Three Hot Defensive Firefox Extensions

A look at my favorite Firefox browser extensions

3:10 PM -- I originally started this off as a "Top Five" list of defensive Mozilla Firefox extensions that I use every day but realized that I actually only use three. If you're not a Firefox user or haven't explored all the advanced capabilities that can be added with extensions, I highly recommend that you still take a look at these extensions.

Let me start off by saying that I use Firefox on all my computers, work and home, whether they're Mac OS X, Linux, or Windows. Depending on your company's policies, you may not have this option when at the office, but don't let that stop you from running Firefox at home. If your company doesn't use Firefox and you're unable to install software on your work computer, you may still be able to run Firefox off a "thumb drive" using Mozilla Firefox, Portable Edition. (Be mindful, though, of your company's policy on running software that has not been preapproved.)

If I could only install one extension, it would be NoScript. NoScript can selectively block JavaScript, Java, Silverlight, Flash, and other plug-ins, which speeds up browsing quite a bit. Sure, out of the box it does break some Websites, but that's easily fixed by clicking the NoScript icon in the status bar and selecting "Allow ..." NoScript also blocks cross site scripting (XSS) attacks. I use Firefox because I believe it is a more secure browser than Safari or Internet Explorer, but being able to selectively choose which Websites are allowed to execute scripts in my browser is the icing on the cake.

Adblock Plus is great because it blocks tons of annoying advertisements that can slow down Web browsing. There have been several cases of ad hosting servers being compromised and used to serve up malicious code and images, and if you're paranoid about ad companies tracking and profiling your behavior, then Adblock Plus is an excellent Firefox extension. I like the speed boost in browsing, the lack of clutter from ads on certain Websites, and the ability to make it harder for ad companies to track me.

I'm lousy at remembering passwords. Coming up with a unique password for every Website requiring a login became such a tedious task that I had to find a solution that didn't require hitting the "Save Password for this Site" button. PasswordMaker allows you to use a master password that is combined with parts of the site URL your login is for, and it hashes that value to create a unique password. No passwords are saved on my machine, and the password is generated on the fly every time I visit the site and type in my master password. I've been guilty of using the same password on multiple sites in the past, but not anymore.

So now, if one site's password is compromised through something on my side (keylogger), or the site's side (SQL injection), the attacker can't use it to access any of my other accounts.

There are hundreds of other Firefox extensions, which can be found on the Mozilla Website. My list isn't comprehensive by any means, but as someone whose daily job is security and who clicks on everything simply for the sake of seeing if links in emails go to Web-based attacks or phishing scams, these extensions have served me well: I've yet to be exploited by anything Web-based.

Next: On Wednesday, I'll share my list of favorite offensive Firefox extensions used for Web page manipulation and hacking.

— John H. Sawyer is a security geek on the IT Security Team at the University of Florida. He enjoys taking long war walks on the beach and riding pwnies. When he's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading