Compromising Web sites has become cybercriminals’ favorite method of getting malware installed on computers. Here are 10 ways to beef-up Firefox, making it more difficult for the bad guys.

Mozilla Firefox is a good browser to start with, but third-party extensions make it great. That’s especially apparent when it comes to Web browser security, as shown by the following add-ons.

Note: This article is also available as a download that includes a PDF version and a PowerPoint presentation.

1: NoScript

If you install only one extension, make sure it’s NoScript. By default, it blocks all scripts — a good thing. That’s because bad guys love to use scripts to install malware. This way, you decide whether JavaScript, Java, and other content are allowed to run.

2: BetterPrivacy

Several members recommended BetterPrivacy as the best way to control Flash cookies. Flash cookies are difficult to remove, do not expire, and can re-create deleted HTTP cookies. After much testing, I know BetterPrivacy works, whereas controlling Flash cookies using Adobe’s Web site is questionable.

3: AdBlock Plus

I must confess, AdBlock Plus is not a security add-on. But I would not surf the Web without it. It’s awesome, blocking all ads, especially those bandwidth-hogging banner ads. Web pages pop up almost immediately. Try it once and you will be convinced.

4: Perspectives

Chad Perrin and I, along with many other security advocates have written about Perspectives. Anything that reduces the likelihood of TLS/SSL “Man-in-the-Middle” attacks (think identity theft) is important. It’s not perfect, but it should be in your arsenal, warning you when something is not right.

5: SSL Blacklist

SSL Blacklist segues from Perspectives, helping to keep your TLS/SSL experience (again, think identity theft) safe. It does this by detecting weak or revoked certificates. Both of which should be a concern. SSL Blacklist also checks if the certificate was built using the vulnerable MD5 hash algorithm, another huge security weakness.

6: WOT

WOT is an add-on from Web of Trust Services. It is an up-to-date aggregation of spam and phishing blacklists. WOT ranks search entries according to their trustworthiness, vendor reliability, privacy, and child safety. Bottom line: If WOT flags a Web site as bad, you should take notice.

7: PhishTank SiteChecker

PhishTank SiteChecker is a Firefox add-on using an API provided by PhishTank and its active anti-phishing community. Once installed, the add-on will block access to what PhishTank considers potential phishing Web sites, giving the user the option to continue or not.

Note: WOT and PhishTank SiteChecker are similar in what they do. Yet they do not always agree. I don’t see a problem using both; more information permits better decisions.

8: TrackerWatcher

Privacychoice has developed Trackerwatcher, an add-on that allows you to see what’s going on behind the scenes. Trackerwatcher will tell you which advertising networks are providing ad content to the Web site you are currently visiting, if they are using behavioral targeting, and how to opt out.

9: BugMeNot

BugMeNot is a unique add-on. Its main purpose is to eliminate advertising spam from Web sites that require registering. If a Web site requests information, activate the add-on. It will check’s extensive database. If registration information is available, BugMeNot will populate the form, allowing you to continue while remaining anonymous.

10: Xmarks

Xmarks is not a security extension, but it is one helpful add-on. Trying to keep bookmarks synchronized on several computers is a pain. Xmarks does it for you. Install it and get rid of the frustration.

Final thoughts

Firefox is my Web browser of choice. I also use all of the extensions I recommended. If pushed, I would admit that NoScript, BetterPrivacy, and AddBlock Plus are the ones I consider most important. If I missed your favorite security extension, please let me know.

Check out 10 Things… the newsletter

Get the key facts on a wide range of technologies, techniques, strategies, and skills with the help of the concise need-to-know lists featured in TechRepublic’s 10 Things newsletter, delivered every Friday. Automatically sign up today.