How does the World-Wide Web work?

printer-friendly page

How does the World-Wide Web Work?

The World-Wide Web is a part of the Internet that conveys information by means of sound, graphics, text, video, animation and interactivity. Navigation uses a system of hyperlinks: when users click on a linked word or graphic they are taken to another place.

Web documents are written in a coding language called HTML, Hypertext Markup Language. A software program known as a Web browser reads the HTML and translates it into what you see on your computer screen. Popular Web browsers include Microsoft Internet Explorer, Netscape/Mozilla/Firefox, Opera, and Safari.

All of the material on the World-Wide Web is actually physically living on a Web server. A Web server is a computer on the Internet that makes information available to other computers, via hypertext transfer protocol.

Browser Runs on these operating systems Notes

Microsoft Internet Explorer Microsoft Windows and Mac OS Most popular browser for Windows, though Firefox is eating into its market share. Microsoft no longer makes this browser for Mac OS. Because this browser is the most common Windows browser and because it is tied directly into that operating system, it's a favorite target for virus writers and other security breaches, Currently, MSIE is a full release behind the others, and as a result it doesn't render some of the more advanced Cascading Style Sheets (CSS) as well.

Netscape MS Windows, Mac OS, Linux, Unix, and most others Netscape uses the Mozilla browser code (see below) with lots of proprietary AOL content added

Mozilla and Firefox MS Windows, Mac OS, Linux, Unix, and most others Open-source "guts" of the Netscape browser, but considerably smaller, faster, and more up-to-date.

Opera MS Windows, Mac OS, Linux, Unix, and most others, including several cell phones and PDAs Smallest, fastest, and most standards-compliant of the major browsers. Mac versions tend to lag behind Windows and Linux versions in development. Opera is by far the most popular browser for cell phones, which in a few years are expected to eclipse computers as the most common way of accessing the Web.

Safari Mac OS X Newest of the major browsers; of note because, like Internet Explorer, it's written by the same people who wrote the operating system (Apple Mac OS X, in this case).

AOL MS Windows, Mac OS. AOL subscribers only. A modified version of MS Internet Explorer, with some functionality removed and some proprietary AOL functions added. Of note because millions of people (many of whom are new to the Internet or not very technically savvy) use it.

Security--Browsing Safely: Understanding Active Content and Cookies

The following information is quoted from CERT at Carnegie Mellon University. Copyright info etc. is at the end of the article.

Many people browse the Internet without much thought to what is happening behind the scenes. Active content and cookies are common elements that may pose hidden risks when viewed in a browser or email client.

What is active content?

To increase functionality or add design embellishments, web sites often rely on scripts that execute programs within the web browser. This active content can be used to create "splash pages" or options like drop-down menus. Unfortunately, these scripts are often a way for attackers to download or execute malicious code on a user's computer.

* JavaScript - JavaScript is just one of many web scripts (other examples are VBScript, ECMAScript, and JScript) and is probably the most recognized. Used on almost every web site now, JavaScript and other scripts are popular because users expect the functionality and "look" that it provides, and it's easy to incorporate (many common software programs for building web sites have the capability to add JavaScript features with little effort or knowledge required of the user). However, because of these reasons, attackers can manipulate it to their own purposes. A popular type of attack that relies on JavaScript involves redirecting users from a legitimate web site to a malicious one that may download viruses or collect personal information.

* Java and ActiveX controls - Different from JavaScript, Java and ActiveX controls are actual programs that reside on your computer or be downloaded over the network into your browser. If executed by attackers, untrustworthy ActiveX controls may be able to do anything on your computer that you can do (such as running spyware and collecting personal information, connecting to other computers, and potentially doing other damage). Java applets usually run in a more restricted environment, but if that environment isn't secure, then malicious Java applets may create opportunities for attack as well.

JavaScript and other forms of active content are not always dangerous, but they are common tools for attackers. You can prevent active content from running in most browsers, but realize that the added security may limit functionality and break features of some sites you visit. Before clicking on a link to a web site that you are not familiar with or do not trust, take the precaution of disabling active content.

These same risks may also apply to the email program you use. Many email clients use the same programs as web browsers to display HTML, so vulnerabilities that affect active content like JavaScript and ActiveX often apply to email. Viewing messages as plain text may resolve this problem.

What are cookies?

When you browse the Internet, information about your computer may be collected and stored. This information might be general information about your computer (such as IP address, the domain you used to connect (e.g., .edu, .com, .net), and the type of browser you used). It might also be more specific information about your browsing habits (such as the last time you visited a particular web site or your personal preferences for viewing that site).

Cookies can be saved for varying lengths of time:

* Session cookies - Session cookies store information only as long as you're using the browser; once you close the browser, the information is erased. The primary purpose of session cookies is to help with navigation, such as by indicating whether or not you've already visited a particular page and retaining information about your preferences once you've visited a page.

* Persistent cookies - Persistent cookies are stored on your computer so that your personal preferences can be retained. In most browsers, you can adjust the length of time that persistent cookies are stored. It is because of these cookies that your email address appears by default when you open your Yahoo or Hotmail email account, or your personalized home page appears when you visit your favorite online merchant. If an attacker gains access to your computer, he or she may be able to gather personal information about you through these files.

To increase your level of security, consider adjusting your privacy and security settings to block or limit cookies in your web browser. To make sure that other sites are not collecting personal information about you without your knowledge, choose to only allow cookies for the web site you are visiting; block or limit cookies from a third-party. If you are using a public computer, you should make sure that cookies are disabled to prevent other people from accessing or using your personal information.
_________________________________________________________________

Authors: Mindi McDowell
_________________________________________________________________

http://www.us-cert.gov/cas/tips/ST04-012.html

Copyright 2004 Carnegie Mellon University.

Terms of use: http://www.us-cert.gov/legal.html

Browser	Runs on these operating systems	Notes
Microsoft Internet Explorer	Microsoft Windows and Mac OS	Most popular browser for Windows, though Firefox is eating into its market share. Microsoft no longer makes this browser for Mac OS. Because this browser is the most common Windows browser and because it is tied directly into that operating system, it's a favorite target for virus writers and other security breaches, Currently, MSIE is a full release behind the others, and as a result it doesn't render some of the more advanced Cascading Style Sheets (CSS) as well.
Netscape	MS Windows, Mac OS, Linux, Unix, and most others	Netscape uses the Mozilla browser code (see below) with lots of proprietary AOL content added
Mozilla and Firefox	MS Windows, Mac OS, Linux, Unix, and most others	Open-source "guts" of the Netscape browser, but considerably smaller, faster, and more up-to-date.
Opera	MS Windows, Mac OS, Linux, Unix, and most others, including several cell phones and PDAs	Smallest, fastest, and most standards-compliant of the major browsers. Mac versions tend to lag behind Windows and Linux versions in development. Opera is by far the most popular browser for cell phones, which in a few years are expected to eclipse computers as the most common way of accessing the Web.
Safari	Mac OS X	Newest of the major browsers; of note because, like Internet Explorer, it's written by the same people who wrote the operating system (Apple Mac OS X, in this case).
AOL	MS Windows, Mac OS. AOL subscribers only.	A modified version of MS Internet Explorer, with some functionality removed and some proprietary AOL functions added. Of note because millions of people (many of whom are new to the Internet or not very technically savvy) use it.