Browser plugins
-
What is proactive about addons?
Addons help making software more vulnerable, so some proactive hacker can pwn you more easily…
-
Indeed, I need to add more Firefox plugins, thanks for the reminder.
I tend to forget to use no-script as I don't have java installed and I set the browsers to ask before running any plugins.@bv
Well yes, any modification to the original of anything, be it software or a motor-bike, has the potential to introduce new problems.But by that token, would you say using Ghostery and noscript will leave you more, or less secure ?
Every piece of extra software you introduce to your PC since it was new, has that potential. Even Microsofts own updates have introduced security flaws.
So to be that safe, you must remove or disable your network devices, USB ports, and your optical drive.
Only then can you be sure nothing gets in.However, we live in the real world where we need to install software and use the net, so unless browsers come already with these features, we have to run the gambit of trusting plugins to do the job.
NOTE: All the plugins I have listed are cleared and available via the official browser addon sites.
Authors sites are given, when more info or versions are available. -
NOTE: All the plugins I have listed are cleared and available via the official browser addon sites.
Authors sites are given, when more info or versions are available.Me too; I need to add more Chromium plugins as well. Thanks for such a very useful list, doctor. (up)
-
Supporting Chrome gives me a dilemma.
It is itself "spyware" as everything you do is harvested by Google.
Granted it does not send your bank details etc. back home, but it still constitutes a major invasion of privacy.Chrome is also the largest browser and does the least amount of stuff without plugins.
The file you first get (already big enough to be a browser), downloads the real Chrome installer.
This is a 7zip archive that is over 100MB.
This then infests your system with a load of automated stuff you are not told about.
When talking to home for updates, Chrome uses well over 200MB of RAM, takes a long time and hammers the CPU for ages.
Opera, and Firefox do not require such lumbering resource-hogging methods, and will update in a fraction of the time, whilst also informing you something is happening.However, I am aware that Chrome is difficult to avoid, and have caught it trying to install itself without my say-so, and I have been using triple-engine browsers that use it, so I may have to relent and support the unsupportable.
This will require I test each plugin first.
In the mean-time visit this excellent resource for tips on hardening all browsers.
http://www.techsupportalert.com/content/how-harden-your-browser-against-malware-and-privacy-concerns.htm
This page is updated regularly, so the info is current.
All plugins and methods are tested before recommendation. -
It is itself "spyware"… so I may have to relent and support the unsupportable.
This will require I test each plugin first.
In the mean-time visit this excellent resource for tips on hardening all browsers.
http://www.techsupportalert.com/content/how-harden-your-browser-against-malware-and-privacy-concerns.htm
This page is updated regularly, so the info is current.
All plugins and methods are tested before recommendation.Funny thing Chrome giving you that dilemma.. Something to think about, huh?
Okay, I will.
Thank you again for this new link, Dr. Fly. -
…
I tend to forget to use no-script as I don't have java installed and I set the browsers to ask before running any plugins. ...Just to dispell any confusion, JavaScript is not Java. JavaScript is a separate scripting language interpreted by an engine included inherently with most browsers, whereas Java is installed by itself onto a system and can be invoked through a browser upon external web demand. In the case of JavaScript, if the browser option is offered, about all you can do is either enable or disable it either globally or for specific sites (if site preferences is even offered by the browser).
JavaScript, while not nearly as prone to security exploits as Java, is still a scripting language, and if active in a browser, can communicate all manner of system details about your computer to a website, well beyond anything revealed in a normal browser User Agent string - enough that a fairly accurate and reasonably unique "signature" can be assembled for your system. Moreover, use of JavaScript can allow a malicious site to more precisely target a specific malware toward your system's and browser's vulnerabilities, if any.
Just some things to keep in mind…
-
Good point to raise actually as many are not aware of the difference.
I was just lumping all of it together, as being not available or requiring confirmation. I just didn't feel like listing them all.I take the Linux approach with Opera and Firefox, so everything has to ask first, or it is excluded/whitelisted.
I should try and make the effort to be clearer when talking about java and java script, so I will indeed keep it in mind.
-
the antivirus boys also have good ones.
these two are fairly full featured and my favorites:
-mcafee siteadvisor (considering how i hate mcafee, this is a good freebie. it checks for phishing, has filtering proxy like comodos, scans downloads like smartscreen filter, etc)
-bitdefender trafficlight (scans all links and checks all sites etc etc)also:
-gdata has a tool bar
-adaware toolbar (never worked for me, and too intrusive - don't bother with it)
-avast has a wot-like thing with antitracker stuff.
-webroot has a antiphishing addon (not intrusive)
-avg has oneanymore i'm missing?
not really plugins but:
trendmicro has an antiexploit program for ie (not sure if still in develpment - adds to startup and slows boot a mite).
malwarebytes also has a antiexploit program (still in beta and free for now).
-
I stayed away from most of the AV plugins for this list, as they tend to be reactive rather than proactive.
Thanks for the suggestions, I'll work out which are usable on their own and can block stuff before it arrives.
Plugins that come with an AV package, will not be included.
