memory.

All three browsers now default to the 64-bit version, but it can’t hurt to double check. Go into the Menu and select Help or About, and the version number and 32/64-bit info will be displayed.

10. Consider alternatives to the big three

When you think browser, the automatic responses that come to mind are Chrome, Edge, Firefox and Safari for Mac users. But there are many more, owing to open-source browser engines.

The Brave browser is built on top of Chromium (an open-source version of the Chrome browser), but does none of the online activity collection Google engages in. And rather than rely on third-party privacy extensions, it does its own blocking of third-party and advertising cookies and uses HTTPS for all connections.

The Tor browser was designed to provide secure access to the Tor anonymity network and as such is heavily aimed at privacy and security. It is based on Firefox but with additional security features, such as built in HTTPS Everywhere and NoScript (which disables all scripts by default) plugins, it blocks other browser plugins such as Flash, RealPlayer and QuickTime and is always in private browsing mode, so it has tracking protection, no browsing history, no saved passwords, no search history, and no cookies or cached web content.

The Vivaldi browser is derived from the Chromium open-source project, but one key feature is it removes all of Google’s usage tracking. It makes its money through other means than ad tracking. It has seamless syncing between the desktop and mobile versions, has an integrated notes app for writing down research as you are browsing, and in one of its most unique features, it lets you screenshot an entire webpage on a smaller screen, even if the contents of the page scroll down off screen.

The Opera browser made its name for being lightweight and easy on resources, but it also has a built-in ad blocker, uses Chrome extensions, has a battery saver mode for laptops that can reduce battery use by up to 50%, and has a built-in VPN, something the competition does not do.