Things that one can do to make ur browsers a bit more secured

besides using one's common sense while surfing!

for Firefox:
- an interesting article to start
http://www.cnet.com/8301-13739_1-9784163-46.html

that Google Customisation is totally new to me
** added 14dec07:
https://addons.mozilla.org/en-US/firefox/addon/743
** added 14dec07

firefox 2.0.0.12 adressing security issue
http://www.mozilla.org/security/announce/2008/mfsa2008-02.html
** added 15feb08

for Opera:
- to be filled .....
- added 14dec07 at 18:00:
direct from the horse's mouth
http://www.opera.com/support/tutorials/security/

- added 15dec07 at 03:00:
. it is strongly recommended that Opera users upgrade to the latest 9.24
. this was, as in the past, a security upgrade of previous version
. matter of fact, Opera users are urged to watch for all official upgrade versions, or turned on the automatic update screener within Opera
. do not use Opera 9.5 beta unless u r in for test and inputs purposesm as this version has many "unanounced" security leaks and issues
. the "unanounced" security issues and leaks are conformed with Opera official handling of Security Reports and disclosement of Vulnerabilities; as per extracted quote from the official page ( http://www.opera.com/security/policy/ )
. " How we handle security reports
Security reports are always dealt with as a matter of the highest priority. When security reports are received, the potential threat is assessed as soon as possible. When a reported issue is identified as a security issue, the reporter is contacted. As is the industry convention, a disclosure date is agreed with the reporter.

A disclosure date is agreed on a case-by-case basis. Delay between report and disclosure allows a fix to be prepared and tested, and checked for any other related problems. At the same time, it ensures that users are not left with a publicized vulnerability, without any means to upgrade.

When and where necessary, the reporter may also be asked for more information about how to reproduce the issue. Occasionally, reports of possible security issues are found not to be about exploitable security issues. Where appropriate, the reporter will be contacted with an explanation of why we believe this is not a security issue.

How vulnerabilities are disclosed
On the date agreed with the reporter, a security advisory is issued by us. We publish details of the issue, our solution to the issue, and in most cases a recommendation to upgrade to the latest official release. Typically, this advisory release would coincide with the release of a new Opera version, and the changelog for that version would include a mention of the issue and a link to the corresponding advisory. The original reporter will usually be credited. An advisory will not usually explain how an issue may be exploited, but will contain enough information to identify a specific issue."

- added 19dec07 at 10:40:
. Opera 9.25 security and performance update is out
. http://www.filehippo.com/download_opera/
. namely 4 most vulnerable security holes have been stated, see min detail under change log at filehippo or direct from Opera changelog

- look out for 9.26 in next week for security patching, possible pertaining to the security report above from mozilla
. ** added 15feb08

added 20feb08:
9.26 security fixes
Security
* Fixed an issue where simulated text inputs could trick users into uploading arbitrary files, as reported by Mozilla. See our advisory.
* Image properties can no longer be used to execute scripts, as reported by Max Leonov. See our advisory.
* Fixed an issue where the representation of DOM attribute values could allow cross site scripting, as reported by Arnaud.lb. See our advisory.

Miscellaneous
* Fixed a stability issue found in Opera 9.0 to 9.25, when Opera connects securely to Windows Server 2008 or other servers supporting the TLS Certificate Status extension.
* Additional stability fixes.
- end add 20feb08 update

for Safari:
- to be filled .....
- added 18dec07 at 17:00:
. interesting note, that by installing, one SHOULD uncheck "install Bonjour Service" - this was earmarked as potential vulnerability under Windows platform
. in saving downloaded files, assign ur own directory and UNcheck "open Safe Files after download" option
. do not use AutoFill option, it is not yet securely implemented as under OSX
. turn on Private Browsing option, this would ensure ur browsing history will be zapped

for IE:
- to be filled ......
- added 14dec07 at 06:00: sites reporting tool? http://toolbar.netcraft.com/

for ????
- to be filled ....

** added 14dec07 at 06:00:
- sites reporting tool? taken from the comments in the article link above with quote "Both offer anti-phishing protection, which by my experience is way better than FF-2.x's built-in anti-phishing protection.
Also, Siteadvisor tries to warn against sites known to host malware.
Both are free, and have stopped many a phishing-scam in its tracks for me before i even had a chance to look and see for myself if the site or URL even looked suspicious."
http://toolbar.netcraft.com/ & http://www.siteadvisor.com/

- and from another comment:
"Another Way to Perform http to https Redirection" by by ckoester October 20, 2007 9:47 AM
I've been using a Greasemonkey script to perform automatic http to https redirection, and it is fantastic.
You first need to install the Greasemonkey extension - https://addons.mozilla.org/en-US/firefox/addon/748
Then add the HTTP-to-HTTPS redirector script - http://userscripts.org/scripts/show/2588
You can add whatever sites you want to automatically redirect, and use the wildcard character * to customize. Great stuff!"
** added 14dec07



cheers ...

