Browser Security (IE6)

Topic

New Reply

Hi All:
I went to the Symantec site to do a “security check”. When I finished, I wqs told that web sites could get my browsing history & it then said:

>>Recommendation:
>>Reconfigure your web browser to hide your recent history from prying eyes. To get extensive privacy protection, install a personal firewall or a full Internet security suite.

Other than trying to sell their product, does anyone know how you can configure IE to hide browsing history from web sites while still allowing you access to recent history? Thanks in advance.

Reply | Quote

Replies

I came up “clean”. The only special measures I use are ZA (free) and Popup Manager (which blocked the security check popup to start with ). Apart from that my IE settings are fairly standard, observing basic security measures recommended by Woody, et al.

(The “Possible Risk!”? I didn’t let them download & install their junk just so they could then tell me that I was “At Risk!”.)

Reply | Quote

Thanks, Tim. That’s what I got the first time. I did download their ActiveX control for the scan the second time & that’s when I got the message I posted. If felt safe downloading it because:
1. They posted a removal tool, which I immediately used after the test, &
2. The reason I did this in the first place is that they emailed me with a warning that their previous ActiveX control was a security risk & should either be replaced or removed. Prior to that, I didn’t even know about their security test.

So, I’m still wondering what configurations they mean. I use ZA also.

Reply | Quote

> Reconfigure your web browser to hide your recent history from prying eyes.

I’m surprised they don’t give instructions for this. Other than using JavaScript to peek at the history object (the limited functionality that allows sites to create a Back link in script), I don’t see how it could be accessed. Unless Symantec is just referring to cookies. Very strange. Not very helpful.

Reply | Quote

Thanks for your thoughts, Jefferson. The more I think about it, the more I think it was a canned response. I use Zone Alarm & had it running during the test, but they didn’t seem to notice that. Since Symantec sells both a firewall & “Internet security suite”, my cynicism leads me to believe that it’s a subtle way to play on your fears.

Reply | Quote

My cynicism says that it’s a less than subtle effort if, after they have you load “trusted” software, that software then discovers your system to be vulnerable.

For peace of mind, you could try Steve Gibsons Shields UP! and LeakTest. They should give you a somewhat more impartial report of your vulnerability than a product vendor might.

Reply | Quote

Thanks, Tim. I periodically go to sites like Gibson’s & haven’t had a “bad” marks. I’m just going to write off this one as bunk.

Reply | Quote

Phil,
It seems to me that I went through that all a while back on the Symantec site. What they were talking about was the “referrrals” that are NOT blocked by most firewalls. This is apparently a tag that is available to websites to see just where you “surfed” in from to get to their site. Hence the term referral, ie: you were just in the Lounge and you went to joesmith.com. It will tell Joe that you were at the lounge last. ( or wherever ).
The only prog I found that stopped the referrals was AdSubtract Pro, which has many features in it like selective filtering, ad blocking and more. You can check it out at http://www.adsubtract.com[/url%5D 30 day trial.

After installing AdSubtract, I went back to Symantec and ran security check, No longer found any problems. I’m almost sure this is what they were speaking about.

Bob

Reply | Quote

Thanks, Bob. I have AdSubtractPro, but rarely use it. So maybe I’ll try Symantec again, just for fun.

Reply | Quote

If I understand correctly, the HTTP-REFERER tag will be blank if you used a bookmark or typed the address, and otherwise it will be the page you linked from. Doesn’t seem all that serious to me. Do I really care if they know the page I clicked from??

Reply | Quote

Jefferson,

I don’t know if YOU care about it, but I Do ! I don’t want anyone tracking me around, no matter how innocent the movements may be.

Be that as it may, the referrer tag is what Symantec was pointing out to Phil when he made a security check of his system.

Bob

Reply | Quote

I guess maybe I have the “corporate” viewpoint on this. It’s useful to know how people use your web site, and using the HTTP-REFERER tag, a cookie, and a log, you can answer questions such as “how long did you spend reading this page,” “which items attracted your attention first,” “do you use the back button a lot,” and countless other tidbits. Maybe that should be a secret. When I don’t want someone to know what I’m doing, I use my Anonymizer account, http://www.anonymizer.com[/url%5D.

Reply | Quote

Jefferson,

I also had the “Corporate” viewpoint for many years, but Corporate isn’t the sqeaky clean image that it may have been not too many years ago. There are too many behind the scenes things happening to suit me.

I’ll keep my referrals blank, thank you, and why pay for a “secret” identity to surf the web? But, what ever, one person’s potion is another person’s poison?

Bob

Reply | Quote

> why pay for a “secret” identity to surf the web?

There are times when it would be inappropriate to leave my firm’s IP address in a site’s logs. Hazard of the trade.

Reply | Quote

To me, your “corporate” viewpoint seems reasonable, especially within a site. Without those “tidbits” it would be hard to target ongoing site development to improvements in areas that get the most use. They would also help to identify where the design may be causing navigation problems.

The cross-site tracking, of where you came from, is a little more debatable. I understand it too has positive uses, to assign extra privileges, and to attribute points or income to sites that are ad-supported.

The problem comes about when personally identifying information is linked to either, especially without your knowledge. I use your method with bookmarks, or cut&pasted addresses, whenever I have cause to suspect a sites motives. My paranoia has not yet got to the level where I’ve felt the need for anonymizer.

Reply | Quote