2006/07/27 - 2008/04/18

This is a demo page to show the advice that would be given if your browser were:

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.5) Gecko/20060719 Firefox/2.0.0.7

We are aware of important security updates released in April 2008. See the Mozilla Security Center and Firefox vulnerabilities. Be advised that SeaMonkey, Thunderbird and Firefox use the same underlying rendering engine -- an upgrade to one usually means an upgrade to the other will also be required.

Mozilla Firefox: The recommended version is 2.0.0.14 (version 1.5 is not supported and should be replaced without delay). You are not running the recommended version. It is essential that you have your browser at the current version -- several critical security problems have been identified with earlier releases. The current version will automatically track updates while older versions required manual updates. If you are using Mozilla Thunderbird, as many Firefox users do, please make sure that is up to date as well.

Tip: from the "Help" menu click on "Check for Updates ...".

Improving Security: There are security recommendations in Securing Your Web Browser (US-CERT). The Mozilla Security Center has some advice (but not much). See also the explanation of settings available at the Options/Preferences Window. We recommend you avoid adding plugins, however:

• Some report good experiences with the NoScript plugin. It lets you selectively enable Java, Javascript and other executable content for specific sites -- the default is to enable or disable for all sites.
• Others report good experiences with the Flashblock plugin -- you can block flash animations (and adverts) and selectively run those you really want to see.

Vulnerabilities/Downloads: See Firefox vulnerabilities and the Firefox Download Center should you need to upgrade.

JavaScript and Java: Many browsers support JavaScript and Java -- both have a history of security problems. Both should be disabled or only enabled at trusted sites. If enabled you should be very cautious about the sites you visit. Some browsers and many web sites rely on JavaScript so this recommendation may be difficult.

Browser Plugins: Many browser support the addition of plugins like Java, Flash, Shockwave, QuickTime, etc. These plugins come with security problems of their own and will require periodic updates. We recommend you avoid installing any plugins unless you have strong requirements. Further that you only use these plugins at trusted sites.

Vendor Browser: On the Windows platform the vendor supported browser is Internet Explorer.

Automatic Updates: Patches for Microsoft Windows, including core components like the IE browser, are available at the Microsoft Update Center (you will need to be an administrator to apply updates). It is essential that you have your system and browser patched as many security problems have been identified. We recommend that you configure your system for automatic patching -- see the Microsoft articles on Automatic Updates and the Windows/XP Security Center.

Least Privilege: On many Windows systems users login with "Power User" or "Administrator" privileges -- this is a dangerous practice . You should have ordinary user account with no special privileges and use that account for everyday tasks. Use the account with administrator privileges only when installing new software, changing system configurations, and other important tasks.

Recommended OS: We recommend Windows XP/SP2 on the desktop and discourage all older Windows operating systems (viz, Windows 95, 98, ME, NT 4 and Windows 2000). There is very little support for those systems from the vendor. We understand that IE 7 will only be released for the current supported environment and will not be available on these older systems. You are running on Windows NT 5.1 (XP) -- that is a recommended platform.

Be careful: You should be careful about the web sites you visit. Many compromises can be traced to malicious content hosted at dubious web sites offering "free" services -- pornography sites are notorious.

Finally: This document is an incomplete work in progress, if you have any security advice to share please do. Your comments are appreciated and will help others.

See Also: We have similar advice documents on other browsers including Blackberry, Camino (OS X), Firefox, KDE Konqueror (Linux/FreeBSD), Lynx (Unix), Opera (Windows/Linux), Internet Explorer, Mozilla, Safari and SeaMonkey.

Information Systems & Technology
University of Waterloo
200 University Avenue West
Waterloo, Ontario, Canada N2L 3G1
519 888 4567 x37070

Contact Us | Give Us Feedback | Privacy Statement