On Fri, Mar 05, 2010 at 09:42:49PM -0800, Craig Jungers wrote: > If you use Firefox for your browser (and, trust me, you should.... or any > browser other than the MS version of Internet Explorer that probably came on > your computer) you know that there is a plethora (literally) of "plug-ins" > available for that browser. You can change everything if you want to; or > nothing. But there are a few that you should consider. I (among other security experts) have been telling people for many years that using IE is suicidal. It doesn't matter how careful you are, it doesn't matter how many anti-virus band-aids you use, it doesn't matter which content-sanitizing proxies you use, your system *will* be compromised. This is why "using IE" is a termination offense at a growing number of companies/organizations: it's incredibly dangerous and thus very stupid. Sadly, there are many supposed "security pros" who number themselves members of my profession and have a string of laughably worthless "certifications" after their names who haven't caught on to what the rest of us have known for many years. It's embarrassing, frankly. I recommend Firefox as the best-available alternative, with nods to Safari, Opera and others, because it's not possible to do worse than IE. And I have a set of plug-ins/extensions that I recommend as well: 1. AdBlock Plus This makes nearly all banner ads go away. Given that banner ads are highly annoying, this is welcome. Given that they're being increasingly used to distribute malware, it's becoming necessary. 2. NoScript This takes a little bit of work to use, but it is the single biggest thing you can do to improve your security: it's *more* important than having anti-virus installed (presuming you're on Windows). NoScript stops the plethora of JavaScript et.al. attached to web sites from running *until you permit it to run*. You can enable it to run once or every time you visit the site. Now the good news is that this stops all kinds of attacks cold. The bad news is that most web designers are utterly clueless morons who have failed to grasp what the web is, why it exists, and what problems it was intended to solve -- and they've designed very poor sites that don't work at all unless JavaScript is enabled for them. Still, in practice, this isn't a big deal: most of us visit the same limited set of web sites and telling NoScript to permit them every time a single click. It's also a useful exercise: it highlights those sites which don't even present a home page or usable navigation without JavaScript. This is a prima facie indicator of incompetence and should cause you to seriously question whether the site itself is secure. 3. BugMeNot There are any number of idiotic sites which, while free, won't let you look at their content until you surrender a chunk of your privacy by providing them with a name and an email address. BugMeNot deals with these idiots by feeding them the bogus data they deserve. 4. TACO Targeted Advertising Cookie Opt-Out: this disables persistent tracking cookies used by any number of spamXXXXadvertisers and is a good step toward protecting your privacy. 5. CustomizeGoogle If you use Google as your search engine, this will enable you to suppress a lot of the cruft and add some useful features. Unlike the first four, this isn't a security/privacy measure, but it's still pretty darn useful. 6. DownloadStatusbar This allows you to manage downloads much more effectively than the code that's built into Firefox. Debate exists about whether this should subsume existing functionality or not: some of that's a matter of preference, but there are solid arguments both ways. Of all these, the first two are the biggest bang for the buck, so to speak. I use them, even though I don't run Windows. ---Rsk *************************************************************************** PaddleWise Paddling Mailing List - Any opinions or suggestions expressed here are solely those of the writer(s). You must assume the entire responsibility for reliance upon them. All postings copyright the author. Submissions: PaddleWise_at_PaddleWise.net Subscriptions: PaddleWise-request_at_PaddleWise.net Website: http://www.paddlewise.net/ ***************************************************************************Received on Sat Mar 06 2010 - 04:55:33 PST
This archive was generated by hypermail 2.4.0 : Thu Aug 21 2025 - 16:31:39 PDT