Browser plugins
-
[center][u][b][size=4]Proactive browser defence[/size][/b][/u][/center] This stuff is aimed at all users, rather than just security freaks. I will add more as I test them. If they are only for one browser I will put the name or initials with it. Any that I find are usable without icons in Vivaldi are marked with a color=#ff0000[/color] The next Technical Preview will enable the icons for the extensions. After that you can use any Chrome extension. Currently this is enabled in the latest snapshots. [center][u][b][size=4]Malware[/size][/b][/u][/center] https://www.virustotal.com/en/documentation/browser-extensions/ color=#ff0000[/color] http://add0n.com/security-plus.html color=#ff0000[/color] https://www.avira.com/avira-browser-safety color=#ff0000[/color] http://www.mywot.com color=#ff0000[/color] http://www.webutations.org/go/extensions https://addons.mozilla.org/firefox/addon/safe-preview/ http://www.bitdefender.com/solutions/trafficlight.html color=#ff0000[/color] [url=https://chrome.google.com/webstore/detail/sucuri-sitecheck/mclkkpliafmcdbgcjenjhpjpelpgjhji]Securi Site Check (Chrome only)[/url] [center][u][b][size=4]SSL[/size][/b][/u][/center] https://www.eff.org/https-everywhere color=#ff0000[/color] https://github.com/kbitdk/kbsslenforcer color=#ff0000[/color] https://calomel.org/firefox_ssl_validation.html (FF only) http://perspectives-project.org (FF only) http://addons.opera.com/extensions/details/swiss-knife/ http://addons.opera.com/extensions/details/redirect-to-https/ [center][u][b][size=4]Privacy and blocking[/size][/b][/u][/center] https://lastpass.com - http://addons.opera.com/extensions/details/lastpass/ http://addons.opera.com/extensions/details/port-scanner/ https://priv.ly - http://addons.opera.com/extensions/details/privly-2/ http://addons.opera.com/extensions/details/duckduckgo-for-opera-2/ http://addons.opera.com/extensions/details/duckduckgo-settings-autoloader/ https://browsec.com https://www.mozilla.org/lightbeam/ https://github.com/gorhill/uBlock - https://addons.opera.com/extensions/details/ublock/ https://www.eff.org/privacybadger color=#ff0000[/color] https://disconnect.me https://www.ghostery.com (useful categories) https://adblockplus.org http://far.whochan.com/wlog.cgi/ContentBlockHelper [url=https://web.archive.org/web/20150503003811/http://www.moonlight21.com/redirect-bypasser]www.moonlight21.com/redirect-bypasser[/url] color=#ff0000[/color] http://far.whochan.com/wlog.cgi/LinkRedirector color=#ff0000[/color] http://addons.opera.com/extensions/details/block-linkbucks-opera-edition/ https://noscript.net (FF only) https://addons.opera.com/extensions/details/noscript-lite/ https://addons.opera.com/extensions/details/notscripts/ http://addons.mozilla.org/firefox/addon/click-to-play-per-element/ [center][u][b][size=4]Other[/size][/b][/u][/center] http://addons.opera.com/extensions/details/stay-secure-sd http://addons.opera.com/extensions/details/geodata-for-ip/ http://addons.opera.com/extensions/details/nettools/ https://www.wipmania.com/plugins/ (FF) myip.ms [url=https://chrome.google.com/webstore/detail/ip-whois-flags-chrome-web/kmdfbacgombndnllogoijhnggalgmkon]IP Whois & Flags[/url] - [url=https://chrome.google.com/webstore/detail/ip-address-and-domain-inf/lhgkegeccnckoiliokondpaaalbhafoa]IP Address and Domain Information[/url] http://addons.opera.com/extensions/details/guidesyoosecurity/ [u]More links and info[/u] https://vivaldi.net/blogs/entry/how-to-block-sites https://vivaldi.net/blogs/entry/online-anti-malware https://vivaldi.net/blogs/entry/security
-
What is proactive about addons?
-
Many users are not aware they are wandering into a trap or insecure site.
Many of these will stop that, so there is less for your main security software to worry about.The Web reputation plugins are the most basic, but often most useful.
And the redirect bypassers for example, allow you to click directly on the destination behind an obfuscated tracking link.All add some extra armour to your defence even if they are just info/feedback, because the single most proactive plugin is Knowledge.
That bypasses the browser and goes direct to the brain -
-
There's also the NoScript extension… I wouldn't browse in Firefox without it, although it can be a bit tedious to use on sites that have tons of layered scripts. In those cases, I always delve more deeply into just whose scripts are being invoked, before allowing them to run.
-
What is proactive about addons?
Addons help making software more vulnerable, so some proactive hacker can pwn you more easily…
-
Indeed, I need to add more Firefox plugins, thanks for the reminder.
I tend to forget to use no-script as I don't have java installed and I set the browsers to ask before running any plugins.@bv
Well yes, any modification to the original of anything, be it software or a motor-bike, has the potential to introduce new problems.But by that token, would you say using Ghostery and noscript will leave you more, or less secure ?
Every piece of extra software you introduce to your PC since it was new, has that potential. Even Microsofts own updates have introduced security flaws.
So to be that safe, you must remove or disable your network devices, USB ports, and your optical drive.
Only then can you be sure nothing gets in.However, we live in the real world where we need to install software and use the net, so unless browsers come already with these features, we have to run the gambit of trusting plugins to do the job.
NOTE: All the plugins I have listed are cleared and available via the official browser addon sites.
Authors sites are given, when more info or versions are available. -
NOTE: All the plugins I have listed are cleared and available via the official browser addon sites.
Authors sites are given, when more info or versions are available.Me too; I need to add more Chromium plugins as well. Thanks for such a very useful list, doctor. (up)
-
Supporting Chrome gives me a dilemma.
It is itself "spyware" as everything you do is harvested by Google.
Granted it does not send your bank details etc. back home, but it still constitutes a major invasion of privacy.Chrome is also the largest browser and does the least amount of stuff without plugins.
The file you first get (already big enough to be a browser), downloads the real Chrome installer.
This is a 7zip archive that is over 100MB.
This then infests your system with a load of automated stuff you are not told about.
When talking to home for updates, Chrome uses well over 200MB of RAM, takes a long time and hammers the CPU for ages.
Opera, and Firefox do not require such lumbering resource-hogging methods, and will update in a fraction of the time, whilst also informing you something is happening.However, I am aware that Chrome is difficult to avoid, and have caught it trying to install itself without my say-so, and I have been using triple-engine browsers that use it, so I may have to relent and support the unsupportable.
This will require I test each plugin first.
In the mean-time visit this excellent resource for tips on hardening all browsers.
http://www.techsupportalert.com/content/how-harden-your-browser-against-malware-and-privacy-concerns.htm
This page is updated regularly, so the info is current.
All plugins and methods are tested before recommendation. -
It is itself "spyware"… so I may have to relent and support the unsupportable.
This will require I test each plugin first.
In the mean-time visit this excellent resource for tips on hardening all browsers.
http://www.techsupportalert.com/content/how-harden-your-browser-against-malware-and-privacy-concerns.htm
This page is updated regularly, so the info is current.
All plugins and methods are tested before recommendation.Funny thing Chrome giving you that dilemma.. Something to think about, huh?
Okay, I will.
Thank you again for this new link, Dr. Fly. -
…
I tend to forget to use no-script as I don't have java installed and I set the browsers to ask before running any plugins. ...Just to dispell any confusion, JavaScript is not Java. JavaScript is a separate scripting language interpreted by an engine included inherently with most browsers, whereas Java is installed by itself onto a system and can be invoked through a browser upon external web demand. In the case of JavaScript, if the browser option is offered, about all you can do is either enable or disable it either globally or for specific sites (if site preferences is even offered by the browser).
JavaScript, while not nearly as prone to security exploits as Java, is still a scripting language, and if active in a browser, can communicate all manner of system details about your computer to a website, well beyond anything revealed in a normal browser User Agent string - enough that a fairly accurate and reasonably unique "signature" can be assembled for your system. Moreover, use of JavaScript can allow a malicious site to more precisely target a specific malware toward your system's and browser's vulnerabilities, if any.
Just some things to keep in mind…
-
Good point to raise actually as many are not aware of the difference.
I was just lumping all of it together, as being not available or requiring confirmation. I just didn't feel like listing them all.I take the Linux approach with Opera and Firefox, so everything has to ask first, or it is excluded/whitelisted.
I should try and make the effort to be clearer when talking about java and java script, so I will indeed keep it in mind.
-
the antivirus boys also have good ones.
these two are fairly full featured and my favorites:
-mcafee siteadvisor (considering how i hate mcafee, this is a good freebie. it checks for phishing, has filtering proxy like comodos, scans downloads like smartscreen filter, etc)
-bitdefender trafficlight (scans all links and checks all sites etc etc)also:
-gdata has a tool bar
-adaware toolbar (never worked for me, and too intrusive - don't bother with it)
-avast has a wot-like thing with antitracker stuff.
