Extension Defender for Firefox makes sure you don't install rogue add-ons - gHacks Tech News

Extension Defender for Firefox makes sure you don't install rogue add-ons

Google Chrome is not the only web browser plagued by rogue or malicious browser extensions.

I noticed that companies were buying popular extensions for marketing and monetization purposes back in January 2013 when several popular Firefox add-ons were purchased by Wisp.com.

One of the issues that I described back then was that ownership changes were not highlighted at all.

This is problematic as ownership is a major trust factor for many users. If an author maintained an add-on for years, new updates are more likely to be trusted than a new extension, or the first update after an ownership change.

The Firefox add-on Extension Defender tries to be for Firefox what extensions such as Chrome Protector are for Google's browser.

extension defender

The extension has two main purposes. It actively warns you if you are about to install an extension that has previously been detected as malicious or shady, and also allows you to scan all of your installed extensions to make sure they are all clean.

The automatic protection against malicious or unwanted extension installations works out of the box right after you have installed the add-on.

You will notice that it adds an icon to Firefox's main toolbar which you can either move to another location, or remove completely. To remove it in new versions of Firefox, right-click on the icon and select the remove from toolbar option.

If you are using an older version, press the Alt-key instead and select View > Toolbars > Customize from the menu. Then drag and drop the extension icon from the toolbar to a blank spot in the browser UI.

The icon displays the number of malicious or unwanted extensions installed, and takes you to its scan and options page with a left-click. The only other way to open the scan and options page is to load about:addons and click on the options button of the extension there.

A click on the scan now button scans all installed extensions and notifies you if malicious extensions have been found during the scan.

How the extension does that? It uses signatures to determine whether an extension is malicious or not. According to the description on the Mozilla Add-ons page, it detects over 80 adware, spyware and malicious extensions currently, with new extensions being added regularly.

You can check out the signature database for Firefox add-ons or Chrome extensions on the developer website. Please note that it only lists eight add-ons for Firefox currently, while 78 are listed for Google Chrome.

Verdict

While it is likely that the signature count will increase over time, the low count of signatures for Firefox makes it rather needless right now. While some users may want to install it for the future protection that it will offer, most users may just want to browse the eight entries of the Firefox signature database instead to check extensions that the add-on detects manually instead.

Tip: Extension Defender is also available for Google Chrome.

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. Karl Gephart said on February 14, 2014 at 8:40 pm
    Reply

    Martin, could you tell us what the 8 addons are so we don’t have to bother installing the extension? :)

    1. Martin Brinkmann said on February 14, 2014 at 8:55 pm
      Reply
  2. ilev said on February 15, 2014 at 6:18 am
    Reply

    Don’t use Chrome Protector on Chrome as the code is obfuscated. Use Extension Defender.

  3. fokka said on February 15, 2014 at 7:16 pm
    Reply

    my problem is kind of the opposite: i want to install an unsigned/improperly signed extension. i extracted the pushbullet xpi and modified the icons to better go with the stock firefox icons. i zipped it up without compression and changed the file to xpi again, but when i drag the file onto my firefox to install it, a text bubble says the addon is corrupt.

    i did this with a different addon once without problem. also i can’t find much information about that kind of error. does anybody have a hint?

  4. Germán said on February 16, 2014 at 6:45 am
    Reply

    Well Martin,

    my question is simple :

    Shouldn’t these SUPPOSED “adware, tracker, spyware” addons be reported to Mozilla and subsequently removed from AMO ???

    Regards … and thank you for your work !!!

    1. Martin Brinkmann said on February 16, 2014 at 9:34 am
      Reply

      Depends on whether they are against the TOS or not. I do not think they can be removed, unless they are outright malicious or abuse something.

  5. b003 said on February 19, 2014 at 6:08 am
    Reply

    Thanks can’t get enough protection.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.