Note: These settings have not been tested with the Campus Business Systems. Please contact their support for assistance.
Please contact the It is becoming increasingly popular for attackers to compromise computers through vulnerable web browsers. An insecure web browser can lead to spyware being installed on your computer without your knowledge, attackers taking control of your computer, stealing your information, or even using your computer to attack other computers.
The set-up configuration for many web browsers is not secure by default. UCSC's IT Security Team recommends the following steps to help make your web browser more secure. These settings are especially important if you use your browser to access campus business systems, or if you use your browser to access, send or receive sensitive information.
(Instructions for all these settings are in the table below.)
Important note: While making your browser more secure helps reduce the risk that someone will be able to use it to compromise your computer, it is still important to have safe computing habits so attackers get fewer chances to try. Don't click on unknown or unsolicited links or open unexpected attachments. Don't download files, programs or tools unless you are positive they are safe.
This table shows how to securely set up your browser for each of the ITS supported browsers.
Firefox (PC & Mac)
Safari (Mac)
Internet Explorer (PC)
Setting the default browser
(Mac) Firefox menu > Preferences > Advanced > General tab
(PC) Tools menu > Options > Advanced
Check the box “Always check to see if Firefox is default browser on startup”.
Safari menu > Preferences > General tab
Select Safari in the top pulldown menu.
ITS recommends that IE is not used as the default browser. However, you can still use IE to connect to campus systems, without having it set as the default.
Auto-download updates
(Mac) Firefox menu > Preferences > Advanced > Update tab
(PC) Tools menu > Options > Advanced > Update tab
Check all checkboxes and select “Automatically download…” & “Warn me…”.
Updates for Safari are handled by System Preferences > Software Update located under the Apple menu. Set to Daily updates.
Updates for Internet Explorer are handled by Windows Update located in Control Panels. Set to Daily updates.
Block unwanted pop-ups
(Mac) Firefox menu > Preferences > Content
(PC) Tools menu > Options > Content
Make sure the first two boxes are checked (Block pop-ups & Load images).
Safari menu > Preferences > Security tab
Make sure the “Block pop-up windows” box is checked.
Tools menu > Internet Options > Privacy tab
Set the slider to MEDIUM. Check the "turn on pop-up blocker” box.
Block unwanted plug-ins/phishing
(Mac) Firefox menu > Preferences > Security
(PC) Tools menu > Options > Security
Check the top three boxes that start with “Warn me…” and “Tell me…”.
Safari menu > Preferences > Security tab
Uncheck the “Enable plug-ins” box.
Tools menu > Internet Options > Advanced tab
Scroll down to Multimedia. Uncheck Play animations” and “Play sounds” in webpages if they are checked. Then scroll down to Security and select “Turn on automatic website checking” under Phishing Filter.
Set your browser to not store passwords
(Mac) Firefox menu > Preferences > Security
(PC) Tools menu > Options > Security
Uncheck the "Remember passwords..." box.
Safari menu > Preferences > AutoFill tab
Uncheck the "user names and passwords" box.
Tools menu > Internet Options > Content tab
Click the AutoComplete button and uncheck the "user names and passwords..." box.
Using a master password
(Mac) Firefox menu > Preferences > Security
(PC) Tools menu > Options > Security
Check the “Remember passwords…” & “Use a master password” boxes. Then set the password, using 8-12 characters (numbers/letters) to 80-100% quality.
Mac users have the Keychain Access utility to keep track of web passwords. It is located in the Utilities folder.
IE doesn't have a master password function, but you should disable the auto-complete function for passwords. See the box above.
The master password setting is not appropriate for passwords that provide access to restricted data. See the campus Password Standards for additional information and alternatives.
Java/Javascript
(Mac) Firefox menu > Preferences > Content
(PC) Tools menu > Options > Content
Check the “Enable Javascript” and “Enable Java” boxes and then click the Advanced button for Javascript. Make sure none of the boxes are checked.
Safari menu > Preferences > Security tab
Uncheck “Enable plug-ins” and “Enable Java”. Leave “Enable Javascript” checked.
Java is handled with Security Zones in IE. See the Browser Specific Settings below.
Handling cookies*
(Mac) Firefox menu > Preferences > Privacy
(PC) Tools menu > Options > Privacy
Check the “Accept cookies…” box and select “Keep until they expire”. Then check the last box “Ask me before clearing private data”.
Optionally, you can check the box to clear your history when Firefox closes.
Safari menu > Preferences > Security tab
Select “Only from sites you navigate to” for Accepting Cookies.
Tools menu > Internet Options > Privacy tab
Click the “Advanced” button. Check the “Override” box and the “Accept” button for First-party cookies and “Prompt” button for Third-party cookies. The “Always allow…” button should not be checked. Click OK. When done, click the Apply button.
Browser specific settings
Use NoScript (strongly recommended) and Locationbar2 (optional) add-ons
(see the installation instructions below)
In Safari, you can choose to open multimedia (or "safe") files after they download. This can pose a security risk. To not open them after downloading, go to the Safari menu > Preferences > General tab. Uncheck the box that says 'Open "safe" files...'
Under the Safari menu > Preferences > Security, make sure the "Ask before sending a non-secure form..." box is checked.
IE has security zones that can be set up for different levels of protection. In the Help menu, type"zones" and choose Change IE Security Settings.
ITS recommends setting the Internet Security Zone to HIGH. You can also identify "trusted sites" and set those to MEDIUM-HIGH.
(*Cookies are little files that web sites leave on your computer to remember settings, login credentials or any other information that your computer needs to make the user experience a bit better. Cookies are generally harmless, but they can be used to track your Internet usage, which is a privacy issue. In general, you probably don't want Internet sites tracking everything you are doing, so it's a good idea to block cookies where appropriate to maintain privacy.)
How to install security add-ons for Firefox:
(For both Mac & PC) Tools menu > Add-ons
Select the "Get Add-ons" button. Type "noscript" in the search field and click "Add to Firefox". Then Install and restart Firefox. You should see a "S" icon in the bottom right of the browser window. Right click on this icon and select "Options". Select the Appearance tab and uncheck the "allow scripts globally" box. Now it will warn you when unknown scripts are on websites you visit. You can right-click the icon to approve ones that you trust. Follow the same install steps for Locationbar2 (optional).
NoScript - Since JavaScript is a very powerful programming language, it allows savvy attackers to attack your machine just by embedding scripts into a web site. NoScript allows you to control what each script can do and make a choice as to which scripts should run and which should not. Additionally, NoScript will also block Java programs and Flash.
LocationBar2 - Locationbar2 helps users to overcome a technique used by attackers called "URL obfuscation" in which the attacker hides a bad web link inside one that looks familiar to you. Locationbar2 makes it a lot easier to see EXACTLY where you are navigating to.
