Your web browser is under attack. Aside from simply tricking you into downloading and running malicious software, attackers mainly target flaws in your browser and its plug-ins to compromise your PC.
Use these tips to secure your web browser from attackers, whether they’re using malvertising attacks, compromising websites, or just directing you to malicious websites they’ve created.
Keep Your Browser Updated
Use a current web browser and keep automatic updates enabled. Don’t use an outdated web browser like Apple’s Safari for Windows or old versions of Microsoft’s Internet Explorer.
Use Google Chrome or Mozilla Firefox and leave automatic updates enabled, use a current version of Internet Explorer on a modern version of Windows and install Windows updates, or use Microsoft Edge on Windows 10.
Enable Click-to-Play Plug-ins
Enable the click-to-play plugins option in your web browser. This will make web pages load faster and save you CPU cycles and battery power. It also has important security benefits. Attackers won’t be able to exploit flaws in your browser plug-ins in the background, as you’ll only allow the plug-in to load when you have a good reason to do so.
Uninstall Plug-ins You Don’t Need
Uninstall any plug-ins you don’t need to secure your web browser. Head to your web browser’s list of installed plug-ins and uninstall the ones you don’t need. Java is particularly dangerous and used by few websites — uninstall that unless you really need it. Microsoft’s Silverlight is becoming less necessary and is no longer needed for Netflix. The one plug-in you’re most likely to need is Flash, and even it is becoming less necessary.
Feel free to uninstall a plug-in if you’re not sure whether you need it. The worst case scenario is you’ll have to reinstall it when you come across a website that needs it, and that may never happen.
Keep Plug-ins Updated, Too
Any plug-ins you do need should automatically update themselves. Leave Adobe Flash’s automatic updates enabled. Google Chrome automatically updates its own copy of Flash and Windows 10 updates Edge’s copy of Flash, but you’ll need to update other versions of Flash automatically.
Ensure plug-ins you use are updated regularly and automatically.
Use a 64-bit Web Browser
64-bit programs have greater protection against attacks. You should be using a 64-bit browser, assuming you’re using a 64-bit version of Windows. Address space layout randomization, or ASLR, is much more effective with 64-bit programs.
Google Chrome is available in both 32-bit and 64-bit versions, but there’s a good chance you still have the 32-bit version installed. Check if you’re using the 32-bit or 64-bit versions of Chrome. if you’re using the 32-bit version, you should download the 64-bit version.
Stable 64-bit versions of Firefox aren’t yet available, although you can use developer builds. Mozilla plans to make 64-bit builds of Firefox available via the stable channel in Firefox 41.
Microsoft Edge is 64-bit on 64-bit operating systems, while even 64-bit versions of Internet Explorer are available on modern versions of Windows.
On 64-bit versions of Mac and Linux, all web browsers should just be 64-bit.
Run an Anti-Exploit Program
Anti-exploit programs harden your web browser against some of the most common types of attacks. Rather than relying on antivirus-style blacklists of specific software and behavior, these programs just prevent certain types of unusual behavior from occurring.
Your two big options here are Microsoft’s EMET and Malwarebytes Anti-Exploit. Both are free for browser protection, but Anti-Exploit is easier to set up and is more of a consumer product — we recommend that one.
It’s still a good idea to use antivirus software, but you can’t entirely rely on antivirus.
Use Caution When Using Browser Extensions
Browser extensions are awesome, powerful tools for customizing the web and your browser. At the same time, they’re potentially dangerous. Rogue extensions could insert advertisements into web pages you use, capture keystrokes, track your browsing activity, and do other nasty things.
Try to use as few browser extensions as possible — that will help make your browser perform better, too. Evaluate browser extensions like you would software you install on your computer.
Securing your browser’s software is just one part of it. It’s also important to avoid phishing sites and nasty software. Many websites try to trick you into downloading junkware instead of the software you’re looking for, and even legitimate software is often bundled with potentially dangerous junk.