Friday, December 6, 2013

Five free Firefox add-ons for the security conscious user

There are always ways to improve the already outstanding security in the Firefox browser with add-ons.

If you are a serious browser/user of the web, you know Mozilla Firefox is tops when it comes to remaining secure. But even Firefox is not perfect. There are always ways to improve the already outstanding security in the open source browser with add-ons. The Firefox add-on library is massive and includes nearly any additional feature you could want. Included in the library is an ever-growing number of security add-ons. For those that do not want to wade through the tide of installable features, I have brought together five of my favorite security add-ons for Firefox. With these five added features, you should find that Firefox will meet your highest security standards (within reason of course).
Each of these add-ons are free and can be found (and installed) from Firefox's add-ons manager.

Five apps

1. NoScript Security Suite

NoScript Security Suite is one of the best ways to prevent JavaScript, Java, Flash, Silverlight, and other executable content from running within non-trusted domains. With this add-on you can dictate the domains which are allowed to run executable content. This add-on goes a long way to prevent cross-site scripting attacks, cross-zone DNS rebinding, router hacking, and Clickjacking. Domains can be blocked permanently or on a temporary basis (Figure A).

Figure A

Quickly add sites to either white or black list from the options menu.
NoScript can whitelist or blacklist a domain for easy configuration and control. Once installed, you will also find a number of ads get caught up in the blocking – making your browsing faster and more secure. NoScript has plenty of options available, ranging from the simple to complex (Figure B).

Figure B

Plenty of options available in NoScript.

2. LastPass Password Manager

LastPass Password Manager is for anyone who needs to be able to keep the only kind of truly secure passwords – those you cannot remember. For that type of password, you need a password manager. But why bother installing yet another tool to have to open from your Dash, Start Menu, or Tiles? Instead, add LastPass Password Manager and gain access to that ever-burgeoning list of passwords. You do have to create an account with LastPass. During the setup of LastPass, you set up your account (make sure you use a strong password here – Figure C) and disable Firefox's insecure password manager.

Figure C

Setting up your account for LastPass.
During the setup of LastPass, you can even set up a profile which will be used when filling in forms (Figure D) – which is much more secure than having the browser retain your form information.

Figure D

Set up a profile which will be used when filling in forms.

3. HTTPS Everywhere

HTTPS Everywhere is a means to force your browser to use HTTPS with all sites that support secure HTTP. Some users don't realize the difference between HTTP and HTTPS; including this extension on your end-users browser will ensure you do not have to concern yourself with educating them on the difference or how to point their browsers to the secure version of a site. You will notice the included link does not direct to the Firefox Extension page, but to the page. This was due to a Firefox policy. Hopefully the extension will find its way back to the Extension page soon. Upon reboot (after installation), you will be prompted to opt into the SSL Observatory (Figure E).

Figure E

Opting into the SSL Observatory.
Once installed, you will find a menu to the right of the address bar, where you can gain quick access to the HTTPS Everywhere features. One of the more important features is the Enable/Disable Rules (Figure F).

Figure F

Enabling and disabling rules with HTTPS Everywhere.
You can enable/disable HTTPS Everywhere for all included sites in the Rules window.

4. AdBlock Plus

AdBlock Plus is one of the first add-ons you should include with Firefox. If you find advertising slows down your browsing, it's possible that reduction in speed is caused by advertising. Or, if you're trying to find that tool to install, but get confused by the Download buttons created by advertisements, it's time to take control. To curtail this behavior, install AdBlock Plus. With this add-on you can blacklist and whitelist specific advertisers. This, of course, is a tricky proposition, as many of the sites you visit are able to offer you free content thanks to the ads on the site. So take that into consideration when you begin blacklisting sites. It is also possible to block known malware domains (Figure G).

Figure G

Blocking malware and removing social networking buttons with Adblock Plus.
From within the add-on preferences, you can easily add filter subscriptions (Figure H).

Figure H

Just remember to keep the Allow some non-intrusive advertising box checked.

5. Disconnect

Disconnect prevents tracking by 2,000+ third-party sites. With this easy add-on you can stop ad trackers, social widgets, and most other tracking tools before they load. This will not only speed up your browsing, it will also effectively prevent those endless attempts at tracking everything you do on the web. As you use your "Disconnected" browser, you will get immediate feedback on what is trying to track you (Figure I).

Figure I

The disconnect tracking window.
After visiting a single page (clicked from within Facebook), Disconnect caught 20 attempts at tracking and sped up the page load by 6% (Figure J).

Figure J

Results of Disconnect blocking tracking elements.

Bottom line

If you're looking to gain an edge on security within your Firefox browser, add one or more of these add-ons and see if you're not happier with the level of gained security. Each of these offers a unique addition to the open source browser, extending the capabilities and security to a more acceptable level.