digg

Facebook Connect Join Digg About

5 Tools To Bulletproof Firefox

informationweek.com Here are five essential tools for securing Firefox by disabling JavaScript and Flash, sniffing out suspicious sites, foiling phishing, preventing peeks at private data, and preparing powerful passwords.

Who dugg this? Made popular Jul 15, 2006

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

30 Comments

show profanity settings
expand all
  • Callisto, on 10/12/2007, -0/+10Tools listed include:

    NoScript: https://addons.mozilla.org/firefox/722/
    SiteAdvisor: http://www.siteadvisor.com/download/ff.html
    Netcraft Toolbar: http://toolbar.netcraft.com/install
    Google Safe Browsing: http://www.google.com/tools/firefox/safebrowsing/
    Clear Private Data: https://addons.mozilla.org/firefox/1280/
    Password Maker: https://addons.mozilla.org/firefox/469/
  • iSEPIC, on 10/12/2007, -1/+9Thank god I had most of the tools before viewing the site, which btw, I viewed with IE first BLEH - it's about one paragraphe per page of content, with the rest of the 98% of the page filled with ads... what's nice is when you do view it with FF and adblock and noscript, it looks nice!
  • bonzooznob, on 10/12/2007, -2/+8Disabling JavaScript shouldn't be necesary. Firefox has a popup blocker installed, and with Adblock, you can rid yourself of the anoying ads. Disabling JavaScript in Firefox just means you are losing out on some of the neat "Web 2.0" things. Remember, JavaScript is _NOT_ JScript! If you are browsing the Net in IE, well, then, yeah, you probably want to disable all that ActiveX, VBScript etc. Hopefully one day MS will separate ECMAScript, from their "JScript" stuff, so we can keep the ECMA, and disable the JScript stuff.
  • silenceHR, on 10/12/2007, -0/+6maybe they are trying to make a point?

    ;)

    there is no way i would switch to anything that doesnt have AdBlock, Filterset and NoScript.... when i come to some of my freinds who use IE i am amazed at number of ads, pop-ups and other *****..... same is when they come to my place, its like "wow, how did you do that????" :D
  • bradbeattie, on 10/12/2007, -0/+6I used to love SiteAdvisor, but the recent addition of the McAfee logo on my browser made me feel icky.
  • bradbeattie, on 10/12/2007, -0/+4What, no mention of Adblock? I guess it depends on whether or not you consider ads to be bullet-like. *shrug*
  • folletto, on 10/12/2007, -0/+4I think that those might be useful advices... but still disabling JavaScript to me seems more harmful than keeeping it enabled.

    Talking about JavaScript vulnerabiliities, a previous article is cited as a "recent one". Let's see. You must be on a page entirely fake (since there must be a hidden control), you must have to TYPE enugh to make the string appear... and... it's an INPUT control vulnerability and NOT a javascript one.

    By other means, it means that you should have been phished BEFORE that to an untrusted page (phishing filter anyone?) and then you have to type enough to allow the path string appear...

    Good shot.

    I'm not minimizing a vulnerability, I'm just saying that this is a really low threat and also that isn't a js problem. It's like turning off the light cable because electricity could harm your kid. :|
  • coheedcollapse, on 10/12/2007, -0/+4Noscript is one of the best tools ever. Yeah sure, I'll have to click "allow java on (insert name of site here)" every once and a while to assure that it works, but it's totally worth it to dodge any type of malicious code that might be thrown at me.
  • Promantarius, on 10/12/2007, -0/+4Okay, I can't find this information on the password maker site so I've got to ask:

    What happens when your hard disk crashes after you've been using Password Maker and haven't systematically backed up the settings every so often? Are you left with X online accounts and no idea what their passwords are? It'll be a royal pain to have to change all the passwords if that happens, I think I'd rather stick to using the same password for most sites (forums, blogs [ew], etc) and a couple of different ones for financial sites. I might be uninformed about it, but it doesn't sound like it's going to bulletproof firefox from anyone but yourself in the long run o.O

