Internet Browser Security Recommendations

How secure is your Internet web browser?  If you were to accidentally click on a malicious link from a search engine or an email, would your browser (and computer) be vulnerable to an attack?

Your Internet browser - Chrome, Firefox, Internet Explorer, Safari, etc - is likely the most important piece of software installed on your computer.  Unfortunately, it's also likely to pose the greatest risk to your privacy and the security of your computer and personal data.  In addition to the browser itself, the common add-on or "plugin" software used to display content in the browser - Adobe Flash, Java, and others - often pose an even more critical risk because most people install them and forget they are there.  This becomes a problem when the browser and plugins fail to keep themselves up to date automatically.

Nearly all browsers are vulnerable - of the browsers visiting the Colby website, the vast majority have at least one outdated or vulnerable plugin - even a current browser with a current version of Java could be completely exploited simply by visiting or 'clicking' a website, exposing the computer to malware and the user to data and identity theft.  This is why it is important to regularly check the status of your Internet browsers and plugins to ensure that only needed plugins are installed, and that all software is up-to-date.

 


What can you do?  There are some simple steps to ensuring that your Internet browser is as safe and secure as it can be.  These instructions are intended to be self-serve, but do not hesitate to contact the appropriate ITS support desk if you need assistance at any point.

1.  Use a current, up-to-date Internet browser.  For daily Internet browsing, ITS currently recommends the use of Mozilla Firefox on all operating systems (Windows and Mac) because of its intelligent use of security, especially when it comes to add-ons and plugins like Java.  Internet Explorer is not recommended for daily Internet browsing. If you need Internet Explorer or a different/older version of any browser for certain websites, simply install an alternate browser for daily use and run the following steps on it.

2.  Regularly check to make sure your browser and plugins are up to date.   Don't assume that your computer will automatically download and install updates for itself - regularly check the status of your browser and its plugin software to ensure they are up-to-date. 

  • Run a Browser Scan to check your browser and its plugins. You may be asked to install a plugin if its supported by your computer, making for quick and easy scanning on a regular basis - this is recommended.  We have verified that the plugin is safe despite showing permission warnings in certain browsers.
  • Review Scan Results - make sure to review each detected browser type as well as 'System Checks' and 'Apps,' by clicking on all the areas circled in red, as shown in this example
                   qualysscanresults 
    • Out-of-date or vulnerable items will be marked with red - each of these items represents a potential vulnerability risk.  For each red item, do one of the following
    • Remove or uninstall unneeded plugins, especially Java.  If you see software or plugins listed that you don't recognize or want, remove it (there are simple instructions on doing this for Firefox, Safari, and Chrome browsers).  If you later discover that you need it, you can always download and install a new version. For more information on Java, please see ITS' recommendations on Java software.
    • Update all outdated plugins by following the provided links and instructions in the browser scan page.  Be aware that some of these installers, such as Java, may attempt to install 'add on' software - it is strongly recommended that you do not install any add-ons, such as the 'Ask toolbar.'
    • Ensure that all 'System Checks' and 'Apps' are up-to-date.  If they are not, contact the ITS support center.  Note:  College-owned Windows computers may ignore warnings about the Windows firewall settings.
    • Scan again - after any plugin or software update, make sure to run another scan using the link above to ensure that the updates were successful. 

3.  Practice safe browsing - be suspicious of URLs and links forwarded to you from anyone.  Always beware of unknown or unsolicited websites/URLs.  Do not grant permission to or 'accept' anything unless you know that you asked for it.  Heed browser warnings about suspicious pages, as they are often indicators of a website that will attempt to gain access to your computer's data - and succeed if your software is out-of-date.  If you are not sure what to do when prompted with a warning, don't continue - close the window or browser and ask the appropriate ITS support desk for assistance.


If you have questions about Internet browsers, plugin software or computer security in general, please contact the ITS Faculty and Staff Support Center at x4222 or support@colby.edu.