Top security Firefox plugins

September 7, 2009

I’m really concerned about security and privacy in the world wide web. So I try to make my “web experience” as save as possible. Fortunately Firefox provides a good plugin system that enables people to extend Firefox’s features. This is a list plugins that should been installed at least (if you are concerned about security as well):

NoScript

Perhaps this the best known security plugin for Firefox. Just a short introduction:

A lot websites use JavaScript (JS) to improve the usability and user experience of their visitors. As a reminder:  JS provides the possibility to alter the document (i.e. website). Normally websites are static pages, just text with markup.   Web developers can use JS to create more dynamical websites that change their content in response to the action of the visitor (especially now with Ajax).
JS itself is not insecure. But as with the most script or programming languages it can be used for bad things.
You probably know about the security option in the common web browser to disable JS. This would make you save but unfortunately some well known sites like Facebook or Google Mail won’t work with JS disabled. NoScript gives you the possibility to enable or disable JS, Java, Flash and other executable content  per site.
Have a look at there website.

RequestPolicy

This plugin is my favorite one. Actually what it does is pretty simple but has a huge impact. It gives you back the control over cross site requests that websites make. That means you can allow or disallow if a website can fetch or access content that is located at another domain. This prevents you from cross site request forgery for example but also protects your privacy.
Have a detailed description on their website.

CookieSafe

There a lot different cookie manager plugins for Firefox out there, but I like this one the most. Why? Because it is simple and easy to handle. The problems with cookies is similar to those with JavaScript regarding the security settings in web browser: Turn it on or off (or ask every time). That is not usable.

As a reminder: Cookies are small files where websites store some data. Every request to the website contains this data. What is it used for? Per the communication to the webservers is stateless. That means a webserver cannot make a connection between to requests, they are independent. But some times requests should not be independent. For example if you log in to a website the websever has to know somehow that every following request is made by you. A lot of those website use cookies for this. After your login a so called “session id” is generated  and stored in a cookie. Every time a webserver receives a request with this session id it knows the request is sent by you (and thats why it is important to protect your cookies from getting stolen, see NoScript).

Anyway, back to topic:
CookieSafe gives you the possibility to enable or disable cookies per website. And as websites sometimes store information in cookies that have to be stored over multiple sessions, CookieSafe provides three options for saving cookies:

  1. Allow cookies: Cookies of a certain website expire as it is set. Useful if certain settings like display options are stored in cookies.
  2. Allow cookies for session: All cookies of a website a kept until the web browser is closed. Most of the time this is a sufficient if it is a website you have to log in.
  3. Allow cookies temporarily: Only allow cookies this time until the browser is closed. Most useful when you visit a site only one time and it doesn’t work properly without cookies.

Otherwise cookies are disabled.

Adblock Plus

This plugin keeps ads away from the website you are visiting. I.e. it filters ads out. What has this to do with security? Well not directly with security but privacy. There are some advertising companies out there that provide advertisement to websites. Often those are images that are loaded from the company’s webserver (not the webserver of the website).
If you visit several websites that use ads of this company it is possible to track which websites you have visited.

In my opinion these plugins are sufficient from a security point of view. The whole point is to give you a back some control, the power to decide how the site you are visiting communicates with the rest of the net and what it is allowed to do on your computer.
And an important usability factor: Each of this plugins (besides adblock) includes a small icon into the right bottom corner of your browser so you can change the settings for a website very easily.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: