CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
CERIAS Logo
Purdue University
Center for Education and Research in Information Assurance and Security

More Useful Firefox Security Extensions

Share:

As promised, I’m following up my previous post about security extensions for Firefox with suggestions from readers.  Some of these are basically different solutions to similar problems—which is great, because some users will prefer one approach over another.  A couple of these are very useful, though, and should be considered essential parts of a secure browsing platform.  And one seems very useful, but raises privacy issues that are a little troubling.

(An aside: I wonder if a “more secure” version of Firefox is being built and distributed by someone, one that includes some of these extensions out of the box.  If so, give us a heads-up.)

  • McAfee SiteAdvisor

    McAfee SiteAdvisor, started at MIT, is a project to classify the “safety” of a site into green (safe), yellow (caution) and red (warning) categories.  Testing is done by a system of bot programs that interact with web sites, doing things like submitting email signup forms, testing downloads for adware and viruses, and looking at the safety levels of linked sites.  Users can also submit reports manually.

    The safety level of a site is displayed as a button in Firefox’s status bar, which I’m not sure was the best place.  My eyes tend to spend more time at the top half of my browser window (maybe because I have 1920x1200 display), so more often than not I found myself forgetting that I had SiteAdvisor installed.  I would have appreciated an option for display as a toolbar, like Netcraft’s extension.

    McAfee SiteAdvisor info in Google search resultsI did, however, really dig the integration with search result pages from Google, Yahoo! and MSN.  Links to result pages—even sponsored links—have a green, yellow or red icon appended to the end, and mousing over the icon displays a popup with additional info.  This was very clear and easy to grasp without being intrusive or overbearing.

    (McAfee also maintains a SiteAdvisor blog that’s quite interesting.)

  •  

     

  • Stanford SafeCache and SafeHistory

    SafeCache and SafeHistory are extensions developed to address methods where users can be tracked via browser features that don’t apply a “same origin” policy: specifically the browser cache and browsing history.  Details of this problem are available at at Same Origin Policy: Protecting Browser State from Web Privacy Attacks, a report created by the Stanford Security Lab.  It’s a good read.

    The SafeCache and SafeHistory extensions apply a proper “same origin” policy to these features, only allowing access to scripts that originate from the same domain as the cached content/history info.  This isn’t perfect, as “cooperative” tracking where two sites pass info back and forth between each other isn’t addressed, but it’s certainly better than the current situation for out of the box browser installs.  Honestly, this is something I think should be a default part of every browser install, because it’s a significant security hole that needs to be addressed.  I hope that the Firefox, IE, Safari and Opera devs are addressing these problems.

  • Netcraft Toolbar

    The Netcraft Toolbar is a useful anti-phishing tool.  A “risk rating” is calculated for your current site’s domain based on criteria like the age of the domain, known phishing sites within the domain, the ISP’s history re: phishing sites, and the like.  Additional info, such as the site’s age and ISP, are displayed in the toolbar, linked to more detailed data on Netscraft’s site.

    What’s a bit worrisome about the Netcraft Toolbar is its site popularity ranking functionality.  Netcraft appears to keep a database of sites visited by toolbar users to provide popularity data.  Their privacy policy does state that no personal information is collected, but it’s something users should be aware of before installing.

  • PasswordMaker

    The plethora of web-based accounts we maintain can get out of hand quickly, and maintaining separate passwords for each one becomes pretty challenging.  PasswordMaker is an interesting solution to this problem, in that it doesn’t store passwords anywhere, but instead takes a single master password and generates a site-specific password based on 10 criteria, including personal encryption settings and the site itself.  The combination of these criteria makes for an enormous number of possibilties, so typical attacks are not likely to be effective (see their FAQ for more info).  Site passwords are generated on the fly, and are proactively wiped from RAM.  By default it doesn’t store your master password either.

    The program itself isn’t too hard to use, although you’ll probably need to help Grandma get used to it when you set it up for her.  I was able to get it working pretty quickly with some of my existing web app accounts.

    Source code is available (it uses an LGPL license), and versions of PasswordMaker exist for IE, all Mozilla browsers, a Yahoo! Widget, CLI, PHP, and mobile devices.  You can also use an online version if none of those fit the bill.

  • Form SSL Indicator (Greasemonkey script)

    This is a handy Greasemonkey script that scratches an important itch: indicating if a form’s action target is SSL-encrypted.  I liked the implementation here better than the FormFox extension, which pops up a title/alt-style label if you hover over the submission button for a moment.  This script pops up an indicator immediately, and I appreciate the responsiveness.  Still, I wish that the submission button would just have a lock icon layered over it for quicker visual recognition, and this doesn’t do anything for forms with no submission button.

  • Cookie Button

    The Cookie Button extension is really three extensions that offer the same functionality, but in different interface contexts.  All three allow you to quickly see and change the current cookie permissions on a site, with one displaying a Navigation Toolbar button, one adding a right-click context menu, and the third showing a status bar button.  I’m not sure I entirely understand the need to separate these into three different extensions, but it does allow the user to pick the one that best fits his or her interface habits.

  •  

     

  • Prefbar

    Firefox has a bevy of “hidden” preferences, and Prefbar brings them out into the open.  Many of these settings are really a matter of user preference and browser performance, but some—like toggling Javascript, Flash, and User Agent settings, are handy and made much more accessible with this extension.  My personal fav is turning on “Cookie Warning,” which tells you whenever a cookie is being set or modified.  This was one thing I liked about IE’s cookie handling, and I missed it in Firefox.  It’s there in the cookie prefs (set “Keep Cookies” to “ask me every time”), but I didn’t realize how to set it until I researched it a bit—Prefbar made it a lot clearer.

