Saturday, September 10, 2005

Configure Firefox's settings to strengthen security

Of late there have been so many, reported security vulnerabilities in the media, that set me thinking of an alternate to my IE 6, the Mozilla-based Firefox browser appears to be one such.

Firefox's default installation seems pretty secure. But as, the number of Firefox users continues to increase, and such popularity often spells more attention from attackers. With so many people using Firefox, it's a good idea to try & secure yourself while on the internet using Firefox.

Let's go thru Firefox's Options window (which you can access by going to Tools | Options) and look at some tweaks you can make to boost the security of the browser. Please remember that all of these suggested settings assume that the user login is for a single user and not shared among multiple users.


History: This setting is self-explanatory. All you need to do is set it to a reasonable number of days. The default is nine days. You can keep it @ 1 or 2 days J

Saved Form Information: This is a handy feature for all single-user profiles; it lets the browser remember what you've typed in the past and automatically make suggestions. It's safe to enable the feature.

Saved Passwords: This setting is a bit controversial. You tell users to remember passwords—should you allow their browsers to remember passwords as well? My personal preference is NEVER save passwords on ANY machine.

Download Manager History: There's no need to keep track of all of your downloads, so I suggest setting it to Remove Files From The Download Manager When Firefox Exits.

Cookies: Another controversial subject. I recommend selecting Allow Sites To Set Cookies and choosing For The Originating Web Site Only. In addition, select the Until I Close Firefox option for how long the browser should store the cookies. With this last option, cookies only help you browse while you're using the machine, but they don't provide endless browsing habit information to cookie vendors.

Cache: For this setting, decide on a reasonable amount of disk space. (Depends on the size of ur HDD)

Web Features

Block Popup Windows: I suggest selecting this check box—it's a feature every browser should have. Remember when u r on a broadband scheme for which u pay for the downloaded material every 2 bit pix or graphic coming onto ur machine adds to ur outflow L

Allow Web Sites To Install Software: Go ahead and select this check box. When you allow a site to install software, Firefox will add it to the Allowed Sites list. (Be choosy of the stuff u download)

Load Images: Select both this check box and the For The Originating Web Site Only check box. You can always go back and specifically allow or block individual sites.

Enable Java: Select this check box.

Enable JavaScript: Select this check box; clicking the Advanced button opens the Advanced JavaScript Options window.


Download Folder: I suggest creating a Downloads folder for storing all of your downloads. This makes it easier to scan your downloads once you're finished.

Download Manager: I recommend selecting both check boxes: Show Download Manager Window When A Download Begins and Close The Download Manager When All Downloads Are Complete.

File Types: I wouldn't allow any Microsoft product to perform any action automatically—that's likely one of the reasons you're using the Firefox browser.


Accessibility, Browsing, and Tabbed Browsing: All three areas are functional and involve no security issues.

Software Update: Select the Firefox check box, which allows the browser to update itself. I recommend not selecting the My Extensions And Themes check box to allow for updates.

Security: To provide maximum cross-site functionality, I suggest selecting all three check boxes: Use SSL 2.0, Use SSL 3.0, and Use TLS 1.0.

Certificates: Under Client Certificate Selection, select the Ask Every Time check box, which focuses user attention to the start of a secure session.

Validation: Under OCSP (Online Certificate Status Protocol), select the Use OCSP To Validate Only Certificates That Specify An OCSP Service URL option.

No comments: