I want to go beyond the usual recommendations to discuss PC security issues that many users do not think about at all or not enough.

Update

You can install a secure operating system, an award winning anti-virus software and firewall and still fall prey to attackers through outdated system components. Programs that are used on the computer system need to be up to date. That is especially true for the operating system and programs that connect to the Internet. This includes the web browser (including web browser plugins like Flash), email client, instant messengers, but also the security software programs (which usually come with automatic updates turned on). The computer is vulnerable if the operating system and programs are not up to date.

Email

There are only three rules for emails: Do not open attachments, do not click on links and do not use HTML emails. Email attachments can contain malicious software. They usually do if the sender is unknown or by a company that never send you attachments before. Links can be disguised to look as if they point to a trustworthy website when in fact they lead to a phishing website to grab your username and password. HTML emails can be used to exploit the browsing engine and are also used for tracking users.

Here is how I handle these three risks. Attachments send by friends are usually safe. It is important to check the extension of the attachment. I’m cautious if it is an executable (even when send by a friend). Executables send by senders I do not know are deleted instantly. I check the remaining executable attachments at the online service Virus Total. If I’m still unsure I contact the friend asking about the attachment and why it was send to me.

I never click on links in the email client. If it points to a site I know I open the site manually in my web browser. I otherwise check if the link text and the link are pointing to the same url. If they do I copy and paste the link in my web browser (Firefox with Noscript, so barely any risk here). I do not have to supply username and password since I do not know the service so no fear of phishing in this case.

HTML can be disabled in most email clients.

The Web

I use Firefox mainly for the add-ons and in particular because of the NoScript add-on which provides an excellent layer of security (it disables all scripts by default with the option to enable them individually again). NoScript takes care of most threats on the Internet if it is used in the right way. Someone who always enables all scripts on a website (because it is faster than enabling only some) is not more protected than someone without NoScript. If you enable scripts only on websites that you trust then you are well protected (yes there is always a tiny chance that you are attacked on these sites as well e.g. through malicious banner advertisement).

Another add-on that I have come to love is Last Pass. A password manager and secure password generator that can create and remember passwords and profile information. Last Pass connects urls and passwords which is an excellent phishing protection as well. Say you have username and password saved in Last Pass for PayPal.com. If you open a phishing website that mimics the PayPal website you will notice that Last Pass will not automatically fill out the username and password. Something that the add-on would have done on the real PayPal website.

Files that can be executed are another threat on the Internet. A good way of dealing with those files is to use Virus Total again to check them out before executing them on the local system. It is advised to only download these files from trustworthy sources (big download portals, websites of trusted developers).

Verdict

The majority of attacks can be rendered useless with the right PC security. Updates are probably the most important part of every PC security strategy but caution is a close second. It is always advised to double-check a file or site. This might take more time but it can prevent attacks on a computer system which will save the user lots of time in the end.

Related posts

• YesScript is NoScript’s Antagonist (8)
• x Ways To Manipulate Websites In Firefox (6)
• Web of Trust: collaborative online security (7)
• Truemark Email Identification (5)
• Track Me Not Firefox Extension (3)

The Firefox add-on gets updated quite regularly and one rather annoying trait is that it will open the NoScript website after each update. Most users do not care that much and close the tab in this situation. Some users might prefer a permanent solution so that the website will not be opened when the script updates.

This can be achieved in the Firefox preferences. To go there type in [about:config] in the address bar, confirm the “it’s dangerous” warning if it is your first time and filter for the parameter [noscript.first].

The parameter noscript.firstRunRedirection should be displayed with the default value true. This means that NoScript will open the website whenever the add-on gets updated. A double-click on the line will change the value to false which will prevent this from happening from now on.

It is possible to revert the changes with another double-click on the line.

Related posts

• YesScript is NoScript’s Antagonist (8)
• Web Browser: Firefox Save Tabs Add-On (1)
• View Javascript Sources with JSView (1)
• Share, bookmark and e-mail links with Shareaholic (2)
• Page Bookmarks (2)

We would like to encourage you to post additional tips and hints about website manipulation in the comments of this article so that the page becomes as comprehensive as possible. All methods of manipulating websites have been tested with Firefox 3.5x and 3.0.x. Most will probably also work in previous versions of the web browser.

1. Userscripts and Greasemonkey

Greasemonkey and its userscripts are probably the most popular and known method of manipulation website contents in real time. Thousands of userscripts exist that add, remove or modify elements and features of web services. Some classic examples are changing the design of Gmail, adding new features to the Internet Movie Database IMDB or skipping the wait time at popular file hosts.

