Software

Five free Firefox add-ons for the security conscious user

There are always ways to improve the already outstanding security in the Firefox browser with add-ons.

1_firefox_logo.png
If you are a serious browser/user of the web, you know Mozilla Firefox is tops when it comes to remaining secure. But even Firefox is not perfect. There are always ways to improve the already outstanding security in the open source browser with add-ons. The Firefox add-on library is massive and includes nearly any additional feature you could want. Included in the library is an ever-growing number of security add-ons. For those that do not want to wade through the tide of installable features, I have brought together five of my favorite security add-ons for Firefox. With these five added features, you should find that Firefox will meet your highest security standards (within reason of course).

Each of these add-ons are free and can be found (and installed) from Firefox's add-ons manager.

This article is also available as a TechRepublic Screenshot Gallery.

Five apps

1. NoScript Security Suite

NoScript Security Suite is one of the best ways to prevent JavaScript, Java, Flash, Silverlight, and other executable content from running within non-trusted domains. With this add-on you can dictate the domains which are allowed to run executable content. This add-on goes a long way to prevent cross-site scripting attacks, cross-zone DNS rebinding, router hacking, and Clickjacking. Domains can be blocked permanently or on a temporary basis (Figure A).

Figure A

a_firefox_noscript_1.png

Quickly add sites to either white or black list from the options menu.

NoScript can whitelist or blacklist a domain for easy configuration and control. Once installed, you will also find a number of ads get caught up in the blocking – making your browsing faster and more secure. NoScript has plenty of options available, ranging from the simple to complex (Figure B).

Figure B

b_firefox_noscript_2.png

Plenty of options available in NoScript.

2. LastPass Password Manager

LastPass Password Manager is for anyone who needs to be able to keep the only kind of truly secure passwords – those you cannot remember. For that type of password, you need a password manager. But why bother installing yet another tool to have to open from your Dash, Start Menu, or Tiles? Instead, add LastPass Password Manager and gain access to that ever-burgeoning list of passwords. You do have to create an account with LastPass. During the setup of LastPass, you set up your account (make sure you use a strong password here – Figure C) and disable Firefox's insecure password manager.

Figure C

c_firefox_lastpass_1.png

Setting up your account for LastPass.

During the setup of LastPass, you can even set up a profile which will be used when filling in forms (Figure D) – which is much more secure than having the browser retain your form information.

Figure D

d_firefox_lastpass_2.png

Set up a profile which will be used when filling in forms.

3. HTTPS Everywhere

HTTPS Everywhere is a means to force your browser to use HTTPS with all sites that support secure HTTP. Some users don't realize the difference between HTTP and HTTPS; including this extension on your end-users browser will ensure you do not have to concern yourself with educating them on the difference or how to point their browsers to the secure version of a site. You will notice the included link does not direct to the Firefox Extension page, but to the www.eff.org page. This was due to a Firefox policy. Hopefully the extension will find its way back to the Extension page soon. Upon reboot (after installation), you will be prompted to opt into the SSL Observatory (Figure E).

Figure E

e_firefox_https_1.png

Opting into the SSL Observatory.

Once installed, you will find a menu to the right of the address bar, where you can gain quick access to the HTTPS Everywhere features. One of the more important features is the Enable/Disable Rules (Figure F).

Figure F

f_firefox_https_2.png

Enabling and disabling rules with HTTPS Everywhere.

You can enable/disable HTTPS Everywhere for all included sites in the Rules window.

4. AdBlock Plus

AdBlock Plus is one of the first add-ons you should include with Firefox. If you find advertising slows down your browsing, it's possible that reduction in speed is caused by advertising. Or, if you're trying to find that tool to install, but get confused by the Download buttons created by advertisements, it's time to take control. To curtail this behavior, install AdBlock Plus. With this add-on you can blacklist and whitelist specific advertisers. This, of course, is a tricky proposition, as many of the sites you visit are able to offer you free content thanks to the ads on the site. So take that into consideration when you begin blacklisting sites. It is also possible to block known malware domains (Figure G).

Figure G

g_firefox_adblock_1.png

Blocking malware and removing social networking buttons with Adblock Plus.

From within the add-on preferences, you can easily add filter subscriptions (Figure H).

Figure H

h_firefox_adblock_2.png

Just remember to keep the Allow some non-intrusive advertising box checked.

5. Disconnect

Disconnect prevents tracking by 2,000+ third-party sites. With this easy add-on you can stop ad trackers, social widgets, and most other tracking tools before they load. This will not only speed up your browsing, it will also effectively prevent those endless attempts at tracking everything you do on the web. As you use your "Disconnected" browser, you will get immediate feedback on what is trying to track you (Figure I).

Figure I

i_firefox_disconnect_1.png

The disconnect tracking window.

After visiting a single page (clicked from within Facebook), Disconnect caught 20 attempts at tracking and sped up the page load by 6% (Figure J).

