Go to Windows 7 Insider Guide
Internet Explorer 8, Firefox 3, Google Chrome 4, Apple's Safari 4, and Opera 10 include features that block sites known to host malware and malicious downloads. All but Opera also let you browse without leaving any tracks. But just as important as these protections is ensuring that whichever browser you use is thoroughly patched.
Filtering out bad sites
Firefox's built-in antiphishing tool claims to update its bad-site database 48 times a day, according to Mozilla's Firefox security page. Firefox 3 uses Google's Safe Browsing service to automatically block sites that are known to host malware. The Google Code site describes how Safe Browsing works in Firefox.
To verify that attack-site blocking is enabled in Firefox, click Tools > Options > Security and make sure "Block reported attack sites" is checked.
Firefox will prevent known-bad sites from opening when "Block reported attack sites" is checked.
(Credit: Mozilla Foundation)The same feature is built into Google's own Chrome browser. You can ensure that malware-site filtering is on in Chrome by clicking the wrench icon in the top-right corner, choosing Options, and selecting Under the Hood. "Enable phishing and malware filtering" should be checked. The Google Chrome Help site describes the feature. (Hint: This page looks very similar to the description on the Google Code site.)
Google's Chrome browser blocks known-bad sites when "Enable phishing and malware protection" is checked.
(Credit: Google)The SmartScreen technology in version 8 of Internet Explorer blocks known-malicious downloads as well as bad URLs. Other new security features in IE 8 include automatic blocking of click-jacking and cross-site scripting attacks, automatic crash recovery, and highlighting of the actual domain name in the address bar. The Microsoft Security site describes the SmartScreen Filter and includes links to a SmartScreen FAQ and information for site managers.
Apple's Safari browser added phishing and malware blocking in version 3.2, which was released in late 2008; read about this and other security features in Safari 4 on the Apple Safari site. Likewise, Opera's Fraud Protection predates the phishing and malware filters in IE and Firefox and is enhanced in the latest version 10. But attack-site blocking is only one of Opera's many security features, which you can read about on the Opera site.
Browsing in private
To activate private browsing in Firefox 3, click Tools > Start Private Browsing, or simply press Ctrl-Shift-P. You can set Firefox to start in private-browsing mode by clicking Tools > Options > Privacy and check "Automatically start Firefox in a private browsing session." The Mozilla support site provides more information about this feature. Likewise, put IE 8 in private-browsing mode by clicking Safety > InPrivate Browsing, or by pressing Ctrl-Shift-P. You can also open a new tab and click either Browse with InPrivate or Open an InPrivate Window.
IE 8 also lets you control the information about your browsing habits that's shared with Web tracking services. To activate this feature, click Tools > InPrivate Filtering Settings and choose "Let me choose which providers receive my information." This opens the InPrivate Filtering settings dialog, where you can turn filtering off, choose which services to block from tracking you, or automatically block all trackers.
Internet Explorer 8's InPrivate Filtering lets you block some or all Web tracking services.
(Credit: Microsoft)You can open an incognito window in Google Chrome by clicking the wrench icon in the top-right corner and choosing "New incognito window," or simply press Ctrl-Shift-N. The incognito icon (a shadow figure in a fedora and glasses) appears in the top-left corner of the browser window. The Chrome support site offers a more detailed description of this feature.
Opera lacks an equivalent private-browsing capability but does offer private searching and other identity-blocking features, as described on the Opera site. To activate private browsing in Safari, simply click Safari Settings Menu > Private Browsing.
Automatic and not-so-automatic browser updates
Patching is a way of life with nearly all software, but especially with browsers and the media players associated with them: Adobe Reader, the Flash Player, Apple's QuickTime, and Sun's Java, among others. All of a browser's security features can be rendered useless by a piece of malware that takes advantage of an unpatched hole in the program.
Firefox 3 alerts users to the presence of an update and now also notifies you when your Flash Player is out-of-date. Internet Explorer 8 updates via the Windows Update/Microsoft Update services. Google Chrome made a splash by being the first browser to update itself in the background without requiring any prompting from users. Safari updates automatically via Apple's update service, which also serves up patches automatically for QuickTime, iTunes, and other Apple software. Opera also notifies you automatically when a new version is available.
But updating is too important to leave to others. Back in April, I described Secunia's Online Software Inspector and downloadable Personal Software Inspector, which identify out-of-date programs on your PC. The programs mentioned in that post have all been updated since, but Secunia's services should point you to the most recent versions.
