Bomb Proof Firefox - gHacks Tech News

Bomb Proof Firefox

The XeroBrowser that I wrote about just a few hours ago is a nice software especially for inexperienced users who feel insecure when configuring security applications. Experts or users who want to control what is being installed and used on their system want to manually add security extensions to Firefox. This is probably the better approach because they know exactly what is installed on their system.

Firefox can be configured in a way to enhance security while browsing the Internet and extensions do the rest to make it one of the most secure browsers currently available. I want to point out several settings in Firefox that can increase security and privacy as well as extensions that are considered by many to be great security add-ons.

I would like to begin with settings in Firefox. In order to change settings you have to open the options by clicking on Tools > Options in the top menu. The following tabs are important for us: Content, Privacy, Security and Advanced.

Firefox Content:

firefox options tab

There is only one setting in here that you should consider changing. If you disable Java you eliminate an attack vector. This could mean on the other hand that certain web applications that require Java will not run anymore in Firefox. My suggestion would be to disable Java and monitor usage to see if any of your favorite websites use Java.

Firefox Privacy:

firefox privacy tab

This is one of the many times that require a decision between ease of use and privacy / security. It is secure if you decide to erase all data that has been accumulated during your session so that no one is able to look in the cache or browsing history to see what you have been doing in that session.

This on the other hand means that you will have to login again into websites every time you visit them because passwords and cookies are not saved anymore.

My suggested settings would be to uncheck all elements in History, to keep the cookies until you close Firefox and to clear all private data when exiting Firefox. This is the best setting for maximum privacy but as I said earlier, you need to remember passwords and login into sites in each session because the login data is not saved during sessions.

Firefox Security:

firefox security tab

The security tab is another important tab that has several options that should be changed for security reasons. The best way would be to uncheck 'Remember Passwords for Sites' to make sure that Firefox is not saving passwords at all. If you have to use this feature you should at least create a Master Password.

If you do not create one everyone who is accessing your Firefox browser is able to see all saved usernames, passwords and websites. This is a huge security risk.

The security warnings could be important to but tend to popup warnings frequently if you enable all. This is again a decision to be secure and see more warnings or receive no warnings with the possibility to miss something.

Firefox Encryption:

There is one setting that makes sense to change. Click on Encryption in the advanced tab and check 'Ask me every time' a website requires a certificate.

Firefox Security Add-ons:

I would recommend to at least install No Script which is a fantastic extension for Firefox. Everything else is great for certain circumstances. Just take a look at all the security extensions. I did not add any proxy / throwaway email services other than FoxTor because proxies can be insecure as well.

AdBlock Plus - remove most advertisements from websites.

Cert Viewer Plus - Provides enhancements to the certificate viewer.

Dr. Web Anti-Virus link checker - Great for the initial check before downloading something from the Internet.

Extended Cookie Manager - Manage cookie permissions of websites with ease.

Flashblock - Blocks Flash content on websites with the option to enable it.

FoxTor - Use the Tor network when surfing with Firefox. Adds anonymity.

No Script - Run Java, Javascript and other content only from trusted websites. You create a list of trusted websites that are loaded with all those scripts enabled. All other sites are run without.

Keyscrambler Personal - Encrypts your keystrokes which prevents that keyloggers can record the entered data.

Secure Login - If you want to save usernames and passwords you should install Secure Login. It provides similar functionality to Opera's Wand feature by bypassing the forms on websites and sending the login data directly to the server.

Whois Plugin - Find out who owns a website.





  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. Quasimodo said on September 17, 2007 at 7:14 pm
      Reply

      Flashblock and NoScript don’t play well together.

      Noscript blocka all embedded objects by default anyway (including Java).

    Leave a Reply