-webroot has a antiphishing addon (not intrusive)
-avg has oneanymore i'm missing?
not really plugins but:
trendmicro has an antiexploit program for ie (not sure if still in develpment - adds to startup and slows boot a mite).
malwarebytes also has a antiexploit program (still in beta and free for now).
-
I stayed away from most of the AV plugins for this list, as they tend to be reactive rather than proactive.
Thanks for the suggestions, I'll work out which are usable on their own and can block stuff before it arrives.
Plugins that come with an AV package, will not be included.
Avira has a very good toolbar, but it comes in an "AskJeves" stinky container.
I have tried a few proactive Trend tools but found myself forever in the forum requesting sites be unblocked.
Some of these tools such as Mcafee may make a big show of looking useful, but are of dubious use.
Comodo swap your DNS to their server so bad IPs are blocked. You can do this yourself, but Comodo provide a comfortable interface.I will be adding a second section or post with reactive plugins, and AV scanners. They will go in that.
I may update my generic "how to block sites" blog, and post here also.
-
But by that token, would you say using Ghostery and noscript will leave you more, or less secure ?
In principle less because they only work with JS active. I prefer site specific settings:
[ul]- JS off and most of the evil stuff does not come through because it needs JS in some parts to invoke the really nasty stuff.
- Plugins off and almost everything of the rest is gone too.
[/ul]
Only allowing active content like JS or (reluctantly) Flash (no other plugins installed or active) for very specific sites and sandboxing the whole browser when visiting not quite so trusted sites helped avoiding nasty stuff so far. Of course nothing would help against my own stupidity
Hint for secure online banking: Burn a CD with a minimal life system and a browser with a session directly pointing to the IP of your bank, thus avoiding even DNS requests. Use it only for banking and nothing else. Nobody coming from the net can change a burned CD, at least nobody I know.
The rest is not really under my or any of the above mentioned addons/extensions control, e.g:
[ul]- man in the middle attacks
- stolen certificates used to sign scam sites as the real deal
- flaws in the JPEG or PNG or (…) decompression routines which can be abused to execute stuff hidden in those files
- hacked or replaced DNS Servers
- etc..
[/ul]
And yes, occasionally I need to visit really shady sites and download nasty stuff to look what it does - but that's what VMs are made for. Copy VM, start copy, visit page, download, may be even install, close. Compare with clean VM, delete infected VM.
-
Private Tab for Firefox/SeaMonkey
Enigmail for SeaMonkey's integrated mail client
-
Is it possible to install a flashplayer plugin to the Tor browser without harming the protecting that Tor offers?
-
Proactive browser defence
This stuff is aimed at all users, rather than just security freaks.
I will add more as I test them.https://www.ghostery.com
http://www.mywot.com
http://www.webutations.org/go/extensions
https://addons.mozilla.org/firefox/addon/safe-preview/https://www.eff.org/https-everywhere
https://calomel.org/firefox_ssl_validation.html
http://addons.opera.com/extensions/details/swiss-knife/
http://addons.opera.com/extensions/details/redirect-to-https/
http://addons.opera.com/extensions/details/lastpass/http://addons.opera.com/extensions/details/port-scanner/
http://addons.opera.com/extensions/details/privly-2/
http://addons.opera.com/extensions/details/duckduckgo-for-opera-2/
http://addons.opera.com/extensions/details/duckduckgo-settings-autoloader/http://addons.opera.com/extensions/details/opera-adblock/
http://addons.opera.com/extensions/details/contentblockhelper/
http://addons.opera.com/extensions/details/redirect-bypasser/
http://far.whochan.com/wlog.cgi/LinkRedirector
http://addons.opera.com/extensions/details/block-linkbucks-opera-edition/
http://addons.mozilla.org/firefox/addon/noscript/
http://addons.mozilla.org/firefox/addon/click-to-play-per-element/http://addons.opera.com/extensions/details/stay-secure-sd
http://addons.opera.com/extensions/details/geodata-for-ip/
http://addons.opera.com/extensions/details/nettools/
https://www.wipmania.com/plugins/http://addons.opera.com/extensions/details/guidesyoosecurity/
More links and info
https://vivaldi.net/blogs/entry/how-to-block-sites
https://vivaldi.net/blogs/entry/online-anti-malware
https://vivaldi.net/blogs/entry/securityThank U!
~
-
So…. are there any plugins for Vivaldi?
-
Updated with a few I forgot, and a few I recently found
Note. Any plugins that are available for multiple browsers have the home page listed here, instead of the extension page.
Vivaldi uses Chrome plugins, so try any of those.