News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • Browsing your way to more security

    Home » Forums » AskWoody blog » Browsing your way to more security

    Author
    Topic
    #2385268

    ON SECURITY By Susan Bradley I often come across Windows computer systems that have been severely compromised, and more often than not the entry point
    [See the full post at: Browsing your way to more security]

    Susan Bradley Patch Lady

    3 users thanked author for this post.
    Viewing 13 reply threads
    Author
    Replies
    • #2385292

      Microsoft realizes that the Web can be a dangerous place, so it is coming out with the Edge Super Duper Secure Mode..

      So, it took Microsoft 28 years, since the first Browser for Windows OS, Cello, in 1993 to realize that the Web is dangerous ?

      1 user thanked author for this post.
      • #2385310

        The unlucky thing is, that Microsoft if literally giving people false hope with its .. I apologize for the word – *stupid* advertisings like this one:

        Microsoft Edge is the fast and secure browser that helps you protect your data, and save time and money.

        really

        Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, W10 20H2 Enterprise

        HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

        PRUSA i3 MK3S+

        1 user thanked author for this post.
        • #2385370

          Do you have a reason to believe that Edge is not secure?

          Is my data at risk?

          Windows 10 Pro version 21H2 build 19044.1319 + Microsoft 365 (group ASAP)

          • #2385615

            Do you have a reason to believe that Edge is not secure?

            I really have reasons to believe, that all browsers are not secure (not just Edge). It mostly depends on user. Periodic updates are some sort of warranty, that discovered vulnerabilities get patched, but they are not almighty.

            Is my data at risk?

            Local data are at risk, while you are connected to the internet. Cloud data are at risk 24/7. Although the percentage may be low, both are definatelly not 100% safe.

            Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, W10 20H2 Enterprise

            HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

            PRUSA i3 MK3S+

            1 user thanked author for this post.
      • #2385396

        Do you have a reason to believe that Edge is not secure?

        With Edge being based on google chrome, makes it a bigger target as per the article linked below.

        Google issues another security threat warning

        Chrome is one of the leading browsers available; however, I can’t ignore that this is the fourth major security vulnerability in two months and the eighth zero-day hack this year. The number of attacks is steadily growing, and it is more important than ever to ensure that your browser is kept up to date.

        I share those concerns.

        illegitimi Non Carborundum
        1 user thanked author for this post.
    • #2385309

      I still would recommend users to be cautious, not relying on browser to do all things for you.
      Do not open emails you not recognize, never do store your credit card details, do not install any program, that comes from the internet. Unless you know, what you are doing, obviously.

      As if driving your car, you do not put your hands of steering wheel and feet of pedals, when junctions is near, relying on the cars driving assistant.

      Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, W10 20H2 Enterprise

      HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

      PRUSA i3 MK3S+

      2 users thanked author for this post.
    • #2385402

      I think that the majority of unwanted material (malicious or not) tends to come from users that tend to click “OK” on everything, without reading the content of what they’re approving. A lot are simply trying to move on to getting work done, although I see this effect too often with the “I don’t know much about computers” people that are intimidated by the technology, and have the expectation that a using a computer should be no more difficult than using a toaster.

      Developers and distributors know about this, and bury disclosures and opt-out options amid lots of arcane stuff, whether dense legal fine-print, FUD warnings, or obscuring things in “Advanced” settings dialogs that are often designed to discourage users from examining, much less actually making changes.

      There is some that can be done by education and training, but some users don’t want education and training, and even if they have it, they’ll still finds to justify doing things that the training is intended to avoid.  It’s too easy for users to assume “I’m just one person, and I’m insignificant”, and where they really don’t understand that there is no such thing as “my little corner of the Internet”.

      Ultimately, the process of installation of too much software (even for legitimate stuff) borrows from the same methodology as phishing.

      2 users thanked author for this post.
      • #2385705

        I think that the majority of unwanted material (malicious or not) tends to come from users that tend to click “OK” on everything, without reading the content of what they’re approving.

