Web Browser Security
Today's attackers are more likely to host their malicious files on the web. They may even update those files constantly using automated tools that repackage the binary in an attempt to bypass signature-based scanners.
Attackers may entice users into visiting the malicious site via cleverly worded email, such as greeting card scams. Or they may compromise a legitimate site, outfitting the compromised site with hidden iframes or javascript references that pull exploits and malicious files from an external attacker-owned site - with all of this invisible to the casual observer.
Whether through social engineering or through website exploit, the choice of browser will be of little help. All browsers are equally susceptible to Web-based malware and this includes Firefox, Opera, and the much maligned Internet Explorer. Disabling Javascript on all but the most trusted sites will go a long ways towards safer web browsing.
The Firefox noscript addon disables active scripts by default and provides an option button in the lower right corner of the browser screen to change the preference on a per site or per visit basis. If a site won't display properly, just click the option button, locate the site URL on the list, and select "Temporarily allow sitename" (where sitename corresponds to the name of the site you are visiting). It's recommended you do not select 'Temporarily allow all this page' as that would also enable scripts and references embedded on a compromised website. While it's a few extra clicks to manage this on a per visit basis, the pay off in terms of better online safety will be well worth it.
The Opera browser allows you to set a global preference as well as dictate settings on a site by site basis. To configure global preferences in Opera, select Tools | Preferences | Advanced | Content. To configure site-specific settings, access the same menu, select Manage site preferences, then select Add. Once the Site Preferences dialog window opens, type the web site url in the Site field, then tab through the offerings and make the desired selections.
Internet Explorer provides four configurable security zones. While advantageous in previous times, it's a less effective approach given today's Web threats. To be effective, you'll need to disable iframes for each of the security zones and set active scripting to either disable or prompt. Those sites you must visit that require these features will need to be added to the Trusted Sites zone which will need to be configured to be more permissive. The downside: if that trusted site becomes compromised, you could become a victim. For a broader discussion of IE security zones, see Securing Internet Explorer.)
Whichever browser you choose, be sure to take advantage of its built in security features or, in the case of Firefox, download the NoScript addon. Of course, the browser itself may be vulnerable to attack, so be sure to check for security updates regularly. One easy way to do this is via the free Secunia Software Inspector.
Attackers may entice users into visiting the malicious site via cleverly worded email, such as greeting card scams. Or they may compromise a legitimate site, outfitting the compromised site with hidden iframes or javascript references that pull exploits and malicious files from an external attacker-owned site - with all of this invisible to the casual observer.
Whether through social engineering or through website exploit, the choice of browser will be of little help. All browsers are equally susceptible to Web-based malware and this includes Firefox, Opera, and the much maligned Internet Explorer. Disabling Javascript on all but the most trusted sites will go a long ways towards safer web browsing.
The Firefox noscript addon disables active scripts by default and provides an option button in the lower right corner of the browser screen to change the preference on a per site or per visit basis. If a site won't display properly, just click the option button, locate the site URL on the list, and select "Temporarily allow sitename" (where sitename corresponds to the name of the site you are visiting). It's recommended you do not select 'Temporarily allow all this page' as that would also enable scripts and references embedded on a compromised website. While it's a few extra clicks to manage this on a per visit basis, the pay off in terms of better online safety will be well worth it.
The Opera browser allows you to set a global preference as well as dictate settings on a site by site basis. To configure global preferences in Opera, select Tools | Preferences | Advanced | Content. To configure site-specific settings, access the same menu, select Manage site preferences, then select Add. Once the Site Preferences dialog window opens, type the web site url in the Site field, then tab through the offerings and make the desired selections.
Internet Explorer provides four configurable security zones. While advantageous in previous times, it's a less effective approach given today's Web threats. To be effective, you'll need to disable iframes for each of the security zones and set active scripting to either disable or prompt. Those sites you must visit that require these features will need to be added to the Trusted Sites zone which will need to be configured to be more permissive. The downside: if that trusted site becomes compromised, you could become a victim. For a broader discussion of IE security zones, see Securing Internet Explorer.)
Whichever browser you choose, be sure to take advantage of its built in security features or, in the case of Firefox, download the NoScript addon. Of course, the browser itself may be vulnerable to attack, so be sure to check for security updates regularly. One easy way to do this is via the free Secunia Software Inspector.
Source...