Block Audit-seo.net Referral spam in Google Analytics

The Audit-seo.net referral spam in Google Analytics is a new breed of problem. This page is dedicated to eradicating it from your GA statistics.

If you have found yourself being harassed by referral spam called Audit-seo.net, then you’ve come to the right place. Here we will aim to tell you all about what this referral spam is, what it does and how it does it. Furthermore, we’ll also tell you just how much harm it is capable of inflicting on both you and your website. But what’s more important, we will also provide you with a set of instructions, which will help you get rid of Audit-seo.net and free yourself from its presence. You will find those under the removal guide below, but before you head on to the instructions, we would recommend that you read through the following information first.

What does referral spam represent and how does it operate?

First, a little history. Don’t worry, this won’t take long and is only necessary so you can understand what Audit-seo.net is really doing to you. To begin with, referral spam initially emerged in the form of what we now call classic referral spam. Basically, what this meant was that spammers would employ the help of things called bots and crawlers, so as to spam various different websites. They would program those bots and crawlers to generate hits on as many sites as possible, numerous times per site even, and with virtually no session time. This was done to prompt the website owners or admins to get curious enough so as to click back on this visiting websites and find out why it’s been opening their site and leaving it immediately after. And even if this didn’t succeed with everyone, you can imagine that even a fraction of the hundreds of thousands of targeted sites would still be able to generate sufficient traffic for the spamming website. And that is precisely what they aim to do: boost their rating by gaining more traffic, even if it’s through such a dishonest scheme.

After a while Google was able to catch on to this practice and eventually put a stop to it. And that’s when versions like Audit-seo.net started to appear. These are now known as ghost spam and are the new and enhanced version of the classic referral spam. They don’t require the use of bots and crawlers, unlike their predecessors. Instead, they go for your Google Analytics stats directly. That way they can simply make the impression that you’ve been visited numerous times by the spamming website, as opposed to having to make those hits. The good thing about this is that nothing but your stats is affected. This means that your actual traffic count and such remain untouched, so in other words – on the outside it’s like nothing ever happened. On the flip side, though, you may find it both annoying and hindering that your stats are getting polluted by all this fake data that keeps on getting entered by Audit-seo.net. And that may, in fact, prove to be a problem, especially over time.

And this is usually the point where users make rash, uninformed and harmful decisions. One such decision is using the Referral Exclusion list as a means to block the referral spam. Because it contains the word ‘referral’ in it, right? So it must work! Wrong. Not only will it not help you remove the spam from your GA stats, it will actually worsen the issue and will cause you a whole lot more headache than you ever bargained for. First off, that’s not what the list is meant for. Secondly, once you enter the spammers in it, it will prompt GA to investigate the visits you’ve reported. But seeing as there were no visits to begin with (ghost spam, remember), it won’t be able to do anything about it and will go a step in the opposite direction by marking those visits and genuine traffic. Congratulations, now you will have them added to your actual traffic count.

Don’t cause yourself the extra trouble by going down that route. Instead, use the removal guide we’ve created for you below and have the issue done with. Your best shot at avoiding such future harassment from now on would be to consider switching to some better quality hosting. It is likely to provide you with better spam filters and, therefore, with better protection against referral spam like Audit-seo.net.

Block Audit-seo.net in Google Analytics

Instruction #1: Enter your Analytics account.
After that load Admin and then – All Filters.
referral_spam_1

Instruction #2: After that, hit New Filter.
Next, add Audit-seo.net in the Filter Name value.

Instruction #3. Choose the Custom Filter Type. 
Once you see the Filter Field, go with Campaign Source.
Next, when you see the Filter Pattern text box, enter Audit-seo.net. Confirm by clicking  the Save button you will see at the bottom.
ref_spam_2

How to block Audit-seo.net referrer spam using your .htaccess file

If you are aware of a way to access your .htaccess file, you will just have to write the  code below in there:

## SITE REFERRER BANNING

RewriteCond %{HTTP_REFERER} Audit-seo.net [NC,OR]

RewriteCond %{HTTP_REFERER} Audit-seo.net

RewriteRule .* – [F]

In case you are not aware of a way to access it, follow these instructions:

Access your cPanel account,
the go to File Manager.
After that you should mark the check-box ‘Document Root for’.
Then go to your webpage.
Another important tip: choose ‘Show hidden Files’.
After that select Go. 
Look for the .htacess file.