        Notwithstanding the occasional drive-by download or poisoned legitimate web site, or…

        -- rc primak

    • #2385428

      With Edge being based on google chrome,

      Edge is based on the Chromium, not on Google’s Chrome browser. While browsers based on Chromium share many things, including the rendering engine and extensions, you can easily see the Chromium-based browsers diverging.

      There was a time when Edge looked almost identical to Chrome. Now it doesn’t.

      1 user thanked author for this post.
      • #2385442

        brain flatulence oopsI Yes, I knew that, but with chromium being the root browser framework in the pyramid of blink, surely the above article is still relevant to these browsers. Good work by project zero although I’m still not convinced given the article findings. ymmv

        either that, or someone has re-invented the wheel of security 🙂

        illegitimi Non Carborundum
        1 user thanked author for this post.
      • #2385706

        With Edge being based on google chrome,

        Will Fastie wrote:

        Edge is based on the Chromium, not on Google’s Chrome browser.

        However, Google does own the entire Chromium code base. What if anything Google does to leverage that open-source code base for their own purposes, I am not sure. Neither are many of my friends and fellow tech group members who use Linux primarily. Many use Firefox exclusively due to this ownership.

        -- rc primak

        • #2385789

          However, Google does own the entire Chromium code base. What if anything Google does to leverage that open-source code base for their own purposes, I am not sure.

          Google makes no secret that Chromium is developed by Google for the good of Google. People seem to think that “open source” means “community developed for the greater good,” but that’s not a part of the definition. Chromium is open source, so anyone can take the source code, change it as they see fit, and distribute that new browser as they see fit.

          Unless people think Google is hiding some self-serving code in plain sight within Chromium, there’s no need to shun it just because it is developed by Google. The unwanted bits that serve Google’s interests can easily be removed (and the devs of browsers like Brave, Vivaldi, Opera, and certainly Edge) do just that.

          Google uses a two-tiered development model for its closed-source products that have an open-source base. Chrome is not open source any more than the new Edge is… the final product consists of the open-source base with proprietary bits added, with the final product released under a non-open-source license. Similarly, Android’s open source base is AOSP, or Android Open Source Project, which is also developed by Google for its own benefit. Android proper is not open source… it has stuff on top of AOSP that makes it proprietary.

          If you were Google, and you wanted to put something sneaky and nefarious in Chrome or Android, you wouldn’t put it in the open source part that everyone can examine and use for other stuff. Even the most obfuscated code risks discovery when anyone and everyone can use it as they see fit. Why do that when you’re going to be putting closed-source stuff on top anyway? That’s the natural home for any code that maybe you don’t want the rest of the world looking at.

          As such, the code for Chromium is most likely pretty clean and straightforward. Having it be open source is part of Google’s strategy for warding off government getting on their case for monopoly issues. Putting sneaky things in that can give people ammunition to claim Google’s being a bad guy would defeat some of the purpose of Chromium being open source, and could lead to more government interest in their actions. It’s not necessary to do that when there is a closed-source portion to Chrome anyway.

          If people want to avoid any code written by Google on principle alone, well… that is their choice, of course, but open-source programs are full of corporate-written code that was written for the benefit of the corporations whose employees wrote it. The Linux kernel itself is like this, as are bits that are on nearly every Linux distro (like systemd and Pulseaudio, both developed by Red Hat’s Lennart Poettering).

          Having that corporate contribution in open source is not a bad thing. The lack of resources is one thing that has been a problem, and having people being paid to look at your code and make it better is a good thing. It’s open source, so if any project ever ends up skewing too much toward the interests of any one company at the expense of others, it is likely to be forked pretty quickly, with the community-oriented devs typically jumping to the fork (and they’re able to backport the bits of the corporate code that they handpick as being worthy without taking the bad stuff, so the good work by the corporate entity still gets back into the community edition).

          A more pressing reason to avoid Chromium would be to avoid having a single rendering engine that is used by everyone. We’re almost there, though, with Firefox having such a small market share that it hardly even matters anymore. Of course, there is also Safari, but it’s only on (in PC terms) Macs, so even if every Mac user used Safari, it’s still only ten percent(ish) of the market.

