Extension Defender for Firefox makes sure you don't install rogue add-ons
Google Chrome is not the only web browser plagued by rogue or malicious browser extensions.
I noticed that companies were buying popular extensions for marketing and monetization purposes back in January 2013 when several popular Firefox add-ons were purchased by Wisp.com.
One of the issues that I described back then was that ownership changes were not highlighted at all.
This is problematic as ownership is a major trust factor for many users. If an author maintained an add-on for years, new updates are more likely to be trusted than those by a new extension, or the first update after an ownership change.
Update: Mozilla changed the add-on system that Firefox uses with the release of Firefox 57 in 2017. Extension Defender is not compatible with new versions of the browser, and the extension is no longer available. A comparable extension is not available. Firefox users may disable automatic updates and check release notes before they update extensions. End
Extension Defender
The Firefox add-on Extension Defender tries to be for Firefox what extensions such as Chrome Protector are for Google's browser.
The extension has two main purposes. It actively warns you if you are about to install an extension that has previously been detected as malicious or shady, and also allows you to scan all of your installed extensions to make sure they are all clean.
The automatic protection against malicious or unwanted extension installations works out of the box right after you have installed the add-on.
You will notice that it adds an icon to Firefox's main toolbar which you can either move to another location, or remove completely. To remove it in new versions of Firefox, right-click on the icon and select the remove from toolbar option.
If you are using an older version, press the Alt-key instead and select View > Toolbars > Customize from the menu. Then drag and drop the extension icon from the toolbar to a blank spot in the browser UI.
The icon displays the number of malicious or unwanted extensions installed, and takes you to its scan and options page with a left-click. The only other way to open the scan and options page is to load about:addons and click on the options button of the extension there.
A click on the scan now button scans all installed extensions and notifies you if malicious extensions have been found during the scan.
How the extension does that? It uses signatures to determine whether an extension is malicious or not. According to the description on the Mozilla Add-ons page, it detects over 80 adware, spyware and malicious extensions currently, with new extensions being added regularly.
You can check out the signature database for Firefox add-ons or Chrome extensions on the developer website. Please note that it only lists eight add-ons for Firefox currently, while 78 are listed for Google Chrome.
Verdict
While it is likely that the signature count will increase over time, the low count of signatures for Firefox makes it rather needless right now. While some users may want to install it for the future protection that it will offer, most users may just want to browse the eight entries of the Firefox signature database instead to check extensions that the add-on detects manually instead.
Tip: Extension Defender is also available for Google Chrome.
Thanks can’t get enough protection.
Well Martin,
my question is simple :
Shouldn’t these SUPPOSED “adware, tracker, spyware” addons be reported to Mozilla and subsequently removed from AMO ???
Regards … and thank you for your work !!!
Depends on whether they are against the TOS or not. I do not think they can be removed, unless they are outright malicious or abuse something.
my problem is kind of the opposite: i want to install an unsigned/improperly signed extension. i extracted the pushbullet xpi and modified the icons to better go with the stock firefox icons. i zipped it up without compression and changed the file to xpi again, but when i drag the file onto my firefox to install it, a text bubble says the addon is corrupt.
i did this with a different addon once without problem. also i can’t find much information about that kind of error. does anybody have a hint?
Don’t use Chrome Protector on Chrome as the code is obfuscated. Use Extension Defender.
Martin, could you tell us what the 8 addons are so we don’t have to bother installing the extension? :)
Here you go: http://extensiondefender.com/database-firefox.php