Bomb Proof Firefox
The XeroBrowser that I wrote about just a few hours ago is a nice software especially for inexperienced users who feel insecure when configuring security applications. Experts or users who want to control what is being installed and used on their system want to manually add security extensions to Firefox. This is probably the better approach because they know exactly what is installed on their system.
Firefox can be configured in a way to enhance security while browsing the Internet and extensions do the rest to make it one of the most secure browsers currently available. I want to point out several settings in Firefox that can increase security and privacy as well as extensions that are considered by many to be great security add-ons.
I would like to begin with settings in Firefox. In order to change settings you have to open the options by clicking on Tools > Options in the top menu. The following tabs are important for us: Content, Privacy, Security and Advanced.
There is only one setting in here that you should consider changing. If you disable Java you eliminate an attack vector. This could mean on the other hand that certain web applications that require Java will not run anymore in Firefox. My suggestion would be to disable Java and monitor usage to see if any of your favorite websites use Java.
This is one of the many times that require a decision between ease of use and privacy / security. It is secure if you decide to erase all data that has been accumulated during your session so that no one is able to look in the cache or browsing history to see what you have been doing in that session.
This on the other hand means that you will have to login again into websites every time you visit them because passwords and cookies are not saved anymore.
My suggested settings would be to uncheck all elements in History, to keep the cookies until you close Firefox and to clear all private data when exiting Firefox. This is the best setting for maximum privacy but as I said earlier, you need to remember passwords and login into sites in each session because the login data is not saved during sessions.
The security tab is another important tab that has several options that should be changed for security reasons. The best way would be to uncheck 'Remember Passwords for Sites' to make sure that Firefox is not saving passwords at all. If you have to use this feature you should at least create a Master Password.
If you do not create one everyone who is accessing your Firefox browser is able to see all saved usernames, passwords and websites. This is a huge security risk.
The security warnings could be important to but tend to popup warnings frequently if you enable all. This is again a decision to be secure and see more warnings or receive no warnings with the possibility to miss something.
There is one setting that makes sense to change. Click on Encryption in the advanced tab and check 'Ask me every time' a website requires a certificate.
Firefox Security Add-ons:
I would recommend to at least install No Script which is a fantastic extension for Firefox. Everything else is great for certain circumstances. Just take a look at all the security extensions. I did not add any proxy / throwaway email services other than FoxTor because proxies can be insecure as well.
AdBlock Plus - remove most advertisements from websites.
Cert Viewer Plus - Provides enhancements to the certificate viewer.
Dr. Web Anti-Virus link checker - Great for the initial check before downloading something from the Internet.
Extended Cookie Manager - Manage cookie permissions of websites with ease.
Flashblock - Blocks Flash content on websites with the option to enable it.
FoxTor - Use the Tor network when surfing with Firefox. Adds anonymity.
Keyscrambler Personal - Encrypts your keystrokes which prevents that keyloggers can record the entered data.
Secure Login - If you want to save usernames and passwords you should install Secure Login. It provides similar functionality to Opera's Wand feature by bypassing the forms on websites and sending the login data directly to the server.
Whois Plugin - Find out who owns a website.Advertisement
Flashblock and NoScript don’t play well together.
Noscript blocka all embedded objects by default anyway (including Java).