HOME

Wednesday, May 29, 2013

Five steps to ultimate Firefox security

Over the years, many have touted Mozilla’s Firefox as one of the most secure Web browsers. But as with other browsers, the security level offered depends on the settings. Some security features need to be manually enabled. Those turned on by default should still be double-checked.
Follow these five steps to lock down Firefox. Start with the essentials in the browser’s own settings, then choose some useful add-ons. Finally, keep track of your plug-ins so you can patch the inevitable security holes.

Enable a master password

Like other browsers, Firefox by default allows anyone who accesses your computer to log in to sites where you’ve saved the password. And as with Google Chrome, a list of the saved usernames and passwords can be viewed via the Options menu of Firefox.
ERIC GEIER
By default, nothing prevents others from viewing all your saved login info in Firefox.
Fortunately, Firefox offers a master password feature that encrypts and password-protects the saved password list. When enabled, you must enter the master password the first time you use a saved password, once per browser session. Additionally, even though you enter the master password the first time, you must always enter it before you can view saved passwords via the Options menu. This is a great feature to help prevent casual snooping of your passwords. It even prevents most third-party utilities from recovering them.
ERIC GEIER
Creating a master password prevents others from using or viewing your saved login info.
To enable the master password feature, open the Firefox menu, select Options,select the Security tab, and then check theUse a master password option.

Use a strong password for syncing

Like Google Chrome, Firefox has a syncing feature to synchronize your bookmarks, passwords, and other browser data to Firefox browsers running on other computers and devices. Fortunately, Firefox encrypts all synced data, not just your saved passwords (as Google Chrome does). Additionally, Firefox has more security than what Chrome offers by default when you’re setting up a new computer or device to sync. In Firefox, you must log in with your Firefox Sync password. Then you must either enter a random passcode from the new device into one that you've already set up, or take the recovery key from a device you’ve already set up and input that key into the new device.
ERIC GEIER
Syncing conveniently syncs your saved login and other browser data across multiple computers.
So you don’t have much to worry about with Firefox syncing—as long as you use a strong password, one with upper- and lowercase letters, numbers, and special characters. If someone knows or cracks the password, and has access to a device you’ve already set up with syncing, they can then set up other devices with syncing and access your passwords and other browser data.
To enable or change sync settings, open the Firefox menu, select Options, and select the Sync tab.



Verify that security options are enabled

Like other popular browsers, Firefox includes some basic security and privacy settings. Though most are enabled by default, you should ensure they haven’t been disabled.
ERIC GEIER
Make sure the first three security options are selected to protect against malware and phishing attacks.
Start by opening the Firefox menu and selecting Options. In the Options window, select the Security tab. Ensure that the first option, Warn me when sites try to install add-ons, is enabled to help prevent sites from automatically installing add-ons, as some can be dangerous. Then ensure that the next two options, Block reported attack sites and Block reported web forgeries, are also checked to help enable protection against malware and phishing.
ERIC GEIER
Check the first privacy option to help prevent websites from tracking your online activity.











Next, select the Privacy tab. And if you want more privacy online, select the first option, Tell websites I do not want to be tracked, which isn’t enabled by default. Although it can’t prevent all tracking, it will reduce tracking by those sites that support this type of option.
ERIC GEIER
Ensure that the first content option here is enabled to block pop-ups.
Now, select the Content tab. To prevent pop-up windows that can be annoying and even contain phishing ads, ensure that the first option is enabled: Block pop-up windows.
Lastly, select the Advanced tab, select theUpdate subtab, and ensure thatAutomatically install updates is selected.





Use add-ons for more protection

Consider installing these security-related add-ons for extra protection:
NoScript helps you control which sites can use JavaScript, Silverlight, Flash, and other embedded content, as they can be used maliciously to infect your computer or for phishing attempts.
Adblock Plus blocks banners, pop-ups, and video advertisements on websites to reduce clutter and the resulting annoyance; they can even reduce accidentally stumbling upon adware, malware, and phishing attacks.
Web of Trust (WOT) shows the user ratings of sites and blocks dangerous sites—such as those with malware—to increase safe surfing, shopping, and searching on the Web.
HTTPS Finder automatically detects and enforces HTTPS/SSL-encrypted connections when available—great in helping to reduce the chances of an eavesdropper on a Wi-Fi network from capturing your login details.
Xpnd.it! short URL expander allows you to hover over shortened links to see the real URL and other basic information about the site so you know where it leads before clicking.

Check and update plug-ins

Cyber criminals regularly use vulnerabilities in popular browser plug-ins (like Java and Adobe products) to infect and invade computers. Most plug-ins regularly release updates to patch security holes. Many plug-ins are set by default to update automatically or at least to notify you of them. However, it’s a good idea to check periodically for updates. Consider using the Mozilla plug-in checker or third-party sites like Qualys BrowserCheck for updates for other browsers.

No comments: