Ten Firefox extensions that help keep you safe

Being safe while you surf the Web is extremely important, yet safe surfing sometimes seems like an oxymoron. For users of the Firefox browser, downloading security extensions can help increase your level of protection from worms, hackers, phishers, and the like.

I should note that even with these extensions installed, you won't be perfectly safe. Visit sites only of trusted sources, and don't download unknown files.

Safer browsing ahead

BetterPrivacy BetterPrivacy protects against long-term tracking cookies that can't be deleted. The extension makes you aware of those objects and deletes them for you. You can then sift through those cookies and selectively decide which you want to delete. It's a simple but effective tool.

BlockSite lets you block sites you don't like.

(Credit: Don Reisinger/CNET)

BlockSite BlockSite gives you the option of blocking a Web site that you deem unsafe or unsuitable for the family. The extension even disables all links to the sites you might find in search results. When you access the extension's menu, you need only to add the site's URL to the blacklist. You won't be able to access the site, unless you remove it from that list.

Dr. Web Anti-virus Dr. Web Anti-virus enables you to verify that any file you're downloading, or any page you're browsing, isn't installing malware onto your computer. Once you right click on a link or file path, you'll find the Dr. Web Anti-virus option in the menu. Click it, and the path will be scanned to determine if there is any malware being added to your computer.

FormFox You think you're on a familiar site while filling out an online form, but you're nervous about whether the trusted source will actually receive it. That's where FormFox comes in. The add-on gives you the exact URL destination of information you're submitting to a site. So when you input your name, address, and other information, you can mouse over the Submit button and search boxes to find out exactly to where you're directing the information. You might be surprised to see where your data is going.

Ghostery Ghostery gives you alerts whenever a Web site is "watching" you. When you have the extension on, it constantly analyzes the site to determine if it's running hidden scripts that track your behavior. If it does, it will alert you to it. You can then decide to leave the site or stay.

Locationbar lets you see where you're really going.

(Credit: Don Reisinger/CNET)

Locationbar Phishing scams are a real concern for Web surfers. Locationbar helps solve that problem. The extension decodes hidden URLs and displays where a particular link would redirect you to. You can even click on different sections of the URL, if you want to go back to the site's home page or go to the site you intended on visiting before you clicked on a phishing path. It's a useful extension.

NoScript NoScript is a handy tool that permits JavaScript or Java to run solely on trusted sites. It helps prevent cross-site scripting attacks and clickjacking. It sits in the status bar, giving you the option to allow or block JavaScript on the site you're browsing. It's a great tool.

Password Hasher If you're concerned that your passwords aren't as strong as they should be, Password Hasher is the tool for you. After you install it and create a master password for the service, it will automatically generate strong passwords for the sites you specify. You can pick how strong you want the password to be (light to heavy), and Password Hasher will do the rest. It's a great tool for important sites.

Web of Trust lets you know when a site is scary.

(Credit: Don Reisinger/CNET)

QuickJava QuickJava makes it easy to enable or disable Java and JavaScript in the browser with just a few clicks. It sits in the status bar until you need it. It's a handy tool that's extremely simple and efficient.

Web of Trust Web of Trust tells you about risky Web sites that deliver malware or send spam before you're affected. When you surf to a site, Web of Trust displays a colored icon giving you its rating. Green means it's safe. Yellow means you should proceed with caution. And red means you should avoid the site. Those icons are displayed next to search results or as an overlay on a site that is considered dangerous. It's an important tool to have, if you want to be safe online.

The top 3

If you want to be safe, installing these extensions is a good start:

1. NoScript

2. Web of Trust

3. Locationbar

[Jonathan]

While I know its one of c|Nets bread and butter points of revenue....I gotta say. Adblock Plus is a godsend. No just blocking ads, but further controlling popups.
While NoScript is good it simply impacts web browsing too much to be more useful then annoyance. That and the games they were playing with Adbock a month or so ago, basically turned me off of them....for now. I never swear of something for good. But they need to demonstrate that they understand they cant pull that crap anymore.

[Gasaraki]

I'm sorry, NoScript is the best protection you can have while surfing the web. How hard is it to allow sites you know are safe?

Adblock Plus blocks ads, the ads that make sites like cnet free. Blocking website ads does not "protect" you.

[Freedomstarfox]

NoScript is one of the greatest protections you can have. If you REALLY don't want to enable scripts for sites you know are safe, you should still keep the add-on. You can enable all scripts, which I don't recommend, and keep the add-on for its other features. It basically the only protection out there against Clickjacking without having to completely disable Javascript.

