Browser features "more trouble than they're worth"

Browser features "more trouble than they're worth"

Summary: Disabling the majority of features in a Web browser may be the safest bet to keep malicious hackers at bay, says a US based IT security watchdog.

TOPICS: Security, Browser

Disabling the majority of features in a Web browser may be the safest bet to keep malicious hackers at bay, says a US based IT security watchdog.

The United States Computer Emergency Readiness Team (US-CERT) said in a report: "Many Web applications try to enhance your browsing experience by enabling different types of functionality, but this might be unnecessary and may leave you susceptible to being attacked." The IT security group is part of the US Department of Homeland Security.

"The safest policy is to disable the majority of those features unless you decide they are necessary," the research team said.

While the exact browser settings differ from one browser to another, most platforms have settings and functions that are enabled by default.

US-CERT recommends that users set the highest security level possible, only enabling features when they are required, and to disable them again after the user is done with the Web site that required the functions.

What to disable in a Web browser:

  • JavaScript: Some sites rely on Web scripts such as JavaScript, to achieve a certain appearance or functionality, but these may potentially be used in an attack.
  • Java and ActiveX controls: These programs are used to develop or executive active content, but may also put users at risk.
  • Plug-ins: Additional software that extends the functionality of the browser. Before installing them, users should make sure they are necessary and originate from a trustworthy site.
  • Cookies: Web sites store cookies on PCs to remember data about the user, so companies can use the information to identify them on subsequent visits to their sites. It is best to disable the cookies and enable them only when visiting a site that requires them.
  • Pop-up windows: Blocking pop-up windows will minimise the number of pop-up advertisements received, some of which may be infected with malicious spyware.

Topics: Security, Browser

Victoria Ho

About Victoria Ho

Victoria Ho is a tech journalist based in Singapore, whose writing has appeared in publications such as ZDNet, TechCrunch, and The Business Times. When she's not obsessing about IT, you can find her tinkering with music and daydreaming about which guitar to buy next.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Impractical

    All of this would be good advice if it were quick and easy to disable and enable those features. But it is neither. Following these procedures will add way too much work to browsing for almost all users. Browser UIs need to have major changes for these practices to be successful. So many commonly used sites NEED to have things like Javascript and cookies working - all the time.
  • Javascript, ActiveX, and cookies

    Javascript can be controlled easily via the Noscript plugin to Firefox, and the number of sites using ActiveX for anything useful must be minimal, I have not spotted one for several years.
    But I do wish cookies could be dated in Firefox, so I could see when they were set, and when they were last accessed. Maybe there's a plugin for it.