The WP Wednesday Podcast

Back about a month ago it was announced that Internet Explorer security flaw allows hackers to steal files.

Security researcher John Page has revealed an unpatched exploit in the web browser’s handling of MHT files (IE’s web archive format) that hackers can use to both spy on Windows users and steal their local data. 

The vulnerability affects Windows 7, Windows 10 and Windows Server 2012 R2 and allows some access to computer files by sending a simple command such as a CTRL+K (open a duplicate tab) or a Print command.

Page posted details of the exploit after Microsoft reportedly declined to roll out an urgent security fix. It instead said a fix would be “considered” in a future release. While that does suggest a patch is on the way, it leaves millions of users potentially vulnerable unless they either turn off Internet Explorer or point to another app that can open MHT files.

So, first… remove IE unless it is completely necessary for your job. Some government agencies, financial institutions, insurance companies, etc have websites or applications that ONLY work on Internet Explorer. Which is scary since it’s government info, your bank, CPA, insurance industry or other entity that stores private information.

But what are you supposed to use as a replacement? There are dozens of options, and we’re going to talk about a few, starting with the big three, and a few others.

Subscribe to the BeBizzy Break Podcast on iTunes and Stitcher Radio

Market Share

I remember the old days (dating myself) when Netscape emerged as a new, robust applications that provided access to the World Wide Web, instead of BBS’s, usegroups and the all-powerful AOL. Microsoft came in a few years later and the two battled back and forth over market share.

IE finally finished Netscape off with IE6 with Windows XP, and at one time IE owned 90% of the browser market. Firefox started the new browser emergence, then Chrome began it’s climb to the top of the browser heap.

Now, every social media application like Facebook, Twitter and Instagram have in-app browsers and there are literally dozens of others which serve specific cases.

The most recent browser market share data in the US from Stat Counter : http://gs.statcounter.com/browser-market-share/desktop/united-states-of-america

Basic Security Policies Regardless of Browser

  • Make sure you’re using the most recent version. Windows update, Chrome updates and others should be installed when possible to avoid an exploit.
  • Turn off Flash! Uninstall Flash! Never visit sites that require you to use Flash! Get the picture how insecure Flash is/was/forever will be?
  • Learn to see if the lock icon appears letting you know you’re visiting secure sites. This is very important if you’re making purchases or providing secure information
  • Use a password manager instead of storing passwords in the browser. Lastpass, Dashlane and others are cost effective and do a great job on computers and smartphones.
  • Clear History Periodically : erase your tracks every once in a while to keep anyone from snooping on where you’ve been.
  • Turn off autofill if you really don’t use/need it. It could be used by others with access to your devices to see what sort of sites and information you’ve been searching.
  • Use a VPN – A virtual private network encrypts traffic from the device you’re using to access the internet (computer, smartphone, etc) and routes through to a point where it joins the wide network. By encrypting traffic through your networking equipment, ISP’s devices, DNS routing equipment and other endpoints you’re tracks are covered up and you cannot be tracked.

Big Three

e-logo.0

Microsoft Edge

  • Internet Explorer’s replacement from Microsoft.
  • It probably came pre-installed on Windows 10, or one of your Windows 7 or Windows 8 updates.
  • Built-in Cortana integration which enables specific information to be displayed when certain websites are visited.
  • Reading Mode : turns off distractions when enabled so you can just read the page text.
  • There is a Microsoft Edge version for smartphones, tablets and other operating systems.
  • Microsoft has promised an “IE-Mode” which will open a familiar Internet Explorer look and feel in a separate tab
  • There is also a version of Edge that will be built on the Chromium, the same open-source web rendering engine that powers Google’s Chrome browser. 

https://www.microsoft.com/en-us/windows/microsoft-edge

1200px-Google_Chrome_icon_(September_2014).svgGoogle Chrome

  • The browser market leader by a HUGE margin
  • Tons of extensions which extend the browser’s utility by offering website developer tools, notifications, marketing assistance, password managers and a whole lot more.
  • Tab Pinning – Have a site you visit almost every time you go online? Pin the tab and it will always be there.
  • Incognito Mode – Need to browse a site in private, meaning you leave no trace in browser history? Open a new browser instance by hitting CTRL + SHIFT+ N in Windows, or COMMAND + SHIFT + N on your MacOS.
  • Syncing Chrome with Your Google Account – Get access to the same settings, bookmarks and extensions by logging into your Google account in Chrome.
  • Of course you can download and use versions of Chrome on all Android and IOS devices.

https://www.google.com/chrome/

firefox_logo_2017-100742591-largeMozilla Firefox

  • A distant second place to Google Chrome
  • According to speed tests Firefox Quantum browser is currently the fastest browser available (May 2019)
  • Like Chrome, there are tons of extensions that add to functionality.
  • Great malware and SPAM protection. Firefox turns a blood-red color when you go somewhere you’re probably not supposed to go online.
  • Private Browsing – similar to Chrome’s Incognito mode, private browsing deletes cookies, passwords and all other traces you were on the web.
  • There are versions of Firefox available on all Android and IOS devices

https://www.mozilla.org/en-US/firefox/

Other Browsers

  • Opera : Opera has been around since 1995 but apart from a very dedicated group of users, has never gotten traction. It is built on Chromium and is thought of as a more secure version of Chrome.
  • Safari : The default browser for all IOS devices it is used by Apple and Mac users unless they select another as a default. A huge negative is it is not available to PC users (unless you know a few tricks), which took out a majority of the computer market. Like IE, Safari got buried as Chrome use soared.
  • Chromium : the open source version of Chrome, Chromium has appeared on Linux distributions, and is also used as the backbone to other specialty browsers. It works similarly to Chrome but is thought to be a bit more secure.
  • Brave – created by the same developer that created JavaScript, Brave is very new to the browser game, launched in 2016. It is a very minimalistic browser, which enhances its speed and security.
  • Maxthon : A browser popular in China. The most ringing review I could find of Maxthon was that it was a good choice to use if you preferred the layout of Microsoft’s Internet Explorer. Ugh.
  • Tor : built for users to access the internet anonymously via the Tor network. All traffic is encrypted so tracking is impossible. As an additional layer of security the user is routed through the TOR network which bounces the traffic through a series of relays before emerging on the open web.

As a web developer and an “experienced” technical professional, it is great reminiscing about the history of Internet Explorer and what it has done to move the internet toward what we have today. But like MySpace, Hotmail, AOL and the Blackberry, Internet Explorer is something we should no longer use. There are plenty of great replacements that take a little bit of effort to install and configure, but security, speed and utility makes the time spent worth while.

Have any questions or suggestions on your favorite, or least favorite internet browsers? Leave them below, or send them to me @BeBizzy on Twitter!

Subscribe to the BeBizzy Break Podcast on iTunes and Stitcher Radio