Firefox and Security Add-Ons for Windows - Secure Web Browser
Mozilla Firefox is a free and increasingly popular web browser. Mozilla Firefox is enhanced by the availability of numerous add-ons for it, including some that are designed to protect your privacy and security when you browse the web.
This guide assumes that you already know how to use a web browser; it will not explain how to use the Firefox browser functions. Its purpose is to explain some additional functions that will make its use more secure.
GNU Linux, Mac OS and other Microsoft Windows Compatible Programs:
The Mozilla Firefox browser is available for GNU Linux, Mac OS, Microsoft Windows and other operating systems. The secure management of web pages is absolutely vital, as they are most common source of malware infection. Therefore, we strongly recommend that you use Mozilla Firefox and the prescribed add-ons for this purpose. The security advantages available in Firefox, a cross-platform free and open source program, are even more important when compared to its commercial equivalents like Internet Explorer. However, if you would prefer to use a program other than Mozilla Firefox, we recommend the following alternatives available for GNU Linux, Mac OS and Microsoft Windows:
You can find our recommendations for additional privacy-enhancing browser add-ons through Tactical Tech's MyShadow resources section.
Important: The overwhelming majority of malware and spyware infections originate from webpages. It is very important that you always consider whether it is safe to open a given website, especially if you received it via email. Before you decide to open a webpage, we recommend that you scan the web address using the following page scanners:
Firefox has many easy-to-use settings for protecting your privacy and security whenever you access the Internet. How frequently you may have to configure these settings depends on your particular situation:
If you are using your personal computer, and do not allow others to use it for browsing purposes, you need only configure these settings once.
If you are in a public location or at work, you may have to repeatedly re-configure these settings for your own use.
Note: You may also use a portable version of Firefox on a USB memory stick with you. This lets you configure Firefox according to your requirements, and you can use this version on any public computer. For more information about Firefox portable, please refer to Mozilla Firefox, Portable Edition.
The Privacy pane lets you manage privacy and security options for the browser.
Step 1. Click to activate the following screen:
Figure 3: The Options window displaying the Privacy pane
The Privacy pane is divided into three sections: The Tracking section, the History section and the Location bar section.
The Tracking section
The Do Not Track section lets you determine whether you wish your internet activities and behaviours to be monitored or tracked by third parties, for instance, advertising companies, analytic services, or market researchers. The first time Firefox is installed, the default setting is Do not tell sites anything about my preferences and must be changed; enabling the Tell sites I do not want to be tracked option notifies participating companies and organizations that you do not wish to be tracked.
Note: The Do Not Track option is based on an honour system and is voluntary; as such, individual web sites are neither legally nor technically compelled to respect such requests. Although a growing number of respectful and responsible organizations are participants, the Do Not Track option must be complemented by other add-ons or plugins that effectively target the commercial or malicious interests; enabling this option reduces your exposure to potentially harmful advertisements online. For more information about Firefox add-ons, please refer to More Useful Firefox Add-Ons.
Figure 4: The Tracking section
Step 1. Check the Tell sites I do not want to be tracked option (as shown in Figure 4 above) to have your privacy and security respected by the participants.
The History section
The History section lets you manage your Firefox browser 'history', that is, a list of all the different sites you have visited since you began using Firefox. The default Firefox will: option is Remember history and must be changed to protect your internet privacy and security.
To eliminate traces of your browsing history, perform the following steps:
Step 1. Activate the Firefox will: drop-down list and select the Never remember history item as shown in Figure 3.
Step 2. Click to activate the following screen:
Figure 5: The Clear All History window
Step 3. Select all check-boxes and click to clear Firefox of all potentially revealing data, and return to the Privacy pane.
The Location Bar section
The Location Bar section uses addresses, cookies and other temporary data from bookmarked web sites, and the web history to prompt or suggest addresses in the FirefoxUniversal Resource Locator (URL) bar for your browsing convenience. The default When using the location bar, suggest: option is History and Bookmarks, and must be changed to protect your internet privacy and security.
To eliminate traces of your browsing habits and history, perform the following steps:
Step 1. Activate the When using the location bar, suggest drop-down list and then select the Nothing item as shown in Figure 6 below and Figure 3 above:
Figure 6: The Location Bar displaying the Nothing item
Step 2. Click to confirm your settings and exit the Options window.
Note: For a more secure and thorough approach to deleting temporary data, please refer to the chapter on CCleaner.