    The others are promising, though nothing beats common sense ;)
  • dbr_onix, on 10/12/2007, -0/+4A lot of the Firefox exploits I saw were based on Javascript, disabling such scripts from unknowen websites is a good idea, although the white-listing approach is a trade-off between convience and security, some form of public-blacklisting idea (Like adblock/the filterset.g updated, but for noscript) would be nice, although it'd need moderated to make sure people don't submit sites that contain exploits, which would be difficult..
    - Ben
  • lamerx, on 10/12/2007, -0/+3This is crap. First of all, disabling javascript is the dumbest thing I have ever heard of. Do you have any idea how many sites use java or AJAX nowadays? disabling javascript means you wont be able to see some or all of their content.
    Second of all, you take a 7 pagragraph story which would fit just fine on one page and split it up across 7 pages . Each page has 1 paragraph of content that is cramed in among the ads so the author makes a profit for each page you visit to read his retarded ideas on security. NO DIGG wayjer you suck!
  • LDinOR, on 10/12/2007, -0/+2Just added NoScript and the difference in the speed of pages loading is outstanding. I am so glad this article was posted as I had not tried this before, what a big relief. No more lagging pages that wait for all the junk to load before becoming accessible.
  • CornStarch, on 10/12/2007, -0/+2That article did not need to be 5 pages long.
  • uzusan, on 10/12/2007, -0/+2I was wondering what you were talking about there, my siteadvisor doesnt show mcafee.

    then i realised i haven't updated that extension in a while.
  • CoolWind, on 10/12/2007, -0/+1The goal of a program like passwordmaker is that you should be able to access all your accounts from any computer without carrying around your passwords. You will, however need to carry around your user id's, pins, access codes, etc.
    Password maker is way too complicated. I only need one really good hash algorithm, not 12. And the 4 radio buttons each change the password. And URL, Username, and Modifier all change the password. WOW! What happened to the idea that all you need to remember is one master password?
  • oyourmom, on 10/12/2007, -0/+1It might stop bullets, but look out for those bombs still. Nothing can block anything.
  • firemaker103, on 10/12/2007, -0/+1I use Cookie safe too to stop ad-ware/spyware. https://addons.mozilla.org/firefox/2497/
  • hugmenot, on 10/12/2007, -0/+1I opened the xpi and replaced the logo with a older version without "MacAfee" scribbled everywhere, while I was at it I gave all the icons (the red, yellow splodges) a minimalistic look too...
  • mabrowning, on 10/12/2007, -0/+1TOO true on the McAfee Logo.... bleh...
  • dave98, on 10/12/2007, -0/+1You can also block Flash with noscript as well.. so no need for flashblock
  • RavagesOfTime, on 10/12/2007, -1/+2I'm not digging the article, but thanks to everyone that reminded me about re-installing NoScript.

    I knew I was forgetting something.
  • BillyG123, on 10/12/2007, -0/+1CTRL+SHIFT+DELETE clears data already, no ext needed.
  • mookieXL, on 10/12/2007, -0/+1Every article from informationweek reminds me about another extension: Repagination. Why must they split every f***ing story to 5+ pages? At least they have printer-friendly version here: http://www.informationweek.com/shared/printableArticle.jhtml?articleID=190400479
  • gregcotten, on 10/12/2007, -0/+1That alliteration in the summary was seriously unneeded :).
  • Jammerdelray, on 10/12/2007, -0/+0While it cuts down on that stuff it also renders the websites unuseable...especially billing sites. Firefox 2.0's popup blocker seems much stronger now.
  • bradbeattie, on 10/12/2007, -0/+0@hugmenot: mind if I ask how you did that? I'd love to do it on mine too.
  • dave98, on 10/12/2007, -1/+1I absolutely love noscript

    I think some of you might be confused. You're not disabling javascript entirely, you're just disabling it on untrusted domains. Not only is it useful for javascript exploits but for ads as well. Let's face it, the pop up blocker is not perfect. Advertisers are getting smarter and have been able to bypass the blockers in Firefox, Opera, and IE. With noscript, you're disabling javascript from the advertisers domains and basically blocking 99% of popup ads with this extension alone.

    of course, its not without its problems though... its a pain in the ass if you come upon a site with embedded media and it will sometimes stall the browser. What I do though, is if I know it will have embedded media, I hit ESC before the page can load entirely. Then I enable javascript for that domain and reload the page.
  • residual, on 10/12/2007, -2/+1This is lame if you don't know about these tools by now you shouldn't be using firefox.
  • speedstream, on 10/12/2007, -4/+190% of Javascript is for ads, so what are you really missing out on by not having it installed for general browsing?
  • KillerJ59J, on 10/12/2007, -9/+2Now.. if we could get them all 2.0 ready. :p Digg this: http://digg.com/mods/Firefox_Extension_Developers_Its_time_to_start_updating_for_2.0

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.