There's no way to reduce to zero your risk of picking up some piece of malware while browsing. You need layers of security to keep viruses, Trojans, and botnets at bay—the more layers, the safer your browsing. (Of course, the more layers, the slower your browsing, too, so don't get carried away.)
Much emphasis has been placed on the enhanced security features of the latest versions of the popular browsers. Whether one is any safer than another is anybody's guess, but no browser gives you more ways to thwart a Web-based attack than Firefox via its wealth of security add-ons.
Link checkers add warnings to search results
Search results are often difficult to trust, even when the URL looks familiar. Phishers are adept at planting dangerous links that look like harmless ones. Link checkers provide you with an indication of the trustworthiness of sites before you click their links. (Note that several of the products are available for Internet Explorer as well.)
Some of the programs, such as McAfee's SiteAdvisor, give the thumbs-up or thumbs-down based on a single company's research. Web of Trust (WOT) bases its recommendations on the collective intelligence of a network of volunteers. LinkExtend is a link-check aggregator that combines the analyses of eight different services.
McAfee SiteAdvisor adds a safety indicator to Web search results.
(Credit: McAfee)While the recommendations of link checkers are helpful in identifying safe sites, you can't take their yeas and nays as gospel. For example, sites that offer downloads of system utilities may be flagged as dangerous because the programs require access to the operating system and thus could do major damage in the wrong hands.
Track the trackers
You know popular Web sites download software that tracks your activities on their sites, but do you know who's doing the tracking? Find out with the Ghostery add-on that pops up the names of the trackers as the page opens. The program puts a small "ghost" icon in the bottom-right corner of the Firefox window that turns orange when trackers are present. Click the link that appears to the right of the icon to find out more about the trackers and block them individually or entirely.
The Ghostery Firefox add-on lets you know who's tracking your activities on the site.
(Credit: Ghostery)
View encryption specs
When you open an encrypted Web page, a lock icon appears in the bottom-right corner of the Firefox window and the URL in the address bar begins with "https." But there's more than one form of encryption, and knowing which type and strength of encryption in use can be handy.
The CipherFox add-on puts in the bottom-right of the Firefox status bar the Secure Sockets Layer/Transport Layer Security (SSL/TLS) cipher and keysize currently in use. Double-clicking the entry opens the CipherFox dialog box, where you can disable RC4 encryption and display partial SSL/TLS. (Note that the developer accepts donations to support the product.)
Take charge of Web password management
Firefox's built-in password manager lets you create a master password and remember passwords for specific sites, but if you want to get serious about managing your passwords, get LastPass, a password manager that provides much more granular control over your sign-ins.
After you download and install the add-on, an icon is placed in the top-right corner of the Firefox window. Click it to open the LastPass menu, which lets you manage your identities, open the LastPass Vault, jump to favorite sites, and generate secure passwords. You can also import or export sign-in IDs, compose and print secure notes, and assign keyboard shortcuts for specific actions.
In addition to Firefox and IE, LastPass is available for Google Chrome and Apple's Safari browsers. LastPass backs up your passwords by storing an encrypted copy on its own servers. And because you can access your passwords via the Internet, you can use LastPass on any Web-connected device, although use of LastPass on an iPhone or other smart phone requires a Premium membership, which costs $1 a month. (You can also put LastPass on a USB thumbdrive for use with Firefox Portable and other portable apps.)
(Credit:
Mozilla)
It's been just under four months since Mozilla launched its pilot program for contributions, a way for users to donate to add-on developers for their time and effort.
The program was launched in tandem with a redesign of Mozilla's add-ons site that gave developers their own profile pages. Many add-on makers were already running donation programs through their own sites, but wanted the option to show up in Mozilla's catalog too.
Already it appears to be working, but on a smaller scale than some developers might have hoped. For the half dozen developers that CNET News talked to, none has made enough from it to, say, quit their day job. While Mozilla would not reveal specifics on which developers are getting the most contributions, it did provide us with the total amount given: around $20,000. An organization spokesperson said that most of that came in September and October.
