Browser Security Di Matteo Valerio 1379412 dimatteo.1379412@studenti.uniroma1.it ABSTRACT Today, most of the concern over web security is concentrated on the web applications, but actually, the specific browser that users utilize to surf the web is a key factor in terms of security aspects. A bad secured browser can turn all the efforts to enhance security of web applications useless, and expose personal or sensible data. There should be a set of basic requirements that browsers should have in order to be considered secure, or at least “securable”.
Keywords Browsers, Security, Infosec, Google Chrome, Mozilla Firefox, add-ons.
1. INTRODUCTION Information security, sometimes shortened to InfoSec, is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term, which may refer to electronic, physical, or any kind of form that data may take. As a matter of fact, security is often thought as something that belongs to the application-side of a system, as if browsers were only passive elements. Instead, browser security is fundamental if we want to guarantee a certain level of protection. Nowadays, the various vendors provide various way to enhance the browser’s security, with different options or functionalities that can be selected and enabled/disabled to the user’s will. On one side, this allows the user to choose what he want to have at his disposal (for example, whether he wants to use cookies or not), while on the other hand, the fact itself that users can have a choice leads to bad decisions and security breaches. Some think that security should me “transparent”, in the sense that users shouldn’t need to think about what is happening in order to protect them, but the browser should manage it all by itself. It is not an easy task, however, because as we will see, most of the times a security enhancement comes
at the cost of the user experience in terms of quality or availability of a certain resource. In this paper, we tried to list down a set of basic InfoSec requirements that all web browsers should have, in order to provide a good level of security in web browsing without lowering the quality of the experience of the user. We will also show how to make Google Chrome and Firefox as secure as possible by applying the methodologies that we will discuss and, in particular, we will define a set of add-ons for Mozilla Firefox, studying and analyzing then and explaining the details of their configuration. Finally, we also tested the effectiveness of the selected add-ons on three popular web platforms: Facebook, Youtube and Amazon. Note: many definitions for technologies and plug-ins come from Wikipedia or other public Internet source, as they are only needed to introduce them and to explain why they have been selected. Some configuration instructions for Chrome and Firefox, like paths to specific URLs or settings folders, or lists of possible choices, come from their own help pages. The particular choices of the single technologies, why we picked them, and the suggested options to be selected on the browsers, as well as the study of the user experience after the installation of the add-ons and the tests on Facebook, Youtube and Amazon, is