          I use Firefox because I still have not found a way to get Chrom* anything to scroll smoothly with my laptops. Drives me crazy… otherwise I’d be using Vivaldi full time.

           

          Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon
          Dell G3 15/3579, i7-8750H/16GB, KDE Neon
          Asus P8P67 Deluxe, i5-2500k/16GB, KDE Neon

          4 users thanked author for this post.
    • #2385444

      Edge is based on the Chromium, not on Google’s Chrome browser

      True. But both share the same security bugs.
      Every time Chrome issue a new version Edge follows the next day with its own update.

      Example : #2382155

      1 user thanked author for this post.
    • #2385455

      In this article you mentioned that Brave is an alternative search engine and that Brave also building a search engine of it’s own. Brave has been my default browser for years now and I love the speed and the way it blocks ads and trackers. Brave Search is now in Beta and can easily be implemented by selecting it from Settings -> Search Engines and selecting it from the list of search engines used from the address bar. However, with the help of someone on the Microsoft Community Forum I found that you can also use it in Microsoft Edge To do so:

      1. Open Edge and enter edge://settings/searchEngines in the address bar search field.
      2. Click Add and enter Brave for the Search engine, Brave.com for the Keyword and enter https://search.brave.com/search?q=%s in the URL field and save the entry.
      3. Once Brave has been added, click on the 3 dots to the right of the entry and select “Make Default” and Brave Search will be your default search engine.

      I’m not sure that it can be added to Chrome but considering that Edge, Chrome and Brave are all Chromium-based I’m assuming that the possibility exists (and would really be sticking it to Google to use it on Chrome).

      I’m hoping that Susan will write a full blown article for the Ask Woody Plus Newsletter that will include the above and cover some of the differences between it and DuckDuckGo that’s another privacy oriented search engine.

      1 user thanked author for this post.
      • #2385617

        I’m hoping that Susan will write a full blown article for the Ask Woody Plus Newsletter that will include the above and cover some of the differences between it and DuckDuckGo that’s another privacy oriented search engine.

        DuckDuckGo offers DuckDuckGo Privacy Essentials. BMHO good plugin, that is available for Chrome and Edge too (maybe all chromium based browsers). You will get small icon, that tells you immediatelly, how secure is the webpage. It blocks incoming trackers and it will let you know, what happens on the backgroud. Sometimes it blocked certain webpages for me. Then I looked what happened and there was warning, that my form data are sent elswehere, that website is promising. Personally, I would recommend to use that for most users.

        See, how Youtube is considered as grade D, because it collects lot of data about us. Askwoody is safe, so it was given B+.

        youtube

        methods

        aw

        Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, W10 20H2 Enterprise

        HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

        PRUSA i3 MK3S+

        2 users thanked author for this post.
    • #2385522

      “… there are foundational components of Internet Explorer that will never quite go away. These are the building blocks of many line-of-business applications, so while we can remove icons, the underlying foundational parts will never completely be removed.”

      In addition, IE long served as the display engine for various flavors of Outlook, certainly as late as Office 2016.  Outlook would sometimes go off the rails, unable to display ones email in HTML directly within the browser.  The fix was a cumbersome procedure changing something or other within IE, I forget exactly because it has been two years since one of my clients encountered it.

      Maybe the Outlook built into Microsoft 365 has finally gotten past this IE dependency.

      1 user thanked author for this post.
    • #2385630

      The Outlook desktop client has used Word HTML  since Outlook 2007. See Outlook 2013 / 2016 / 2019 / 365 and Word HTML – HowTo-Outlook.

       

       

      --Joe

      1 user thanked author for this post.
    • #2385659

      DuckDuckGo offers DuckDuckGo Privacy Essentials. BMHO good plugin, that is available for Chrome and Edge too (maybe all chromium based browsers). You will get small icon, that tells you immediatelly, how secure is the webpage. It blocks incoming trackers and it will let you know, what happens on the backgroud. Sometimes it blocked certain webpages for me. Then I looked what happened and there was warning, that my form data are sent elswehere, that website is promising. Personally, I would recommend to use that for most users.