Of the 500 or so developers who are participating in the program, the average contribution falls somewhere between $5 and $6, with the largest thus far being $150. All have gone through PayPal, which is the sole way to pay through Mozilla's add-on site. PayPal then gets a small fee out of each transaction, something that comes out of the developer's pocket, although this varies based on how much the user gives.
Other ways to make money
Some developers believe Mozilla has gone about the payment problem in reverse. With the current contributions program developers are given the chance to ask for money before the user even downloads the free add-on. So why not give them a way to ask for a contribution after a user has downloaded and installed it?... Read more
Facebook's "like" feature has been around since February, but the massive social network never provided users with a way to quickly voice their opinions going the other way. French developer Thomas Moquet took matters into his own hands by creating a cute (albeit useless) Firefox extension that adds a dislike button to Facebook, letting users who have it installed mark things they don't like.
In order to make the tool work, Moquet had to use his own servers, which keep track of every item that's disliked as well as who clicked it. Any other Facebook users who have the extension installed can then see who disliked it right next to the usual like list.
Feeling grumpy? Add a "dislike" button to Facebook.
(Credit: CNET)There are a few very clear downsides to this system, one being that if the dislike servers ever go down, you won't be able to see what you or others have marked as not liking. It also cannot be seen by other users who don't have the extension installed. Nonetheless, it fits in quite well with the rest of the Facebook interface, peacefully coexisting alongside the likes while adding a bit of snark.
It's worth noting Facebook's exclusion of a dislike button was under the pretense that likes were added as a quick way to replace simple one-word comments. By adding a like button the hope was both to better surface content in its news feeds, as well as cut down on throwaway comments like "this is great!" or "cool."
Facebook dislike is an experimental add-on, meaning you'll have to grab it from Mozilla's add-ons site. See also the competing Facebook Dislike Button add-on, which goes one step further and will actually send the person who's news item it is a Facebook note saying that you didn't like what they posted. Ouch.
Mozilla on Friday disabled a Microsoft plug-in for Firefox called the .Net Framework Assistant because of a security problem--then scrambled to give people with patched systems an override option.
Mike Shaver, Mozilla's vice president of engineering, announced the first step late Friday night on his blog. "It's recently surfaced that it has a serious security vulnerability, and Microsoft is recommending that all users disable the add-on," Shaver said. "Because of the difficulties some users have had entirely removing the add-on, and because of the severity of the risk it represents if not disabled, we contacted Microsoft today to indicate that we were looking to disable the extension and plug-in for all users via our blocklisting mechanism. Microsoft agreed with the plan, and we put the blocklist entry live immediately."
This warning sign greeted Firefox users after Mozilla blocked use of a Microsoft add-on.
(Credit: Screenshot by Stephen Shankland/CNET)The .Net Framework Assistant add-on lets Firefox use Microsoft's ClickOnce technology for installing applications that run on its .Net programming foundation. The add-on already was something of a thorn in the sides of some Firefox users: it was automatically installed via Windows Update with the .Net Framework 3.5 Service Pack 1 without telling the user the add-on was being installed or giving an option. More hackles were raised because it wasn't compatible with Firefox 3.5, Shaver said, and because removing it initially required people to edit their Windows Registry--a technically onerous task for most people.
Firefox checks a Mozilla server periodically for a list of add-ons to avoid. Although Mozilla's blocking move was intended to protect users, it caused other problems. Shaver indicated that Firefox's changed behavior irked some system administrators.
That led Justin Angel, a former Silverlight program manager at Microsoft, to tweet, "When business users can't use their core business functionality--they uninstall stuff."
One issue was that Mozilla's add-on blocking technology couldn't tell if people had patched their software and so weren't vulnerable anymore. "We can't distinguish patched from unpatched, so we're blocking it while we sort that out," Shaver twittered. Over the weekend, Mozilla worked to remedy the situation.
"Pushing a change to our blocklist software that will let Firefox 3.5 users override the blocking of .NET FA/WPF plugin if they're patched," Shaver tweeted Sunday. But a few hours later, he added, "We're still working on the blocklist tweaks to help enterprises override the blocking of the WPF plugin, stay tuned!"
