10 Things

Host: Jody Gilbert, Senior Editor Contact

10 Firefox extensions that enhance security

Date: November 12th, 2009
Author: Michael Kassner
Category: 10 things, Security
Tags: Web, Advertisement, Firefox Extension, Web Site, SSL, Add-on, Compromising Web Site, Flash Cooky, Phishing, Cyberthreats

70 comment(s)

Compromising Web sites has become cybercriminals’ favorite method of getting malware installed on computers. Here are 10 ways to beef-up Firefox, making it more difficult for the bad guys.

Mozilla Firefox is a good browser to start with, but third-party extensions make it great. That’s especially apparent when it comes to Web browser security, as shown by the following add-ons.

Note: This article is also available as a download that includes a PDF version and a PowerPoint presentation.

1: NoScript

If you install only one extension, make sure it’s NoScript. By default, it blocks all scripts — a good thing. That’s because bad guys love to use scripts to install malware. This way, you decide whether JavaScript, Java, and other content are allowed to run.

2: BetterPrivacy

Several members recommended BetterPrivacy as the best way to control Flash cookies. Flash cookies are difficult to remove, do not expire, and can re-create deleted HTTP cookies. After much testing, I know BetterPrivacy works, whereas controlling Flash cookies using Adobe’s Web site is questionable.

3: AdBlock Plus

I must confess, AdBlock Plus is not a security add-on. But I would not surf the Web without it. It’s awesome, blocking all ads, especially those bandwidth-hogging banner ads. Web pages pop up almost immediately. Try it once and you will be convinced.

4: Perspectives

Chad Perrin and I, along with many other security advocates have written about Perspectives. Anything that reduces the likelihood of TLS/SSL “Man-in-the-Middle” attacks (think identity theft) is important. It’s not perfect, but it should be in your arsenal, warning you when something is not right.

5: SSL Blacklist

SSL Blacklist segues from Perspectives, helping to keep your TLS/SSL experience (again, think identity theft) safe. It does this by detecting weak or revoked certificates. Both of which should be a concern. SSL Blacklist also checks if the certificate was built using the vulnerable MD5 hash algorithm, another huge security weakness.

6: WOT

WOT is an add-on from Web of Trust Services. It is an up-to-date aggregation of spam and phishing blacklists. WOT ranks search entries according to their trustworthiness, vendor reliability, privacy, and child safety. Bottom line: If WOT flags a Web site as bad, you should take notice.

7: PhishTank SiteChecker

PhishTank SiteChecker is a Firefox add-on using an API provided by PhishTank and its active anti-phishing community. Once installed, the add-on will block access to what PhishTank considers potential phishing Web sites, giving the user the option to continue or not.

Note: WOT and PhishTank SiteChecker are similar in what they do. Yet they do not always agree. I don’t see a problem using both; more information permits better decisions.

8: TrackerWatcher

Privacychoice has developed Trackerwatcher, an add-on that allows you to see what’s going on behind the scenes. Trackerwatcher will tell you which advertising networks are providing ad content to the Web site you are currently visiting, if they are using behavioral targeting, and how to opt out.

9: BugMeNot

BugMeNot is a unique add-on. Its main purpose is to eliminate advertising spam from Web sites that require registering. If a Web site requests information, activate the add-on. It will check BugMeNot.com’s extensive database. If registration information is available, BugMeNot will populate the form, allowing you to continue while remaining anonymous.

10: Xmarks

Xmarks is not a security extension, but it is one helpful add-on. Trying to keep bookmarks synchronized on several computers is a pain. Xmarks does it for you. Install it and get rid of the frustration.

Final thoughts

Firefox is my Web browser of choice. I also use all of the extensions I recommended. If pushed, I would admit that NoScript, BetterPrivacy, and AddBlock Plus are the ones I consider most important. If I missed your favorite security extension, please let me know.

Check out 10 Things… the newsletter

Get the key facts on a wide range of technologies, techniques, strategies, and skills with the help of the concise need-to-know lists featured in TechRepublic’s 10 Things newsletter, delivered every Friday. Automatically sign up today.

Michael Kassner has been involved with with IT for over 30 years. Currently a systems administrator for an international corporation and security consultant with MKassner Net. Read his profile or Twitter at MKassnerNet.

