Tip

Free tools defend against malicious Web sites in the enterprise

The World Wide Web is a dangerous place. There are sites and seedy areas that can make the wrong side of town look upscale. Aside from standing directly over your users while they are using Web browsing applications, there is no sure way to know that they visit safe sites. Even the most innocuous site can contain malware that can find its way onto their computers and your network.

One of your best defenses in such a scenario is prevention. Specifically, having the right tools deployed in your environment. A bevy of system-wide security measures and tools can go a long way toward protecting your users (and your entire network) from browser-related mishaps.

More Web browsing safety tips

  • Controlling Web surfing with Content Advisor
    Unmanaged Web surfing can cause more problems than just malware infection. Find out how to control your users' Web surfing.

  • Web Browser Security Learning Guide
    This Learning Guide identifies the inherent flaws of IE and Firefox, introduces viable Web browser alternatives and recommends ways to maximize your Web browsing security.
  • One such tool that can protect users from the dangers of the Web is Sandboxie. The Sandboxie utility creates a temporary storage area that acts as a proxy for the actual hard drive. Data that would normally be written to the drive, possibly corrupting or infecting the system, is instead held in the Sandboxie Transient Storage. Sandboxie works with other programs as well, but can be particularly useful in preventing malicious Web sites from doing any permanent damage to the computer and other computers it is linked to.

    If a malicious Web site attempts to alter the links in your "Favorites" menu or hijacks your browser homepage or installs software and adds icons to your desktop, these changes may occur, but they will be written only to the temporary storage area. Once you stop the Sandboxie session, all of those changes are wiped out. Sandboxie also intercepts attempts to alter files or Registry settings so that programs cannot have an effect outside of the Sandboxie session.

    Aside from protecting users from infection and compromise while they visit potentially malicious Web sites, Sandboxie can also help preserve privacy and protect personal information that can be used to infiltrate your network. Information that would normally be cached by the browser, and details such as the URL history data, will all be erased when the Sandboxie session ends.

    Another free tool is McAfee SiteAdvisor. SiteAdvisor is a free security plug-in available for the Internet Explorer and Firefox Web browser applications. It identifies sites known to be related to spyware, viruses, browser-based attacks, phishing attacks and more. SiteAdvisor compares sites against McAfee's database of known threats and previously identified risky sites and displays an icon on the browser toolbar labeling the site with one of three identifiers: Safe, Caution or Warning.

    SiteAdvisor also integrates with popular search engines such as Yahoo and Google and displays rating icons next to the links returned in a search. Your users can view more details on sites that are identified as a risk such as information about spam generated from the site and malicious downloads. SiteAdvisor can be a great tool for users who might not otherwise recognize questionable sites.

    By deploying free tools like these to the users in your environment, you can help them help themselves to surf the Web more safely and proactively prevent many of the malware and spyware issues that might otherwise take up precious IT resources to resolve.

    For another safe Web browser tool, check out Brien Posey's piece, Controlling Web surfing with Content Advisor.

    About the author: Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He is the About.com Guide for Internet / Network Security, providing a broad range of security tips, advice, reviews and information. Tony is co-author of Hacker's Challenge 3 and the author of the recently released "Essential Computer Security". He contributes frequently to other industry publications. For a complete list of his freelance contributions, visit S3KUR3.com.

    This was first published in October 2006

    There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.