All Web browsers, in their default settings, engage in the annoying practice of volunteering to each and every Web site visited the following information:
1. The type and version number of the browser being used via the http_user_agent environmental variable. This is a bad idea because it makes it that much easier for a malicious remote Web site to know exactly how to exploit one’s browser’s unique security weaknesses. Also, some Web sites make a marketing statement by refusing to deal with this or that Web browser.
2. The referring page, that is, the Web site visited just prior to the current one being visited.
Additionally, a Web browser has to send the user’s current IP address as well, which remote sites record. This is a (partly) necessary evil because the remote site has to know where to send the information asked for. (The “partly” qualifier alludes to the fact that one can use a proxy; see Section 9.6).
In addition, Web browsers have a long history of many security bugs that allow hostile remote Web sites to take full control of one’s computer from afar, depending on how a user has set the Web browser up.
The following in specific suggestions applicable to all brows- ers and e-mail software:
1. Download, install, and use JunkBuster from http://www. junkbuster.com (freeware). You can then set it up to show that your Web browser is, say, Gameboy64 and that the last Web site you visited was http://www.forever_virtuous.com or some such. 127
8
Contents
8.1 Netscape Navigator/ Communicator 8.2 Microsoft Internet Explorer8.3 Desirable e-mail software configuration and modifications 8.4 Secure e-mail conduct
online
8.5 E-mail forensics and traces: the anonymity that isn’t
2. Disable all autocomplete features, such as autocompletion of Web addresses and especially of passwords.
3. If you use Web browsers for e-mail or Usenet reading, disable HTML-enabled e-mail and Usenet message reading, in addition to disabling cookies. HTML-enabled e-mail and newsgroup readers can be exploited to tie a cookie to a specific e-mail address and using that information, Web sites and third-party advertising entities can collect information about the sites one frequents (e.g., insurance sites, adult sites, cosmetics sites), plus sell one’s e-mail address to others.
4. Visit one of many Web sites that do an online security analysis of your setup and tell you what can be obtained from your computer. One such site is http://privacy.net/analyze. Another one is Shields Up at https://www.grc.com. These sites probe your online setup and inform you of any security holes in your setup that you should close.
8.1
Netscape Navigator/Communicator
1. Make sure you use a 128-bit version. Until recently, when U.S. export regulations on encryption were relaxed, non-U.S. users had to be content with a lower-grade encryption version. This is no longer the case.
2. Create (at least) two different user profiles, a public one and a private one. If one needs to prevent others from finding that two (or more) profiles belong, in fact, to one and the same person, then one should not have more than a single profile on a single computer because the two (or more) profiles can become discovered during computer forensics (offline or online).
Use the private one to connect to any site you do not trust (which should be just about every site except, perhaps, your employer’s). For that private one, disable cookies, java, JavaScript, Smart brows- ing, “what is related,” and Smart update; there is nothing “smart” about them. Quite the contrary, they expose you to security vulnerabilities.
For the public profile, enable the minimum features that are required for it to function with the sites you trust and use it only for those sites.
If you want to use Netscape for encrypted e-mail (not recom- mended), then you must get a security certificate from any one of the many companies that make them. It is recommended that you use Thawtee Company because it is free and every bit as good as the for- pay ones. The procedure is self-explanatory: Click on the lock icon on the top line of the Netscape browser.
By the way, there is an easy way to copy over the security certifi- cate(s) you have created from one profile to another. Go to Program
Files/Netscape/Users and open the folder containing the profile for which you already obtained the security certificate. Copy the follow- ing three files to the other profile’s folder(s):
a. cert7.db; b. key3.db; c. secmod.db.
The same procedure can be used to copy the security certificates you got using one computer to another computer using Netscape as well. Keep in mind that one cannot use the same certificate for both Netscape and Internet Explorer (the use of which is strongly discour- aged due to its numerous security flaws, anyway).
3. Install and Use JunkBuster (see Section 7.4.1). For the private user profile, select the following preferences (under Edit/Preferences): a. Set the home page to http://internet.junkbuster.com/cgi-
bin/show/proxy-args.
b. Set Navigator to start with “home page” (see Figure 8.1). c. Under “proxies,” select “manual proxy configuration” (see
Figure 8.2). Then, under “view” enter the word “localhost” in both the HTTP and the Security windows and the number “8000” under both ports for these two (see Figure 8.3).
8.1 Netscape Navigator/Communicator 129
Figure 8.2 Navigator proxy settings detail.
