Browser Security

Key Actions 

Always run an up-to-date version of your web browser. Use Qualys’ BrowserCheck to confirm your browser, plug-ins and system are patched.

Browser Privacy Settings - Vendor information regarding browser privacy settings.

Tips for safe Internet browsing

Exploiting browser vulnerabilities has become a popular way to compromise computers.There are several easy ways to secure your preferred browser, through individual browser settings and add-ons. Browsers aim for a balance of performance and security. Features added by the manufacturer to improve performance may make the browser (and the computer) less secure. In addition, the more add-ons you have installed, the more your browsing experience may be impacted or slowed.

Best Practices

  1. Install and use an ad blocker such as AdBlock Plus or uBlock Origin (for Chrome or Firefox).  It's best to use one or the other not both.
  2. Do not use the "remember my password" function of a browser or website. Instead, use the 1Password password management service (available free to Duke faculty, staff and students). You may review details about getting set up with 1Password at the 1Password service page. To remove data that may have already been saved see:  Chrome and Firefox.
  3. Ensure the pop-up blocker in your browser is enabled (instructions available for Chrome and Firefox).
  4. Consider private browsing using Chrome Incognito mode or Firefox private browsing. These options are starting to be available for mobile browsers as well. Firefox has created Focus as a privacy focused browser. 
  5. If you have Adobe Flash or Oracle Java plugins installed, consider uninstalling them. Many content providers have moved away from these platforms due to ongoing security issues with both. If you need Flash, it's built into Chrome. If something needs Oracle Java, remember it needs to be updated on a regular basis.  They continue to be two of the top programs leveraged by malware to compromise computers.

For advanced users 

The items listed below will add additional security to your web browsing, but from time to time may need adjusting for a site to function.  You should read what these extensions do, and research each before deciding if they are the right tools for you. They may be available for other browsers, we've only provided links for Chrome and Firefox here. Users should be comfortable with managing Chrome extensions and Firefox add-ons as a prerequisite to using any of the items in this list. Extensions also add to the overall resource use by your browser. Mobile users will find some of these have App corollaries as well.

  1. NoScript Firefox only - Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks, "Spectre", "Meltdown" and other JavaScript exploits.
  2. UMatrix  Chrome and Firefox - Point & click to forbid/allow any class of requests made by your browser. Use it to block scripts, iframes, ads, facebook, etc.
  3. IP Whois & Flags Chrome and Firefox - Displays server's location of all websites, and provides Geo location and WHOIS info on toolbar click
  4. Privacy Badger Chrome and Firefox - Protects you from trackers as you surf the web.
  5. Ghostery Chrome and Firefox - A powerful privacy extension. Block ads, stop trackers and speed up websites. Creating an account allows settings to be shared between machines and browsers.
  6. Web of Trust Chrome and Firefox - Instantly know which websites to trust! WOT protects you while you browse, warning you against dangerous sites that host malware, phishing, and more. Creating an account allows settings to be shared between machines and browsers. Can use a users Google credentials for login.