How to Safeguard Your Windows Computer from a Browser Hijack

A browser hijacking is the practice of taking advantage of vulnerabilities in the browser (or the user) to compromise the user’s computer in a manner that would serve the interests of the hijacker. Often, a browser hijack can make your browser start up on a page other than the homepage you have designated. Sometimes it silently watches you while you work and steals passwords or other data. There are a few ways a hijacker can actually compromise your browser, and we will detail each of them as well as discuss how to prevent them from happening.

Note: This article is specifically targeted at Windows computer, but the security issues could happen to any OS as well.

browserhijack-manipulation

Your browser, even “out of the box,” uses a number of plugins to add extra rendering capabilities on websites you visit. In Firefox, you can view these plugins in the Tools -> Add-ons -> Plugins” section. These plugins are generally fine, but some of them are poorly coded and open holes in your browser’s security that it has not anticipated. The Java plugin is a perfect example of a vulnerable module. Java’s interpreter itself is prone to very nasty vulnerabilities that allow hackers to infiltrate your computer and post updates on social media sites on your behalf.

How to protect yourself:

There are two things you can do: keep all your plugins up to date and delete any plugins you don’t absolutely need. I need not mention how difficult it is to keep 100 plugins up to date. It’s better to look after five or ten of them. This applies to the addons and extensions as well. (Note that in Firefox, plugins and addons are not referring to the same thing)

browserhijack-trap

If you have been to some sketchy download site, you would have seen cases where it try to convince you to download (and install) a software before you can download their stuff. They put fake download buttons on their pages leading to other sites that offer a “downloader application” to get your file. They convince you that you need this application in order to gain access. Once you run it, you are met with an unpleasant surprise. Sometimes the application doesn’t work at all but installs a virus in your computer. Other times it works, but installs a service that spies on your personal information.

How to protect yourself:

Look carefully at sites showing you more than one button for the same action. Be mindful of what you see on the Web and exercise scrutiny. If the website doesn’t have a strong positive reputation, don’t trust it. Search the website’s URL surrounded by quotation marks on Google. See what other people say about it.

And if you have downloaded the software, run a anti-virus/anti-malware test before you install it. If you do decide to install it even though you are not very sure about it, do a backup of your system first.

browserhijack-toolbar

When you install software, it sometimes sneaks into a dialog where it asks you if you want to install a toolbar (and that’s when it’s playing nice). This is the most common way in which people are duped into installing browser toolbars that mess with their computers. This kind of software relies on a psychological flaw, namely the fact that people have a general tendency to click “Yes” and “Next” and skip over installation steps in their impatience. It happens even to the best of us.

Toolbars are sometimes inoffensive, but many times, they can be just as bad as viruses. Some of them set your homepage and search provider as they see fit while not letting you disable this or uninstall them. Others grab your keyboard input and steal your passwords and other confidential information. Since you use your browser to log in to web-based services and authenticate your card data, it’s very obvious that a toolbar like this can be extremely dangerous to your privacy. Although such malware is not very common nowadays, it still poses a significant threat to users who are easily absent-minded during software installations.

How to protect yourself:

These toolbars tend to be very difficult to get rid of, so the best way is to observe your installations carefully everytime you run an installer.. If you’re installing a program and it asks you to install a toolbar, refuse wherever possible. If it’s not possible to refuse, do not install the application. There are always alternatives out there that are more worth your time. Remember always to keep your anti-virus up to date. Most antivirus software can efficiently detect malware that’s found in toolbars and get rid of it, even if you can’t. Don’t forget to try to stick to sites that are reputable rather than Internet back-alleys to download your stuff.

browserhijack-vulnerabilities

There are plenty of browsers out there and some of them come with unintended security vulnerabilities. If you (or your company) are still stubbornly using IE 6 and 7, or even 8, as your primary browser, you are basically inviting the hackers to attack you. Even a popular browser like Chrome also has security issues, namely cross-site scripting (XSS), that make it vulnerable to attack.