4. Anonymize and clean-up the configuration. From a security per- spective it is preferable not to use Web browsers (especially Internet Explorer) for e-mail at all. Use a dedicated e-mail program instead, (such as Eudora). Integrating the e-mail function into a Web browser exposes the e-mail functionality to many of the security weaknesses of the Web browser, which, in the case of Internet Explorer, are overwhelming and have been responsible for the mas- sive damage caused by infamous malware, such as the I Love You virus from the Philippines and most others.
a. Under Mail Identity, leave all spaces blank or fictitious. b. Do the same with mail servers and news servers. Under
Advanced, disable Java, JavaScript, style sheets, and cookies. Enable only the “automatically load images” option.
c. Under Advanced/Cache, set disk cache to zero and memory cache to not much more than 1,024 KB. Clear both.
d. Double-click on the “cache” folder. Delete all files in it. Remem- ber that this is useless until you wipe the disk (see Chapter 2).
5. Remove the instant messaging capability. Unless you use AOL as your ISP or AOL Instant Messenger (AIM) for instant messaging (any instant messaging is not a good idea at all from a security per- spective because it works by broadcasting your being online every time you go online); get rid of that feature. Because Netscape is now owned by AOL, AOL is pretty tightly integrated with Netscape and requires a few steps to get rid of.
a. Find the location where Netscape keeps its user-related files. It is usually in C:\ProgramFiles\Netscape\Users. Click on the folder for whatever you have named you private profile. b. Remove AOL/AIM altogether as follows:
Step 1:Go to Program Files/Netscape/Communicator/Program and delete any folder titled AIM.
Step 2:Remove all references to AOL and AIM from the Registry because some of them install the AIM software and icons on Netscape every time you boot, even if you have removed the shortcuts. Be very careful when editing the Registry; any carelessness or errors can render the computer unboota- ble. It is best to make a backup copy of the Registry (see Section 2.4.3) before editing the Registry, especially if you have not been editing the Registry on a routine basis. Proceed slowly and carefully.
Step 3:Run REGEDIT.
Step 4: Go to Edit/Find and search for the string “AOL”. Delete each entry obviously referring to AOL. Make sure you do not inadvertently delete any entry where the “aol” has nothing to do with America Online.
Step 5:Repeat this Edit/Find and deletion for the string “AIM”. Here you must be even more careful not to delete strings having nothing to do with America Online’s AIM, such as Application X-aim, EudoraImport, AphaImageLoader, or DataImport because all of these entries are needed by other software.
Step 6:Repeat this Edit/Find and delete for the string “America Online”.
Step 7:Go to Program Files/Netscape/Users. For each user profile you have (if you don’t have more than one, then go to the “Default” folder), find and remove all occurrences of the AIM icon named launch.aim. Reboot, double-click on the Netscape icon (or run the Netscape software) and exit from it. Now go to the same location(s) where you deleted the launch.aim file and make sure it is not there. If it has miraculously been recre- ated, it means that your clean up of the Registry missed some references to AOL, AIM, and America Online, and you must redo it.
6. Remove the netscape.hst and fat.db files. These are two files created by Netscape that have no redeeming value. From the moment that Netscape is installed, it keeps a record of the user’s online and offline activities using the browser. The netscape.hst file is the surfing log; fat.db identifies the files in the browser cache, which is usually a huge collection of HTML pages and image files. These files are mildly encrypted and may appear essential to the uninitiated, but can and should be deleted; even more important, because Netscape will cre- ate new cache files after the old ones are deleted, one should take the following steps to prevent that from happening:
Step 1:Find netscape.hst and fat.db and delete them. They sit in each and every user profile folder (Program Files/Netscape/ Users/…).
Step 2:Create new text files (File/New/Text) in each of the exact locations where the old ones were deleted and call them netscape.hst and fat.db respectively and save them.
Step 3:Right-click on each of those two files, select properties, and make each a read-only file. This will prevent any records about your Netscape usage from being stored on disk.
Step 4:Periodically recheck those files to make sure that they continue to have a size of zero and are read-only files. Netscape updates and some well-meaning software that cleans up Netscape’s trails often remove the read-only feature.
7. Get Rid of cookies for good.
Step 1:Search for, find and delete cookies.txt. There is one in each user profile, just as there is a copy of netscape.hst in each profile. By the way, Netscape’s “Do not edit” warning does not
mean that the file cannot or should not be edited. Edit it anyway.
Step 2: Right-click on that file, select properties, and make it read-only as well. This will prevent any cookies from being written. This is an additional layer of protection beyond what is provided by JunkBuster. (Note: Because cookies are stored in RAM memory during an online session and are only written to disk at the end of each online session, the above scheme will prevent the writing of cookies to disk but will not prevent the coming and going cookies during any one online session. Junk- Buster and the configuration of Netscape will do that).
8. Delete some more hidden threats. Go to Program Files/Netscape/ Users. For each user profile you have (if you don’t have more than one, you merely have to open the folder named “Default”), do the following:
Step 1:Right-click on the pab.na2 file, select “open with,” and open with any text editor, such as Notepad. Look at whatever is in ASCII text. If you feel that it contains too much information about your system or past usage of Netscape, then
Step 2:Go to Edit/Select All and delete it all.
Step 3:Save the empty file.
