How's Your Security Net?

Security in using the Net is a continuing, active concern for all users. Just as you evaluate where you are, and decide not to walk in some parts of town, you think twice about downloading software. Some viruses are inocuous, the CIH1.2 is deadly, so care is needed.

This is not as automatic in visiting sites. Some sites warrant turning off some features, like JavaScript, or Active-X. Knowing your browser is a key to avoiding many problems. The more difficult one is getting needed features added. I want a "Stop The Unpleasant Programmers Invasion Defense" button to turn off all the extras, making the browser about as smart as a TTY for checking suspicious sites. ( no progress yet, but enough demand would make it happen.) And you do have a recent backup, right? Just as rock climbers use a rope to insure their next mistake is not their last, a backup can save you grief.

At this point, two extras are necessary. A firewall is now necessary on any computer that connects to ANY network. A virus scanner is needed to provide quick recovery from a laps in judgement, as in opening an infected e-mail. An additional aid is Ad-Aware, to identify possible problem sources that may not be what you thought they were.

Microsoft Internet Explorer (MSIE) is predicated on a "trust" paradime, which is particularly ironic since Microsoft has had to recall a product because it contained a worm, and has been caught covertly retrieving serial numbers. MSIE requires you to decide you will trust a site, and then will download software without your knowing what is up. As a result, I will not deal with this package. You MUST decide what software will go on your system, for all software will do unexpected things in unexpected environments, like your system with an off-brand device, or an almost perfect crash prevention program.

 Mozilla's "sandbox" paradime helps limit the problems by limiting what the language can access, but it is not perfect. Most of the security breaches for Mozilla/Firefox/Netscape involve control of a server, which limits the number of people who can breach your security through known schemes, and the worst problems are from someone controlling your server, very severely limiting the number. Other helping factors are the ability to turn off Images, Java, JavaScript, and require approval before setting a cookie, sending a form, and be warned about insecure forms and pages. NetScape has some tools to help with other tasks, too.

"ABOUT:CACHE" will display information about the Disk Cache contents.
"ABOUT:GLOBAL" displays the URL History.
"ABOUT:IMAGE-CACHE" will show information about the Image Cache.
"ABOUT:MEMORY-CACHE" does the same for the Memory Cache.
In the NetScape browser, entering the quoted text in the location box instead of a URL will show you the information. You can enter them as URLs in your bookmarks, and they will work that way, but will not work from an HTML page, another bit of wall. It is slow, but the best way of getting that information. You can "File:Open File" the filename listed in the Disk Cache information to view it off line. Note that not all funny stuff can really lead to a breach. Try my Treasure Hunt for a demonstration of a bit of JavaScript, and a bit of a surprise. It can not transmit what you see, and has no mail script, so your information is secure, but it does give pause... 

Note: In July 2004, CNN/Money published a count of estimated browser security faults since 1997:
* Opera -v7.5 : 12
* Netscape -v4 : 40
* Mozilla : 25
* IE : 200+ known