How to protect yourself: 

There is nothing much you can do except to wait for the browser’s developer to patch up the security loophole. Thus, you should always upgrade your browser to the latest version so new fixes to vulnerabilities will automatically be installed. In addition, make sure you exercise care and vigilance when browsing the web, even with the most secure and most updated software.

If you have any questions, do not hesitate to leave a comment below! Also, don’t forget to let other readers know what useful tips you have to keep your browser safe!

Image credit: Virus Alert by BigStockPhoto

21 comments

  1. There is an typo in the numbering. I have fixed it. The article first started out with only 3 ways, but we have added 1 more while doing more research on this topic. We always do our best to provide the most comprehensive detail and instruction. If you choose not to trust us because of a simple typo error, that’s your call.

  2. With Chrome cross-site scripting, does the switch to Javascript mean you’d be safe if you have removed Java from your computer? Hope this isn’t a silly question from a senior trying to catch up with technology!

    • Hi, SeaFred! Chrome has significantly made steps forward in XSS prevention, but it’s still not exactly pristine. Removing Java from your computer wouldn’t really make you safe, because XSS isn’t caused by the Java engine. JavaScript and Java are two different things.

      Disabling JavaScript will prevent many XSS attacks from happening, but it will significantly alter how you see some sites. It’s better to just keep the browser up to date and be mindful of the address bar when you click a link. For example, if you see a bunch of code in the URL (readable stuff, not a bunch of “%20%30” or whatever), then tread carefully. Is this helpful?

  3. I had the web page called My Search take over both of my home pages in Firefox and IE9. The only addons they had in common was Java and I believe it was not the updated version because the government site I need to use had not updated theirs.

    • Hi, Paula! It looks like you’re probably infected with malware that doesn’t appear as a browser extension. This is one of the forms of third-party hijacking I mentioned here. Try scanning your computer with Malwarebytes and see how that works out.

      All the best!

      • Thank You. By doing some searching I found out what the My Search was related to; I found that I had on my computer a program called Utility Chest which I uninstalled and then deleted the folder. I also Googled that; and yes I ran Malwarebytes and my antivirus program. So I was able to get rid of it. I was able to deleted it from Firefox in addons, but had to contact Microsoft forums to remove it from IE9.

    • IE has a reputation for not being secure. With their most recent versions, I’m not quite sure anymore, though.

    • MSIE has always been the least secure web browser, and always will be. In addition to the other methods, Active X is a large vulnerability that malware makers can take advantage of, and IE’s the only browser that uses it. While the other web browsers have their own problems, IE is not only the least protected, it’s also the biggest target for malware because most PC owners use it. That’s because of MS’s policy of bundling it with windows; often, the owners think that it’s the only way they can access the Internet. That means that the malware programmers give it the most attention, and it doesn’t matter which version you install. Admitted, the older versions are worse, but you can safely bet that even the latest version is going to been picked apart thoroughly by the bad guys before you even have it installed.

      • Larry, while I believe you’re on the right track, I beg to differ on your point of IE and ActiveX. I really am ignorant about the security of IE10, but I know it doesn’t function with ActiveX anymore. Microsoft’s given up on it and, as a consequence, IE10 is significantly more secure compared to its predecessors.

        I know how Internet Explorer 10 compares to previous versions, but I haven’t seen how it compares to Google Chrome and Mozilla Firefox. Nevertheless, both of the aforementioned products are more competitive, and I’d suggest that people use those instead of IE. IE10 looks nice as a W8 app, though.

      • I just re-read your comment. Completely agreed that its popularity is its curse. The same can be said about Windows itself. It’s less secure than Linux and Mac because of the unprecedented popularity of the operating system, making it a strong target for many hackers everywhere.

  4. I use data mask by aol. and it keeps blocking screen capturing. who is doing this? ( screen capturing.) and how do I stop it. it is very annoying. thank you.

  5. It’s fewer secure than Linux and Mac simply because in the unparalleled recognition in the running system, building it a strong target for most hackers everywhere.

Comments are closed.

Sponsored Stories