Why does a browser need security settings?

by sabitha 2010-11-09 15:43:10

Web pages are plain text files which, by themselves, cannot harm your computer. So are emails. However, some of the text in them can be instructions to your browser or email viewer that tell it to do the following things:

1. Launch a programming language such as JavaScript or VBScript and submit some text to it so it executes (runs) as a computer program.
2. Fetch additional non-text content such as an image and place it on the page.
3. Fetch non-text content such as a movie, Flash, audio, PDF, or Word document, Excel spreadsheet, etc., and feed it to an application (a plug-in, browser helper object, program on your local computer, or the Java Runtime Environment) which will then display it on the web page, play it, or render it in whatever media format is appropriate for it.

Each of these types of objects does have the potential to harm your computer under some circumstances.

1. A JavaScript or VBScript program can be designed to do malicious things to your computer. Although its text can't harm your computer by itself, it CAN when it's fed into your browser's scripting engine and executed as a program.
2. Images are occasionally crafted to be malicious.
3. A Flash movie, or any of the other non-text files listed above, and others, can be designed to do malicious things to your computer. So although the plain text code containing the instructions to load them can't do any damage, the files themselves CAN, when they are loaded into the plug-in programs and displayed, played, or otherwise rendered.

The key to making your browsing safer is to restrict what types of these "secondary" objects are allowed to be fetched, restrict JavaScript and VBScript from executing, and restrict what types of applications (plug-ins, browser helper objects, or programs on the local computer) are permitted to be activated as the result of instructions on a web page or in an email.

You can be very secure if you ALWAYS disable ALL of these secondary objects and disallow ALL plug-ins, so that your browser only displays the text on the web page and absolutely nothing else, but you might find these restrictions unacceptably limiting, and some of your favorite web pages might not work properly.

Tagged in:


You must LOGIN to add comments