Firefox recommend settings

Discussion in 'other software & services' started by Tipsy, Aug 26, 2014.

Thread Status:
Not open for further replies.
  1. Tipsy

    Tipsy Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    207
    What is recommendation for better security for firefox for these 4 settings:

    - Automatically update Search Engines

    - Check my spelling as I type

    - Block reported attack sites

    - Block reported web forgeries
     
  2. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    FF Scanner.png


    See post from Friday that discusses Firefox search engine preferences.
    https://www.wilderssecurity.com/threads/how-to-remove-google-search-from-ff.367432/

    I would not have this setting set to automatic - this is a personal preference and I don't believe to be security related although Firefox collects more metrics than they disclose in their Privacy Policy.

    Spell checking is also a personal preference, it's a handy thing to have your Browser add or correct your spelling - as you type. This was sorely missing in Internet Explorer for many years .

    Block web forgeries and sites is Mozilla colleting metrics - again, disable this option via the user interface, avoid using about:config as much as you can.
     
  3. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  4. guest

    guest Guest

    I can understand it if it was for privacy reasons. But wouldn't it be a bad idea for security?
     
  5. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    You'd have to be more clear in your question, Graf - that service is reputation based provided by Mozilla. Many including me have opted out as it can erroneously flag a website that your installed AV or AS would not flag.
     
  6. guest

    guest Guest

    So it is a matter of FPs. If the user doesn't encounter FPs then why disabling it?
     
    Last edited by a moderator: Aug 26, 2014
  7. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,956
    Location:
    U.S.A.
    FYI. For those considering turning off the Safe Browsing features (Attack Sites & Web Forgeries), please review:

    How do I use the Phishing and Malware Protection features?
     
  8. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    It's a matter of metrics being used and offered by Mozilla via the Browser.

    Many in the security business see this as more browser control Mozilla is offering that should have left to your native AV | AS scanner.

    False positives don't come into play unless you've got the feature enabled and it incorrectly flags a site that's Legit - that's reputation based scanning hard at work confusing your Browsing habits with what someone views as a bad website.
     
  9. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,956
    Location:
    U.S.A.
    FYI. What information is sent to Mozilla or its partners when Phishing and Malware Protection are enabled?
    I’ve confirmed that my site is safe, how do I get it removed from the lists?
     
  10. guest

    guest Guest

    And that is a personal choice of whether the user wants to have additional blacklisting filters other than what's being offered by the AV. I don't see how disabling those options can boost the user's security?

    My reply about FPs was for this statement:

    Oh not again, I'm not defining the term "false positive" differently than your definition, am I? :D
     
    Last edited by a moderator: Aug 26, 2014
  11. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    I don't profess to be a Mozilla Firefox expert nor developer of any kind. These are what I've observed elsewhere and was offering as I have gleaned from my use of the Browser over time and in reply to the somewhat basic queries the OP asked.

    All of these options could be selected as enabled if a user wishes to do so.

    Some other things to consider before going forward with new Browser features when others have tested the waters already and offered feedback via normal channels. Saturday morning quarterbacks may want to take note of the Mozilla Forums :isay:
    http://forums.mozillazine.org/viewtopic.php?f=7&t=2855909
    http://forums.mozillazine.org/viewtopic.php?f=38&t=2854847
     
    Last edited: Aug 26, 2014
  12. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,956
    Location:
    U.S.A.
    That is your best statement so far. :thumb: Let's not forget that there are visitors to this forum that do not possess the necessary computer expertise to retrieve themselves out of harm's way, and when one advocates disabling features, they might go ahead & do it, without really knowing its inherent dangers. By presenting a balance approach, the Pros and Cons, it is, as you aptly stated it, up to the user to decide which way to go.

    By the way, in your first link, it has been suggested to keep the features on, as there's no speed impact and could keep someone out of trouble. And your second link refers to an issue with NirSoft. I'm sure you're aware that their FAQs states that some AVs flag their software as evil, when in fact they are clean. I just downloaded WebBrowserPassView (a troublesome download) and FF 31 blocked it. I do have both Safe Browsing features enabled.
     
    Last edited: Aug 27, 2014
  13. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    Go with your gut. That gut tells me not to trust Google with collecting that information via the "safesearch" features. I can do just fine with my own discretion deciding what to trust, not to mention the help I get with my DNS service, and WOT.

    Simply disabling them in the option isn't nearly enough though. They are hard to kill. Also go into about:config and remove the URL's (leaving them blank). But even that wasn't enough I found, as they were still trying to connect out. I had to also disable their attempts in my Comodo D+/HIPS, and also in Sandboxie for good measure. That process there showed me how much these features can/should be trusted. In my book those are shady practices.
     
  14. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,087
    Would you please provide some details on that (to help others investigate and attempt to duplicate)?

    FWIW, I have the SafeBrowsing features disabled, the associated cloud lookup URLs pointed to a local server so I can watch for unexpected requests, and I frequently watch network traffic. I haven't seen any SafeBrowsing related connections/requests. Firefox's own disable mechanisms appear to be working reliably for me (FF31).
     
Loading...
Thread Status:
Not open for further replies.