5 of 7Image
On the Mac OS (screenshot), choose Safari > Preferences. On Safari for Windows, choose Edit > Preferences
In the General tab, you can set up many options such as Save downloaded files to: and Open "safe" files after downloading.
CERT/CC recommends that you save downloaded files to a temporary folder that you create for downloading files.
For security reasons, be sure to uncheck the Open "safe" files after downloading option.
Move next to the AutoFill tab to select what types of forms your browser will fill in automatically.
In general, CERT/CC recommends against using AutoFill features because if someone can gain access to your computer, or to the data files, then the AutoFill feature may permit them even easier access to other sites that they would not otherwise have the ability to access.
However, if used with appropriate protective measures, it may be acceptable to enable AutoFill.
On the Mac, use filesystem encryption software such as OS X FileVault to provide additional security for files that reside your home directory.
The Security tab includes the most important settings to help reduce the risk of drive-by downloads.
The Web Content section permits you to enable or disable various forms of scripting and active content. CERT/CC recommends disabling the first three options in this section, and only enabling them when you require the functionality of these features.
You should select the Block Pop-up Windows to prevent sites from opening another window through the use of scripting, or active content. However, be aware that while pop-up windows are often associated with advertisements, some sites may attempt to display content relevant to your usage of the site in a new window. Setting this option may therefore disable the functionality of some sites.
Use Safari without plug-ins and Java by disabling the options Enable plug-ins and Enable Java.
You can also disable cookies and view or remove cookies that have been set.
CERT/CC recommends disabling cookies and enabling them only when you visit a site that requires their use. At this point, you should determine if the site is trustworthy (i.e., contains no malicious content and is securely designed) and determine whether you want to allow cookies to access the site’s content. After you are finished visiting the site, we recommend disabling cookies until you need to access a site that requires cookies.
You can limit cookies to the sites that you navigate to by selecting the option Only from sites you navigate to. This will permit sites that you visit to set cookies, but not third-party sites. Finally, we recommend selecting the Ask before sending a non-secure form to a secure website option. This will alert you when data is sent to a secure web site over an insecure channel.