10 Firefox extensions that enhance security

By Michael P. Kassner

Compromising Web sites has become cybercriminals’ favorite method to get malware installed on computers. Here are 10 ways to beef-up Firefox, making it more difficult for the bad guys.

How Firefox gets better

Mozilla Firefox is a good browser to start with, but third-party extensions make it great. That’s especially apparent when it comes to Web browser security as shown by the following add-ons.

1: NoScript

If you only install one extension, make sure it’s NoScript. By default, it blocks all scripts, a good thing. That’s because bad guys love to use scripts to install malware. This way, you decide whether JavaScript, Java, and other content are allowed to run.

2: BetterPrivacy

Several members recommended BetterPrivacy as the best way to control Flash cookies. Flash cookies are difficult to remove, do not expire, and can recreate deleted HTTP cookies. After much testing, I know BetterPrivacy works. Whereas controlling Flash cookies using Adobe’s Web site is questionable.

3: AddBlock Plus

I must confess, AddBlock Plus is not a security add-on. But, I would not surf the Web without it. It’s awesome; blocking all ads, especially those bandwidth-hogging banner ads. Web pages pop up almost immediately. Try it once and you will be convinced.

4: Perspectives

Chad Perrin and I, along with many other security advocates have written about Perspectives. Anything that reduces the likelihood of TLS/SSL "Man-in-the-Middle" attacks (think identity theft) is important. It’s not perfect, but should be in your arsenal, warning you when something is not right.

5: SSL Blacklist

SSL Blacklist segues with Perspectives, helping to keep your TLS/SSL experience (again think identity theft) safe. It does this by detecting weak or revoked certificates. Both of which should be a concern. SSL Blacklist also checks if the certificate was built using the vulnerable MD5 hash algorithm, another huge security weakness.

6: WOT

WOT is an add-on from Web of Trust Services. It is an up-to-date aggregation of spam and phishing blacklists. WOT ranks search entries according to their trustworthiness, vendor reliability, privacy, and child safety. Bottom line, if WOT flags a Web site as bad, you should take notice.

7: PhishTank SiteChecker

PhishTank SiteChecker is a Firefox add-on using an API provided by PhishTank and its active anti-phishing community. Once installed, the add-on will block access to what PhishTank considers potential phishing Web sites, giving the user the option to continue or not.

Note:

WOT and PhishTank SiteChecker are similar in what they do. Yet they do not always agree. I don’t see a problem using both, more information permits better decisions.

8: TrackerWatcher

Privacychoice has developed Trackerwatcher, a unique add-on that allows you to see what’s going on behind the scenes. Trackerwatcher will inform which advertising networks are providing ad content to the Web site you are currently visiting, if they are using behavioral targeting, and how to opt-out.

9: BugMeNot

BugMeNot is a unique add-on. Its main purpose is to eliminate advertising spam from Web sites that require registering. If a Web site requests information, activate the add-on. It will check BugMeNot.com’s extensive database. If registration information is available, BugMeNot will populate the form, allowing you to continue on while remaining anonymous.

10: Xmarks

Xmarks is not a security extension, but it is one helpful add-on. Trying to keep bookmarks synchronized on several computers is a pain. Xmarks does it for you. Install it and get rid of the frustration.

Final thoughts

Firefox is my Web browser of choice. I also use all of the extensions I recommended. If pushed, I would admit that NoScript, BetterPrivacy, and AddBlock Plus are the ones I consider most important. That said, if I missed your favorite security extension, please let me know.