Monday, August 11, 2008

CERT offers security guide for home browser users


CERT, at Carnegie Mellon in Pittsburgh, offers a valuable document, “Securing your Web Browser,” by Will Dormann and Jason Rafail. The URL for the simple HTML document is here.

One valuable feature of the document is a long list of visual “filmstrip” pictures of how to set various security settings in Internet Explorer to minimize your exposure to risks relative to your actual expected daily use. CERT compares Mozilla to IE, with the major differences being that Mozilla does not have a graphical interface for its settings. Mozilla has CAPS (configurable security policies) which are supposed to compare “more or less” to Internet Explorer’s Security Zone.

CERT recognizes that Internet Explorer has become a favorite mark of virus writers, but maintains that removal from a Microsoft Windows or Vista environment is “not practical.”

There is also a useful discussion of Apple Safari for the Mac.

CERT describes a “principle of least privilege” – that is, “don’t enable it if you don’t use it.”

CERT also offers a "vulnerability remediation" guide aimed for corporate or organizational (or government) network administrators, here. CERT says that it is careful about how it makes some recommendations public, inasmuch as they could tip off the potential of future problems to hostile parties.

No comments: