Risk 1: How often you come into contact with an attacker
You can be exposed to attackers through a malicious fake website, or even through a familiar website that has been hacked. Most modern browsers pre-check each web page you visit and alert you if one is suspected of being malicious. This lets you make an informed judgment about whether you really want to visit that page.
For example, Google Chrome uses Safe Browsing technology, which is also used in several other modern browsers. As you browse the web, each page is checked quickly against a list of suspected phishing and malware websites. This list is stored and maintained locally on your computer to help protect your browsing privacy. If a match against the local list is found, the browser then sends a request to Google for more information. (This request is completely obscured and the browser does not send it in plain text.) If Google verifies the match, Chrome shows a red warning page to alert you that the page you’re trying to visit may be dangerous.
Risk 2: How vulnerable your browser is if it’s attacked
Old browsers that haven’t been upgraded are likely to have security vulnerabilities that attackers can exploit. All outdated software, irrespective of whether it’s your operating system, browser, or plug-ins, has the same problem. That’s why it’s important to use the very latest version of your browser and promptly install security patches on your operating system and all plug-ins, so that they’re always up-to-date with the latest security fixes.
Some browsers check for updates automatically and install updates when initiated by the user. Chrome and some other browsers go one step further: they’re built with auto-update. The browser runs an update check periodically, and automatically updates to the latest version without disrupting your browsing flow. Furthermore, Chrome has integrated Adobe Flash Player and a PDF viewer into the browser, so that both these popular plug-ins are also auto-updated.
Risk 3: How much damage is done if an attacker finds vulnerabilities in your browser
Some modern browsers like Chrome and Internet Explorer are built with an added layer of protection known as a “sandbox.” Just as a real-life sandbox has walls to keep sand from spilling out, a browser sandbox builds a contained environment to keep malware and other security threats from infecting your computer. If you open a malicious web page, the browser’s sandbox prevents that malicious code from leaving the browser and installing itself to your hard drive. The malicious code therefore cannot read, alter, or further damage the data on your computer.
In summary, a modern browser can protect you against online security threats by first, checking websites you’re about to visit for suspected malware and phishing; second, providing update notifications or auto-updating when a newer, more secure version of the browser is available, and third, using the browser sandbox to curb malicious code from causing further damage to your computer.
In the next few chapters, we’ll take a look at how a basic understanding of web addresses can help you make informed decisions about the websites you visit.