Update 6:47 p.m. PDT: Crisis partially averted, apparently. At about 6:10 p.m., Shaver tweeted, "MSFT confirmed that the .NET Framework Assistant is not exploitable, so we've removed it from the blocklist; one down!"
Update 8:34 p.m. PDT: There's still another blocked Microsoft add-on that's vulnerable, one that concerns the Windows Presentation Foundation (WPF), which also is installed with the .Net service pack. Shaver said it was more serious.
"We're hard at work on improving the experience for (especially enterprise) users who wish to override the blocking of the WPF plugin before we remove it from the blocklist," Shaver said in a Sunday night blog post that announced the other plug-in had been removed from the Firefox blocked add-on list.
The key feature in Mozilla's Weave add-on for Firefox is the ability to synchronize tabs, bookmarks, history, and other browser-sourced, data-rich fields. The latest update, Weave version 0.7, gives a big overhaul to the synchronization component, redoing the setup and configuration interface, and adding incremental download support.
Mozilla Weave's new My Account page, which opens in a new tab.
(Credit: Screenshot by Seth Rosenblatt/CNET)Compared to previous versions, the installation process on your first computer has been greatly streamlined, though the security questions asked remain the same. The wizard that guides you through the process has been redone to present the information through a tab-specific black overlay.
According to Mozilla, the incremental download support will grab your data in bite-size chunks to spread out, and reduce memory and network usage. To redo the synchronization settings, you still need to load the Preferences via about:weave, and then go to the Tools drop-down menu on the tab that opens and choose Start Over. I was unable to synchronize many settings, but that might be because of a conflict with an installed add-on.
The development of Weave, first introduced at the end of 2007, didn't really begin to take off until earlier this year. Since then, Weave has introduced multiple useful features that other browsers, such as Opera, have had for a while. Weave can also sync data between Firefox and Mozilla's mobile browser, Fennec.
I've been using the SmarterFox Firefox add-on (Windows | Mac) for awhile now. It's by far one of the most varied productivity add-ons for Firefox that I've seen. Its clever tricks to speed up searching, browsing, downloading, and even copy and paste are good news for just about anyone whose job description contains the word "Web."
I've put together a SmarterFox slideshow to walk you through the substantial features. Without giving away too much, SmarterFox facilitates faster search through multiple channels, including the Firefox Awesome Bar, the context menu, and Wikipedia enhancements. It also helps launch Web sites faster, and has a novel way of dealing with pagination for sites with multipage articles, and for shopping sites displaying pages of results. Check out the gallery to see exactly how these features work.
One of the better Mozilla Thunderbird extensions is ThunderBrowse, which allows users to quickly open e-mailed links in a browser window built into the e-mail client itself. The latest version introduces support for the Thunderbird-derived Postbox, as well as compatibility fixes for the Thunderbird 3 beta builds and a new click engine.
ThunderBrowse now offers tab support in Thunderbird.
(Credit: Screenshot by Seth Rosenblatt/CNET)However, for users who haven't checked out or updated ThunderBrowse in awhile, there's a lot to play with. Through the expansive options menu, you can configure links to open in new tabs. This allows your original e-mail to stay open in one tab, while the link has been opened in a new one. Unfortunately, in the Thunderbird 3 betas, this does not open a new Thunderbird tab--you'll only get a new ThunderBrowse tab in your message pane. Even if the pane is maximized or the message has been open in a new tab, you'll find a slightly cumbersome new tab bar opening beneath the URL bar.
Other new or recently added options in ThunderBrowse include customizing an external browser to open e-mailed links that's different from your system's default browser, greater control over behavior after left-clicking and scroll wheel-clicking links, and enhanced user security through permission control for JavaScript, images, plug-ins, and cookies. There's also a new auto-complete feature and the ability to move the ThunderBrowse URL bar to the bottom of the pane.
Google Chrome fans who live on the edge and use the developer's build now get access to one of the best features in Windows 7. Browser jump-list access had previously been limited only to Internet Explorer, but Chrome version 3.0.197.11 supports it.