Print/View all Posts Comments on this blog

If you use Firefox, you need these add-ons Michael Kassner | 11/12/09

Verify Redirect for Firefox keith.mendoza | 11/12/09

Thanks, Keith Michael Kassner | 11/12/09

Re: Thanks, Keith keith.mendoza | 11/12/09

That is great Michael Kassner | 11/12/09

You're welcome keith.mendoza | 11/13/09

Verify Redirect now in Public keith.mendoza | 11/20/09

AVG Safe Surf melekali | 11/18/09

Re:Web of Trust ... techrepubliclist@... | 11/18/09

Added some of those recommended add ons anderson_don@... | 11/22/09

self-referential complaint mirossmac2@... | 11/23/09

I am as well Michael Kassner | 11/24/09

They all are Michael Kassner | 11/24/09

Link Extend is better... JCitizen | 11/24/09

Better Privacy cp7212 | 11/19/09

Sorry about that Michael Kassner | 11/19/09

No problem cp7212 | 11/20/09

Use CCleaner... JCitizen | 11/24/09

Ghostery m@... | 11/25/09

Flashblock add-on to stop flash from running Servicemaster | 12/08/09

RE: 10 Firefox extensions that enhance security ChromeToaster | 11/12/09

You will Michael Kassner | 11/12/09

Sure. Anything with scripts will trigger a warning. seanferd | 11/12/09

I love that granularity!!.. JCitizen | 11/24/09

NoScript artlife | 11/18/09

It certainly is Michael Kassner | 11/18/09

This is one I install for customers ... Fionnmaccumhailus | 11/19/09

I usually Michael Kassner | 11/20/09

Is double clicking... JCitizen | 11/24/09

Excellent point... JCitizen | 11/24/09

RE: 10 Firefox extensions that enhance security mirossmac2@... | 11/18/09

Oops Michael Kassner | 11/18/09

While we're at it.. JCitizen | 11/24/09

I remember Michael Kassner | 11/24/09

It's a real winner of a list... JCitizen | 12/09/09

Adblock works for me alewisa | 11/18/09

Exactly Michael Kassner | 11/18/09

ABP seemed to block desirable content DavidPh | 11/18/09

AdBlock does as well Michael Kassner | 11/18/09

If you check your ABP host file... JCitizen | 11/24/09

I dont want to block ALL ads, I WANT some ads. PhilippeV | 11/19/09

Not at all, Philippe Michael Kassner | 11/19/09

Looks like you mean AdAware... JCitizen | 11/24/09

Please see this post.. JCitizen | 11/24/09

Does anyone remember dial-up? rngunter@... | 11/18/09

28.8 max was just a couple years ago K12Linux | 11/18/09

Sure do Michael Kassner | 11/18/09

You'd probably not be surprised... JCitizen | 11/24/09

Password Hasher Scott.Geiger | 11/18/09

It is Michael Kassner | 11/18/09

Got a better one.. JCitizen | 11/24/09

RE: 10 Firefox extensions that enhance security lldice | 11/18/09

Thanks Michael Kassner | 11/18/09

RE: 10 Firefox extensions that enhance security turtlewalker | 11/18/09

I am looking at it Michael Kassner | 11/18/09

AdBlock as a Security Feature rname@... | 11/20/09

I agree completely Michael Kassner | 11/20/09

Any Ill Effects from AdBlock? rname@... | 11/20/09

Appreciate your input Michael Kassner | 11/20/09

Didn't I just see... JCitizen | 11/24/09

Me too!... JCitizen | 11/24/09

CookieSafe and LinkAlert Fionnmaccumhailus | 11/19/09

True Michael Kassner | 11/19/09

Works for me Fionnmaccumhailus | 11/19/09

hosts.zip m@... | 11/24/09

Thanks, M Michael Kassner | 11/24/09

From my experience... JCitizen | 11/24/09

THAT'S THE ONE!!! JCitizen | 11/24/09

Sounds like a couple of good'uns.. JCitizen | 11/24/09

WOT --- NOT to be trusted. deepsand | 01/04/10

White Papers, Webcasts, and Downloads

Driving business agility through SOA connectivity and integration IBM Corp. This paper describes some of the business and IT issues that enterprises ... Download Now
Nucleus Research Guidebook: Leveraging Value from SAP with IBM Cognos IBM Are you an SAP user preparing to invest in business intelligence (BI) or ... Download Now
The Journey Along an Information-Led Transformation IBM Corp. The cost of embedding information technology into every device we ... Download Now

Top Rated

10 things you should never do on a consulting job+103 votes
10 reasons why I'll be passing on the iPad+97 votes
10 phrases that can change your career+23 votes
10 great new features in OWA 2010+22 votes
10 essential items for onsite tech jobs+22 votes
10 technology traps your users should watch out for+21 votes
10 reasons why you should begin phasing out Exchange public folders+16 votes
10 Google Chrome extensions worth checking out+15 votes

TechRepublic Blogs

500 Things Every Technology Professional Needs to Know: Did you know Microsoft's RegClean does not work with XP but you can use shareware to clean your registry? Did you know most wireless access points don't have encryption enabled by default? Did you know there are 500 tidbits of information contained in TechRepublic's 500 Things Every Technology Professional Needs to Know that will help you become a successful IT professional.; Buy Now

IT Professional's Guide to Policies and Procedures, Third Ed: Whether you're creating policies for management, training, personnel, support, privacy, Internet/e-mail usage, security, or inventory, you'll meet the needs of your entire enterprise with this one download!; Buy Now