    One little annoyance I found with Prefbar was that it doesn’t seem to “group” itself with the rest of your toolbars.  I like to right-click on on the Navigation Toolbar to swap in and out the 5 or 6 toolbars I have installed, but Prefbar refuses to show up in this list, instead mapping itself to F8 (which will annoy folks who use that key for other functions, like Exposé on OS X), and appearing in the View menu.  *grumble*

  •  

As before, if you have suggestions for useful security/privacy related addons for Firefox, please let me know.

Comments

Posted by Firefox Facts » Useful Security Extensions f
on Tuesday, May 30, 2006 at 04:24 AM

[...] [Check Out the Full List of Security Extensions!]  Gada.be Tags: security, Firefox, extensions, safe, browsing [...]

Posted by Sergio Hernando » Algunas extensiones de seg
on Tuesday, May 30, 2006 at 11:43 AM

[...] Un compendio muy bueno el que publican en CERIAS. Me v

Posted by Donwload Firefox
on Tuesday, June 27, 2006 at 03:32 AM

I recommend to use Firefox, it is the surest browser.

I never had problems with Firefox on the other hand with IE I usually had problems with Spyware and Dialers.

I the following link you can download the Firefox Browser, this version included an orthographic corrector.

<b><a href=“http://www.daniel.prado.name/download-firefox.asp” title=“Download Firefox with the Google Toolbar” rel=“nofollow”>Download Firefox with orthographic corrector </a></b> -> http://www.daniel.prado.name/download-firefox.asp

And the extensions that this article comments are very recommended to install to have a more secure system.

Cheers

Posted by rastaman :: extensiones de seguridad para firefox
on Thursday, July 6, 2006 at 08:03 AM

[...] Un compendio muy bueno el que publican en CERIAS. Me váis a perdonar que sea parco en las explicaciones, pero siguiendo los enlaces os aseguro que os enteraréis bien de las características de cada una de estas extensiones [...]

Posted by firefoXtensions
on Friday, July 21, 2006 at 05:56 AM

<strong>Prefbar te da acceso a características ocultas de seguridad de Firefox</strong>


PrefBar te permite configurar varias características de Firefox que se encuentran ocultas a la mayoría de los usuarios. Incluye botones para activar o desactivar Javascript, colores de la página o ventanas emergentes, limpiar el caché o el histo…

Posted by firefoXtensions
on Saturday, July 22, 2006 at 02:45 AM

<strong>Crea contraseñas más seguras con Password Maker</strong>

Password Maker está pensado para resolverle un problema de seguridad a los usuarios de Internet que usan una sola contraseña para todas las webs en las que están registrados. Esto es lo que comúnmente uno hace, pues es difícil aprenderse un…

Posted by firefoXtensions
on Saturday, July 22, 2006 at 11:53 AM

<strong>SafeCache y SafeHistorial: un poco más de seguridad</strong>

SafeCache y SafeHistorial son un par de extensiones creadas por el Laboratorio de Seguridad de la Universidad de Stanford (EE.UU.), que previenen el uso de tu caché y tu historial despistando a sitios que intenten acceder a estas secciones de tu nave…

Posted by firefoXtensions
on Wednesday, July 26, 2006 at 02:48 AM

<strong>Cookie Button te da control sobre las cookies de un site</strong>

Cookie Button es un botón que simplemente te ofrece las opciones de aceptar o rechazar las cookies que un sitio web intenta almacenar en tu equipo.
(Vía Cerias). 
Cookie Button 0.8.5
...

Posted by firefoXtensions
on Wednesday, July 26, 2006 at 11:17 AM

<strong>Líbrate del phishing con Netcraft</strong>

La barra de herramientas Netcraft te permite reportar casos de phishing. Cada vez que un usuario de la comunidad Netcraft reporta un caso, las URLs asociadas son bloqueadas por la barra, dándote una herramienta de seguridad que se basa en la experien…

Posted by Rate Me
on Saturday, September 23, 2006 at 11:57 AM

Great post. I already use a couple of these extensions, and am currently downloading the ones I don’t use.

In addition, I would recommend TorButton (http://freehaven.net/~squires/torbutton/) which works with Tor (http://tor.eff.org/), a tool for anonymous internet communication. It allows you to switch Tor on/off for Firefox - pretty handy if you are concerned about your privacy on the internet. Also, I would recommend AdBlock (http://adblock.mozdev.org/), not only because it blocks ads, but it can be used to block malicious Flash files.

Posted by More Firefox Security Extensions
on Monday, December 18, 2006 at 05:08 PM

[...] Check out more More Useful Firefox Security Extensions on Cerias [...]

Posted by || Helektron.com || » Algunas extensiones de
on Tuesday, January 2, 2007 at 03:46 AM

[...] Un compendio muy bueno el que publican en CERIAS. Me váis a perdonar que sea parco en las explicaciones, pero siguiendo los enlaces os aseguro que os enteraréis bien de las características de cada una de estas extensiones [...]

Posted by blog.code.ae » Blog Archive » Usefull
on Friday, January 12, 2007 at 10:59 AM

[...] If you are a FireFox user, you might want to check out this post, and this one. [...]

Leave a comment

Commenting is not available in this section entry.