Security Features in Web Browsers
The security features have been tested in the following web browsers:
• Mozilla Firefox (version 3.0.13 running on Windows XP SP2)
• Microsoft Internet Explorer (version 6.0 running on Windows XP SP2)
• Safari (version 4.0 running on MAC OSX version 10.5.7)
Mozilla Firefox features an option to Clear Private Data; this option can be found under the tools menu. The following data can be cleared:
- Browsing History
- Download History
- Saved Form and Search History
- Offline Web Site Data
- Saved Passwords
- Authenticated Sessions
There are check boxes to turn the above options on or off, the options that are turned on to clear by default are; Browsing History, Download History, Saved Form and Search History, Cache, and Authenticated Sessions.
WTS has the same default options turned on to clear.
The default options can be changed permanantly by going to Tools -> Options -> Privacy tab -> Settings button, and then tick the boxes for which options you want turned on or off.
There is an option to ask the user before clearing private data; this is turned on by default on both standard installations of Firefox and WTS.
The Clear Private Data option can also be used
through Options under the Tools menu. Once in options the private data
can be cleared through the Privacy tab by clicking on the Clear Now button.
Clear Private Data option can be set to clear private data when Mozilla
Firefox closes, this can be done through Tools -> Options ->
Privacy tab -> Settings button, and then tick the box that says
Always clear my private data when I close Firefox.
Microsoft Internet Explorer
Microsoft Internet Explorer has its security features in Internet Options which can be found under the Tools menu. The security features include:
The General tab
- Deleting cookies and temporary internet files
- Clearing the browser history
The Security tab
- Internet security level - by default this is set to medium, prompts before downloading potentially unsafe content and unsigned ActiveX controls will not be downloaded. The custom level allows the user to adjust the security level to High, Medium, Medium-low, and Low. Each of these levels changes various security settings.
- Local intranet security level - by default this is set to medium-low, most content will be run without prompts, unsigned ActiveX controls will not be downloaded, same as medium which is the default in internet security only without the prompts. The custom level allows the user to adjust the security level to High, Medium, Medium-low, and Low.
- Trusted sites security level - by default this is set to low, minimal safeguards and warning prompts are provided, most content is downloaded and run without prompts, and all active content can run. The custom level allows the user to adjust the trusted sites security level to High, Medium, Medium-low, and low.
- Restricted sites security level - by default this is set to high, less secure features are disabled. The custom level allows the user to adjust the restricted sites security level to High, Medium, Medium-low, and Low.
The Privacy tab
- Pop-up blocker - by default the Block pop-ups check box is ticked, there is a settings button that allows the user to add sites that are allowed to use pop-ups (the pop-up blocker option is not available in WTS).
The Content tab
- Certificates - the clear SSL state button clears the SSL cache, the Certificates button lists the Intermediate Certificate Authorities, the Trusted Root Certification Authorities, the Trusted Publishers and the Untrusted Publishers.
- Personal information -
AutoComplete stores previous entries and suggests matches for the user,
the AutoComplete button allows the user to turn on AutoComplete for web
addresses, forms, and usernames and passwords on forms. The user can
also clear forms and clear passwords from the AutoComplete button.
When you browse the web, Safari stores information about the websites you visit, including the content and any user names, passwords, and credit card numbers you enter. Other people who use your computer can view that information. If you don't want this information stored, use private browsing.
Private browsing is always turned off when you open Safari, even if it was on when you last quit Safari.
Safari features an option for Private Browsing; this option can be found under the Safari menu. The Private Browsing feature ensures that private data is cleared from the browser; this is similar to the Clear Private Data feature in Mozilla Firefox, only the user has to turn the Private Browsing feature on before browsing whereas the Clear Private Data feature can be used after the browsing has occurred. The following data will not be saved when the Private Browsing feature is selected:
- Web pages are not added to the history.
- Items are automatically removed from the Downloads window.
- Information is not saved for AutoFill (including names and passwords).
- Searches are not added to the pop up menu in the Google search.
Until the Safari window has been closed users can still click the Back and Forward buttons to return to web pages that have been opened.
When turning on Private Browsing a box pops up asking if the user is sure that they want to turn on Private Browsing, users can either click Cancel or OK.
Safari also gives users the following options:
- Clear History - this option can be found under the History menu.
- Empty Cache - this option can be found under the Safari menu.
- Turn on/off AutoFill for usernames and passwords, and forms - this option can be found under the Safari menu in Preferences under the AutoFill tab.
If you forgot to turn on private browsing, go to the Safari menu and select "Reset Safari".
IMPORTANT: Private browsing only removes the names of items you've downloaded from the Downloads window. To get rid of the items themselves, you must delete them.
Firefox provides facilities in hindsight, so the user can browse then
clear private information. Safari needs foresight, so the user needs to
turn on Private Browsing before they browse. Microsoft Internet
Explorer also needs foresight, the user needs to configure the security
settings before they start browsing the Internet.
Information correct as of August 2009