Which of the following browser mode ensures that your browsing activity is not recorded?

Delete the history, clear the cache

In Chapter 2, Before connecting to the Internet, we discussed settings in browsers to remove and manage cookies. In the same area where you set these options, there are also settings for other types of information. For example, in Internet Explorer 11, you could control such items as:

Temporary Internet files, which are web pages, images, and other content that are sent from a Web server and stored on your computer so that it can then be viewed in a browser.

History, which is a list of sites you visited.

Download History, which is a list of files you downloaded.

Form Data, which is saved information that was entered into Web forms.

Passwords, which are passwords that are saved by the browser, and automatically filled in when returning to a site.

ActiveX Filtering and Tracking Protection, which are sites that are excluded from filtering.

To remove this information from your computer using Internet Explorer 11, you would do the following:

After opening IE, click on the gear-shaped Tools icon

Ensure that the checkbox for items you want to remove (described in the bulleted items we just mentioned) are checked. If you want to keep the cookies and temporary Internet files for sites you’ve added to favorites, also click the Preserve Favorites website data checkbox.

If you are using a Chrome browser, you would remove information on your browser by doing the following:

Click on the Chrome menu

Click Settings.

Scroll to the bottom of the page and click Show Advanced Settings.

Scroll to the Privacy section of the page, and click the Clear browsing data… button.

In the Obliterate the following items from dropdown menu, select the time limit of past data to remove. For example, to clear out everything, select the beginning of time.

Ensure the checkbox for each item you want to remove is checked, and then click Clear browsing data.

If you are using Firefox, you would remove information on your browser by doing the following:

Click on the History menu, and then click Clear Recent History.

In the Time range to clear dropdown, select the time limit of past data to remove. For example, to clear out everything, select Everything.

When the dialog box appears, click on the downward arrow button beside Details.

Ensure the item beside each item you want to delete is checked, and then click the Clear Now button.

Automatically clearing private data

If you never want to leave a trace of what you did online, then you probably don’t want to have to manually remove your history, temporary Internet files, and other private data. Instead, it makes more sense for the information to be removed each time you close the browser. In Internet Explorer 11 this is configured by doing the following:

After opening IE, click on the gear-shaped Tools icon

On the General tab, in the Browsing history section, click the Delete browsing history on exit checkbox so it appears checked.

Click OK.

Firefox also allows you to have Internet information removed automatically. To configure this:

Click on the Tools menu, and then click Options.

When the Options dialog box appears, click on the Privacy icon.

In the History section, click on the dropdown menu and select Never remember history.

Click OK.

As we saw in Chapter 2, Before connecting to the Internet, you can set Chrome to remove cookies when you close the browser, but there aren’t settings to remove everything. If you want such information saved on the browser, then you should look into using a private browser window.

Tor

As we discussed in Chapter 7, Finding a job online, using the Tor browser (www.torproject.org), you can browse, chat, and send instant messages anonymously. Because communication between your browser and the site you’re visiting are bounced across different servers, the site can’t see where your request to view a page originated. Any chat or instant messaging application that uses Tor is likewise made anonymous.

Unfortunately, some activities with the Tor network can reveal your identity. For example, let’s say you were downloading a movie using a torrent file-sharing application. If you setup the application to use Tor, it would still send out your IP address as it makes a direct connection to get the file. If you downloaded a document and opened it, the PDF or Microsoft Word file could contain resources that are downloaded outside of Tor, which would reveal your IP address.

Another aspect of using Tor that you should be prepared for is a decrease in performance browsing the Web. Because any requests you make go through a network of servers before reaching its destination, you’ll notice that it’s slower than other browsers you may have used. Unfortunately, that’s the tradeoff for anonymity.

Virtual private networks

A Virtual Private Network or VPN is a private network within a public network like the Internet, and can be used to hide your identity. After logging onto a VPN, any requests to view a web page or other traffic from applications you use are passed through a proxy server. Any site you’re visiting will see the IP address of the proxy server, and not the one given to you by your ISP when you first connected to the Internet. Some VPN service providers include:

Private Internet Access (www.privateinternetaccess.com)

TorGuard (www.torguard.net)

CyberGhost (www.cyberghostvpn.com)

Depending on your needs, in choosing a VPN, you should check whether they log activity. If they log what you do, it’s possible that a government or law enforcement agency could subpoena the logs related to your activity.

Another benefit to using a VPN is that it can make your computer appear to be located in other countries, making content that’s blocked in certain countries available to access. For example, you might live in a country that heavily censors what you can view online, or want to stream a TV show that’s only available to a specific region. By using an IP address associated with that certain region, your computer appears to be in that country and allows you to see the content.