The Security pane is divided into two sections: the first deals with potentially threatening actions from external sources and the second, or Passwords section, with password management.
Note: For more information on password storage, please refer to the chapter on KeePass.
Step 1. Select Tools > Options in the Firefox menu bar to activate the Options window, and then click the Security tab to activate the following screen:
Figure 7: The Options window displaying the Security pane
Step 2. Accept the default settings in the first section.
The Passwords section
The Passwords section lets you manage your passwords. The default Remember passwords for sites option is enabled the first time you install and run Firefox, and must be disabled to ensure your password privacy and security. We recommend to securely store passwords in KeePass.
Step 3. Click to complete the configuration of the Security pane in the Options window.
The Advanced tab, as its name suggests, is designed with the Advanced or ExperiencedFirefox user in mind. However, users of all levels will benefit from enabling the following option in the General tab.
The Warn me when websites try to redirect or reload the page option enables Firefox to prevent web sites from automatically redirecting you to another page, or reloading themselves without your consent or knowledge.
Figure 8: The Advanced pane options with the default General tab displayed
Step 1. Enable checkbox Warn me when websites try to redirect or reload the page option as shown in Figure 8 above.
Step 2. Click to apply these changes and exit the Advanced tab.
Congratulations! Firefox is now configured to browse the Internet in a private and secure manner.
In the context of Mozilla products, an add-on is simply a lightweight software program which adds new features or extends existing functionality. As such, add-ons are sometimes referred to as extensions. For instance, the NoScript add-on extends Firefox functionality to block scripts from defined servers.
A plugin is essentially a piece of software usually designed by a third party to enable the use of their software within Firefox browser. An example of a common plugin would be the Flash plugin designed to display Adobe Flash content within the Firefox browser window.
The Add-ons tab displays all installed add-ons as shown in Figure 8. Any Mozilla add-on can be either temporarily disabled by clicking or completely removed by clicking . However, in some instances Firefoxmust be restarted for the changes to take effect.
Every so often, the various add-ons designed for use must be updated to be compatible or current with the latest version of Firefox. Depending on your connection speed, you may choose to either update these add-ons automatically or manually.
Step 1. Click to activate its associated menu, and then selectCheck for updates item to manually update your add-ons as shown in Figure 9 below.
Figure 9: The Add-ons Manager update button displaying its associated drop-down list
Step 2. Alternatively, select the Update Add-ons Automatically item to update your add-ons automatically as shown in Figure 9 above.
Figure 10: The Mozilla Firefox Plugin Check & Updates site
Step 2. Address each plugin issue presented on the web page, indicated by the status on the button as follows:
For plugins displaying we strongly recommend that you immediately update them by clicking this button, and follow its instruction page. (Alternatively, please follow the steps after this list of buttons to disable or remove obsolete plugins.)
For plugins displaying , consider disabling or removing them unless the plugins are required and updated individually.
For plugins displaying , review them individually to determine which are required, and disable or remove those which are unknown or unnecessary.
To disable an unknown plugin or one that is no longer required, perform the following steps:
Step 1. Select Tools > Add-ons to activate the Add-ons Manager tab.
Step 2. Click to reveal a complete list of Mozilla Firefox plugins, identify the plugin you would like to disable, and then click .
To remove a plugin from your computer:
Step 1. Click Start > Control Panel.
Step 2. Click .
Step 3. Select the relevant program from the window, and then click .
Repeat these steps until all the issues on the Plugin Check & Updates page are resolved. It is absolutely essential that you search for updates on a monthly basis at minimum. Plugins are constantly being improved and upgraded to deal with all manner of evolving security problems.
NoScript is a particularly useful Mozilla Add-on that can help protect your computer from malicious websites on the Internet. It operates by implementing a 'white list' of sites that you have determined as acceptable, safe or trusted (like a home-banking site or an on-line journal). All other sites are considered potentially harmful and their functioning is restricted, until you have determined that the content of a particular site presents no harm; at this point, you may add it to the white list.
Before you begin using NoScript ensure that it was successfully installed by selecting Tools > Add-ons to activate the Add-ons window and confirm that it has been installed.
Tip: Although NoScript might seem a little frustrating at first (as the websites you have always visited may not display properly), you will immediately profit from the automated object-blocking feature. This will restrict pesky advertisements, pop-up messages and malicious code built (or hacked) into web pages.