(Note that Secunia sometimes reports a program as being out-of-date when in fact you have the latest version. On my PC, it continually reports my up-to-date Flash Player as being in need of an update, for example. But the free service Secunia provides is worth putting up with this and similar minor annoyances.)
The developer preview version of Chrome now promotes an as-yet unworking link to an extensions gallery.
(Credit: Screenshot by Stephen Shankland/CNET)Google is on the verge of launching a Web site to showcase its extensions to customize what its browser can do.
The company's latest developer preview edition, Chrome 4.0.249.0, promotes the feature on its opening screen and its new-tab page. "New! Google Chrome now has extensions and bookmark sync," the page reads, offering a link to a site that's not public yet, https://chrome.google.com/extensions. (Bookmark sync is already available.)
Extensions and support for Mac OS X and Linux are the headline features of Chrome 4.0. It's available as a beta for Windows, with Mac OS X and Linux beta availability expected in early December. According to the Chromium development calendar, the beta is planned for December 8 release and the stable release of Chrome 4.0 is due January 12.
A number of third-party galleries for Chrome extensions already are available, but programmers for the project have said on mailing lists that a Google site is planned. Earlier this year, Google shipped a version of Chrome that pointed to a collection of visual themes before the Chrome themes gallery was actually live to the public.
Extensions are a key asset of one Chrome competitor, Mozilla's Firefox; extensions permit people to customize the browser and add new features without burdening the overall project. Firefox is getting a new extensions framework, Jetpack, starting with version 3.7 due in the first half of 2010, and Mozilla has just launched its own Jetpack gallery.
Google has updated the stable build of its Chrome browser with two fixes. Google Chrome 3.0.195.33 plugs a security hole that could have allowed a malicious Web site to set custom HTTP headers on cross-origin options requests. A second bug fixed in version 3.0.195.33 removes a dependency on a Windows library file that was not actually required by Chrome. Earlier versions of Chrome would fail silently if that DLL file was missing or rights-restricted.
The Google Chrome developer's channel also updated Friday. Kiosk mode has been activated on all platforms, although the status bar-hiding feature that also sets the full-screen mode as the default doesn't work yet for Macs. However, numerous other fixes were implemented for the Mac version. These include a "bookmark all tabs" feature, keyboard hot key fixes, and a fix that stops PDF files from being opened by QuickTime.
The developer's build of Google Chrome is available for Windows, Mac, and Linux. The changelog for the stable build is available here, and the changelog for the developer's build is here.
Google plans to release a Mac beta of Chrome in early December, judging by some chatter on a mailing list for the browser.
Chrome 4.0 is available today as a beta version for Windows but only as a rougher developer-preview version on Linux and Mac OS X. The standout feature of the new version is customization through extensions, a technology that long has been a core asset of another open-source browser, Firefox.
Google has been moving to a new extensions presentation technology called Browser Actions that let people interact with extensions through a small button toward the upper right of the browser window. "We've noticed that many of you have updated your extensions to take advantage of the new UI. We'd like to encourage the rest of you to do so as well," said Nick Baum, a Google Chrome product manager, in a mailing list posting.
But here's the hitch: Browser Actions only work on Windows and Linux right now. That means those building extensions will leave Mac Chrome users behind for a time. But in telling those developers they won't have long to wait, Baum mentioned the deadline for the beta version.
"The earlier you switch, the more time you will have to polish your experience for our Beta launch in early December," he said.
And Google is on the case for adding Browser Actions to the Mac version of Chrome.
"We realize this means dropping Mac support for a couple of weeks, but we already have people working on that," Baum said. "If you prioritize the Windows and Linux versions, we'll bring you cross-platform parity as soon as we can!"
The PortableApps Suite is a storehouse and management system for "portable" versions of some of the most popular freeware around. That collection used to be limited only to open-source programs. But on Wednesday it started making portable versions of closed-source freeware to users. The first batch of portable freeware includes Web browser Google Chrome, VoIP client Skype, BitTorrent client uTorrent, antispyware tool SpyDLLRemover, and three others at the time of writing. The new portable versions of these programs work both independently and in tandem with the PortableApps suite.
In a statement published on its Web site, PortableApps.com founder and CEO John Haller said that PortableApps "remains committed" to open-source software, but that closed-source freeware publishers would find other venues for USB stick-friendly versions of their programs if PortableApps didn't open its doors to them. For users that want to support only open-source programs, he said that the PortableApps directory will soon be filterable.
