Microsoft Office Tutorials and References
In Depth Information
Internet Explorer, Firefox, and Chrome have become more secure over the years
but there is still more to do. The most popular attack vector, meaning how PCs
are attacked, is through browser add-ons or plug-ins. In fact, the most
common attacks these days spread when popular websites are hacked and users
with affected plug-ins visit. Java is the most attacked at the moment, with new
patches coming out what seems like every week. One way to protect your PC
is to disable plug-ins that you don’t absolutely need.
Many applications install a browser add-on even though you may never
intend to use it. Java is the perfect example. I use a few desktop applications
that were written in Java, but I never use any web applications written in Java.
All web browsers allow you to disable add-ons for performance and security
reasons. I highly suggest you disable all browser add-ons that you don’t
absolutely need to make your PC much more secure. In Chapter 17, I covered how
to disable add-ons in Internet Explorer, Firefox, and Chrome to speed up
performance. You can use the exact same procedure to disable add-ons for security.
Sandbox Internet Apps
Sandboxing is a technique used to provide an extra layer of security to any type
of application by containing the execution within an isolated environment. Any
changes the application makes to your system, such as saving or downloading
a file, are virtualized and redirected to keep everything within the sandbox.
The application running within the sandbox only has read access outside of the
box, so it is impossible for the application to do any permanent harm except
destroying itself. In that situation, the sandbox just needs to be reset and you
have a fresh environment.
Running your web browser in a sandbox is the safest way to browse the
web. It doesn’t matter if someone finds an exploit in the browser or an add-on
because everything is contained. But just about any application can be run in
a sandbox, including your mail client and even an untrusted application you
just downloaded to try out.
Sandboxing is provided by a special utility that runs the application in a mode
that hooks the changes made to the system so the sandboxing utility can redirect
them. The most popular sandboxing utility for Windows is called Sandboxie by
Ignore the compatibility warnings; the author claims it works on Windows 8
and my tests back that up.
When Sandboxie is started for the first time, it creates a sandboxed Internet
Explorer automatically. You can find the shortcut for that on your desktop. You
can run additional applications within the sandbox by right-clicking Sandbox
DefaultBox, and then clicking Run Sandboxed and Run Any Program, as shown
in Figure 19-8.