Step 4:Right-click on the saved empty file, select “Properties,” set it to read-only status (so that Netscape will not add to it later on), and click “Apply.”
You may be amazed that these .na2 files often contain such sensitive information as verbatim copies of e-mail sent long ago, lists of Usenet newsgroups visited, and so forth.
Step 5:Do likewise for any other file with the .na2 suffix in each and every one of your user profiles.
9. Remove the shockwave plug-in. If you have the shockwave plug-in for Netscape, get rid of it; if not, don’t get it. It has been associated with numerous security compromises.
10. Most important yet, when done, defragment the disk and go through a secure wiping (see Chapter 2) to remove in reality what was essen- tially merely marked for deletion before.
8.2
Microsoft Internet Explorer
It is not recommended that you use Internet Explorer at all because of its seemingly never-ending litany of security-related weaknesses. Still, you may want to keep it for specific tasks such as Windows updates that Micro- soft refuses to provide through other browsers unless you are willing to download the required security updates as executable files form the Micro- soft Web site (a recommended option).
Microsoft’s business-based arguments notwithstanding, there is a funda- mental security problem when a Web browser is integrated with the operat- ing system. This is also the position of the author of the security software products NSClean and IEClean (that remove the electronic trails left behind on one’s disk by Netscape and Internet Explorer, respectively), who wrote the following back in 1996:
The greatest risk of all on the Internet however comes from the integration of browsers into the operating system itself. At one time, browsers were external applications which did not have hooks directly into the computer’s operating system. JavaScript applets were kept isolated from the operating system entirely which meant that the only risks to privacy were those vol- untarily or unwittingly given up by the user. . . . Now we are faced with the Internet Explorer product [being tied] directly into the operating system where no walls of separation will exist which will serve to protect the user against unauthorized rummaging through the most personal and private parts of their computers.
If you absolutely insist on using Internet Explorer, then at least do the following:
1. Get the latest version of it.
2. Disable cookies from session to session.
3. Go to Start/Settings/Control Panel and select the “Internet Options” icon.
a. Under Address, enter http://internet/junkbuster.com/cgi- bin/show-proxy-args (Figure 8.4).
b. Under History, set the days to zero, and clear history.
c. Under Internet Options/Content/Personal Information/Auto- complete, disable all autocomplete options. This stops Internet Explorer from gathering this information but does not delete information already gathered. To delete such preexisting infor- mation, use Clear Forms/Clear Passwords and General/Clear History. Then wipe the disk clean using the procedures shown in Chapter 2.
d. Important: Under Security/Internet, select the custom level and disable everything, except (if you absolutely need them) file downloads and font downloads. In particular, make sure that you disable all scripting and all ActiveX options. See Figures 8.5 to 8.7.
e. Under Connections, find the profile with which you access your ISP, select it, and click on “LAN Settings.” Under “Proxy server” enter the word “localhost” in the “Address” field and the number “8000” in the “Port” field (Figures 8.8 and 8.9). Then click Advanced and make sure that this shows up under both
8.2 Microsoft Internet Explorer 135
Figure 8.4 Setting the Junkbuster filter in Internet Explorer.
Figure 8.6 Enhancing Internet Explorer security.
8.2 Microsoft Internet Explorer 137
Figure 8.8 Setting up a local proxy to filter hostile content.
the “HTTP” and the “Secure” type; click the “Use the same proxy for all protocols” option.
f. Under Programs select an HTML editor other than Internet Explorer, such as Netscape, because Internet Explorer has been found to have serious security problems when hostile HTML code tries to execute commands in your computer.
4. Click on the Security tab. Disable JavaScript.
5. Click on the Advanced tab. Double-click on Java VM and uncheck all three options.
6. Disable SSLv2 and enable only SSLv3. SSLv2 has also demonstrated vulnerability to some attacks which result in your having no encrypted connection despite the presence of the little locked lock icon.
7. Consider using Secure2surf from http://www.netmenders.com/ secure2surf. Microsoft’s Internet Explorer uses Microsoft’s Virtual Machine software to enforce more Internet accountability, which is precisely antithetical to online privacy. It places all Internet traffic in the region between restricted sites and trusted sites. A security- conscious user needs to put them all, instead, in the not-trusted bin, and this software does that.
8. If you are using the shockwave plug-in for Internet Explorer, get rid of it. If not, don’t install it. It has been associated with numerous security problems.
9. If you use software, such as SCORCH, to wipe specific files from your computer on shutdown (or on start-up, which is not recommended because it could be too late then, as far as hostile computer forensics is concerned), then add the following files and folders to the list of those to be wiped:
C:\WINDOWS\cookies\*.* C:\WINDOWS\history\*.*
C:\WINDOWS\Temporary Internet Files\ C:\WINDOWS\Recent\
C:\WINDOWS\TMP\
C:\WINDOWS\TEMPOR~1\*.*