Tools

As we’ll see in Chapter 13, one way of others seeing what someone has done is to look through their computer. By looking at a person’s history, cookies, cache, recent documents, Recycle Bin, and other data stored on the computer, you can piece together a profile of someone’s browsing patterns, interests, and behaviors. Obviously, the best way for someone to hide what they’ve done is to delete this evidence so it isn’t visible to others.

Windows provides its own tool to analyze the computer and remove unwanted files. By running Disk Cleanup, you can remove temporary files, empty the Recycle Bin, and delete other files that may be slowing down your computer and reveal information about your activities. To run Disk Cleanup, you would do the following:

In Windows 7, click on the start button, type Disk Cleanup, and then click Disk Cleanup in the list of results. In Windows 8.1, right-click on the Start menu, click Control Panel on the context menu that appears, click Administrative Tools, and then double-click Disk Cleanup.

When Disk Cleanup opens, select the drive to cleanup from the dropdown list, and click OK.

On the Disk Cleanup tab, in the Files to delete list, click on the checkbox beside each type of file you want to delete, so the checkbox appears checked.

Click OK.

When prompted if you want to permanently delete the files, click the Delete Files button.

Another tool that can remove unwanted files from computers running Windows XP and higher, Apple Mac, and Android devices is CCleaner (www.piriform.com/ccleaner). On a computer, it will delete such information as browsing history, cookies, and temporary Internet files from major browsers, and get rid of temporary and unwanted files left by programs like Adobe Flash Player, WinZip, Microsoft Office, and others. The version for Android will delete the app cache, clipboard content, call logs, and other unwanted data. While free, there are also versions you can purchase that have additional features, such as scheduling CCleaner to run automatically.

Porn mode?

When “InPrivate Browsing” was first introduced, it quickly earned the nickname “Porn Mode” or “Pr0n Mode.” The reason for this is that many people don’t want their spouses to know that they are browsing adult content. It was assumed that this would be what the bulk of people who were using “InPrivate Browsing” would be using it for, as for the bulk of people not tracking their adult browsing history is the most important thing that they don’t want other people seeing.

The reality is that “InPrivate Browsing” is much more valuable than this as it can be used to protect Internet users from the prying eyes of companies who want to do nothing more than sell advertisements on behalf of other companies so that you’ll click on the ads.

Private Browsing

Although modern browsers allow for users to clean up their browsing history before signing off, they also offer a feature to prevent the system from logging this information in the first place. Known as private browsing, though with differing names between Web browsers, the feature blocks cookies and Web browsing history from being stored to the local system. It will also not store the information you type into online forms nor cache any of the data to the hard drive.

In Internet Explorer, this feature is known as InPrivate Browsing. Although InPrivate Browsing will not store search entries or Web sites, it does cache data to the hard drive. This cached data is deleted when you close the browser, but it can be recovered through basic forensics. InPrivate Browsing is enabled by selecting Safety | InPrivate Browsing from the pull-down menu. Details on Internet Explorer's InPrivate Browsing can be found at http://windows.microsoft.com/en-us/Windows7/What-is-InPrivate-Browsing.

Mozilla Firefox also offers a Private Browsing feature with many of the same abilities. Its Private Browsing also blocks cookies and browser history from being stored to the local system. It is enabled from the pull-down menu under Tools | Start Private Browsing. Greater detail on Firefox's Private Browsing is found at http://support.mozilla.com/en-US/kb/Private+Browsing.

Google's Chrome browser has the same feature set as the other major Web browsers in a feature they call Incognito Mode. Their implementation of private browsing is slightly different from Internet Explorer and Firefox. Upon selecting Tools (wrench icon) | New Incognito Window from the pull-down menu, a new browser window will open in private mode. Google Chrome then allows you to have a simultaneous Incognito window and a normal browsing window. Additionally, while in Incognito mode, Chrome disables all of your browser extensions and add-ons. This prevents your private information from being leaked through third-party applications.

Domain Highlighting

Domain highlighting can help protect against certain URL attacks like phishing attacks. Internet Explorer will make the user aware that they are accessing a domain that they perhaps did not intend to. It supplies visible notification to the user as to which domain the user is visiting. When a URL is entered into the browser, Internet Explorer will highlight the portion of the URL that corresponds to the domain being accessed. As shown in Figure 8.33, the domain will appear in a darker font than the rest of the URL. When accessing Hotmail, the domain accessed is live.com. Therefore, live.com is in a darker font than the rest of the URL.