Once you find it,  rightclick it.
From the options that appear, select Code Edit.
Enter the code above and Save Changes. 

Hopefully, we have been helpful! Tell us in the comment section. We will be glad to read what your opinion is!

Block Audit-seo.net Referral spam in Google Analytics

The Audit-seo.net referral spam in Google Analytics is a new breed of problem. This page is dedicated to eradicating it from your GA statistics.

If you have found yourself being harassed by referral spam called Audit-seo.net, then you’ve come to the right place. Here we will aim to tell you all about what this referral spam is, what it does and how it does it. Furthermore, we’ll also tell you just how much harm it is capable of inflicting on both you and your website. But what’s more important, we will also provide you with a set of instructions, which will help you get rid of Audit-seo.net and free yourself from its presence. You will find those under the removal guide below, but before you head on to the instructions, we would recommend that you read through the following information first.

What does referral spam represent and how does it operate?

First, a little history. Don’t worry, this won’t take long and is only necessary so you can understand what Audit-seo.net is really doing to you. To begin with, referral spam initially emerged in the form of what we now call classic referral spam. Basically, what this meant was that spammers would employ the help of things called bots and crawlers, so as to spam various different websites. They would program those bots and crawlers to generate hits on as many sites as possible, numerous times per site even, and with virtually no session time. This was done to prompt the website owners or admins to get curious enough so as to click back on this visiting websites and find out why it’s been opening their site and leaving it immediately after. And even if this didn’t succeed with everyone, you can imagine that even a fraction of the hundreds of thousands of targeted sites would still be able to generate sufficient traffic for the spamming website. And that is precisely what they aim to do: boost their rating by gaining more traffic, even if it’s through such a dishonest scheme.

After a while Google was able to catch on to this practice and eventually put a stop to it. And that’s when versions like Audit-seo.net started to appear. These are now known as ghost spam and are the new and enhanced version of the classic referral spam. They don’t require the use of bots and crawlers, unlike their predecessors. Instead, they go for your Google Analytics stats directly. That way they can simply make the impression that you’ve been visited numerous times by the spamming website, as opposed to having to make those hits. The good thing about this is that nothing but your stats is affected. This means that your actual traffic count and such remain untouched, so in other words – on the outside it’s like nothing ever happened. On the flip side, though, you may find it both annoying and hindering that your stats are getting polluted by all this fake data that keeps on getting entered by Audit-seo.net. And that may, in fact, prove to be a problem, especially over time.

And this is usually the point where users make rash, uninformed and harmful decisions. One such decision is using the Referral Exclusion list as a means to block the referral spam. Because it contains the word ‘referral’ in it, right? So it must work! Wrong. Not only will it not help you remove the spam from your GA stats, it will actually worsen the issue and will cause you a whole lot more headache than you ever bargained for. First off, that’s not what the list is meant for. Secondly, once you enter the spammers in it, it will prompt GA to investigate the visits you’ve reported. But seeing as there were no visits to begin with (ghost spam, remember), it won’t be able to do anything about it and will go a step in the opposite direction by marking those visits and genuine traffic. Congratulations, now you will have them added to your actual traffic count.

Don’t cause yourself the extra trouble by going down that route. Instead, use the removal guide we’ve created for you below and have the issue done with. Your best shot at avoiding such future harassment from now on would be to consider switching to some better quality hosting. It is likely to provide you with better spam filters and, therefore, with better protection against referral spam like Audit-seo.net.

Block Audit-seo.net in Google Analytics

Instruction #1: Enter your Analytics account.
After that load Admin and then – All Filters.
referral_spam_1

Instruction #2: After that, hit New Filter.
Next, add Audit-seo.net in the Filter Name value.