 

ghn...this list is a bit....unfinished.

 

Wow, talk about ironic. As soon as I clicked on that site my Avira alert popped up with a virus detection.

 

Me too. I wonder what's going on...

 

LOL Not a good start! Qhn ?

 

Wait? His name is qhn?

 

yeah, why ? I don't think it's a g

 

Probably because of the example phishing links on the website which are not really real, they are just there to prove a point.

 

So it's an example that our browsers don't pick it up but out anti-viruses do?

 

Avira said it was low risk anyways.

 

Hey, a risk is a risk.

 

No AV detection here! Must be a false positive.

 

Probably the biggest thing you can do is turn off Javascript. I use NoScript extension for firefox and I have yet to encounter ONE virus. In fact I don't even use an antivirus real time protection. Just a stout firewall and scanner.

 

jeez .... a virus warning popped out? i did not get it (comodo and avast on my comp). Sorry to hear for the ones that got the warning, the site is clean, all i can say.

well, #1 is "naturellement" unfinished, i hope to add more after more researching - but pleaaaaase, do jump in and add and change and edit, especially from other browsers gurus

cheers ...

 

i asked a copain using AntiVir to get to the link, he did not get the "virus detection" message as u had. We will be looking into it a bit more. If u have newer input about this issue, please share back

cheers ...

 

Just use Opera, and experience the securest browsing experience.

 

I've been a hardcore Firefox user for years and one of the reasons I like it is because it's simple, streamlined and fast. Also the great extensions like NoScript and Adblock Plus. I tried Opera a couple of years ago but maybe I should give it another look because it definitely has gained the reputation of being the most secure. From what I've read, the developers really keep on top of security threats and issue fixes at a greater rate than Mozilla.

For firewall and virus protection, I use Comodo and AVG.

 

I have both. I just happened to be on FF when I clicked that link. lol

This is what Avira detected btw: HEUR/Exploit.HTML

Edit: Just try it on Opera and got the same detection.

 

have u tried updating ur Avira and review ur quarantine cache?

cheers ...

 

Avira updates itself everyday and sometimes 2x a day so I'm pretty sure it is up to date. I'm at school right now so I can't check the cache...and I don't know how to. lol

 

updated post#1 with Opera security tutorial info
updated post#1 with extracts from provided link

cheers ...

 

updated post#1 - Opera Security Policy

cheers ...

 

Bump. Good stuff so far.

 

and expressing thanks to Mozilla community. Without it, Opera users - not least urself - would be hit left and right and would not know where the security vulnerability came from
http://www.informationweek.com/news/showArticle.jhtml?articleID=201800584

.... and I am sure that Opera is now sweating, realizing that each new version development will depend on this open source tooling from Mozilla to QA their so called most secure snapshot

u have any constructive inputs and tips and experiences, do share them, we are all here to learn (I myself personally). And if u do believe why certain things r tip top for u, do state ur environment (system, apps, ur browsing preferences etc ...) so that simple users (me particularly) can follow ur reasonments.

cheers ...

 

Excellent thread. Bumping it up.

 

update post#1 - Safari safe under windows

cheers ...

 

updated post#1 with latest Opera security update ver 9.25
. it is being strongly recommended that opera users get this latest version

cheers ...

 

reponding to current security issues for browsers. I personally stress again the importance to upgrade ur browsers to the latest version when possible. Sure that with virus scan and web surfing sensibility, one can prevent lots of incoming problem

http://www.ie7security.net/category/national-vulnerability-database/

cheers ...

 

update 15feb08 of post #1
. ff 2.0.0.12, security report
. opera 9.26 announce of next week roll out for security fix

cheers ...

 

update of post #1:
. security fixes of 9.26
.Security
* Fixed an issue where simulated text inputs could trick users into uploading arbitrary files, as reported by Mozilla. See our advisory.
* Image properties can no longer be used to execute scripts, as reported by Max Leonov. See our advisory.
* Fixed an issue where the representation of DOM attribute values could allow cross site scripting, as reported by Arnaud.lb. See our advisory.

Miscellaneous
* Fixed a stability issue found in Opera 9.0 to 9.25, when Opera connects securely to Windows Server 2008 or other servers supporting the TLS Certificate Status extension.
* Additional stability fixes.

cheers ...