Modifying security and privacy settings in Safari 5 and 6
On this page:
Context
Security professionals recommend that users configure their web browser at the highest possible security setting. The higher the browser's security setting, the less likely malware will be able to infect your computer. However, please note that a higher security setting will also likely cause the browser to warn you more frequently before performing a task on the Internet. |
Security Settings
By default, Safari has security settings enabled. Go to Safari > Preferences > Security
Warning for Fraudulent Sites
To make your browsing experience with Safari extra secure, you want to check the option to Warn when visiting a fraudulent website. When you select this option, Safari displays a warning message when you attempt to visit a website that has been reported as fraudulent.
Disabling Plug-ins, Java and JavaScript
You can enable various plug-ins and Java or JavaScript features to enhance your web browsing experience. However, many plug-ins and scripts can contain malware. To protect yourself you can turn these features off and enable them just when you need them.
- Plug-ins: third-party plug-ins display multimedia content on web pages, such as video, audio, and images.
- Java: some animated websites, interactive features, timers, and other site enhancements on web pages are sometimes provided by Java.
- JavaScript: this software technology allows some buttons, online forms, and other web page content to work properly.
Blocking Pop-Up Windows
We recommend checking the option for Block pop-up windows, which could possibly contain a Trojan or link you to an infected site. When selected, this option blocks most ads, files and forms displayed in pop-up windows.
Please note that some MIT websites, including eCAT and the MIT Learning Center, recommend temporarily allowing pop-ups in order to allow for full functionality when using those sites.
Privacy Settings
For Safari privacy settings, go to Safari > Preferences > Privacy
Clearing out Cookies
Cookies are used by websites to "remember" you when you return to that site later. Cookies can not contain viruses.
Cookies are placed on your computer by the sites you visit and are for the most part harmless, but could be used by someone to put unwanted content on your computer or to steal your information. Because cookies recognize what you did the last time you visited the site, they also enable advertisers to target their ads more effectively. Any personal information that you give to a Web site, including credit card information, will most likely be stored in a cookie unless you have turned off the cookie feature in your browser. In this way cookies are a threat to privacy. The cookie will only contain information that you freely provide to a website.
To remove all cookies and other website data from your Mac, click Remove All Website Data.... If you want to block Safari from storing cookies you can select to Never block, Always block, or to only block cookies From third parties and advertisers. Please note that eCAT requires you to allow Safari to store cookies, either temporarily or permanently, in order to allow for full functionality when using that site.
Location Services
Some websites try to access your Mac's location in order to offer location-specific features and services. In order to prevent websites that you visit from accessing your location, you can ask Safari to prompt you daily for a site to have permission to access your location or you can deny websites from accessing your location entirely.
Website Tracking and Search Suggestions (Safari 6)
To protect your privacy, we recommend checking Ask websites not to track me and Prevent search engine from providing suggestions.
Note: These two options are only present in Safari 6.
AutoFill Settings
Autofill on forms is another feature in browsers that can compromise your privacy and security. Go to Safari > Preferences > AutoFill.
Having online forms automatically populate can put you at risk if the forms request sensitive information (like a password). Others who use your computer could access information only you are authorized to have access to (like a personal bank account). AutoFill preferences allow you to select whether web forms automatically are filled.
- Using info from my Address Book/Contacts card: This fills any web form with your address, phone number and whatever other information you have stored in your Address Book/Contacts application.
- User names and passwords: This automatically puts your user name and password in forms to access secure information (it is recommended to deselect this check box to keep your user names and passwords safe).
- Other forms: To have any web form remember information you enter, select this box. Click edit to view the sites where your saved information resides. Deselect this box if you don't want any forms to remember your information.