Browser features may pose hacking threat
Disabling the majority of features in a web browser may be your safest bet for keeping malicious hackers at bay, according to a US-based IT security watchdog.
The US Computer Emergency Readiness Team (US-CERT) said in a report released on Thursday: "Many web applications try to enhance your browsing experience by enabling different types of functionality, but this might be unnecessary and may leave you susceptible to being attacked." The IT security group is part of the US Department of Homeland Security.
"The safest policy is to disable the majority of those features unless you decide they are necessary," the report stated.
While exact browser settings differ from one browser to another, most platforms have settings and functions that are enabled by default.
US-CERT recommends that users set the highest security level possible, only enabling features when they are required and disabling them again after the user is finished with the website that required the functions.
These are the recommended features to be disabled in web browsers:
- JavaScript: some sites rely on web scripts such as JavaScript to achieve a certain appearance or functionality but these may potentially be used in an attack
- Java and ActiveX controls: these programs are used to develop or executive active content, but may also put you at risk
- Plug-ins: additional software that extends the functionality of your browser; before installing them, make sure they are necessary and originate from a trustworthy site
- Cookies: websites store these on your PC to remember data about you, so companies can use the information to identify you on subsequent visits to their sites. It is best to disable the cookies and enable them only if you visit a site that requires them
- Pop-up windows: blocking pop-up windows will minimise the number of pop-up advertisements you receive, some of which may be infected with malicious spyware