Instruction #3. Choose the Custom Filter Type. 
Once you see the Filter Field, go with Campaign Source.
Next, when you see the Filter Pattern text box, enter Audit-seo.net. Confirm by clicking  the Save button you will see at the bottom.
ref_spam_2

How to block Audit-seo.net referrer spam using your .htaccess file

If you are aware of a way to access your .htaccess file, you will just have to write the  code below in there:

## SITE REFERRER BANNING

RewriteCond %{HTTP_REFERER} Audit-seo.net [NC,OR]

RewriteCond %{HTTP_REFERER} Audit-seo.net

RewriteRule .* – [F]

In case you are not aware of a way to access it, follow these instructions:

Access your cPanel account,
the go to File Manager.
After that you should mark the check-box ‘Document Root for’.
Then go to your webpage.
Another important tip: choose ‘Show hidden Files’.
After that select Go. 
Look for the .htacess file.

Once you find it,  rightclick it.
From the options that appear, select Code Edit.
Enter the code above and Save Changes. 

Hopefully, we have been helpful! Tell us in the comment section. We will be glad to read what your opinion is!

How To Enter Safe Mode

Why pressing F8 sometimes doesn’t enable Safe Mode for windows 8 and later

For years pressing F8 immediately after a reboot has been the default option to enable Safe Mode for all versions of Windows. This hasn’t changed for Windows 8 and Windows 10 either, yet for some people it just won’t work. The reason behind this is the fast boot feature developed by Microsoft. Fast boot, especially when Windows is written on a quick SSD drive, will load windows so fast that it is humanly impossible to press the F8 button in time.

How to enable Safe Mode for windows 8 and later versions.

  1. Navigate to your Desktop, then press Win+R buttons simultaneously
  2. In the box that appears type MSCONFIG
  3. Now click on the Boot tab, then select Safe boot with Networking.
  4. Click Apply, followed by OK. Now reboot your PC
  5. Whenever you are done using Safe Mode go back to this menu and remove the tick from the Safe Boot box

How To Enter Safe Mode

Why pressing F8 sometimes doesn’t enable Safe Mode for windows 8 and later

For years pressing F8 immediately after a reboot has been the default option to enable Safe Mode for all versions of Windows. This hasn’t changed for Windows 8 and Windows 10 either, yet for some people it just won’t work. The reason behind this is the fast boot feature developed by Microsoft. Fast boot, especially when Windows is written on a quick SSD drive, will load windows so fast that it is humanly impossible to press the F8 button in time.

How to enable Safe Mode for windows 8 and later versions.

  1. Navigate to your Desktop, then press Win+R buttons simultaneously
  2. In the box that appears type MSCONFIG
  3. Now click on the Boot tab, then select Safe boot with Networking.
  4. Click Apply, followed by OK. Now reboot your PC
  5. Whenever you are done using Safe Mode go back to this menu and remove the tick from the Safe Boot box

How to reveal hidden files and folders

How to reveal hidden files and folders

  • IMPORTANT! You can make hidden files and folders to become hidden again by following the exact same instructions!

in Windows 7

  1. Begin by going to your Desktop.
  2. Now you’ll need to open the Start menu. You can do this by clicking on your Windows start button – the button in the left corner of your screen with the Windows logo on it.
  3. Navigate to the Control Panel option (should be in the right-most column) and click on it.
  4. Now look for the the Appearance and Personalization link, click on it.
  5. Look for the Hidden files and folders, fill the check box named Show hidden files, folders, or drives.
  6. Use Apply, then OK and you are done.

in Windows 8

  1. Look at the  Windows 8 Start Screen and select the Control Panel app.
  2. Now go to the More Settings option.
  3. The more traditional Control Panel window will appear, click on the Appearance and Personalization link.
  4. You’ll need to find the Hidden files and folders section and fill the check box next to Show hidden files, folders, or drives.
  5. Apply, then OK. Done.

in Windows 10

  1. Open the file explorer (Win button + E button) and open any folder on your computer.
  2. In the upper-left side of the screen you’ll notice the File, Home, Share and View tabs. You need the View tab, click on it.
  3. To the right you’ll notice a checkbox labeled Hidden items. Click on it so that it is marked. Done!

