Although malware often needs to trick users into installing or running it, there are still drive-by downloads that can hurt your computer when you merely browse to an infected site. It may not even be a malicious site. Legitimate web sites have been defaced with malware. Even the advertising that keeps so much of the internet free can get you.
There’s a little trick you can do, though, that will keep you safer without being much more than a blip in your browsing. I read about this little browser tweak a few months ago, instantly implemented it, and haven’t regretted it a bit. You just prevent plugins from running in your browser unless you explicitly allow it.
In Chrome, click the menu (three vertical lines on the right-hand side of the toolbar) and select “Settings.” Scroll all the way down and click “Show advanced settings…” Under “Privacy,” click “Content settings…” Scroll down to the “Plugins” section and select “Let me choose when to run plugin content.” Click the “Done” button at the bottom.
Firefox has taken a different approach. The good news is that in newer versions of the browser many plugins no longer run by default. It will also warn you if the plugin is outdated or known to be vulnerable. However, if you want to review your configured actions, click the menu and select “Options.” Select “Applications” on the left. You can then scroll through the list of content types and review the action performed for each. One of the possible actions is “Always Ask,” which should give you functionality similar to Chrome’s.
Many web-based threats exploit plugins in your browser in order to do bad things. By taking control of the plugins, you can plug this hole in your system. It may result in a few seconds of inconvenience while browsing, but I think the safety you gain is worth it. Plus, there’s a bonus – no more obnoxious auto-play flash ads!