Figure 1: The NoScript status bar
The NoScript status bar displays information about which objects (for example, advertisements and pop-up messages) and scripts are currently prevented from executing themselves on your system. The following two figures are prime examples of NoScript at work: In Figure 2, NoScript has successfully blocked an advertisement created in Adobe Flash Player on a commercial website.
Figure 2: An example of NoScript blocking a pop-up advertisement in a commercial site
Since NoScript does not differentiate between malicious and real code, certain key features and functions (for instance, a tool bar) may be missing. Some web pages present content, including script-like content, from more than one website. For example, a website like www.twitter.com has two sources of scripts (twitter.com and twimg.com):
Figure 4: An example of the NoScript status bar Options menu
To unblock scripts in these circumstances, start by selecting the Temporarily Allow [website name] option (in this instance, Temporarily allow twitter.com). However, if this does not allow you to view the page you may determine, through a process of trial and error, the minimum number of websites required to view your chosen content. For instance, on Twitter, you must select the Temporarily allow twitter.com and Temporarily allow twimg.com options, in order for Twitter to work.
Warning! Under no circumstances should you ever select the Allow Scripts Globally (dangerous) option. As far as possible, avoid selecting the Allow all from this page option. Occasionally, you may have to permit all scripts; in this situation, ensure that you only do this temporarily for sites you really trust, that is, until the end of your on-line session. It only takes a single injection of malicious code to compromise your on-line privacy and safety.
For websites that you trust and frequently visit, select the Allow [website name] option. (In the example above, Allow twitter.com and Allow twimg.com have been selected). Selecting this option permits NoScript to permanently list that website as trusted.
The Mozilla Firefox Add-ons featured in this section are designed to enhance or protect the anonymity, privacy and security of your browsing sessions. To download them, please refer to the Downloading Firefox section.
HTTPS Everywhere is a Mozilla Firefox extension ensuring that you always communicate with specified list of websites over an encrypted (https) channel. Although many websites do offer encryption, they tend default to an unencrypted http address. The HTTPS Everywhere extension fixes these problems by rewriting all your requests to these sites to the HTTPS protocol. It runs silently in the background, ensuring that your Internet sessions with those selected sites are safe and secure. However, it works only when those sites are using the HTTPS protocol themselves.
After the HTTPS Everywhere extension has been successfully installed, the following screen will appear:
Figure 1: The Should HTTPS Everywhere Use the SSL Observatory? prompt screen
Step 1. Click to activate the following screen:
Figure 2: The SSL Observatory Preferences screen
Note: If there has been a previous installation of HTTPS Everywhere on your Firefox browser, select Tools > HTTPS Everywhere > SSL Observatory Preferences and verify that the Use the Observatory and When you see a new certificate, tell the Observatory which ISP you are connected to options are enabled. If you are not using Tor, enable the Check certificates even if Tor is not available option as well.
Step 1. Click so that it changes to for the Malware Blocking, Remove Social Media Buttons and Disable Tracking options (as shown in Figure 1 above).
Step 2. Select Tools > Adblock Plus > Filter preferences... to activate the following window:
Figure 4: The Add Adblock Plus Filter Preferences displaying three filter subscriptions
Step 2. Click each filter subscription checkbox to enable it (as shown in Figure 2 above), and then disable the option, to prevent all advertisements described or listed in these filters from displaying themselves.
Step 3. If you work in multiple languages, click to view different filter subscriptions, then click to activate a drop-down list of different subscription filters, select the appropriate one, and then click .
Step 4. To update your filter subscriptions, click , and then select the Update filters item from the pop-up menu.
5.3 Beef Taco (Targeted Advertising Cookies Opt-Out)
Beef Taco is a Mozilla Firefox add-on which lets you manage cookies associated with advertising from a variety of companies, among them Google, Microsoft and Yahoo. It can be configured to delete cookies known as Targeted Advertising Cookies Opt-Out automatically. However, it also permits Experienced and Advanced users to specify in a more detailed way which cookies are permitted to reside on your system, and which to be eliminated.
Better Privacy is a Mozilla Firefox add-on which helps to protect your system from a special cookies referred to as an LSO (Local Shared Objects) which may be placed on your computer by a Flash script. Those cookies are not removed by the standard Firefox cleaning procedure for cookies.
This section describes a number of useful add-ons and extensions that are free, open-sourced (or in the process of becoming so) add-ons and extensions, that can enhance or extend your ability to browse the Web in a private and secure manner.
