Securing Safari: How to run Apple's Web browser securely

Securing Safari: How to run Apple's Web browser securely

Summary: Here are several steps you can take to disable various features in Safari to reduce the risk of hacker attacks.

SHARE:

 |  Image 6 of 7

  • Thumbnail 1
  • Thumbnail 2
  • Thumbnail 3
  • Thumbnail 4
  • Thumbnail 5
  • Thumbnail 6
  • Thumbnail 7
  • Move next to the AutoFill tab to select what types of forms your browser will fill in automatically.

    In general, CERT/CC recommends against using AutoFill features because if someone can gain access to your computer, or to the data files, then the AutoFill feature may permit them even easier access to other sites that they would not otherwise have the ability to access.

    However, if used with appropriate protective measures, it may be acceptable to enable AutoFill.

    On the Mac, use filesystem encryption software such as OS X FileVault to provide additional security for files that reside your home directory.

  • The Security tab includes the most important settings to help reduce the risk of drive-by downloads.

    The Web Content section permits you to enable or disable various forms of scripting and active content. CERT/CC recommends disabling the first three options in this section, and only enabling them when you require the functionality of these features.

    You should select the Block Pop-up Windows to prevent sites from opening another window through the use of scripting, or active content. However, be aware that while pop-up windows are often associated with advertisements, some sites may attempt to display content relevant to your usage of the site in a new window. Setting this option may therefore disable the functionality of some sites.

    Use Safari without plug-ins and Java by disabling the options Enable plug-ins and Enable Java.

    It is also safer to disable JavaScript. However, many web sites require JavaScript for proper operation.

    You can also disable cookies and view or remove cookies that have been set.

    CERT/CC recommends disabling cookies and enabling them only when you visit a site that requires their use. At this point, you should determine if the site is trustworthy (i.e., contains no malicious content and is securely designed) and determine whether you want to allow cookies to access the site’s content. After you are finished visiting the site, we recommend disabling cookies until you need to access a site that requires cookies.

    You can limit cookies to the sites that you navigate to by selecting the option Only from sites you navigate to. This will permit sites that you visit to set cookies, but not third-party sites. Finally, we recommend selecting the Ask before sending a non-secure form to a secure website option. This will alert you when data is sent to a secure web site over an insecure channel.

    Source: CERT/CC.

  • Safari (on Mac and Windows) offers a feature called Private Browsing.

    You can turn this on via the Edit drop-down on Windows or from Safari on the Mac.

    When Private browsing is turned on, Safari won’t store your Google searches, your cookies, the history of sites you’ve visited, your download history, or information from online forms you’ve filled out.

    If you’ve been browsing without private browsing turned on, just use Privacy Reset to empty your cache and clear Safari of your browsing, forms, and search history.

Topics: Open Source, Software, Security, Operating Systems, Apple, Legal, Hardware, Google, Browser, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

Talkback

62 comments
Log in or register to join the discussion
  • Thanks for the instructions

    but wouldn't it simply be simpler to tell people not to install Safari at all? If Quicktime, iTunes, and Safari are all about convincing me that I should switch to OSX due to Apple's supremely high quality programs, let me just say that Jobs has managed to do the exact opposite. These are 3 of the worst programs ever to be made for Windows and that is saying a lot!
    NonZealot
    • Three worst?

      "These are 3 of the worst programs ever to be made for Windows and that is saying a lot!"

      I dunno. I'd take iTunes over Zune or whatever Microsoft's using anytime - especially now that they have non-DRM versions of some of their music. Quicktime is IMHO on par with Media Player, it's just not installed with the OS.

      I'd agree a bit about Safari. Unless they've got some big tricks up their sleeves, I doubt it'll ever displace either IE or Firefox. Right now, it's nothing more than a web developer tool - another way to test to ensure your web pages work on all platforms.

      But frankly, I don't see what's so horrible about iTunes or Quicktime.
      CobraA1
      • Message has been deleted.

        tek_heretik
        • My Quicktime...

          plays more than just .mov. It plays Windows media files as well. With the plugins it
          will play almost any video file format. But this could be do to the fact, I know what I
          am doing, and what it takes to get it to play. Yes, there are a couple of Linux video
          players that will play it all.
          cashaww
      • I agree

        I agree: iTunes and Quicktime are very good software. Safari is average. I have had no problems with Safari on a Mac. Windows folks need to remember that Safari for Windows is still Beta. If you are worried about it causing problems, wait for the final release.
        Paul4
        • You're on a Mac?