How to add trusted sites to Internet Explorer 10 & 11

How to add trusted sites to Internet Explorer 10 & 11

This article will help you add trusted sites to Internet Explorer 10 & 11, as well as outline the benefits of doing so. Many people have trouble with different type of malware viruses and Trojan horses, because these viruses specialize in targeting the weak spots of their internet browser. Internet Explorer has accumulated a bad reputation over the years, but in reality the recent versions of IE are no worse than the competition. The main thing you need to do in order to make your browser safe is to disable your Java and Adobe Flash plug-ins.

It’s not the browser, it’s the plug-ins that are vulnerable

Adobe Flash and Java made the internet what it is today, but unfortunately they have outlived their usefulness. In fact, critical weaknesses remain in both products and these weaknesses cannot be fixed. It is now recommended for all internet sites to upgrade content written in Flash/Java to HTML 5.0 code, which Is much safer. Unfortunately, this upgrade process is slow and many sites have not even begun the update (or lack the resources to do it). A large portion of internet sites require complete rework, because they are basically build with these programs in mind. They require the plug-ins to be enabled in order to be used, but at the same time it is dangerous to do so everywhere else. Due to this, all major internet browsers decided to keep Flash and Java disabled by default since 2014-2015. Sites that make use of Adobe or Flash will display a warning display message that you need to enable the plug-in before you are able to see the content that requires it.

This is where trusted sites steps in to help.

When you designate a site to be a Trusted Site you are basically telling your browser that it has nothing to fear from these web pages. This allows the browser to drop some security checks – thus trusted sites load faster – but it also automatically creates an exception where Flash and Java are turned on if they are off by default.

If you keep those two plug-ins disabled by default (like you should) you will have to manually enable them for every page which you visit that also requires them. As expected, this gets tedious very fast. If you frequently visit certain web sites and you are confident that they are safe to use, then there is no reason not to add them to your browser’s list of trusted sites. As you are about to see, this is a very straightforward process that is also easy to use.

  • IMPORTANT! There is just one thing to keep in mind when you enter trusted sites – try to enter the site’s URL without any sub-directories. A site’s subdirectory is separated from the main URL with this symbol “/”. If you add a site’s sub-directory, then only this directory will be trusted and the other will be treated as unfamiliar. When adding sites simply copy-paste the site’s URL up to the first “/”.

How to add trusted sites to Internet Explorer browser:

Step 1:

Open your Internet Browser and look at the top-right corner. Click on the Gear button.

From the drop-down menu select Internet options.

Trusted sites IE

Step 2:

A new menu should open. Click on the Security tab.

Now click on the Trusted Sites green tick, then on the Sites button.

You can now add Trusted Sites in the window that opens.

  • Don’t forget to add the URL without any sub-sections of the site. Simply copy the address up to the first”/”.

Trusted sites IE 2

Step 3:

That’s all, you are done!

How to add trusted sites to Mozilla Firefox

How to add Trusted sites to the Mozilla Firefox browser

This article contains detailed instruction on how to add trusted sites to the Mozilla Firefox browser, as well a list of the benefits of doing so. Hopefully our readers will find it as a useful tool in their efforts to keep their computers more secure.

Why should you add Trusted sites to your browser?

It appears that actually a few people make good use of this excellent feature Firefox offers us. The benefits may not be immediately imminent, but they are there. Using trusted sites will both help keep your PC safe and reduce your annoyance when you have to deal with the security features that arrange for your safety.

When you add a site to the trusted sites you are basically telling your browser that this particularly site is perfectly safe. This allows Firefox to load the site more quickly and smoothly, possibly skipping some security checks along the way.

Another very important feature of using the Trusted sites option is that it will enable add-ons as an exception. Add-ons like Java, Adobe Flash and the ActiveX plug-in are a great security vulnerability for your browser. They can be exploited by many viruses in order to infect your computer without your knowledge. The worst viruses like Trojan horses and Ransomware are also very hard to detect by anti-virus software. Cutting all access points for those is the first (and best) line of defense for your computer. Because of this most internet browsers (Mozilla included) now keep Flash and Java disabled by default. Actually, there is a whole campaign that aims to phase out Java and Flash written content from websites and that campaign is supported by the owning companies. This is, however, a slow process and perhaps several years may have to pass before we stop seeing Java/Flash based content in the sites we visit.  And while stoping these two programs is something good and healthy for your computer, it is bound to some problems. The most obvious is that content written in Java or Flash will not be displayed unless you manually activate the plug-in for the page. This will get tedious very quickly if you have to do it for sites you already know to be safe and which you visit frequently.

