Web Security

Vulnerabilities in Internet Software

web browsers Weaknesses | Email Weaknesses
More About Security Issues

Web Security Affects You

Web security is not a new issue, but increases in e-commerce and the fact that more folks are using broadband (always-connected) access has created the need to improve security. There are serious flaws in some browsers, which is further aggravated by security holes in Windows.

While the information on this page may not be light reading I recommend that you peruse it. To ignore it is to do so at your own peril.

Security Weaknesses in web browsers

web browsers by their very nature are susceptible to security weaknesses. While visiting sites on the Web (the World Wide Web) you are exposed to scripts and more that can be intentionally or unintentionally dangerous.

web browsers all have some weaknesses and design issues. The severity can be aggravated by how frequently updates are provided to resolve security and other problems as well as how tightly the browser has been tied into the operating system or used for other purposes such as installing software (primarily but not uniquely an issue with Internet Explorer).

Use the Most Recent Browser

Firefox Download Button

Whether you use Internet Explorer or Firefox or another browser, you should always upgrade to the most recent version and install any patches that are available. Newer versions of the same browser offer several advantages:

Use Browsers with Better Encryption

If you can meet the license requirements for the 128-bit RSA encryption for Firefox (and other Mozilla-based) or Internet Explorer web browsers, this will provide better security than the older 56-bit versions. Most financial institutions will insist on this level of encryption before you can use their on-line services.

Internet Explorer 6 Obsolete

IE 6 Isn't Safe

Bring Down IE6

“Internet Explorer 6, which according to the W3school web browser survey, is still used by over 14% of all Web users is the least safe browser out there. How bad is it? There's a group encouraging web sites to tell you to dump IE 6. Heck, even Microsoft wants you to get rid of IE6 in favor of IE 7 or IE 8.”
ITworld August 2009

Note: IE6 usage is declining rapidly, reported at a much-reduced 1.2% as of December, 2011 (total IE usage reported at 20.2% of all browsers).

IE6 is Holding Back the Web

Internet Explorer 6 is now holding back development of the Web because it doesn't support many of the more recent advances in web design that would allow for a richer user experience. As well, developers are spending a disproportionate amount of time catering to the special requirements to make IE 6 display properly — particularly considering the diminishing user base.

Browser-Security Risks

Browser Security Updates

Information is provided on known weaknesses of various web browsers in use. Sometimes you need to dig to find this information, but the competition may point out the flaws for you.

Other Security Information

You may also wish to correct known potential security risks associated with various browsers found by other parties.

Older Browser Issues

While many of the issues with older browsers are intricate enough to only interest website designers and browser technicians, older browsers will often incorrectly display newer websites, if they can display them at all.

Microsoft has finally released a standards-compliant version of Internet Explorer (version 8) which also has the ability to view older sites as intended using Compatibility View. These only work with sites built to look good in Internet Explorer at the expense of other browsers and I'd recommend leaving Compatibility View disabled if you have to assess the effectiveness of websites in order to fairly judge them.

Even if you are willing to put up with increasing difficulties with display issues, you cannot walk away from the security dangers of using older, unpatched browsers.

Assessing Your Risk

The following sites can help you to assess the security risks posed by your current browser, and suggest fixes that are necessary. Be sure to follow the instructions closely, which includes not opening files if prompted to do so.

Return to top

Security Weaknesses in Email Programs

Outlook & Outlook Express Are Problematic

There are security issues with all email programs but this is most pronounced in Outlook and Outlook Express because Microsoft products are so tightly tied together.

Outlook Express Obsolete

Because Outlook Express is pre-installed in Windows XP many users continue to use it. Outlook Express is an obsolete legacy of Internet Explorer 6 for which Microsoft has ceased development and support.

No Native Email Program for Windows 7

There is no native email program for Windows 7 (Vista has Windows Mail) so you need to use webmail or find a new email program.

Outlook — It Depends

The vulnerability of Outlook depends upon the version. Earlier version suffer from the same weaknesses as the Internet Explorer family.

Starting with Office 2007, Outlook went back to using MS Word for HTML rendering to address this issue.

However, the interlinking of Microsoft products continues to be a security concern as a weakness in any one component affects them all.

Recommended Email Software

Instead of Outlook Express, download and use one of the alternative email programs or move to webmail. Be sure to use unique secure passwords — webmail accounts are accessible to anyone and the sorts of questions used for recovery of lost passwords are often posted on Facebook and other social media sites. Write your own security question, if possible.

Thunderbird

Download Thunderbird

Thunderbird is a free email program from Mozilla, the same folks that make the Firefox browser. It is a powerful, yet easy to use, stand-alone email program that works great in conjunction with the Firefox browser.

If Outlook Express worked for you, then Thunderbird will too.

Pocomail and Barca

Purchase PocoMail 4 - built from the ground up for security and features! Purchase Barca 2, PocoMail 4 with a calendar, diary and more!

Thunderbird will be powerful enough for most users, but sometimes you need more control over your mail. Pocomail and Barca provide extremely powerful filtering capabilities and other features seldom found in other clients.

Barca is the same as PocoMail except that it adds a calendar and other features similar to Microsoft Outlook, but is more secure.

I strongly recommend the free Thunderbird (PocoMail or Barca if you need extra features and flexibility). Details….

Recent forum postings by Slavin, Pocomail's creator, indicate that Pocomail (and therefore Barca) sales will discontinue as of December 31, 2011 (there is the potential for a free release of Pocomail 4.9 in the future). These are still excellent programs and work well for Windows XP through 7, but the compatibility with Windows 8 is in question.

Reducing Your Risk If Using Outlook

If you continue to use Outlook (especially for the PIM features) you should reduce your risk by ensuring you're running a version that is currently supported by Microsoft with updates and patches.

Windows Scripting Host enables Outlook to open attachments and run programs without asking first. Since most users don't use Basic scripting this should not compromise functionality for the majority. You can disable Windows Scripting Host.

Return to top

More About Related Issues

Protecting Your Online Identity

The following related pages offer more information about protecting your online identity:

Securing Your Computer

The following related pages offer more information about securing your computer:

Return to top

www.RussHarvey.bc.ca/resources/websecurity.html
Updated: February 1, 2012