Generation of scripts requires web development knowledge, especially of html, JavaScript and CSS as these are used to alter the contents of the websites.

2. Platypus – Modify Websites Without Programming Skills

Platypus allows a user to modify websites with any programming skill requirements. This limits the reach of the Firefox add-on a bit as it is not possible to reach the depth of Greasemonkey. Possible options are to permanently remove elements from websites, change style attributes, change the font and background colors to black and white or to remove fixed sizes and positioning on a page.

3. Stylish – Modify CSS

The Stylish add-on for Firefox and its accompanying userstyles directory provide access to new styles that manipulate the CSS of a website.It can be used to remove, add, move and manipulate elements on a website permanently. The screenshot above shows the popular Atistic Google userstyle.

4. Yet Another Remove It Permanently

Yet Another Remove It Permanently is an add-on for the Firefox web browser that makes it possible to remove elements on websites permanently. Can for example be used to remove advertisement from Google Search results or images from websites. Basically any element can be removed with this add-on. A similar add-on is Nuke Anything Enhanced.

5. Firebug

Firebug is first and foremost an add-on for Firefox that presents lots of useful information to web developers. What many do not know is that it comes with the capabilities to manipulate elements on a website. It is probably not the first choice for this kind of manipulations but this comes in handy when testing different kinds of layouts, color combinations or fonts.

6. NoScript and Adblock Plus

Both the NoScript and the Adblock Plus add-on for Firefox are primarily being used to prevent scripts and advertisements from being displayed on the user’s computer monitor. This does make them limited tools for modifying websites.

7. Aardvark

Aardvark can be used to isolate or remove elements from websites.Has been primarily been designed to remove unneeded elements before printing a website.

Verdict:

There are definitely a lot possibilities to modify websites in Firefox; Certainly more than have been mentioned in this post. Probably the easiest possibilities are in the form of Greasemonkey. If you know of any additional add-ons that should be mentioned let us know in the comments.

Related posts

• 12 IMDB Userscripts (13)
• Spice Up Google Search With Google Fx (4)
• Greasemonkey UserScripts Updater (6)
• Greasemonkey To Firefox Add-On Compiler (10)
• Automatically Jump To First Text Field (4)

There is one additional problem concerning websites that do offer HTTPS connections on most of their network but not everywhere. Mouser over at Donation Coder mentioned a hidden setting in the NoScript (check my Firefox security profile for additional information) add-on of the Firefox web browser allowing to force HTTPS connections for listed websites. This is helpful in a few cases. Some websites offer both HTTP and HTTPS connections to their servers. Another possibility are websites that make use of HTTPS connections but not on all pages.

Users with the excellent No Script add-on installed can configure sites to always use a secure https connection when they are visited. This option can be accessed by right-clicking the NoScript icon in the Firefox status bar, selecting Options from the context menu, clicking on the Advanced tab in the configuration and there on the HTTPS tab.

New websites or pages that should be forced to use secure HTTPS connections can be added to NoScript in there. The use of wildcards is possible. Users should however note that this will not work on all websites. It will obviously not work on websites that do not offer HTTPS. There are also sites that automatically redirect HTTPS requests to HTTP. Google.com is a prime example of this. If you add google.com to the list you will notice a never ending loop when opening that website because of NoScript trying to force HTTPS and Google redirecting to HTTP.

Related posts

• x Ways To Manipulate Websites In Firefox (6)
• Web Browser: Firefox 3.0.7 (5)
• Mozilla Firefox 3.0.11 Released (5)
• Latest Firefox Web Browser Vulnerable to 0-Day Exploit (4)
• Increase Internet Security With Safe SSL (4)

Most users on the other hand prefer simplicity and no user interaction and that’s where YesScript comes into play. Its approach is the complete opposite of NoScript. YesScript allows all scripts on all websites unless they are blacklisted by the user.

The advantage of this method is that less user interaction is required. It does however undermine the security aspect because scripts will be executed normally as long as the website is not in the blacklist.

It comes down to an evaluation of the advantages and disadvantages of both methods. NoScript provides enhanced security while YesScript less work and vice versa. Installing YesScript from a security standpoint does not make that much sense but it is quite capable of removing scripts from websites that make extensive use of them.

Related posts

• The new Firefox add-ons website (7)
• Take a look inside Archives without downloading them (10)
• Set Download Folders in Firefox (9)
• Run Files in Firefox (1)
• Installing Firefox add-ons from the hard disk (5)