      Not saying that DuckDuckGo isn’t a worthy, privacy oriented, search engine.  The fact is though that Brave Search is new and it’s only a Beta right now but based on some of the articles that have already been printed on it, Brave is different and those differences could be a reason for some to select it over DuckDuckGo and other popular search engines.  The Brave Browser is very privacy oriented in terms of blocking ads and trackers so if Brave Search is equally privacy oriented then it should also be considered a worthy alternative as well.  This is why I hope Susan will write an article about Brave Search and perhaps later on compare it to other search engines.  Since many use Edge instead of Brave I put the instructions on how to set it up in Edge so perhaps it gets a greater number of testers since it is still a Beta version.

       

      1 user thanked author for this post.
      • #2385773

        Not saying that DuckDuckGo isn’t a worthy, privacy oriented, search engine.

        DuckDuckGo search engine is not bad, but sometimes its not enough for me and I use google anyway. DDG is getting better and better, but its hard to beat the hegemon (google). I was trying to introduce DDG plugin, which seems pretty good to me. Brave is also option to consider and I would like to see the article too 🙂

        Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, W10 20H2 Enterprise

        HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

        PRUSA i3 MK3S+

        • #2385791

          I have StartPage on standby for when DDG fails. I don’t even have Google proper as one of the search options in Firefox. One of the first things to get removed!

          Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon
          Dell G3 15/3579, i7-8750H/16GB, KDE Neon
          Asus P8P67 Deluxe, i5-2500k/16GB, KDE Neon

    • #2385720

      WOW! I have used RoboForm for many years and it has worked for me with ease of use as well as no problems with hackers so I don’t mind in the least the yearly cost of this wonderful Password manager. I also use DuckDuckGo and am very pleased with it as well. I tried Google Chrome, deleted it from my computer after just a short while. Too buggy back then, and of course since google helped the Chinese with their spying software on their own people, I don’t trust even gmail and am working to get totally rid of it on my machine. Firefox is my goto browser and I see no reason to change to something new. I actually have to admit, I had never heard of Brave, of course I am no longer involved in programming other than web pages. At 76 years of age I still enjoy writing pages but I find that I now write simply stuff that I find interesting, like genealogy and my American Legion post and my Church. Anyway, I really appreciated this article also the stuff on VPN’s. A little extra security is always a welcome idea.

    • #2385737

      WOW! I have used RoboForm for many years and it has worked for me with ease of use as well as no problems with hackers so I don’t mind in the least the yearly cost of this wonderful Password manager.

      I have not used RoboForm but you might want to take a peek at BitWarden.  I used KeePass for years because it was free but it was not as user friendly as I would have liked.  A few months ago I read an article that compared KeePass to BitWarden, which is also FREE to use and thought I would give it a try.  Long story short, I will NEVER go back to KeePass.  Bitwarden keeps your passwords in an encrypted vault in the cloud whereas I was keeping my encrypted KeePass vault on OneDrive.  What’s outstanding about BitWarden is you can add an extension to Brave or to Edge and Chrome that integrated the vault with your browser.  Land on a site that’s in your vault that requires a password and Bitwarden autofills the fields with your data.  Easy to use and again free to use not only on your PC but on your cell phones and tablets.  Perhaps you’d find BitWarden just as good as RoboForm and you could save some money.

      In addition to BitWarden you should take a look at Brave.  Since I’ve been using it, it has blocked 416,221 ads and trackers, has saved me 7.46 GB in bandwidth and has saved me  5.8 hours of browsing time because of how well it blocks the adds and trackers.  I also have Edge configured to block as much as a can tweak it to block and it amazes me how I can access the same web page and Edge still doesn’t block as much as Brave does.

      • #2385794

        If you use Android, the version of the BitWarden app that is available on F-Droid has no trackers. The Google Play version does, which BitWarden devs say is only for diagnostic purposes and that they collect no personal data for advertising or sale to anyone else, but if you’d rather be certain of that, the untracked version is available. I don’t believe F-Droid allows any trackers in their offerings. (It’s an alternative app repository for open source apps only.)

        Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon
        Dell G3 15/3579, i7-8750H/16GB, KDE Neon
        Asus P8P67 Deluxe, i5-2500k/16GB, KDE Neon

      • #2386081

        I was hoping that someone would weigh in about bitwarden. My LastPass subscription is coming due soon and as much as I don’t mind paying for good software, I’m finding that more and more it fails to autofill sites, both on desktop and mobile. Wondering if Bitwarden may function better.

        Have you had any problems with Bitwarden autofill? It’s not a huge hassle, but I hate having to rely on copy/paste with Lastpass at times.

    • #2386000

      I have StartPage on standby for when DDG fails.

      DDG uses Bing which isn’t worth much if you are not in the USA.
      StartPage has been bought by an AD company. That says all about it.
      Brave search is new and will never have Google’s search vast data base.

    • #2386025

      Brave search is new and will never have Google’s search vast data base.

      At this point, since they are new, it is true that they will not have the amount of search data that Google has in their database.  However, according to several articles on the web regarding Brave Search, unlike DuckDuckGo that only mixes search results from Google and Bing, Brave is building their own database to use instead.   When a search is conducted it will search it’s own database and if the results are lacking they will augment and add to their database by anonymously checking Google for the same query and mix the results together before rendering the results back to you.  In addition I found that if you scroll down on the search results page you will find an option to search elsewhere and you can search Google, Bing and Mojeek and see their search results in the same manner as if you were using that search provider as your default search engine.  So far I’ve made some pretty obscure searches with Brave Search and although displayed a bit differently, they did provide the same results.

      • #2386069

        Brave is not even close.
        Just did a search : Got 10 results with Brave, selected ‘Find elsewhere’ Google and got 66,000 results.

        Sorry. There is only one search service and that is Google search.

    • #2386083

      Have you had any problems with Bitwarden autofill? It’s not a huge hassle, but I hate having to rely on copy/paste with Lastpass at times.

      Patricia,

      I’ll tell you how I use it since I switched from KeePass where the autofill didn’t work half the time and I had to cut and paste.  Bitwarden makes an app that you can install on your PC but I found that the better approach for me is to use the browser extension which I have installed on both my Brave browser and Edge.  Because my home PC is very secure I have configured the browser extension to be active anytime I load either browser.  If I visit a site that requires a logon ID and password I right click, select BitWarden, select autofill and then select the entry for that website that corresponds to that page.  Bit Warden will the populate both fields and will make the text in the fields large and then slightly smaller, like a quick flash, to give you the feel that it’s successfully completed it’s task.  After it populates the fields you then have to press whatever is required to initiate the logon process.  It also seem smart enough that if you have a site that requires you to submit your logon ID and then submit you password on a separate page it will fill each required field as needed by initiating the autofill request again.  There are cases where I have separate credentials in separate folders in BitWarden for the same site and when you press Autofill it prompts you to select the credentials that you want to use.  This also comes in really handy if for some reason I’m checking something out using my Brave browner and I want to open up Edge so I have two browsers up at the same time Bitwarden doesn’t care and works the same on either browser at the same time.  Very slick considering how cumbersome it was to setup autofill on Keepass that would only work on one browser and like I said wouldn’t work half the time.  Very glad I switched.

      Another thing I like is that there are apps for your phone and/or tablet that can work with the same database in the cloud at the same time you’re on your PC.  Note that on your PC and/or laptop if you have the browser extension installed but for security reasons you don’t want to have Bitwarden accessible the default configuration is to open your browser, log onto BitWarden and it will remain accessible until you close your browser or log out of Bitwarden.

      With BitWarden being free I would install it, export your database from LastPass and import it into BitWarden and give it a go.  I found out about BitWarden because LastPass or some other password vault that was previously allowing individuals to use it for free announced that they were going to start charging to use it and BitWarden was the recommended free alternative.

      • #2386084

        Thank you so much for the response.

        I was relieved to see the BitWarden import function (thank the Lord! I have a huge vault in LastPass) so I’ll be trying it out starting today!

    Viewing 13 reply threads
    Reply To: Browsing your way to more security

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.