Figure J

j_firefox_disconnect_2.png

Results of Disconnect blocking tracking elements.

Bottom line

If you're looking to gain an edge on security within your Firefox browser, add one or more of these add-ons and see if you're not happier with the level of gained security. Each of these offers a unique addition to the open source browser, extending the capabilities and security to a more acceptable level.



Also read:

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

23 comments
KD_Morand
KD_Morand

"Disconnect" was not free, and it completely messed up my browser settings.  Had to remove it pronto!

First time TechRepublic steered me wrong...;--(

ryan427
ryan427

I was unable to locate HTTPS Everywhere......

sh10453
sh10453

Aside from Disconnect, I have used all of these add-ons for a very long time.

They are very good at what they do, for the most part.


Disconnect is not free, as the title of this article suggests.

It's a trial app, and after just a few minutes, it starts nagging you to upgrade, and telling you how much time is remaining to the end of your trial period.



tom_proctor
tom_proctor

I have been using  LastPass for a week now and love it.  It is so much better than Autofill and saves me a ton of time accessing websites that I comment on.  Very pleased with it.  I will probably add AdBlock today based on comments in this article.

JSpitzer1540
JSpitzer1540

Jack Wallen great article been testing out disconnect and adblock plus since I read this article, loving them. 

 @ComputerPhil I read this article looking for great add-ons to add to my Firefox and RoboForm really does take the cake. A bit of a learning curve but thanks for mentioning this. I like it a lot better than lastpass.

daviscs1973
daviscs1973

Not sure if it's something in the settings of my Firefox browser but Disconnect initially blocks navigating off the main TR site to the subpages - it eliminates the "Load More" button on the main page as well.

lameese.ali
lameese.ali

https everywhere doesn't support the latest version of firefox :(

donnie126_2002
donnie126_2002

How about DoNotTrackMe (and/or MaskMe) from Abine?

gallen
gallen

Another great article Jack. I use many of the suggested add-ons, will check out the others this week. Many thanks and keep those articles coming - Greg

ComputerPhil
ComputerPhil

Anyone seriously considering a password manager to make web browsing more secure should look into RoboForm, it will work with Firefox and any other browsers you decide to use and allows you to use multiple various browser simultaneously. These browser add-ons look interesting but RoboForm is the industry standard in password management.

sh10453
sh10453

I agree with other comments. FF (FireFox) seems to get worse with every version update, but, for me, it's still the best of all evils.

Google Chrome is horrible when you have many tabs (20, 30, ..., 80 tabs).

When you run Chrome, it will go on and on and on forever loading all the tabs, and crippling you from doing anything during the process.

FF has the option of not to load tabs until you visit them.

But FF crashes too often, regardless of the number of tabs, especially on eBay.

I still like a lot of its features, but I hope the "Options" would be enhanced to give the user more controls.


I resent that the default option in FF is "Tell sites that I want to be tracked", instead of the opposite.


I recently upgraded Internet Explorer to version 11, on a 64-bit Windows 7 Ultimate. It's still the bad old IE, slow, lousy, and very poor performer.

It seems to me that Microsoft secretly built an intentional lonnnnnnnnng delay in it if you attempt to do anything that has a Google address in it. Just going to Google's home page can take quite some waiting, most of the time.

sh10453
sh10453

I am very surprised you did not include WOT near the top of this list.

https://www.mywot.com/


Also, "Disconnect" is not a free extension.


NickNielsen
NickNielsen moderator

Looks like I'll be installing Disconnect.

Stableconvergence
Stableconvergence

Been using Mozilla Firefox since it rolled out and Mark Burrows is correct, iIt has become unusable. Clients complain constantly and none of us in house use it personally or professionally any longer. Sad really.

Mark Burrows
Mark Burrows

I have all but given up on Firefox, the past 2 years Flash and Firefox, with a little RealPlayer thrown in the mix causing too many crashes.

Mark W. Kaelin
Mark W. Kaelin moderator

What is your favorite Firefox add-on? Please explain why.

kstenbch
kstenbch

@ryan427 @ryan427 Yeah, it no longer comes up in the add on search from the tool option. I used it once a few years ago, and had to uninstall because it made so I couldn't go anywhere. Far fewer sites used https then. I'm glad to see they fixed it. You have to use their link or search outside of Firefox's add ons to get to it....

byoogle
byoogle

@sh10453 I’m not sure where you got your info from about Disconnect not being free or having a trial period, but I’m one of the developers of the add-on: Disconnect is “pay what you want” – you’re welcome to pay nothing, making the add-on free. And Disconnect doesn’t have – and never has had – any sort of trial period.

mudpuppy1
mudpuppy1

I traced the issues I had logging in to the TR site, especially the blog to DoNotTrackMe. When I disabled it, everything worked again. I haven't tried Disconnect yet. Maybe that one will work.

Editor's Picks