          I'm guessing, since it's the Windows users that complain about Quicktime and iTunes, particularly businesses.

          A user group would have to put on an amazing dog and pony show to get rights to install any Apple product on most corporate networks.
          rtk
          • Hmmm.... Never heard of this policy

            and have worked/work for some very large corporations....

            maybe it's just my experience but all I see is a new myth cropping up as of late...

            Somehow these apps are less secure than other Windows apps? C'mon...you might as well just shut it down and go home then.
            Kid Icarus-21097050858087920245213802267493
          • well, welcome to the rest of the world...

            where USB devices are being disabled completely, to prevent corporate data from walking out the door on some secretary's iPod.

            You've worked for large corporations with poor IT services.
            rtk
          • If my employer wouldn't let me use a Mac

            I'd resign. I don't like cheapskate employers anyway.
            labarker
      • The DRM free files on iTunes...

        Actually, finally, make iTunes accessible to devides other than the iPod, being that the DRM-free files are plain and simple MP3s.

        Furthermore, only a limited number of labels offer DRM-free tunes (I think EMI's labels are the only ones doing it) and services other than iTunes, such as eMusic have been (legally) offering DRM-free MP3's for years.
        GeoNorth
        • Hate DRM? Talk to the label

          DRM is really based on the label, not the online store. eMusic can offer DRM-free
          inferior quality MP3's because they don't have the 4 major labels in there catalog.

          I would really like to see people move on from MP3. MP3 is the precursor to MP4.
          eMusic should have this option available. Here is why:

          MP4 is recognized as a standard universal format by the International Organization
          for Standardization. MP4 are smaller file sizes, and at 196kbps are nearly
          indistinguishable from 16bit 44.1khz CD source. I have done a side by side
          comparison, and blind testing with other audio professionals yielded equal results.
          To equal that sound quality with MP3 would take a sample rate of about 320kbps.
          In file sizes a 3 minute song in MP3 320kbps is about 8MB, MP4 196kbps is about
          4MB.

          If you dare to encode your collection in MP3 better make it a higher sample rate
          then 256kbps because I can here the deterioration of high-fidelity frequencies a
          mile away. MP4 doesn't suffer from this side-affect.
          techJerk
        • Actually, they are AAC files, not MP3

          I know, I bought some of them. I can't tell any difference in the sound quality
          though. I actually prefer the DRM files, they are cheaper, all works great, no
          problems here.

          All of you complaining about Safari Quicktime or iTunes are just Mac haters, plain
          and simple. To say that these are the worst pgms in windoze is absolute lunacy,
          and you know it, so stop pretending. Besides, the people are voting with their
          wallets. Zune is doing great though! :-)
          comp_indiana
        • i'm not going to install itunes on my computer

          i'm not going to install itunes on my computer. the biggest reason is you do not need a service running to download music.
          apple makes crappie software for windows.
          quicktime wants to run all the time that why if a website does not give me the option to use another format besides quicktime i find the media on another site.

          if your not using software there is no need for said software to be running. apple needs to stay with mac they don't care if itunes and quicktime phones home all day and night.
          SO.CAL Guy
    • Zealot...

      don't worry about this post, he things anything is bad if it says Apple on it. It could be
      the best thing in the world and cause eternal life, but if it says Apple, it would be one
      of the worst programs ever.
      doh123
      • I'm so glad you get it

        Here, let me fix up your post:
        [i]don't worry about this post, he things anything is bad if it says [b]Microsoft[/b] on it. It could be the best thing in the world and cause eternal life, but if it says [b]Microsoft[/b], it would be one of the worst programs ever.[/i]

        I'm merely making fun of all the Mac zealots who do this on every story related to Windows. If you think I sound stupid, you are basically admitting that all the Mac zealots sound stupid since it is them I'm parodying. Have a nice day!
        NonZealot
        • Message has been deleted.

          Intellihence
          • Message has been deleted.

            Hallowed are the Ori
          • Message has been deleted.

            Scrat
        • I used to be a Microsoft fan

          They once made very good software for the Mac. As far as I'm
          concerned the last decent piece they made was Word 5.1. Once
          they dragged Word down to the level of their Windows version
          (with Word 6) they lost me. I tried Word 2004 but hated it. Great
          bloated monster!
          labarker
      • Message has been deleted.

        tek_heretik