Three Firefox Security & Privacy Add-ons that can Co-exist

While some of us have been lured over to Google Chrome, Mozilla’s Firefox remains the favorite browser here at MUO, and I’m willing to wager that it does so because of near-limitless customization options. We’re also very security-minded as well, so we’ve compiled a brief list of security-conscious Firefox extensions which are compatible with each other. In fact, I can safely say that these are three of the top four extensions under “Security and Privacy” on Mozilla’s Add-Ons site (number four being Xmarks, for reasons uncertain, since it’s a bookmark manager).

1. NoScript

noscriptmenu   Three Firefox Security & Privacy Add ons that can Co exist

Many browser security issues stem from exploits of JavaScript code. NoScript prevents that code from executing, and then notifies you of what code is blocked. You may then add the page to your white-list with a few clicks. That way, you’re protected when browsing unfamiliar sites, but can still check your Gmail and surf Digg.

2. Ad-Block Plus (ABP)

adblockplusfarkscreen   Three Firefox Security & Privacy Add ons that can Co exist

According to Mozilla, this is the #2 favorite add-on (next to FlashGot), and it is for good reason. Ad-Block Plus improves on its predecessor, allowing you to subscribe to a list of advertising codes to block, just like one might subscribe to antivirus updates. Advertisers can potentially track user behavior across the Web, and it’s no surprise that many users don’t like that. Like NoScript, ABP can be disabled for specific sites and pages. ABP will block 99% of the ads out there. And as a bonus, pages should render much faster.

3. Web of Trust (WOT)

wotgoogleresults   Three Firefox Security & Privacy Add ons that can Co exist

My new favorite! WOT adds an extra layer of protection to your browser, utilizing users ratings to show you, at a glance, which sites are OK and which ones should be left unclicked. WOT can enhance search results and links on AOL, Ask, Bing, Delicious, Digg, Dogpile, Google, Gmail, Mahalo, Wikipedia, Hotmail, Yahoo, DMOZ and Reddit, among others.

wotinitialsettings   Three Firefox Security & Privacy Add ons that can Co exist

Above is the first screen you’ll see after installing WOT. WOT can be as intrusive as you wish, and also be used to block kids’ access to unsafe sites.

wotpoorrap   Three Firefox Security & Privacy Add ons that can Co exist

Above is an example of Firefox viewing a site which has been rated poorly by WOT users. You can still go to the site, but I wouldn’t recommend doing so.

NoScript, Ad-Block Plus, and Web of Trust take only moments to install, but will help keep their users safe from many of the Web’s seedier elements. We welcome any suggestions you may have of additions to this list are welcome, in the comments below.

For more posts on security and privacy online, do read:

10+ Best Firefox Security and Privacy Addons
7 Essential Security Downloads You MUST Have Installed
Detect Fake Antivirus software & Spyware Removal programs
Things To Know When Using a WiFi Hotspot Or a Public PC

The comments were closed because the article is more than 180 days old.

If you have any questions related to what's mentioned in the article or need help with any computer issue, ask it on MakeUseOf Answers—We and our community will be more than happy to help.

15 Comments -

0 votes

Lockszmith

How about Finjan SecureBrowsing? (securebrowsing.finjan.com)

Full disclosure: I work for Finjan.

Never the less, I do think it’s one of the best offerings out there for free, you get a taste of a brilliant idea – the static behavior analysis – which beats any signature based anti-virus out there.

I didn’t invent it, I just like the logic behind it.

0 votes

jollyrogue

I use Mcafee siteAdvisor rather than WOT

0 votes
0 votes

0d3

I would consider twice before using NoScript after this: adblockplus.org/blog/attention-noscript-users

The trust of the users can be lost only once…

0 votes

sanityvoid

you should at least be able to hear the other side of the story. 3 sides to a story remember.

hackademix.net/2009/05/04/dear-adblock-plus-and-noscript-users-dear-mozilla-community/

0 votes

Deborah

Thank you for including WOT on this list of security essentials. We believe that having a layered approach for your PC’s security is the most effective way to stay protected. Web of Trust offers frontline protection to help Internet surfers avoid clicking on risky websites when searching, browsing or shopping on the Web.

Thanks to Mozilla as well for including WOT on their recommended add-ons list.

Safe surfing,
Deborah

0 votes

CGA

Whenever I try out some new version of Noscript I always end up uninstalling it. It’s just to much of a PITA to use.

0 votes

Stardance

If you think using NoScript is a PITA, just wait until your computer system is “infected” by malware — especially something that 20+ anti-malware “scanners” (e.g., Panda Online) cannot detect, let alone identify and remove. Even if they can identify and remove it, your system is not necessarily “made whole again”.

If they can’t, then you have a long week ahead of you, beginning with about 8 to 12 hours or more (depending upon the size of the HDD) of running Darik’s Boot And Nuke (DBAN) to replace everything that the HDD contains with a series of random bytes. And you know what follows that, don’t you??

(No, not a call to a suicide prevention hotline, though you might feel like making one after a while.)

0 votes

Mary

Adblock plus is neat. I also like Billeo. It’s a free add-on that manages passwords, saves receipts and auto fills forms. No security issues as the tool is VeriSign secured and TRUSTe certified.
https://addons.mozilla.org/en-US/firefox/addon/12715

0 votes

Pikadude No. 1

I hate reading “Use NoScript or you WILL get infected!” I know the Web from a Web developer’s perspective, and let me say two things about active content (the sort of stuff that NoScript blocks):

1. It may be the most oft-used means of attack, but it’s far from the only one. I’ve seen security flaws that could be exploited by malformed images, and one that could be exploited by really long URLs. So if you want to stay perfectly safe, what you really need are tools to help you never land on a malicious site in the first place.

2. An expert Web developer is trained to a. use JavaScript to make things more convenient wherever possible, and b. when JavaScript is not available, have Web pages degrade gracefully and reduce functionality instead of complaining that JavaScript is missing. So by indiscriminately blocking active content, you may be missing out on numerous conveniences and you’ll never know they were there. For example, Simple Machines Forum, a freeware app that powers many online forums, offers an inline post editor that lets you rewrite a submitted post without having to move to a separate page. Browse an SMF-powered site with JavaScript off and the button to use such editor never even shows up.

If you want to use the Web to its fullest, you should find tools that block only the bad guys to work perfectly fine. WOT’s fantastic and Firefox’s built-in attack sites filter saved my bacon once. If you’re concerned about your privacy, throw in ABP with the EasyPrivacy subscription.

0 votes

Stardance

Frankly, I have no interest in a “flame war” about the Firefox NoScript add-on or any other security software. But Giorgio Maone has added many features to NoScript that are valuable — even if you enable the option to Allow Javascript Globally (yes, you can do that!)– and some people run NoScript just to have those. There are also multiple options pertaining to Javascript, such as temporarily allowing all websites that are accessed from the page to run it; afterward, you can make the permissions permanent. In my humble opinion, if you are unwilling to bother with NoScript, or at least one of the alternative Firefox add-ons that govern Javascript usage, then quite likely you will, sooner or later, learn a hard lesson.

As to “when Javascript is not available”, GET REAL: when Firefox fetches a website page, I haven’t seen one during the past four or five years that displays any significant content unless and until I access NoScript to allow the website to use Javascript. On the other hand, I cannot recall ever “missing out” on anything by not allowing “Google Analytics”; have you?? Since I couldn’t care less whether “ads” fetched from other sites need Javascript to run, I don’t allow them.

With Firefox, at least I have a real _choice_ of whether to run NoScript, and I can disable all Javascript with a Firefox option instead. But disable Javascript on the Internet Explorer Advanced configuration tab, and see what happens when I.E. fetches a page from a site like Tech Republic (where the content is embedded within advertising). Microsoft gives you a “choice” that they quite emphatically do _not_ want you to choose!

If only for that reason, Javascript has become the preferred method for introducing malware by criminals who want to obtain data from a computer, whether to gain control of it as well. (Using Javascript on a web page is the means of intrusion; that is only the start.)

The challenge with blacklists is that someone, some time, in some way, must access a website and, presumably based on their experience, decide whether to recommend its addition to the blacklist. I don’t consider Web Of Trust to be a blacklist, as such, but if a website has poor ratings, then WOT displays a warning page before Firefox fetches the first page from the website. There are websites where I have not found any identifiable indiscriminate threat to the security of anyone’s computer. But I know that those websites are owned, operated and frequented by people whose activities often are not quite what most of us are likely to regard as ethical or as virtuous. So there is some risk. Some such websites are, in and of themselves, “safe” but the websites of other people with whom they associate are anything but safe, and there may be links to those.

That doesn’t mean that I won’t revisit them, just that I recognize whom I am dealing with, what to expect, and take extra precautions to protect my computer system. In such a context, WOT or a blacklist is usually irrelevant. Nonetheless, should I give the site “poor” ratings for WOT just so it will display its warning to others?? I would not want my pre-teen child to visit the site, or want a teenager to go there without me to show them how to conduct themselves and to beware of what can go wrong. (“If they bluntly tell you to go away, then go away, do not return!”)

With regard to outright criminal activity the challenge is twofold. One is that criminals can and do create malicious websites faster than we can discover and blacklist them. Most of their websites typically don’t have the same URL for very long. So, blacklists eventually contain the IP addresses and/or URLs for many websites that no longer exist, whether all of them were used by criminals.

The second is that criminals have increasingly been planting malware on legitimate website servers, so that the page which your browser receives is not necessarily exactly the one that the website designer and coders created.
Criminals also alter DNS servers to replace the IP address of a legitimate website with the IP address of their counterfeit of that website, one which is rigged, of course, with malware. And a website like that is unlikely to be on any blacklist, because, after it has harmed some people who realize what has happened, the DNS operator remedies the corruption of their server(s). The criminals then take down their website or register it with another URL.

A blacklist in such contexts as those is practically useless, whether it might give us an unjustified sense of security. Even running NoScript with Firefox might not be enough to defend its user after the user has allowed Javascript from a specific website to be executed. That is one reason that I also run Sandboxie. I recommend it to anyone who is serious about security, but it requires more knowledge about computers than most people have, as well as some time and effort, to install, configure and use Sandboxie properly. It is not for the typical weekend sysadmin. Enough said??

0 votes

Internet Protection

Firefox Security & Privacy Add-ons is a very imortant value added service .Adblock plus is very neat and efectve. And I alsolike Billeo. It has very good features.

0 votes

Mike

One thing I feel I have the right to complain about with Chrome is the way it hides so many of its options and, really, lacks many as well. I have no idea what is going on with its security because they keep the menus so sparse. I had to give up on Chrome because I did not want to run a separate antivirus program in order to feel protected.

0 votes

shashank

i think it is very usefull for me in many asspects

0 votes

Noicroek

yes.. interesting thread..