PortableApps is also planning to accept portable versions of commercial software, although it hasn't announced a timeline yet. Readers can check on the latest updates to the PortableApps catalog at their Web site, although we do host most of them at Download.com as well.
Those of you who hate the recent arrival of Yahoo's logo on Flickr now have an easy way to erase it--and get a number of useful features--as long as you're using an edgy version of Chrome.
Fittr Flickr lets you click 'EXIF' to expand a box below the image to show photo details.
(Credit: Stephen Shankland/CNET)Chrome extensions let people customize the browser's behavior, and the Fittr Flickr extension from Gmail programmer Dan Pupius whips Yahoo's photo-sharing site into shape. Some people use extensions for using Delicious bookmarks, banishing ads, and filling out forms, but this is my favorite Chrome extension so far. You can also download Fittr from Download.com.
The Yahoo logo is ugly but not too bothersome in my eyes. Instead, what I like best about Fittr Flickr is its keyboard navigation options. Once the extension is installed, you can type "?" to see the options, but the two I now use a lot are "." and "," to navigate forward and backward through a person's photostream. Typing "s" will star a photo as a favorite, and in a nice Google touch harkening to the vi text editor, "/" will put your cursor in the search field.
... Read more
Mariah Carey gets her own Google Chrome theme.
(Credit: Stephen Shankland/CNET)I'm a little confused. Is Chrome supposed to be a minimally intrusive window to the Web or a splashy showcase for your favorite graphical style?
If you're in the latter camp, the type of person who picks desktop wallpaper carefully and reskins every software that can be reskinned, you'll be pleased with Google's unveiling Monday of artist themes for its Chrome browser. If you're the more utilitarian sort, avoid clicking on the Themes Gallery page.
These two possible attitudes aren't mutually exclusive, but they do live awkwardly together in Chrome. For an artistic canvas, Google's browser has only a minimal menu bar across the top, and it's often obscured by tabs. The best opportunity to show off some graphical pizzazz is the new-tab page, which perhaps someday will become some all-purpose Google portal page but for now is just a means to getting to some other Web page as fast as possible.
... Read moreGoogle has built its Native Client technology into its newest version of Chrome, endowing the browser with new processing power for running Web applications.
Native Client, or NaCl for short, is an ambitious Google project that, if successful, will help close one gap that separates Web applications from those that run natively on a computer's operating system. That would improve the competitive position of Web applications such as Google Docs compared to Microsoft Office--and thereby boost Google's Chrome OS project in comparison with Windows.
Most Web browsers run programs written in JavaScript or perhaps Flash, both of them running on a programming foundation that makes those programs slower than native software. But Native Client lets programmers write software that directly taps into x86 chip models such as AMD's Athlon or Intel's Core. Secial programming tools and a screening mechanism in the Native Client software itself are designed to provide security for what has historically been the risky process of downloading executable programs from the Net
Chrome Version: 4.0.220.1, released Friday, "introduces the Native Client as a built-in feature for the first time on Windows," said Jonathan Conradt, a Google engineering program manager, in a blog post about the release. Previously the software was available only as a browser plug-in.
Google also offers a variety of basic tests and more elaborate examples of what Native Client can do, though it takes a bit of technical configuration to get them working. Among them are spinning ray-traced globes, the Game of Life, and the Quake first-person shooter video game.
Native Client shows how Google is using Chrome as a vehicle to advance its Web programming agenda. While some competitors such as Microsoft have a strong business of software that runs natively on a computer, Google wants software to run on central servers on the Internet.
This cloud computing approach has some advantages--being able to more easily collaborate and share documents for example, or to see and edit documents using any PC or smartphone. Google was born on the Web and has an incumbent's advantage there over rivals, but as an applications foundation, the Web remains slow and primitive compared to native applications in many regards.
Native Client isn't the only effort to change that situation. Google also has a plug-in called O3D--also a project it's building into Chrome--designed to let programs tap into hardware-accelerated 3D graphics. It works at a higher programming level than a related effort from Mozilla and Firefox called WebGL.
Google first released Native Client in December 2008. In June 2009, declaring confidence in NaCl's security model, Google it announced it was bringing Native Client out of research and into production.
Though Native Client is built into the new Chrome version, there are plenty of qualifiers for the release. First, it's only in the developer preview version of Chrome, and only for Windows right now. Second, it's disabled by default; adding "--internal-nacl" as a command-line switch at Chrome launch will activate it, according to an explanatory page.
The new version of Chrome offers a variety of other features too, notably a number updates for extensions to let people customize the browser.
For example, extensions now appear as an option on the wrench menu for browser settings. More obviously from a user-interface perspective, the browser actions interface (see illustration below) is now available to place extensions in the form of a button to Chrome's main toolbar.
Browser Actions is a new extensions interface that let browser customizations take the form of small icons in the browser's main toolbar. This illustration shows what Google believes to be an overabundance of such extension buttons.
(Credit: Google)Microsoft on Thursday lashed out against Google Chrome Frame--an Internet Explorer plug-in that supplants IE's rendering engine with Google's.
The software maker, in a statement, said users are better off moving to a later version of Internet Explorer if they want the latest technology as opposed to using Chrome Frame.
Google plans to use Chrome Frame to, among other things, allow people to run Google Wave from within Internet Explorer.
(Credit: Google)"With Internet Explorer 8, we made significant advancements and updates to make the browser safer for our customers," Microsoft said. "Given the security issues with plug-ins in general and Google Chrome in particular, Google Chrome Frame running as a plug-in has doubled the attach area for malware and malicious scripts. This is not a risk we would recommend our friends and families take."
However, some took Microsoft to task for criticizing plug-ins, noting that Redmond itself has more than a few.
"Microsoft scared of security of plug-ins. Uninstall Silverlight now," Mozilla's Dion Almaer wrote in a Twitter posting.
Google announced Chrome Frame on Tuesday, saying it can be used with Internet Explorer 6, IE7, or IE8 to use Chrome to render Web pages and execute their JavaScript programs. To work, users have to install the plug-in and Web developers must insert a line of code onto their Web sites that engages Chrome Frame when a person visits the site.
Update, 12:35 p.m. PT: I had a chance to chat with Amy Barzdukas, general manager for IE.
In addition to reiterating the security risks associated with running what she called "a browser within a browser," Barzdukas said that using Chrome Frame also interferes with the private-browsing and clear-browser-history features within Internet Explorer 8.
"That is not made clear," Barzdukas said. "That is a trade-off that customers would really want to make with eyes wide open."
Barzdukas also rejected the notion that it offers a good option for those still using Internet Explorer 6.
"If you are a user of IE6, you should get off IE6, not install another add-on," she said. "It just compounds your problem."
Update 3:20 p.m. PT: Google offered up a statement on its own, explaining its thinking behind Chrome Frame.
"Google Chrome Frame is an open source plug-in that is currently in an early developer release and was designed with security in mind from the beginning," Google said. "While we encourage users to use a more modern and standards compliant browser such as Firefox, Safari, Opera or Google Chrome rather than a plug-in, for those who don't, Google Chrome Frame is designed to provide better performance, strong security features, and more choice to both developers and users, across all versions of Internet Explorer."
Although it does increase the surface area, Google notes it brings some security features of its own, particularly for those running IE6. "Accessing sites using Google Chrome Frame brings Google Chrome's security features to Internet Explorer users, providing strong phishing and malware protection (absent in IE6), robust sandboxing technology, and defenses from emerging online threats that are available in days rather than months," Google said.
(Credit:
Google)
Google released an Internet Explorer plug-in Tuesday designed to let Microsoft's browser use the features and performance of Google's own Chrome browser.
The software, called Google Chrome Frame, lets IE 6, 7, or 8 use Chrome to render Web pages and execute their JavaScript programs, Google said. To use it, people must install the open-source plug-in, currently in the developer preview stage, and Web developers must insert a line of code onto their Web sites that engages Chrome Frame when a person visits the site.
"For users, installing Google Chrome Frame will allow them to seamlessly enjoy modern Web apps at blazing speeds, through the familiar interface of the version of IE that they are currently using," said Google programmer Alex Russell and product manager Mike Smith in a blog post.
But the plug-in might needle its rival more than revolutionize Web browsing. For one thing, it takes a long time to get a lot of Web developers to update their sites. For another, how many people dissatisfied with IE's performance haven't already installed a higher-powered browser?
Google argues that the feature will appeal to some folks, though, including people in corporate settings who might not have a choice of browser and people who prefer IE's interface, said spokesman Eitan Bencuya. And people are familiar with plug-ins as a way to expand what browsers can do.
"It's a much lower barrier to entry than switching browsers," Bencuya said.
He added that Google has built support for the feature into one of its own Web sites, the Google Wave project that's a hybrid of e-mail, instant messaging, and wiki collaboration.