Cryptocat is an open source encrypted, private Instant Messaging add-on that works in your browser. Thus in certain situations it maybe easier to use than other comparable text chat software. Cryptocat lets you create a virtual chat room where you can chat with all members, or have private, one-to-one conversations with individual participants. All chats are encrypted and decrypted in the users browser before sending and after receiving. Cryptocat is available as browser extension for Mozilla Firefox, Google Chrome and Apple Safari and also as a Mac OS X app. Read more...
Disconnect is designed to keep your data safe from third-party web trackers, while analysing trackers and sorting them into different groups, for instance, advertisers, analytics and social ones. Read more...
DuckDuckGo is designed to provide a private and safe alternative to Internet search engines such as Google or Bing. DuckDuckGo neither records nor shares user information, and all users have access to the same information. Either go directly to the DuckDuckGo website, or click the DuckDuckGo icon to install it as your default search engine in the search bar.
vtzilla is a Mozilla Firefox browser extension designed to scan downloads and websites for malware and viruses. After the vtzilla extension has been successfully installed, the vtzilla toolbar (which can be toggled on and off) appears beneath the Firefox navigation toolbar. Simply copy and paste, or type a website address into the vtzilla search box, and your search request will be directed to Virus Total, a website that directs more than 40 different malware or virus scanners to the specified link or website. Additionally, vtzilla reduces the risk of infection by adding yet another level of protection to an existing anti-virus program (for instance avast!), by scanning your downloadable files. Read more....
ShareMeNot is designed to prevent third-party buttons (such as the Facebook “Like” button or the Twitter “tweet” button) embedded by sites across the Internet from tracking you, until you actually click on them. Read more...
Click&Clean is designed to automatically delete private data upon closing Firefox; this includes clearing records from your download history, deleting browsing history, and removing cookies, including Flash Local Shared Objects (LSO). It also deletes temporary files and empties your local cache.
Note: Alternatively, users may also consider using external applications, like CCleaner, Wise Disk Cleaner etc. on Windows operating systems, or Janitor or BleachBit on Linux.
6.1 Differences between the Installed and Portable versions of Firefox
Given that portable tools are not installed on a local computer, their existence and use may remain undetected. However, keep in mind that your external deviceor USB memory stick, and portable tools are only as safe as the computer you are using, and may risk being exposed to adware, malware, spyware and viruses.
There are no other differences between Mozilla Firefox, Portable Edition and the version designed to be installed on a local computer.
Step 2. Click to begin downloading the Firefox Portable installation file.
Step 3. Click to save the installation file to your computer; then navigate to it.
Step 4. Double click ; the Open File - Security Warning dialog box may appear. If it does, click to activate the Mozilla Firefox, Portable Edition | Portableapps.com Installer window.
Step 5. Click to activate the following screen:
Figure 2: The Choose Install Location window
Step 6. Click to activate the Browse for Folders window as follows:
Figure 3: The Browse for Folder window
Step 7. Navigate to your destination external drive or USB memory stick, as shown in Figure 3 above, then click to confirm the destination of the Mozilla Firefox, Portable Edition file, and return to the Choose Install Location window.
Step 8. Click to begin the extraction process, then click to complete the installation process, and then navigate to the removable drive or USB memory stick which the Mozilla Firefox, Portable Edition file was saved.
Step 9. Open your removable device or USB memory stick, and it should resemble the following:
Figure 4: The newly installed Mozilla Firefox Portable Edition with the Firefox Portable folder highlighted in blue
Step 10. Open the Firefox Portable folder and then double click to begin using Firefox Portable.
Please refer to the Firefox chapter to begin configuring and using it.
Q: Why would I want so many different add-ons to defend myself against malicious websites? If NoScript protects me from potentially dangerous scripts, for example, why do I also need other add-ons which function in a similar way?
A: It is often a good idea to use more than one tool to address the same general security issue. (Anti-virus programs are an important exception to this rule, since they tend to conflict with one another.) These Firefox add-ons use very different techniques to protect your browser from a variety of threats. NoScript, for example, blocks all scripts from unknown websites, but users tend to 'whitelist' the websites they visit frequently, which allows them to load potentially-malicious scripts. NoScript users also tend to allow unknown sites to load scripts, on a temporary basis, if those scripts are necessary for the page to function properly.
How do you erase your temporary Internet history, cookies and cache from your browser?
What kinds of attacks can NoScript protect your system from?