By adding such sites to Firefox’s trusted sites you create an exception for the sites and all content will be properly displayed for your leisure. Of course, you have to be absolutely sure that any site you add to the Trusted sites section is really safe.

How to add trusted sites 

Step 1:

Open your Firefox browser, then click on the three horizontal lines in the top-right corner. From the drop-down menu select Options.

Trusted Sites FireFox

Step 2:

You are not inside the Settings menu.

Click on the Security tab, then on the upper Exceptions button.

Trusted Sites FireFox 2

Step 3:

You can now enter or remove the URLs of trusted site.

  • WARNING! When entering URLs please include the full address of the website, but without any sub-sections. A sub-section is divided from the main url by “/”. When you want to enter the address of the site include everything between the first “/” symbol, if any. If you add the address with the sub-section you’ll only flag the sub-section as a trusted site and the rest of the site will still be considered unsafe by the browser.

Step 4:

All done!

How to enable Trusted sites in Google Chrome

How to enable Trusted sites in Chrome and what are the benefits?

Adding trusted sites to your browser is a very useful utility option that many people overlook and in our opinion this is because they are not even aware of what it does. In this article we’ll speak about the benefits of adding trusted sites to your Chrome internet browser, as well as provide a detailed guide on how to do that.

On the benefits of using Trusted sites

When you add a website to your list of trusted sites you are basically telling your computer that this is a site you know to be safe. When you visit a site on your list of trusted sites Chrome will not perform its normal routine to ensure that the site is safe – this automatically means that a trusted site will load faster than an ordinary site. In addition to that trusted sites will have plug-ins like Adobe Flash, ActiveX and Java enabled even if they are normally disabled by default in your browser.

Keeping Adobe Flash, ActiveX and Java disabled is actually the default option in Chrome, because these three have had a long history of problems. Over the years multiple weaknesses were discovered within those programs, which allows for many different viruses to be installed. Dangerous things like ransomware and Trojan horses can make great use of these weak spots to infect computers with Java and Flash enabled. Unfortunately, much of the content online has been written in these two languages – videos, Ads and site features will often get disabled when Flash and Java are turned off. The Chrome browser has both Java and Flash turned off by default simply to protect its users. These can be turned back on for convenience, but that is simply not recommended as it puts your computer in unnecessary risk.

Of course, you always have the option of turning them manually in order to see the content that requires them, but this has to be done manually for every instance and every page. This can quickly get tiresome, especially for sites you are well familiar with and absolutely sure they are safe. This is where trusted sites comes in.

A site added to your list of trusted sites will have add-ons turn on as an exception. This will make all pages that contains code which requires those programs to load instantly and smoothly. Your computer will also eagerly receive Cookies from such sites without prompting for your permission.

How to enable Trusted sites in Google Chrome Method #1

  1. Right Click Over the Windows Icon > Click on Search
  2. Type “Internet Options” in the search field
  3. In the new window go to the Security tab
  4. Click on the sites button
  5. Enter the URL of the website you would like to include to the Trusted Sites list
    (Make sure to include https:// before entering the domain name if it has an SSL Certificate
  6. Click Add and you are finished
  • IMPORTANT! It is a good idea to input as little of the site’s name as possible. Any sub-sections of the site that you add to the site’s address will restrict the trusted site privileges to apply only to that subsection of the site. Note that sub-sections will be separated from the main site’s address with this symbol “/”, so you need to select anything between the first “/” you see.

How to enable Trusted sites in Google Chrome Method #2

Step 1:

Open Google Chrome and look at the top-ride side of the browser. Locate the three horizontal lines and click on them.

A drop-down window should appear. Select Settings.

Step 2

You are now in the Settings main menu. Scroll down to the very bottom and click on Show advanced settings…

The settings menu will be expanded with additional content.

Keep scrolling down until you reach the Network section and click on Change proxy settings…

Step 3

A new window should open. Select the Security tab.

Next click on Trusted Sites green tick, followed by the Sites button.

