Extension Defender for Firefox makes sure you don’t install rogue add-ons

Advertisement

extension defender

Google Chrome is not the only web browser plagued by rogue or malicious browser extensions.

I noticed that companies were buying popular extensions for marketing and monetization purposes back in January 2013 when several popular Firefox add-ons were purchased by Wisp.com.

One of the issues that I described back then was that ownership changes were not highlighted at all. This is problematic as ownership is a major trust factor for many users. If an author maintained an add-on for years, new updates are more likely to be trusted than a new extension, or the first update after an ownership change.

The Firefox add-on Extension Defender tries to be for Firefox what extensions such as Chrome Protector are for Google's browser.

The extension has two main purposes. It actively warns you if you are about to install an extension that has previously been detected as malicious or shady, and also allows you to scan all of your installed extensions to make sure they are all clean.

The automatic protection against malicious or unwanted extension installations works out of the box right after you have installed the add-on.

You will notice that it adds an icon to Firefox's main toolbar which you can either move to another location, or remove completely. To remove it in new versions of Firefox, right-click on the icon and select the remove from toolbar option.

If you are using an older version, press the Alt-key instead and select View > Toolbars > Customize from the menu. Then drag and drop the extension icon from the toolbar to a blank spot in the browser UI.

The icon displays the number of malicious or unwanted extensions installed, and takes you to its scan and options page with a left-click. The only other way to open the scan and options page is to load about:addons and click on the options button of the extension there.

A click on the scan now button scans all installed extensions and notifies you if malicious extensions have been found during the scan.

How the extension does that? It uses signatures to determine whether an extension is malicious or not. According to the description on the Mozilla Add-ons page, it detects over 80 adware, spyware and malicious extensions currently, with new extensions being added regularly.

You can check out the signature database for Firefox add-ons or Chrome extensions on the developer website. Please note that it only lists eight add-ons for Firefox currently, while 78 are listed for Google Chrome.

Verdict

While it is likely that the signature count will increase over time, the low count of signatures for Firefox makes it rather needless right now. While some users may want to install it for the future protection that it will offer, most users may just want to browse the eight entries of the Firefox signature database instead to check extensions that the add-on detects manually instead.

Tip: Extension Defender is also available for Google Chrome.

Please share this article

facebooktwittergoogle_plusredditlinkedinmail

Advertisement

Filed under:

Responses to Extension Defender for Firefox makes sure you don’t install rogue add-ons

  1. Karl Gephart February 14, 2014 at 8:40 pm #

    Martin, could you tell us what the 8 addons are so we don't have to bother installing the extension? :)

  2. ilev February 15, 2014 at 6:18 am #

    Don't use Chrome Protector on Chrome as the code is obfuscated. Use Extension Defender.

  3. fokka February 15, 2014 at 7:16 pm #

    my problem is kind of the opposite: i want to install an unsigned/improperly signed extension. i extracted the pushbullet xpi and modified the icons to better go with the stock firefox icons. i zipped it up without compression and changed the file to xpi again, but when i drag the file onto my firefox to install it, a text bubble says the addon is corrupt.

    i did this with a different addon once without problem. also i can't find much information about that kind of error. does anybody have a hint?

  4. Germán February 16, 2014 at 6:45 am #

    Well Martin,

    my question is simple :

    Shouldn't these SUPPOSED "adware, tracker, spyware" addons be reported to Mozilla and subsequently removed from AMO ???

    Regards ... and thank you for your work !!!

    • Martin Brinkmann February 16, 2014 at 9:34 am #

      Depends on whether they are against the TOS or not. I do not think they can be removed, unless they are outright malicious or abuse something.

  5. b003 February 19, 2014 at 6:08 am #

    Thanks can't get enough protection.

Leave a Reply