Comments on: Three Firefox Security & Privacy Add-ons that can Co-exist

By: Noicroek

Noicroek — Mon, 21 Dec 2009 07:07:23 +0000

yes.. interesting thread..

By: shashank

shashank — Thu, 17 Dec 2009 10:06:58 +0000

i think it is very usefull for me in many asspects

By: Mike

Mike — Wed, 18 Nov 2009 14:06:52 +0000

One thing I feel I have the right to complain about with Chrome is the way it hides so many of its options and, really, lacks many as well. I have no idea what is going on with its security because they keep the menus so sparse. I had to give up on Chrome because I did not want to run a separate antivirus program in order to feel protected.

By: Internet Protection

Internet Protection — Sat, 19 Sep 2009 07:02:21 +0000

Firefox Security & Privacy Add-ons is a very imortant value added service .Adblock plus is very neat and efectve. And I alsolike Billeo. It has very good features.

By: Stardance

Stardance — Sun, 09 Aug 2009 05:13:14 +0000

Frankly, I have no interest in a “flame war” about the Firefox NoScript add-on or any other security software. But Giorgio Maone has added many features to NoScript that are valuable — even if you enable the option to Allow Javascript Globally (yes, you can do that!)– and some people run NoScript just to have those. There are also multiple options pertaining to Javascript, such as temporarily allowing all websites that are accessed from the page to run it; afterward, you can make the permissions permanent. In my humble opinion, if you are unwilling to bother with NoScript, or at least one of the alternative Firefox add-ons that govern Javascript usage, then quite likely you will, sooner or later, learn a hard lesson.

As to “when Javascript is not available”, GET REAL: when Firefox fetches a website page, I haven’t seen one during the past four or five years that displays any significant content unless and until I access NoScript to allow the website to use Javascript. On the other hand, I cannot recall ever “missing out” on anything by not allowing “Google Analytics”; have you?? Since I couldn’t care less whether “ads” fetched from other sites need Javascript to run, I don’t allow them.

With Firefox, at least I have a real _choice_ of whether to run NoScript, and I can disable all Javascript with a Firefox option instead. But disable Javascript on the Internet Explorer Advanced configuration tab, and see what happens when I.E. fetches a page from a site like Tech Republic (where the content is embedded within advertising). Microsoft gives you a “choice” that they quite emphatically do _not_ want you to choose!

If only for that reason, Javascript has become the preferred method for introducing malware by criminals who want to obtain data from a computer, whether to gain control of it as well. (Using Javascript on a web page is the means of intrusion; that is only the start.)

The challenge with blacklists is that someone, some time, in some way, must access a website and, presumably based on their experience, decide whether to recommend its addition to the blacklist. I don’t consider Web Of Trust to be a blacklist, as such, but if a website has poor ratings, then WOT displays a warning page before Firefox fetches the first page from the website. There are websites where I have not found any identifiable indiscriminate threat to the security of anyone’s computer. But I know that those websites are owned, operated and frequented by people whose activities often are not quite what most of us are likely to regard as ethical or as virtuous. So there is some risk. Some such websites are, in and of themselves, “safe” but the websites of other people with whom they associate are anything but safe, and there may be links to those.

That doesn’t mean that I won’t revisit them, just that I recognize whom I am dealing with, what to expect, and take extra precautions to protect my computer system. In such a context, WOT or a blacklist is usually irrelevant. Nonetheless, should I give the site “poor” ratings for WOT just so it will display its warning to others?? I would not want my pre-teen child to visit the site, or want a teenager to go there without me to show them how to conduct themselves and to beware of what can go wrong. (“If they bluntly tell you to go away, then go away, do not return!”)

With regard to outright criminal activity the challenge is twofold. One is that criminals can and do create malicious websites faster than we can discover and blacklist them. Most of their websites typically don’t have the same URL for very long. So, blacklists eventually contain the IP addresses and/or URLs for many websites that no longer exist, whether all of them were used by criminals.

