Locking down your browser.

Hello and good day to all.

Ive often heard mentioned in this forum the term."lock down your browser."
Im currently using firefox and the extensions i have are.:
WOT.
ADBLOCK.
LASTPASS.
HTTPS EVERYWHERE.
NOSCRIPT.
BD TRAFFICLIGHT.
Are these enough or do i need to do additional things.
Thank you kindly.

 

The best thing you can do is to prevent compromised websites from ever appearing in your browser.

Download and install Blue Coat's K-9 Web Administration.

Reboot the computer - launch your browser and then log into the K-9 User Interface. Select Custom and put a check in the phishing, malware and scam boxes. Save and then exit it.

Now no dangerous site can be entered, provide a web link to click on or drop a drive by payload to your computer.

Prevention will keep you safe online. BitDefender TL can warn you of sites not to go to.

 

Hi.
I forgot to mention im using BD trafficlight also.
As for K-9 well the comments on CNET download.com kind of put me off that program to be honest.

 

I would add Betterprivacy and Keyscrambler. Quickjava is handy.

 

well i run firefox sandboxed .
ive uninstalled java as i dont see me needing it.
Thank you for the suggestions.

 

Its easy enough to configure - it isn't perfect - it does show a few false positives but nothing that you can't get to if you want to. But if you block the bad sites first they can't do damage. Now if only I could block malicious code in Skype, I would be happy!

 

Using Both WOT and BD TRAFFICLIGHT?

 

I wanted to suggest sandboxie, but saw that in your signature. Quickjava isn't only handy for quick en/disabling Java, but also for javascript, flash, silverlight, cookies, automatically loading images and animated images.

 

Firefox has a urlclassifier3.sqlite. This is what it does:

urlclassifier3.sqlite is the database that contains a list of "bad sites". This is updated by Google while Firefox is running if you have Block reported attack sites and/or Block reported web forgeries checked under the Security Tab in Tools > Options>Security.

 

I wouldn't either, but that's just me. In my opinion, WOT is too reliant on user opinions and is generally only useful for flagging "spammy" websites than it is for security. On my machine, I could never get BD to stop slowing my browsing to a crawl, so I dropped it. HTTPS Everywhere is not something I'd rely on either as it relies on a whitelist of supported websites and can break them at times. If you're really just looking to lock things down, NoScript is your answer. AdblockPlus will also be helpful for annoying or malicious 3rd party trackers/ads.

 

I'd only use NS, AdBlock and Lastpass. You're already sandboxing FF as it is, plus you're using EMET to fortify things further. Btw, you can find WOT info for a site by using the middle-click button in NS.

 

I sometimes get my years and months mixed up, maybe because I'm getting old. But I seem to remember there being a problem with the updates google provided to firefox. There was some news, maybe 6 months ago or so, that a report came out showing google chrome blocking malicious sites at a better rate than some other browsers or maybe it was a test result specifically against firefox..and the test may have been sponsored by google. Anyway, google apparently scored better but news came out later that google had cut off updates to firefox for a month while keeping updates going for chrome. Then the test against malicious web sites was ran with firefox scoring poorly.

Does anyone remember this? It seems like this happened right before the firefox/google partnership announcement from a few months or a year ago.

The troubling issues were that google would cut off security dates to firefox and then have some sort of security test. Another thing was that I don't remember firefox ever warning users that updates had been stopped.

 

This a link I found from 2009: http://www.informationweek.com/internet/security/google-chrome-update-scheme-beats-firefo/217300466 Google Chrome Update Scheme Beats Firefox, Safari, Opera.

There must be more articles about the above though.

As what Firefox's urlclassifier3 is concerned, excerpt: http://www.mozilla.org/en-US/firefox/phishing-protection/

Although some may think that this post is off topic, I believe it's not. Reason for that is that there is already phishing and malware protection in Fx. Adding more features of a similar nature may result in slower browsing?

OT: I deleted urlclassifier3 because of its size (63.5 MB) I knew that it would generate itself when starting to use Fx again. It did and now the size has shrunk a bit to about 55 MB.

 

@acr1965: Is it this you are thinking of?

Did Google pull a fast one on Firefox and Safari user?
https://www.nsslabs.com/system/file...l a fast one on Firefox and Safari users_.pdf

@thread: WRT "locking down" your browser, I think an important step would be trying to stay on top of changes/additions to the browser itself.

 

That looks like it may be it. I believe there was some press release by google comparing its superior safe browsing to firefox though. And later it was alleged that google had stopped updating the firefox blacklist url's for a month leading up to the test.

 

Firefox had not moved to the SafeBrowsing v2 yet, which includes file reputation. That's the discrepancy.

 

There really isn't much you can do except keep updated with patches. The only thing that would stop me from moving to chrome would be lack of a No-script style plugin.

Disable/whitelist JAVA/Flash plugin/PDF plug in and your very much on your way. & Block 3rd party cookies.

 

I think Firefox had begun using Safe Browsing API v2 long before that NSS test began and it still doesn't utilize the (not officially documented) API for checking downloaded files.

https://developers.google.com/safe-browsing/

 

There are loads of 3rd party browser add-ons that'll improve security to some extent,also impacting upon performance to varying degrees.Personally I reckon running the browser in a well-configured Sandboxie with EMET is enough.

 

Yes i run firefox sandboxed all the time except for updating etc.
Ive also got EMET installed too.
As for a well configured sandboxie well that im not sure about.I installed and ran at default sandboxie.

 

By well configured I'm referring to the settings whereby you can restrict what exactly can run or access the internet.Also "drop rights" and restricting or blocking access to various resources hardens the protection.

With that in place you should be all but immune,even in its "vanilla" state SBIE is immense.

 

Yes i absolutely agree with you and thanks.
Also i have what i consider the best security program installed also so i feel quite secure at the moment.