A new window should open. You can now input the addresses of your trusted sites.

How to enable Trusted sites in Google Chrome

How to enable Trusted sites in Chrome and what are the benefits?

Adding trusted sites to your browser is a very useful utility option that many people overlook and in our opinion this is because they are not even aware of what it does. In this article we’ll speak about the benefits of adding trusted sites to your Chrome internet browser, as well as provide a detailed guide on how to do that.

On the benefits of using Trusted sites

When you add a website to your list of trusted sites you are basically telling your computer that this is a site you know to be safe. When you visit a site on your list of trusted sites Chrome will not perform its normal routine to ensure that the site is safe – this automatically means that a trusted site will load faster than an ordinary site. In addition to that trusted sites will have plug-ins like Adobe Flash, ActiveX and Java enabled even if they are normally disabled by default in your browser.

Keeping Adobe Flash, ActiveX and Java disabled is actually the default option in Chrome, because these three have had a long history of problems. Over the years multiple weaknesses were discovered within those programs, which allows for many different viruses to be installed. Dangerous things like ransomware and Trojan horses can make great use of these weak spots to infect computers with Java and Flash enabled. Unfortunately, much of the content online has been written in these two languages – videos, Ads and site features will often get disabled when Flash and Java are turned off. The Chrome browser has both Java and Flash turned off by default simply to protect its users. These can be turned back on for convenience, but that is simply not recommended as it puts your computer in unnecessary risk.

Of course, you always have the option of turning them manually in order to see the content that requires them, but this has to be done manually for every instance and every page. This can quickly get tiresome, especially for sites you are well familiar with and absolutely sure they are safe. This is where trusted sites comes in.

A site added to your list of trusted sites will have add-ons turn on as an exception. This will make all pages that contains code which requires those programs to load instantly and smoothly. Your computer will also eagerly receive Cookies from such sites without prompting for your permission.

How to enable Trusted sites in Google Chrome Method #1

  1. Right Click Over the Windows Icon > Click on Search
  2. Type “Internet Options” in the search field
  3. In the new window go to the Security tab
  4. Click on the sites button
  5. Enter the URL of the website you would like to include to the Trusted Sites list
    (Make sure to include https:// before entering the domain name if it has an SSL Certificate
  6. Click Add and you are finished
  • IMPORTANT! It is a good idea to input as little of the site’s name as possible. Any sub-sections of the site that you add to the site’s address will restrict the trusted site privileges to apply only to that subsection of the site. Note that sub-sections will be separated from the main site’s address with this symbol “/”, so you need to select anything between the first “/” you see.

How to enable Trusted sites in Google Chrome Method #2

Step 1:

Open Google Chrome and look at the top-ride side of the browser. Locate the three horizontal lines and click on them.

A drop-down window should appear. Select Settings.

Step 2

You are now in the Settings main menu. Scroll down to the very bottom and click on Show advanced settings…

The settings menu will be expanded with additional content.

Keep scrolling down until you reach the Network section and click on Change proxy settings…

Step 3

A new window should open. Select the Security tab.

Next click on Trusted Sites green tick, followed by the Sites button.

A new window should open. You can now input the addresses of your trusted sites.

Which is Safer, Internet Explorer or Firefox?

There is a lot of discussion going on about the relative safety of Internet Explorer vs. Firefox. In this article I say why I think most of the commentary is missing the point.

The battle over the question in the title has been raging in discussions all over the Internet. Unfortunately, this is the wrong question. In fact, it is a meaningless question unless a lot of additional factors are considered. Security is a multidimensional problem and cannot be usefully discussed in the kind of simplistic comparisons that are being made.

I am not a professional security expert but there are some pretty obvious points that can be raised about how you define what is meant by “security”. The most popular way seems to be a kind of numerology where somebody with a vested interest like Symantec purports to count “vulnerabilities” or even “possible” vulnerabilities. The conditions where these vulnerabilities apply are usually not specified. Many questions have to be asked before any meaningful assessment of the severity of a problem can be made, For example, does having a firewall prevent them? Do typical anti-malware packages detect them? Does the user have to click on a link or do something stupid for the problem to apply? Can the problem be fixed by changing a default setting? How long does it take before a patch can be made? Not all “vulnerabilities” are created equal. A so-called vulnerability may be “potentially” very dangerous but not be a problem in practice because it easily fixed by standard measures or can only be incurred because of stupidity. So this numbers game looks very misleading to me.