InPrivate

InPrivate Browsing and InPrivate Filtering are introduced in IE 8. InPrivate Browsing prevents browsing history, temporary Internet files, form data, cookies, and usernames and passwords from being retained by the browser, claiming to leave no easily accessible evidence of browsing or search history on the user's profile. InPrivate Filtering provides users with an added level of control and choice towards the information that third-party Web sites can potentially use to track browsing activity. InPrivate subscriptions allow you to augment the capability of InPrivate blocking by subscribing to lists of Web sites to block or to allow.

Warning

As with other private browsing modes, methods of obtaining this data becomes more difficult but with time always possible. As of this writing, there has been little research into Windows 7 forensics, but it is believed that methods will soon be discovered to uncover private mode data.

InPrivate is enabled when the words “InPrivate” show to the left of the Address bar with a blue background.

To start InPrivate Browsing:

Right-click on the IE taskbar icon and select Start InPrivate Browsing

Open a new tab and select Open an InPrivate Browsing Window

Select the Safety button on the top-right of IE8 and select InPrivate Browsing

Ctrl+Shift+P from within IE8

InPrivate Filtering:

Ctrl+Shift+F from within IE8

Select the Safety button on the top-right of IE8 and select InPrivate Filtering

Settings for InPrivate can be accessed through the same Safety button for Web page Privacy Policy and InPrivate Filtering Settings.

SmartScreen and Cross Site Scripting Filter

IE 7 introduced the Phishing Filter. IE 8 has improved the filter and renamed it to SmartScreen Filter. This contains end-user protection against phishing sites. Phishing sites are the Web sites that appear to be a certain site but are not. They attempt to trick the end user into putting credentials in to steal information. A good example of this is a fake Bank of America e-mail with a link to log in. The link takes the user to http://phishingexample.com/bankofamerica.com and appears to be a Bank of America site. The user then logs in and sends the credentials to an attacker. The SmartScreen Filter, when enabled, will detect many phishing sites and notify the user with a red screen. This again goes back to user education to not click the link in the first place.

IE 8 also added a “Type 1” XSS Filter to protect the end users against XSS attacks. XSS are vulnerabilities on Web sites that allow attackers to inject scripts to bypass access controls and access sensitive data. However, the vulnerability may be used by an attacker to control the connection between the user and the Web site. This is one of the most seen emerging threats and administrators should be aware of them. The XSS Filter will disable the cross site script attempt and notify the user of the attempt.

Data Execution Prevention (DEP)

DEP is used in Windows 7 not only for IE 8 but also for many other applications. DEP is used to prevent applications or services from executing code from a memory region it does not have access to. This is a great security feature to block virus and other malware from executing or injecting code into other parts of the system. IE 8 benefits tremendously from this by providing software-enforced DEP. Most malware is obtained from a Web browser and then executed through the system. DEP and IE 8 attempt to not allow this.

To determine if an application in Windows 7 is using DEP, do the following:

Open the Task Manager by right-clicking the taskbar and clicking Task Manager.

Click the Processes tab.

Click View | Columns

Check Data Execution Prevention and click OK.

The DEP column will show the status of the process as shown in Figure 8.34.

Sandboxing

Starting with Internet Explorer 7 on Windows Vista Microsoft introduced a robust sandboxing model designed to limit the access that browser based content has to the system. This feature, known as Protected Mode, limits browser based content’s access to the temporary folder used to cache Internet content and a virtualized part of the registry. When protected mode is in effect it limits the access dynamic content has to the host system to include all the content types covered so far including JavaScript, ActiveX, Java, Silverlight, and others.

The User Account Control (UAC) settings in Windows 7 as seen in Figure 6.10, is the underlying operating system tool used to make sure that things stay in their place.

The UAC functions by limiting applications privilege levels and when an administrative function is called (like installing software as an example), it requests these specific privileges before continuing. Installing ActiveX controls is a major trigger for UAC to validate the request via the UAC.

With the limited access provided via this mode several attacks designed to steal information from the host system are severely curtailed. It is recommended that you keep the UAC on and do not turn it off, as that would turn off the sandboxing features.

Warning

In Microsoft Windows Vista and Microsoft Windows 7 users have been known to shut off the UAC or User Account Control. This feature was almost universally despised by users of the Windows Vista operating system because of its perceived and very real intrusiveness into the operation of the computer. Users wishing to eliminate or reduce the “nagging” nature of the UAC frequently shut it off to eliminate its invasive nature. The downside of this action however was the fact that shutting off the UAC also resulted in Protected Mode not being functional therefore reducing the security of the system all around.