[bahead]

I'm not promoting MSIE 8 (I'm a Firefox user), but it has the same feature as the Locationbar plug-in for Firefox and it is very useful for a quick verification of the domain you are visiting.

[flickrz]

I do following and have never been infected:
1. Disable java in any browser.
2. Use latest release of FireFox /w ABP.
3. Install AVG and update it regularly.
4. Keep your OS updated (most of the known worms/viruses) spread through known security holes that MSFT has already issued patch for.
5. Most important: Don't click on any ads that says "You have won $50000000" because, you haven't.
6. Don't give out your email address as if it came in charity. In that case, use disposable email addresses. I prefer 'Gmail' as primary email service provider.

[bananaphonerules]

7. Use common sense

[flickrz]

Good one

[dgrant6230]

7. use a Mac (not trying to start a flame war - just noting that my Macs have never been infected with anything and I am pretty sure this will not change in the foreseeable future)

[menon.nrk]

For all practical purposes a web surfer whether in Canada or Kerala needs only the following

Lavasoft anti spyware
Avast anti virus

Keep both regularly updated and scan your PC as often as time permits, use Firefox or Safari browser.

[Lemonsquare1]

I disagree. I used Ad-Aware for years thinking it worked fine. I recently switched to Malwarebytes and found 23 infections, Ad-Aware found 2/23 of those infections and couldn't remove either one.

[dazweeja]

I'm afraid you don't know much about spyware. Ad-aware (and Spybot S & D) detect only a fraction of the spyware in the wild and routinely miss the most damaging ones. Anyone who works in IT support can confirm this for you. If you don't believe me, create an ultimate boot CD for Windows (http://ubcd4win.com/) and include all the free anti-spyware programs. Boot from UBCD and run all the anti-spyware programs. You're guaranteed to find plenty of spyware that Ad-aware has missed. The worst thing thing about Ad-aware is that it gives users like yourself a false sense of security.

[tm_anon]

I'd also switch to Avira Antivir, much better heuristics engine. Pair Avira with Malwarebytes and you're a lot safer than you currently are.

[ssj4Gogeta1]

I've been using Kaspersky Internet Security and Spyware Blaster, with Malwarebytes. No problems so far. Kaspersky is probably the best AV that I've used (I've used many) - high detection rate and a very refined interface.

[UpajOs]

I agree with Jonathan: Adblock Plus is a must-have. You can't accidentally click on a malicious ad if the ad doesn't appear in the page to begin with. I disable it for Google.com, because I'm often looking for products, but I enable Adblock Plus for practically everything else.

[Freedomstarfox]

The top 3 listed are truly must have extensions. WOT helps me so much, as well as NoScript, one of the best protections available, and Locationbar². NoScript not only blocks scripts but also has protection against Clickjacking and Clearclick as well as numerous other features.

Yes, you probably won't get infected if you surf normally without these add-ons, but don't just go by luck. These add-ons make Firefox extremely secure.

[matthewcanprog]

Good collection. But most of them are only testing for client side interaction, or javascript that runs on your site. I can be doing all kinds of php tracking and the ghostery add on doesn't alert anything.

http://canadaprogrammers.com

[yachtcharter_mallorca]

http://www.amoyachts.com

[ejmfoley]

I had 3 of these extensions. 5 out of the other 7 were not compatible with the latest version of Firefox. Not much of list of must-have extensions when they don't work.

[Backspace23]

I hate to say it but I agree with Ad block plus. Yes ads pay for web content, but the number of popup ads I've seen on legitimate trustworthy sites, for XPAntivirus and ilk is astonishing. These are ones that try to lure unsuspecting users into intentionally running malware.

Myself I maintain a whitelist of sites I frequent if they don't have annoying ads. But I install it on PCs I set up to avoid people being lured into XPantivirus type things.

I also like Flashblock as it makes the web experience more bearable. If you have ads going it at least gets rid of the really annoying ones eg: emoticon ads that talk to you.

Of the list No Script is probably one of the most important... except now they modify Adblock plus settings.

Another important thing would be to Uninstall Adobe reader and install PDF Xchange viewer as some things target exploits in Adobe. For example, some of the XPAntivirus types will detect the browser and if it's IE try to exploit the browser, and if it's Firefox send it an exploited PDF.

I also agree that Adaware is sub-par. Spybot is too. They have both slipped from where they used to be. Avast! is good for AV protection, and MBAM and SAS for cleanup of real nasties.