Quick and dirty guide to (slightly) better Internet security

After offering some advice to friends about security pitfalls of Internet browsing, I decided to write up a list of steps to take to make being on the Internet a little bit safer and more private:

  1. Firefox

    Use Firefox for your web browsing. Other open-source browsers (Chrome, Opera, Safari to a limited extent) are okay too, but Firefox has the added benefit of being extendable with add-ons developed by savvy privacy-conscious users. I'm sure the other browsers are quickly catching up in this area though. Definitely stay away from Internet Explorer (the default browser on all Windows machines); While IE8 is much better in terms of security and privacy compared to previous versions, it still lags behind open-source offerings.Once you've started up Firefox, go to Tools > Add-ons and search for & install the add-ons described in the next steps.

  2. HTTPS Everywhere Preferences

    You already access your bank's site over what is called an SSL connection... this means that your communication between the bank's site and your computer is encrypted and thus not (easily) read by a third party snooper (called a man-in-the-middle attack). So why not use encryption to access every website then? HTTPS Everywhere is a Firefox add-on that is relatively straightforward to use: Most popular web sites like Facebook, Google, Wikipedia, etc. have an encrypted version that is accessible by changing protocol in the address bar to https instead of http-- but typically they don't use it by default, and often as you browse around the site the encryption gets turned off. HTTPS Everywhere makes sure all of your communication with these sites is secured, and the list of sites it supports grows all the time. If you're a bit web/xml savvy, there's even a tutorial to show you how to add rules to encrypt the other sites you visit (if they support it). For the rest of us, just installing the add-on and letting it do its thing will be sufficient. One caveat: I found that certain parts of Facebook don't offer an encrypted version, so occasionally you have to turn the Facebook filter off temporarily to change settings. Just go to Tools > Add-Ons and click the Preferences button next to HTTPS Everywhere to turn https on and off on a per-website basis. (NOTE: it was recently pointed out to me that HTTPS Everywhere doesn't come up in the add-on search... you can download it from here.)

  3. Adblock Plus Preferences

    The next add-on to install is AdBlock Plus. This is another one that doesn't really need any configuration... it blocks annoying and potentially malware-laiden flash/ads/images on the sites you visit. It thus has the added benefit of speeding up your web surfing experience somewhat. Once you install it, you will have to pick a filter set to subscribe to. Each of the filter sets is roughly correlated to a region of the world, so if you're in the US you can pick the first one listed (EasyList (USA)). Subscribing to a filter set means that as sites come up with different ways to embed ads, AdBlock will be able to keep up and continue blocking the bad stuff.

  4. NoScript Whitelist/Safelist

    The third add-on is also a bit more involved when it comes to daily use, but it will become more transparent as you use it: NoScript. NoScript blocks any active content (primarily JavaScript and Adobe Flash) coming from sites that you don't trust. Like AdBlock Plus, NoScript also has a default list of trusted sites (Google, Microsoft, etc) but you will definitely find yourself adding to that list. Fortunately, as you browse you'll see an Options... button pop up in the lower-right corner, which will allow you to either temporarily or permanently add a site to your trusted list.

    Closeup of NoScript Popup Bar

    If you are using a site and it doesn't seem to be working correctly, go for that button... though quite often you'll find many sites work just fine without any active content, and most of the scripts are just for advertising and collecting marketing data -- which is exactly what we want to block out. One caveat to watch out for: Often, sites like Facebook.com and Google.com rely on secondary domains (called a content delivery network, or CDN) to serve up media (images, videos, etc.) and other objects. So to get the full Facebook experience, you'll want to add fbcdn.net and facebook.net to the trusted list in addition to facebook.com. The general rule of thumb is, only enable the scripts you absolutely need, starting from most obvious (i.e., enable scripts coming from the domain name you're visiting and the sister CDN site if necessary) down to least obvious, and stop enabling scripts as soon as the site works.

  5. There is more that can be done to protect your web surfing, but things will get more involved the more security you want. If you want more security and privacy than the above steps provide, check out these sites:

    • The TOR Project, which anonymizes your web surfing by encrypting all of your traffic and redirecting it through a distributed system of relaying servers (kind of like the "untraceable" phone calls in spy movies like Sneakers). Though just installing TOR is not enough, as they'll tell you on their web site... true privacy requires breaking some habits and making compromises on the fullness of your surfing experience. Check the TOR Project's website for some specific tips.

    • Untangle Rack of Applications

      The Untangle Firewall, which is a self-contained Linux firewall distribution. If you have a computer sitting around unused that's got about a 1GHz processor and a half-gig of ram, you can put a second network card into it and use Untangle to turn it into a proactive content-aware firewall that will protect your whole network from spyware, viruses, and a couple different types of network intrusion attempts. You can even use it to block undesirable web content categories to help protect the kiddos. All you have to do is download the Untangle .ISO image from their site and burn it to a CD. Unfortunately Windows makes it difficult to burn ISO images directly, so I recommend using a lightweight freebie like InfraRecorder to burn the image. Just be aware that you don't want to stick the ISO file on the disk as a file on a regular data CD, you want to burn the image directly to disk, otherwise the CD won't be bootable. Look in InfraRecorder's menu for a Burn Disc Image option. Once you've gotten the image burned, just boot your old computer from the CD (don't just stick it in while Windows is running, actually reboot the machine) and follow the installation instructions. Once it's installed, you'll have to pick which "Virtual Appliances" you want to use, and do some network reconfiguration... If you need some help with this, check Untangle's Wiki or their User Forum for more detailed instructions and help from other users, respectively. Oh and don't worry, the "Lite Package," which is free, is plenty sufficient for a small home network; the for-pay packages are meant for businesses.

  6. Ubuntu Software Center

    This one would be a big change learning-curve-wise, but it's certainly worth mentioning: Try out Ubuntu. Ubuntu is a complete operating system that can replace Microsoft Windows (which is really the root of a lot of security & privacy issues) entirely. There are two caveats: One, it might not support some of your hardware (though if it does, it will likely work "out-of-the-box"); and two, it won't run most Windows software (though it will run some). That said, I can safely say that it is now much safer, faster and easier to learn than Windows, and it's certainly much cheaper than OS X (it's free), not to mention being able to run on both Apple and generic PC hardware. It won't get spyware or viruses, it won't get really slow after a while like Windows does, and there are thousands of free programs available as replacements to Windows equivalents, available a few clicks away in the online Software Center. And on top of all this, it's open-source (which is how/why it's free), so it's endlessly customizable, if you like to tinker. If any of this interests you, check out the Desktop Tour and try out the Live CD, which will let you play with a default installation and won't make any changes to your computer. Just to warn you though, Ubuntu is kind of a gateway drug... once you start to like it, you might start to get interested in some of the other hundreds of Linux distributions... I, for one, prefer Arch Linux (though I still thoroughly enjoy and use Ubuntu on some of my machines).

Well that's it, happy safe-ish surfing!