Privacy Settings

One of the biggest targets of client-side attacks is the personal information that is present on a client system. To protect this information Microsoft, along with other vendors, has provided a suite of privacy settings designed to reduce the possibility of this information getting taking from a client system. The sensitivity of these mechanisms and what they block can be adjusted through a series of controls present in the Internet Explorer browser. Figure 6.11 shows how privacy settings are adjusted in Windows 7.

With these settings a user can determine what types of cookies and other information are stored on a client system and the types of circumstances that will allow their storage. With these settings active information that would identify the user, name and version of operating system, system preferences, DLL versions, e-mail address, and other types of information.

A user can adjust their privacy settings in Internet Explorer to enhance privacy by selecting which sites can be visited, adjusting overall security that will allow cookies to be blocked, disallow location verification, configure InPrivate browsing settings and adjusting the Pop-up Blocker.

Note

Users can also override the cookie handling for individual websites, and allow or block the websites to use a cookie’s information.

Automatic Crash Recovery

In the past when a browser crashed the result was always very similar which meant that data was lost regarding a browsing session and in a number of cases, reboots. In today’s browsing environment this crash could result in the loss of data from multiple tabs making the situation even worse than before. In newer versions of the Internet Explorer content, such as dynamic content, that destabilizes a session and crashes a tab it only affects that tab. In the event that a browser crashes completely (which is still very much possible) the information about each session or sessions are saved and the browser restarts restoring the sessions as before. While this feature does not eliminate the dangers posed by malicious or poorly designed content it does have the advantage of at least increasing availability of the browser.

SmartScreen Filter

Starting with Internet Explorer 8 Microsoft introduced a new feature known as SmartScreen designed to stop the distribution of some types of malicious software. The goal of this feature is to block fake or malicious sites from distributing questionable or downright malicious software to the victim’s system. While this feature can be disabled by the user if they so choose doing so would actually lower the security profile of a system by some amount. With this feature enabled visiting a site that is recognized as being unsafe (as designated by Microsoft) a page with a warning will appear warning the user that continuing on to the site could be risky and lead to their system being compromised. The user can choose to disregard this advice and continue on, but the warning lets them know that doing so would be inadvisable; this option can be disabled in corporate environments if desired. This feature probably represents one of the biggest improvements in security in Internet Explorer mainly because it provides real protection against situations where users may visit a site and not recognize it as being unsafe. You can turn on this feature in the Tools menus by selecting to turn on the SmartScreen filter.

Cross-Site Scripting Filter

As we have discussed in Chapters 3 and 4, cross-site scripting (XSS) attacks are some of the most common and dangerous exploits against Web users. XSS allows malicious code to be injected into Web pages that can lead to information disclosure and identity theft. With this feature present in Internet Explorer 8 and above these attack are rendered impotent and therefore less of a threat to the user themselves.

Certificate Support

While not exactly a new feature in Internet Explorer it is worth mentioning as it does provide some important security features.

There are two types of certificates that can be configured and used within the browser:

Personal Certificates: This type of certificate provides verification of an individual’s identity over the Internet. This certificate can be used to provide information which is used when a user sends personal information over the Internet to a website that requires a certificate, verifying their identity.

Website Certificate: These types of certificates are used to assert that a website is safe, secure, and genuine. Through use of these types of certificates a website can be positively identified as the certificate ensures that the presenter is who they claim to be. Use of these certificates ensures that no other website can assume the identity of the intended, secure site. In this way when a user submits personal information over the Internet, they must check the certificate of that website to ensure that it will protect his personally identifiable information. When users download software from a website, they can use the certificates to verify that the software is coming from a reliable source. Additionally these types of certificates are integral in assuring the security of submitted content through the use of Secure Sockets Layer or SSL.

InPrivate Browsing

This mode is a new feature in the Internet Explorer product line that allows for a level of security not previously seen in the Microsoft browser line. Through the use of this mode information collected during browsing sessions is highly restricted and safely handled. Through the use of this mode information on your browsing habits are protected from others who may use the computer after you. By extension if information is not left behind after a browsing session it also means that potential attackers or malicious code cannot retrieve it as readily. The downside of this mode is that tabs not opened in the current browser session will not be protected by InPrivate Browsing and may indeed be accessible by unintended processes. During the surfing process Internet Explorer does store information such as cookies and temporary Internet files—so that the web pages visited will work correctly. However, at the end of the InPrivate Browsing session, this information is purged from the system. This function can be turned on within the Tools menu of Internet Explorer.