Jump lists in Windows 7 for Internet Explorer 8 (left) and Google Chrome 3.0.197.11 (right).
(Credit: Screenshot by Seth Rosenblatt/CNET)The jump list, accessible by right-clicking on the Chrome taskbar icon or by holding down the left mouse button and dragging, mimics the Internet Explorer jump list. What IE calls "Frequent", Chrome labels "Most Visited Sites", but both merely show your most frequently visited Web sites. Both lists of URLs are configurable, so you can remove sites from the list.
Below the frequency list is a short list of tasks. Chrome again copies IE here, offering a quick start link to open a new private browsing window. Where IE offers a link to open a new tab, though, Chrome curiously offers a link to open a new browsing window.
Google continues to lay the groundwork for the stable version of Chrome on other operating systems, too. Mac users of the dev build, which has been updated to version 3.0.197.12 for them, now get extensions enabled by default. Linux users, meanwhile, should no longer find Chrome crashing when reading their Gmail.
The developer's build of Chrome can be downloaded directly or enabled using the Chrome Channel Changer.
RSS is great technology, but one of its shortcomings is that it doesn't always represent all of a site's content stream. Many times there are parts of a news or content site that change either through an editorial hand, or with items chosen by users. A new Firefox add-on called AlertBox helps track these "scraps" of content, and can be used to keep an eye out for any changes. This includes things like price changes, edits or updates to a news story, and the top stories on content sites.
To make sure it's not looking for activity on an entire Web page, AlertBox is designed to let you grab bits and pieces of any site--not the entire thing. Once installed, you can summon it by clicking the little bell shape in the bottom corner of the browser, or using a keyboard combination. It then pops up with a selection screen that, similar to Apple's Web clips widget, lets you pick what part of the page you want it to track. You can then choose how often you want it to check for future changes in increments of two minutes, up to one day.
The AlertBox in-box lets you keep track of all your alerts, and delete ones you no longer use.
(Credit: CNET)AlertBox's way of tracking new content is an in-box-style counter down in the bottom of your browser. When clicked, it takes you to a page of Web clippings that are constantly updated with whatever the latest text is of the page elements you had selected. To be honest, this part of the add-on could use a little work, as it's just a text rip that loses all of the formatting on the page. And all of these alerts are housed not in the cloud, but on your local machine, which has two big downsides: One is that you need to have Firefox going at all times for it to alert you. The other is that you can only access those alerts on that particular machine.
Faults aside, I really like the idea of creating a simple in-box of changing content that does not rely on RSS. I think this, with a little bit of archiving to let you track changes in content throughout the day (like Web archiving service Iterasi does), would make for a very useful alternative to widget start pages and feed readers.
AlertBox lets you choose particular sections of a site to keep an eye on for updates.
(Credit: CNET)Here's a must-have Firefox add-on. Called Multi Links, this extension lets you simply right click and drag your mouse across the screen to select multiple links at once. It's just like selecting multiple files on your computer, and highly effective for tearing through a page of links you want to look at or save for later.
By default, selected links open up in new browser tabs, although you can go into the options to choose whether you want them to open up in new windows, or be bookmarked instead. You're also able to change the color scheme of the box, and the outlines of the selected links--just in case you're into that sort of thing.
Want to open up multiple URLs? Just drag your mouse over them with this handy extension.
(Credit: CNET)Advanced users can utilize keyboard shortcuts to limit mouse work. For instance, holding down the control or shift button while creating a box means you can hop around a page of results--selecting the items you want to open or save, while skipping over others. The extension is also coded to ignore extra links on search pages, which keeps you from unintentionally opening up the cached and similar links on each result. This worked fine on Google and Bing, but not on Yahoo or Ask.
This extension is definitely worth keeping around because it does not interfere with normal, right-click behavior. My one hope is that future versions will forgo the options menu in place of a small pop-up, or slide-out menu that asks what you want to do with links after selecting them.
See also: Snap Links (which does the same thing, but has not been updated since February) and Selection Links.
