A web browser is a computer program that allows a user to access a website on the Internet or in a local area network (LAN). The popular browsers are Internet Explorer (packaged with Microsoft Windows operating systems), Mozilla Firefox, Safari (developed for Macintosh operating systems), and Opera.

As the primary interface between a user’s computer and the internet, browsers have become the main target for people seeking to steal personal and financial information that may be used for various criminal activities.

Cookies

Cookies are packages of text characters sent by a server to a user through the latter’s web browser, which are saved by a browser to the user’s hard disk. Every time a user accesses that particular server, the cookie kicks in, automatically logging him to the server without the need for a laborious authentication process.

When in transit from browser to the server, other users send out packet sniffers which can read network traffic. The owner of the packet sniffer proceeds to steal other network users’ cookie information. Aside from packet sniffing, cookies and the sensitive information they contain can also be stolen if the browser has been directed through the use of scripts to send out cookies not only to the intended recipient server but to other unauthorized servers as well.

Active-X and Java

ActiveX, Java and JavaScript are ‘scripting languages’ or a set of instructions that allow content provided by a website or server to run on a user’s computer’s systems.

JavaScript was developed by the programmers who built the Netscape browser. ActiveX is Microsoft’s answer to Java and is needed to run many of the programs created for the Windows OS (e.g. Acrobat Reader, Windows Media Player, and the like).

JavaScript and ActiveX are inherently harmless and are aimed only at enhancing a computer user’ convenience, if they come only from trusted websites. When malicious scripts are allowed access to a web browser, they can be exploited to steal confidential user information, install tracking information, and other malicious software in the user’s computer. The inexperienced user is not likely to notice that his web browser is running scripts without his knowledge.

Basic Browser Security

To prevent outright cookie theft when in transit from browser to server, the server encrypts the information and set up a secure channel through which encrypted cookies will be sent back to the server by the browser.

The computer user must also keep up with updates. Microsoft constantly releases updates for the Internet Explorer browser and other proprietary software (like Windows OS and Microsoft Office) and sends out notices to its users. Moreover, it would be best to install anti-spyware programs to ensure that malicious software, adware or phishing efforts are blocked. At the very least, it can make the user aware of attempts to install malicious scripts or attempts to track browser activity.