Using DrawBridge to streamline Browser Security
Introduction: How DrawBridge Assists with Secure Surfing
DrawBridge starts by checking your internet security settings and indicating their safety in the top left corner. After the first run, DrawBridge continues to monitor your security settings by checking the Windows Internet Security Settings every time Windows is booted and then reporting to you if there is any detected risk.
As you can see, browser security has never been easier
Establishing Trust on Your Terms.
The key element of the DrawBridge Strategy is to establish a list of trusted sites that are allowed to run scripts on your computer to establish necessary functions such as client-side encryption in the case of banks and escrow providers. No-one else needs client-side functionality on your system - so no-one else should be allowed trusted status.
In order to use your bank or escrow provider's site, you will need to add the site to the trusted sites list. This is as simple as running DrawBridge, (or clicking the "Trust" button DrawBridge sets up in Internet Explorer) and typing in the web site of your bank or escrow provider, clicking the "Add" Button, and selecting the level of trust.
So what happens when a fraudster counterfeits eBay? A link or fake purchase button sends you to an IP Address such as 220.127.116.11/whatever, and because IP addresses are not allowed on your trusted sites list 18.104.22.168/whatever cannot run the scripts necessary to hijack your browser. So, instead of seeing https://login.ebay.com in Internet Explorer's URL box, you will see an IP address such as 22.214.171.124/whatever - and the wrong URL is a dead giveaway that you are not logging into eBay at all!
Put "phishers" in their place
Phishing is the criminal act of sending an email claiming to be from an account provider such as a bank, escrow service, ISP, etc. asking you to log on to verify account details, or to confirm a suspected security breach. (For more details on phishing see http://www.fraudwatchinternational.com/internetfraud/phishing.htm) A link is provided that does not go to the account provider, but to the fraudsters website instead. This is readily visible in the URL box except for one small problem. The fraudster deploys a client-side script on their website that places a fraudulent but fully functional URL box over the one in your browser. This gives the fraudster control of what you see in what appears to be your URL box so that when you are at the website of the fraudster, the web address of your account provider is shown - instead of a temporary IP address. These fake URL boxes are even fully functional, allowing you to browse any site not hosted under the account provider's domain. By using DrawBridge, the scripts that make it possible to hijack your URL box are no longer able to run - making it impossible for phishers to obscure what you see in the URL box by conventional means. This makes Drawbridge customers the only internet users who can rely on the contents of their URL box with some certainty.