July 14, 2006
5 Tools To Bulletproof FirefoxBy Gregg Keizer
We've sniffed out five tools -- four extras and one integrated -- that we see as the most important security add-ons to secure Mozilla's browser.
Spyware, adware, drive-by downloads, phish blitzes, malware of all stripes, they all have one thing in common: they reach your computer through the wide open door that is your browser.
If the most important step you can take to secure your system is to use a secure browser -- advice held by everyone apparently, including Microsoft, which is working feverishly on IE 7 to close the years'-long security gap it created by not keeping the app up to date -- then the second step is to lock down the browser beyond what it offers out of the box, and/or learn how to use the security tools it does provide. Firefox, which recently regained some of its market share momentum, fits the bill as a secure browser (more secure, anyway, than IE 6.x, its prime competitor). We've wrapped up the second step for you by sniffing out five tools -- four extras and one integrated -- that we see as the most important security add-ons. Now when malware and spyware and adware walk through the door, you can tell them Not so fast, buddy. I'm Firefox armed and dangerous.
NoScript: We Don't Need No Stinkin' Java Firefox may not allow ActiveX -- the Microsoft Internet Explorer technology at the root of numerous vulnerabilities over the years -- but it does support other active content that can be as dangerous, like JavaScript. The bulk of Firefox-exploitable active content vulnerabilities are, in fact, JavaScript bugs. (The most recently reported was one that hit the wires in early June; TechWeb covered it here.) Although it's possible to disable JavaScript entirely -- Tools|Options|Web Features, clear the Enable JavaScript box -- that's not such a good idea; at times you'll not only want JavaScript, you'll need it. (Some online banking sites, for instance, put log-in forms on the screen using JavaScript.) Enter NoScript. The extension blocks Java and JavaScript (and Flash if you tell it) on all sites but those on a user-defined whitelist. Better still, you can authorize a site to use JavaScript for that session, or add it to the whitelist. A small icon at the bottom of Firefox indicates the NoScript status of the site; a click there lets you allow some or all scripts on the page, or turn them off on a previously-whitelisted site. 
|
 |
|
|||||||||||||||||||||||||||
|
|
|