Avira has a very good toolbar, but it comes in an "AskJeves" stinky container.
I have tried a few proactive Trend tools but found myself forever in the forum requesting sites be unblocked.
Some of these tools such as Mcafee may make a big show of looking useful, but are of dubious use.
Comodo swap your DNS to their server so bad IPs are blocked. You can do this yourself, but Comodo provide a comfortable interface.I will be adding a second section or post with reactive plugins, and AV scanners. They will go in that.
I may update my generic "how to block sites" blog, and post here also.
-
But by that token, would you say using Ghostery and noscript will leave you more, or less secure ?
In principle less because they only work with JS active. I prefer site specific settings:
[ul]- JS off and most of the evil stuff does not come through because it needs JS in some parts to invoke the really nasty stuff.
- Plugins off and almost everything of the rest is gone too.
[/ul]
Only allowing active content like JS or (reluctantly) Flash (no other plugins installed or active) for very specific sites and sandboxing the whole browser when visiting not quite so trusted sites helped avoiding nasty stuff so far. Of course nothing would help against my own stupidity
Hint for secure online banking: Burn a CD with a minimal life system and a browser with a session directly pointing to the IP of your bank, thus avoiding even DNS requests. Use it only for banking and nothing else. Nobody coming from the net can change a burned CD, at least nobody I know.
The rest is not really under my or any of the above mentioned addons/extensions control, e.g:
[ul]- man in the middle attacks
- stolen certificates used to sign scam sites as the real deal
- flaws in the JPEG or PNG or (…) decompression routines which can be abused to execute stuff hidden in those files
- hacked or replaced DNS Servers
- etc..
[/ul]
And yes, occasionally I need to visit really shady sites and download nasty stuff to look what it does - but that's what VMs are made for. Copy VM, start copy, visit page, download, may be even install, close. Compare with clean VM, delete infected VM.
-
Private Tab for Firefox/SeaMonkey
Enigmail for SeaMonkey's integrated mail client
-
Is it possible to install a flashplayer plugin to the Tor browser without harming the protecting that Tor offers?
-
Proactive browser defence
This stuff is aimed at all users, rather than just security freaks.
I will add more as I test them.https://www.ghostery.com
http://www.mywot.com
http://www.webutations.org/go/extensions
https://addons.mozilla.org/firefox/addon/safe-preview/https://www.eff.org/https-everywhere
https://calomel.org/firefox_ssl_validation.html
http://addons.opera.com/extensions/details/swiss-knife/
http://addons.opera.com/extensions/details/redirect-to-https/
http://addons.opera.com/extensions/details/lastpass/http://addons.opera.com/extensions/details/port-scanner/
http://addons.opera.com/extensions/details/privly-2/
http://addons.opera.com/extensions/details/duckduckgo-for-opera-2/
http://addons.opera.com/extensions/details/duckduckgo-settings-autoloader/http://addons.opera.com/extensions/details/opera-adblock/
http://addons.opera.com/extensions/details/contentblockhelper/
http://addons.opera.com/extensions/details/redirect-bypasser/
http://far.whochan.com/wlog.cgi/LinkRedirector
http://addons.opera.com/extensions/details/block-linkbucks-opera-edition/
http://addons.mozilla.org/firefox/addon/noscript/
http://addons.mozilla.org/firefox/addon/click-to-play-per-element/http://addons.opera.com/extensions/details/stay-secure-sd
http://addons.opera.com/extensions/details/geodata-for-ip/
http://addons.opera.com/extensions/details/nettools/
https://www.wipmania.com/plugins/http://addons.opera.com/extensions/details/guidesyoosecurity/
More links and info
https://vivaldi.net/blogs/entry/how-to-block-sites
https://vivaldi.net/blogs/entry/online-anti-malware
https://vivaldi.net/blogs/entry/securityThank U!
~
-
So…. are there any plugins for Vivaldi?
-
Updated with a few I forgot, and a few I recently found
Note. Any plugins that are available for multiple browsers have the home page listed here, instead of the extension page.
Vivaldi uses Chrome plugins, so try any of those. -
Dr.Flay, were you able to get Ghostery working?
I ask because I'm using the latest snapshot for 64-bit Windows, and I've not had any luck. The ghostery icon doesn't appear and there's no indication that it's blocking any trackers.
-
We dont have support for showing extensions icon in the toolbar yet, it´s on our todo list and will be added
-
Thanks for the links!
-
Sorry CJLP, I have actually held back from adding any plugins to Vivaldi until it is fully supported.
Until the devs give the OK. I consider adding any extras unreliable, and will make most bug reporting potentially invalid.
Plugins can have unexpected results, and by their nature change the browser, and at this point Vivaldi has cough several unexpected results of its own :whistle: .
…basically I don't want them to waste any time that could be spent on the browser while it is still an Alpha. -
Plugins and extensions are actually very different things, and should not be conflated with each other. The terms are not interchangeable, and each actually works quite differently and does a different job from the other.
http://colonelpanic.net/2010/08/browser-plugins-vs-extensions-the-difference/