The second is that criminals have increasingly been planting malware on legitimate website servers, so that the page which your browser receives is not necessarily exactly the one that the website designer and coders created.
Criminals also alter DNS servers to replace the IP address of a legitimate website with the IP address of their counterfeit of that website, one which is rigged, of course, with malware. And a website like that is unlikely to be on any blacklist, because, after it has harmed some people who realize what has happened, the DNS operator remedies the corruption of their server(s). The criminals then take down their website or register it with another URL.

A blacklist in such contexts as those is practically useless, whether it might give us an unjustified sense of security. Even running NoScript with Firefox might not be enough to defend its user after the user has allowed Javascript from a specific website to be executed. That is one reason that I also run Sandboxie. I recommend it to anyone who is serious about security, but it requires more knowledge about computers than most people have, as well as some time and effort, to install, configure and use Sandboxie properly. It is not for the typical weekend sysadmin. Enough said??

By: Pikadude No. 1

Pikadude No. 1 — Sun, 09 Aug 2009 00:34:46 +0000

I hate reading “Use NoScript or you WILL get infected!” I know the Web from a Web developer’s perspective, and let me say two things about active content (the sort of stuff that NoScript blocks):

1. It may be the most oft-used means of attack, but it’s far from the only one. I’ve seen security flaws that could be exploited by malformed images, and one that could be exploited by really long URLs. So if you want to stay perfectly safe, what you really need are tools to help you never land on a malicious site in the first place.

2. An expert Web developer is trained to a. use JavaScript to make things more convenient wherever possible, and b. when JavaScript is not available, have Web pages degrade gracefully and reduce functionality instead of complaining that JavaScript is missing. So by indiscriminately blocking active content, you may be missing out on numerous conveniences and you’ll never know they were there. For example, Simple Machines Forum, a freeware app that powers many online forums, offers an inline post editor that lets you rewrite a submitted post without having to move to a separate page. Browse an SMF-powered site with JavaScript off and the button to use such editor never even shows up.

If you want to use the Web to its fullest, you should find tools that block only the bad guys to work perfectly fine. WOT’s fantastic and Firefox’s built-in attack sites filter saved my bacon once. If you’re concerned about your privacy, throw in ABP with the EasyPrivacy subscription.

By: Mary

Mary — Fri, 07 Aug 2009 07:01:44 +0000

Adblock plus is neat. I also like Billeo. Itâ€™s a free add-on that manages passwords, saves receipts and auto fills forms. No security issues as the tool is VeriSign secured and TRUSTe certified.
https://addons.mozilla.org/en-US/firefox/addon/12715

By: Stardance

Stardance — Thu, 06 Aug 2009 03:10:26 +0000

If you think using NoScript is a PITA, just wait until your computer system is “infected” by malware — especially something that 20+ anti-malware “scanners” (e.g., Panda Online) cannot detect, let alone identify and remove. Even if they can identify and remove it, your system is not necessarily “made whole again”.

If they can’t, then you have a long week ahead of you, beginning with about 8 to 12 hours or more (depending upon the size of the HDD) of running Darik’s Boot And Nuke (DBAN) to replace everything that the HDD contains with a series of random bytes. And you know what follows that, don’t you??

(No, not a call to a suicide prevention hotline, though you might feel like making one after a while.)

By: sanityvoid

sanityvoid — Mon, 06 Jul 2009 17:08:00 +0000

you should at least be able to hear the other side of the story. 3 sides to a story remember.

http://hackademix.net/2009/05/04/dear-adblock-plus-and-noscript-users-dear-mozilla-community/

By: Deborah

Deborah — Wed, 01 Jul 2009 12:00:15 +0000

Thank you for including WOT on this list of security essentials. We believe that having a layered approach for your PCâ€™s security is the most effective way to stay protected. Web of Trust offers frontline protection to help Internet surfers avoid clicking on risky websites when searching, browsing or shopping on the Web.

Thanks to Mozilla as well for including WOT on their recommended add-ons list.

Safe surfing,
Deborah
Web of Trust