How to immunise your browser against the latest security threats


Steve Clark

1 Nov, 2018

In order to prevent your data from being stolen and misused, it’s essential that internet users take the steps to protect their browsers from the latest net nasties.

Given the variety of threats out there, users need to be prepared to thwart attackers from all directions, whether that be malicious ads, hidden software, unwanted cookies, phishing scams, and even rouge extensions masquerading as legitimate tools.

In order to make things easier, we’ve pulled together some of the best tools available to help you immunise your browser from the most common threats.

Avoid phishing scams and malware

Even with antivirus software running in the background, it’s still wise to create an additional layer of browser security by installing Windows Defender Browser Protection or Avast Browser Security, which are available for all the major browsers. Like their antivirus counterparts, these ‘all-in-one’ extensions constantly scan for malicious code, suspect links and phishing attacks, and check threats against continually updated lists.

Avast Online Security helps you steer clear of dodgy websites

You’ll find more settings in Avast – Windows Defender only features an on-off button – and it also adds a traffic light system to Google search results, so you can check a website’s reputation before you click the link. This red-amber-green display is similar to BitDefender’s anti-phishing, anti-malware extension TrafficLight – a tool that also reveals when you’re being tracked and analysed by a website.

Each tool clearly communicates potential hazards. Hostile sites are locked behind unmissable warning signs, and you can opt to run to the safety of your homepage, rather than risk infection or stolen data.

Block online trackers and spying ads

Every site you visit and link you click creates information that a website or third-party can use to identify and analyse you. At best, this means your data is flogged to marketers who target you with ‘relevant adverts’. In the worst case scenario, it leaves you wide open to identity theft. And either way, you’re likely to suffer a slow-down when too many ads follow you around the web.

Popular multi-browser ad-blockers Ghostery and uBlock Origin both let you mask your digital footprint. Constantly running in the background, these check for advertising and analytic trackers on every web page you visit, before blocking them.

Ghostery helps you become an untraceable shadow online

Ghostery is the more user-friendly of the two. It’s available for most browsers, has its own Android and iOS apps, and provides useful at-a-glance info. However, uBlock Origin’s standout feature, Element Picker, lets you permanently block all sorts of sluggish or suspect website elements – including sidebars and comment sections.

Alternatively, try Privacy Badger. Created by the same folks behind HTTPS Everywhere, this ‘smart’ tool learns to recognise and block new trackers as you browse – so, unlike rivals, there’s no need to create whitelists and blacklists.

Defend your browser against CDN threats

One of the chief reasons why a website may be deemed risky is because of its Content Delivery Networks (CDN) – a system that populates web pages with content like adverts and images from multiple background sites; sites vulnerable to hackers.

Decentraleyes – available for Firefox, Chrome, and Opera – dodges these centralised networks. And by cutting out the highly exploitable middle-man, the extension is able to protect you from malicious software hidden within background content.

Use Decentraleyes to dodge risky content

Given their widespread popularity, most attempts to circumvent CDNs cause a web page to break, but Decentraleyes sneaks past this problem, tricking sites into displaying the extension’s own bundled local files that ‘plug the gap’. The tool is also designed to play nice with other privacy-enhancing extensions, including uBlock Origin, uMatrix, and Cookie AutoDelete.

Evade dodgy scripts on websites

Executed scripts is another reason why so many websites are at risk. Security experts revealed that hackers use «scripting capabilities for iframe redirects and malvertising links to compromise web browsers».

You can protect yourself from this threat by using an extension such as uMatrix, which grants you the power to instantly stop sites running media, CSS, scripts, and frames.

uMatrix gives you full control over shady scripts and malign media

The matrix-based interface appears advanced, but it’s deceptively simple: open up uMatrix on a specific website to see a detailed grid of running HTML elements, then click the lower-half of a box to block an element, or permit a process by clicking the top-half. You can implement global settings across all sites is activated by clicking the asterisk symbol (*), then selecting preferences.

By controlling individual elements, you can tighten security and still ensure every site works. For example, blocking certain scripts on the Google Play Store removes the See More buttons, making navigation a nightmare, so a blanket ban on all scripts would make the site unusable.

Banish unwanted cookies

Cookies aren’t all bad – they’re the reason you don’t have to type out your favourite web addresses or remember all your passwords, after all – but they still help advertisers doggedly track you around the web.

Although we understand the popularity of browser extensions that remove irritating cookie notices – such as the excellent I Don’t Care About Cookies – these are ‘out of sight, out of mind’ tools that won’t protect you while browsing the web. For greater control over cookies on your machine, first check your built-in browser settings – all major players feature the ability to clear cookies at the end of your session, when you exit the browser.

Ditch the cookies to stop being tracked around the web

Chromium-based browsers like Chrome, Opera and Brave keep this option in Settings, Advanced, Content Settings, Cookies, where you can toggle the switch marked ‘Keep local data only until you quit your browser’. For Edge users, click Settings, and under ‘Clear browsing data’, select ‘Choose what to clear’ and turn on ‘Always clear this when I close the browser.’ In Firefox, visit the Privacy & Security settings, locate ‘Cookies and Site Data’, then use the drop-down menu to keep cookies until ‘Firefox is closed’.

The Cookies AutoDelete extension for Chrome and Firefox streamlines the process further. One click lets you automatically clean up your cookies; whitelist or greylist specific sites; and select preferences that clean out cookies when, for instance, you visit new domains or open the browser.

How to tell if you’re running a rogue extension

Browser tools gone bad are capable of stealing all sorts of private data from you – and most extensions have near-unlimited access to your personal data and browsing habits. No wonder Google are tightening up extension development.

The easy way to place unsafe extensions under lock and key

Extension Police checks your extensions are safe by auditing every add-on for potential security threats. Install it in Chrome or Vivaldi and the tool checks what each extension can do – and how it affects your online health. Each permission you’ve granted is given a traffic light score: red for hazardous, amber for suspicious, and green for safe. You’re then prompted to take action based on threat level.