1. Technical Field
The present invention relates generally to improved security management for a browser, and in particular, to a computer implemented method for managing the security database of a browser.
2. Description of Related Art
The Internet is a global system of interconnected computer networks that use standards based protocols to serve a variety of content to billions of users worldwide. The World Wide Web, or Web, is one of the services communicated via the Internet. The Web is a collection of interconnected content delivery units, for example web pages, linked by links, which include Uniform Resource Identifiers (“URIs”). URIs are classified as Uniform Resource Locators (“URLs”), as Uniform Resource Names (“URNs”), or both. A URL resembles a person's street address while a URN functions like a person's name.
A URL has a syntax and includes the protocol used to transfer data (e.g. http:, https: or ftp:), a server name and domain name used to identify the address of the server containing a webpage, a directory and subdirectory on the server, and filename and filetype of the content delivery unit. The form used for these URL addresses is protocol://servername.domainname/directory/subdirectory/filename.filetype. A domain name may be a host name that identifies Internet Protocol (IP) resources such as websites and may be used as an identification label to indicate ownership or control of a resource. Domain names are formed by the rules and procedures of the domain name system (DNS). A content delivery unit located at the address identified by a URL may be a web page, an image, a video, or other discrete piece of content. A web browser is used to retrieve, present, and traverse the interconnected content delivery units on the Web.
The Web has become a pathway for spreading malware and carrying out cybercrime such as identity theft, fraud, espionage and intelligence gathering. Content delivery units on the Web are frequent sources of infection of personal computers by malware, spyware, worms, viruses, and other unwanted and/or dangerous programs. Because of the malware and cybercrime on the Web, many web browsers contain security features to attempt to prevent or reduce the risk of infection and criminal activity.
Some web browsers, such as Internet Explorer (IE), have a security feature whereby a user can set different security policies or levels for specific web sites (Internet Explorer is a registered trademark of Microsoft Corporation, in the United States and other countries). For unknown or unfamiliar web sites, a strict security policy is recommended to prevent or disable potentially dangerous features, such as ActiveX, JavaScript, automatic redirection to another web site, outsourcing some of the website's functionality to another website, or automatic installation of new software that a cybercriminal could exploit (ActiveX is a registered trademark of Microsoft Corporation, in the United States and other countries; JavaScript is a registered trademark of Sun Microsystems, Inc., or Oracle Corporation, in the United States and other countries). However, a more relaxed, less strict security policy for a trusted or known information resource is often needed to enable the full functionality of the features found in many modern web sites.
IE allows a user, through a series of menus, to store a URL for any specific website in a security database and assign one of several predefined security levels for that URL. The user may repeat this process for other URLs over time, thereby building the security database. The user may then enable or disable specific web site features for each predefined security level. There is a plug-in feature for Firefox called NoScript which allows a user to assign the URL of the currently accessed webpage to a single predefined “trusted” security status by pressing/clicking a button on a tool bar. As a result, the currently accessed webpage is enabled full functionality. The user may repeat this process for other webpages accessed by the user. As a result, when a user accesses one of these “trusted” webpages again, the system remembers the previously assigned “trusted” security status for the URL of that webpage and again enables full functionality for that webpage.