Security zones

A feature available since the early versions of Internet Explorer is one that is used to control or modify the behavior of the browser when visiting specified websites. Security zones are designed to empower users on the client-side to establish different levels of security based on the perceived level of confidence regarding a site. Each zone can have sites assigned to it which will either restrict or allow content to run based on the individual settings. By placing sites as desired in each zone the client can prevent different types of active and other content from running therefore preventing a security risk. Content that can be controlled through the use of security zones include content such as ActiveX, Java, JavaScript, and other dynamic or active content. You can configure Security Zones in the Internet Options Security tab as seen in Figure 6.12.

Here, you can adjust the Internet, Local Intranet, Trusted Sites and Restricted Sites zones and configure them independently with specific settings such as disabling scripts, enabling functionality specific to each zone and security to each zone.

By default there exist four different security zones present in Internet Explorer: Internet, Local Intranet, Trusted Sites, and Restricted Sites. Each of the four zones have been assigned default security settings by Microsoft such as (Low, Medium-Low, Medium, and High) which determine the types of content that can be downloaded and/or executed and what a user can do on a website. A user may elect at any time to alter the security levels and modify the security defaults for any of the zones. Any action that a user carries out such as opening files or performing downloads will be screen against the settings for the applicable zone and will be allowed or denied based on the situation.

The settings for these zones are as follows, per Microsoft:

Internet: By default, the Internet zone includes anything that is not on a user computer, on an intranet, or which is not assigned to any other zone. The default security level for this zone is Medium.

Local Intranet: It typically includes the trusted content inside the company’s firewall, such as sites on the company’s network. The default security level for this zone is Medium. A user can change it as per his or her requirement.

Trusted Sites: It consists of sites that are trusted by the user. A user can place such sites to this zone. The default security level for this zone is Low.

Restricted Sites: The sites that a user does not trust or trust less than the rest of the Internet are placed in this zone. The default security level for this zone is High.

Did You Know?

These zone settings may be adjusted per zone based on individual user needs and requirements. However in some corporate or enterprise environments it may not be desirable to allow this to happen, in these cases it is possible to use features such as Active Directory’s Group Policy feature to enforce the settings organization wide.

Content Advisor

Probably one of the least understood and used features in Internet Explorer is a feature known as the Content Advisor. This feature, available in many later versions of Internet Explorer, can regulate the types of content and sites that can be viewed and visited by a browser successfully. Through use of this feature a client can configure which websites are able to be viewed and which are not. This screening of content is based on the guidelines of the Internet Content Rating Association (ICRA). When Content Advisor is enabled, a user can view only Web content that is rated and meets or exceeds the specified criteria. A user can adjust the settings by moving the slider left and right to reflect what they believe to be appropriate content based on their desires such as language, nudity, sex, and violence.

Internet Explorer has clearly evolved over the years and offers many features designed to stop many of the well-known attacks, plus other features designed to protect the user from those lesser known attacks as well.

One of the biggest problems with Microsoft’s Internet Explorer (IE) is that the web browser is integrated directly into the Microsoft Windows operating system. Due to this tight integration removal of this application is not practical or even possible in most cases. Therefore anything Internet Explorer is vulnerable to may very easily be something that weakens the operating system itself.

Note

While it is true that Internet Explorer is integrated into every version of the operating system since Windows 98 there are some exceptions. In geographies such as Europe it is possible, however unlikely, to encounter versions of the Windows operating system without Internet Explorer. In these versions, which add the suffix “N” to their name, Internet Explorer and Media Player have been excised from the operating system due to a legal ruling by the European Union. However it is unlikely that you will ever run into these versions “In the Wild” due to the fact that most individuals that bought a computer did not want nor even know about these versions and therefore they never propagated all that much. These versions are mentioned here just for the sake of completeness, but they are not considered in the discussion as they are so rare as to be inconsequential.

One of the other issues with Internet Explorer is its broad support of active content of so many types. The browser’s ability to support many scripting languages and development languages such as Java, ActiveX, Silverlight, and JavaScript is in line with other browsers on the market. While any application of any level of complexity is potentially vulnerable to attack, it is possible to mitigate or eliminate some of the more serious weaknesses by using a web browser that does not support ActiveX controls.

Of course using a different browser can affect the functionality of a great number of sites due to the fact that ActiveX controls are very common and some sites may not function without them. Note that using a different web browser will not remove IE, or other Windows components from the system.