The whole subject is quite complicated but in an attempt to keep this discussion reasonably short I suggest we replace the single question of the title with three questions (all pertain to Windows systems):

  1. Which browser is safer for experienced computer users?
  2. Which browser is safer for average computer users?
  3. Which browser is safer for careless, uninformed or clueless computer users?

The answer to question 1 is that either browser will do. What browser is used by an experienced person is a matter of personal habits and preferences about different browser features. An experienced user knows what security precautions must be taken and will rarely get a problem just because of the browser that is being used. Personally, I use both Internet Explorer (IE) and Firefox. I prefer Firefox for most things but some sites only work in IE.

Next let’s consider question 2. The term “average” computer user covers a lot of different people so only a few generalities can be stated. The average PC user is not going to be familiar with the details of security measures but most will be aware that they need some kind of defense. If they have a PC bought in recent years they will have quite a bit of automatic protection such as anti-virus programs that update themselves and at least the Windows XP firewall. Also Windows update will be set to run unattended. Many PC users also have installed entire security suites. It is important to note the presence of these security measures because otherwise the question of which browser to use is moot.

For those people who have enough other security in place so that they can turn their attention to browser security, one question concerns updates. Both IE and Firefox have periodically been found to have security holes. IE has an apparent advantage in that it is automatically updated whereas at present Firefox has to be patched manually. Typical PC users can be lax about updating so that looks like a point for IE. However, this possible advantage is much lessened or even disappears because Microsoft can take many weeks to issue a patch for a known problem. Firefox patches come out within a few days after a problem is revealed. Which browser has the advantage here? For those who would keep up with the Firefox updates, I give the nod to Firefox on this particular issue. For procrastinators, maybe IE is better but future versions of Firefox are supposed to also update automatically. Note added later: Firefox version 1.5 is scheduled for release at the end of November, 2005. It contains an automatic update feature and that removes any advantage IE had for procrastinators.

There are also other security factors such as ActiveX, which I have discussed in detail on another page. On the issue of ActiveX, individual PC users will have to balance convenience with safety to decide on a browser. Knowledgeable users can configure IE to avoid ActiveX problems but I wonder how many average PC users will actually do what’s necessary. From a theoretical point of view, I think Firefox is safer because it doesn’t support ActiveX but from a practical view it can sometimes be inconvenient that some pages won’t work for any browser but IE.

What about the average PC user who has an older system with Windows 98/Me? These people are totally ignored by most commentators but there are still quite a few of them around. They will be missing a lot of the security that Microsoft has added to IE in Windows XP SP2. Personally, I think that these systems are safer with Firefox. However, there is the psychological barrier that many people have about installing a whole new browser when they already have one in place. Also, IE has to be used for certain sites and this is another obstacle to using Firefox. For these users, I think that the theoretical answer to question 2 clearly is Firefox. In practice, however, most of these users will probably stick with IE. Hopefully, they will have enough security measures in effect to obviate the newer IE exploits that they are exposed to.

Now we come to question 3. This one is easy to answer. It doesn’t matter what this group uses for a browser. These are the ones that do not use firewalls or do not install security updates or blithely click on any old link. They have much bigger problems than what browser to use. Unfortunately, their problems are our problems, too. This group is where most of the worms and Trojans hide out. It is also where the crackers get their “zombie” machines to carry out Distributed Denial of Service attacks and conduct various criminal activities.

I have framed the discussion in terms of who the intended user is. To really discuss the issue of browser security would require a much more complicated metric. However, I think the discussion helps illustrate my contention that measuring security is not simple and that there is no easy answer that applies to everybody for the question of which browser is safer to use. If you held a gun to my head and demanded that I choose a browser for everybody, I would personally pick Firefox. But you still have to use IE for some sites like Windows Update whether you like it or not. And I haven’t even mentioned Opera or Netscape.

I am very interested to hear what you have to say about all this. Log on to http://tips.vlaurie.com and let me know what you think.