My Firefox Security Profile
I explained in the article Working With Several Firefox Profiles how I'm using several Firefox profiles for certain tasks like normal surfing, testing and visiting secure websites. I'm using one profile to visit my bank's website and any other secure site related to finance and personal information. That approach makes sure that I cannot land on a site that is using a browser exploit to grab the data from those sites. It's basically whitelist surfing.
I only visit those x sites and none other using that profile. Several users have asked me in the original article to list the security add-ons that I'm using in that plugin and I finally found the time to list them here. Please don't be disappointed when you see the low number of plugins that I'm using, each additional plugin increases the risk of a security vulnerability and I like to minimize that possibility as much as possible.
The main add-on that I'm using for the whitelist approach is NoScript which allows me to define exactly which websites are allowed to execute scripts. Since I'm only visiting the same x websites I make sure that they have the permissions they need to work properly. Every other website is blacklisted so to speak.
NoScript takes care of scripts on webpages but ignores cookies. I'm using the same whitelist approach to manage the cookies. CS Lite is the add-on that I'm using for that purpose. Cookies are only enabled on the sites in my whitelist and disabled for every other website.
Those two are sufficient to get rid of most of the dangers that lurk on the Internet. I visit those websites manually all the time which gets rid of most phishing attempts or altered bookmarks. Passwords are never saved for obvious reasons.
I have been using several additional add-ons in the past to increase the security even further. Those are View Dependencies and Show IP but decided to reduce the number of add-ons to decrease the chance that one of them poses a security risk. I can still manually check a website if I suspect it to be a forgery. (Using Opera)
Advertisement
please some 1 tell me how to cancel firefox… pls email me where to find the option to cancel coz i cant get any videos while i have it installed
@martin I don’t have silver light, java will ask for confirmation, PDF is taken care of by nod32 and I don’t have quicktime (anymore) :)
But I got noscript back after I got attacked by rickrolls XD
Digitarius here you go :P
https://www.ghacks.net/2008/05/29/run-multiple-firefox-profiles-simultaneously/
Not a bad setup. I always have Adblock Plus, Flashblock, CS Lite, and Noscript going, a HOSTS file that has a huge blacklist, and OpenDNS.
That cuts down the risk by a lot, but it doesn’t really comp for friendly sites being compromised, like when the Dept of Homeland Security’s site was pushing malicious javascript. The multiple profiles is a great idea, but seems a little hard to use since you have to shut down your normal browsing.
If you want to be paranoid, run a Virtual Machine in VMWare Player. Totally free, and they have “appliances” geared toward exactly this. Browse in the (Linux based, so fairly light) VM and never save its state… doubt you’ll run into problem that way.
Well how about Java then, or Microsoft Silverlight, Adobe PDF, Apple Quicktime or any other plugin installed ?
Well phishing doesn’t need javascript and I’ve already got flashblock. Thank you for your help :D
Well a Firewall does not protect against all the attacks that can be started from a website. Take phishing for instance, or vulnerabilities in Flash.
Please explain further :)
yes
If I have a firewall like nod32 (lastest version) together with CS light do I still need noscript?