The Nefarious Browser Toolbar
Thursday, Jul 12th 2012
Has your web browser evolved to look like the one below where the browser bars have magically propagated to the point they occupy more real estate on your web browser that the sites you’re browsing?
Their proliferation isn’t as magical as you might think as they are almost always bundled with other software you do want, such as Adobe Acrobat reader, AVG Anti-virus, and many other innocuous programs. The trick to avoid them is to Un-check the box that asks if you want to also install the browser bar. In the image below, the Java installation asks the user if it should also install the Bing tool bar. It is checked by default because they expect most end-users to just click Next, Next, Next, accepting all the defaults rather than pay attention. This, but they way, is how people get hacked and why the best defense against malware is vigilance, so pay attention and read each step as you install a program, especially free ones.
Of course, we don’t associate Bing, Microsoft’s search engine, with hackers. Indeed, we tend to trust Microsoft-branded products. If we didn’t, they wouldn’t own the PC market along with a host of other software like Internet Explorer and the Office suite. But the browser bars are evil for several reasons and should be avoided at home and the office. Here’s why:
On the surface browser bars are convenience offering one-click access to Facebook, cheap flights and the current weather in Timbuktu. Looking a little deeper we see that the toolbar breaks the important fence protecting the computer from potential malicious web content. The browser runs the code of the developer’s choosing and can do whatever the developer wants it to do, including giving the web browser access to functions of the operating system. This extended functionality means extended threats. The end result leaves a computer so vulnerable to attack that it only visit a bad web site without clicking anything and the computer and potentially your whole network will become infected with a virus.
One of the things end users do the first time they sit at a work computer is to make it like their home machine. Right way they start testing what they can and can’t do including a visit to favorite sites and installing their favorite tool bars.
How to prevent toolbars on your work computers?
- Make sure your malware protection (anti-virus) protection is current across all your computers which can alert users before they install a browser bar, or block malware installs as a result of existing browser bars.
- Configure the Windows desktop so that users are not permitted to install software or reconfigure the web browser with a toolbar. Indeed, it is best to lockdown office PCs so that users can only use those programs necessary to do their jobs. Likewise, Internet Explorer, Chrome or Firefox can set to block non-work related web sites. This can be done through Group Policies on the server or local computer. You will be amazed at how much better computers run and how much longer they last when users only have access to work programs and nothing more. You’re sure to see a spike in productivity, too!
- You can block and control web traffic with a good firewall to clock malware, web sites and monitor what your employees are doing online
- Finally, users must be educated that tool bars are bad and why. They must be as vigilant when installing software so as to uncheck that box asking if they also want the Ask toolbar, or setting their default search engine to Yahoo.