Thursday, September 07, 2006
Review of a Firefox security article
Information Week recommends five things to make Firefox "bulletproof".
They're debatable. They suggest protecting yourself against phishing by installing a helpful toolbar from Netcraft. OK, but last I heard, that toolbar sent some information about what you're doing back to Netcraft. All aboveboard and disclosed, but make sure you're comfortable with that before you install their toolbar.
They point out the Clear Private Data feature which erases some of the records of what you've been doing online. First, that doesn't have much to do with making Firefox "bulletproof", second, it's barely going to slow down an investigator who knows what s/he is doing.
They recommend an optional extension to Firefox called Password Maker to create and manage strong passwords and avoid the problem of memorizing them all. There's more than one extention to do the same job. See my previous overview of Password Maker and others.
Where they are absolutely right is where they recommend that you download and install a Firefox extension called Noscript. Seriously, this one is close to being a must-have. It lets you decide exactly which websites you trust to do potentially dangerous things (specifically "Javascript", a legitimate but infinitely abused way for web sites to control what your browser does). It even lets you give a temporary pass to a web site if you want to. Be alert for loss of functionality: some web sites will mysteriously do nothing on mouse clicks and not tell you why. You may need to enable scripting to get them to work, or you can take your business somewhere else. Only a few sites, for example Gmail, have a legitimate need to require Javascript and none have any excuse for failing to work without telling you why.
|
They're debatable. They suggest protecting yourself against phishing by installing a helpful toolbar from Netcraft. OK, but last I heard, that toolbar sent some information about what you're doing back to Netcraft. All aboveboard and disclosed, but make sure you're comfortable with that before you install their toolbar.
They point out the Clear Private Data feature which erases some of the records of what you've been doing online. First, that doesn't have much to do with making Firefox "bulletproof", second, it's barely going to slow down an investigator who knows what s/he is doing.
They recommend an optional extension to Firefox called Password Maker to create and manage strong passwords and avoid the problem of memorizing them all. There's more than one extention to do the same job. See my previous overview of Password Maker and others.
Where they are absolutely right is where they recommend that you download and install a Firefox extension called Noscript. Seriously, this one is close to being a must-have. It lets you decide exactly which websites you trust to do potentially dangerous things (specifically "Javascript", a legitimate but infinitely abused way for web sites to control what your browser does). It even lets you give a temporary pass to a web site if you want to. Be alert for loss of functionality: some web sites will mysteriously do nothing on mouse clicks and not tell you why. You may need to enable scripting to get them to work, or you can take your business somewhere else. Only a few sites, for example Gmail, have a legitimate need to require Javascript and none have any excuse for failing to work without telling you why.
# posted by Frederick @ 12:27 AM Email to a friend:
Haloscan: they provide trackback