Bitcoin Forum
December 11, 2016, 02:06:19 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: How to - Make Firefox more secure with addons and more  (Read 1314 times)
passenger
Newbie
*
Offline Offline

Activity: 6


View Profile
June 17, 2011, 02:33:31 AM
 #1

With the wave of hacked MtGox accounts and the appearance of bitcoin related malware in the past few days, many helpful community members have posted various security guides.
I did not see one for securing Firefox and adding more privacy with addons so here it is. Not an expert on the subject by any means, but know that these addons increase security by at least a small amount. There is a lot more that could be added here, but for now I've only included some basics.

If a guide for this already exists remove this thread.

Most of this guide requires that you put some trust in these addons.

List of addons discussed:

Firefox Options

Open up the Options menu in Firefox and click on the privacy tab.

For those who want to allow cookies and such:
Make sure only the following are checked: Accept cookies from sites and Clear history when Firefox closes
Now under the cookie options uncheck "Accept third-party cookies". Next to "Keep Until:" choose "I close Firefox." Only do this if you're okay with being logged out of sites.

Click the Settings button next to "Clear history when Firefox closes". Check at least the browsing history, download history, and form history options. I have everything under the history section checked.

Do not save your passwords in Firefox. Use KeePass and set a strong password on your database file. Additionally let KeePass generate random passwords for you. It could likely save you from trouble later on.

NoScript
Quote from: NoScript Website
NoScript ... allows JavaScript, Java and Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank), and provides the most powerful Anti-XSS protection available in a browser.

This section will by far be the longest since NoScript has so many options!

Open NoScript options.

Whitelisting and Blacklisting websites

In NoScript you can whitelist and/or blacklist websites. If you would like all sites to be able to execute scripts by default, check "Scripts Globally Allowed" (located at the bottom in the General tab)

Whitelisting: Not allowing scripts globally

Whitelist mode tends to be annoying for many people because you need to manually whitelist websites. But keep in mind not allowing every website to execute scripts by default is safer than only blacklisting sites. You can add them to the whitelist in 3 ways:

1. Type URLs in NoScript's Whitelist tab in options and click "Allow"
2. Import a list of URLs using the option in the Whitelist tab
3. Click on the NoScript icon and choosing which URLs to allow. The icon is present in the the Status bar and right click menu.


Blacklisting

A blacklisted website will not be allowed to execute scripts regardless of whether you have scripts globally allowed. You can blacklist a website by clicking "Forbid theurl" in the menu that pops up when you click the NoScript icon.

Blocking risky embeddings
Click on the Embeddings tab in options.

If you want to be super safe, you can block all the plugins under "Additional restrictions for untrusted sites." From what I've seen Iframes, Java, and Flash seem to be the most common things used for attacks (anyone have data on this?).


Adblock Plus

Adblock Plus is very straightforward. Install it and add some blocklist subscriptions. It will block out most ads, but will unfortunately block out things that seem like ads. Here is a guide on ABP's official website that is much better than any I could write.

FlashBlock
FlashBlock prevents Flash content from loading and shows a placeholder that you can click to download the blocked content. I'm recommending this in case you have chosen to not use NoScript for some reason.

Do not use FlashBlock and NoScript together because it could be problematic. Please correct me if this is something that has changed recently!


RefControl

This plugin allows you to control what is sent as your referrer. You can change what is sent as referrer by default by going into options and clicking the "Edit" button to the right of the "Default for sites not listed" box.

If you have chosen to block referrers by default, this can cause a problem on many sites. You would click the "Add Site" button, type its URL, and click the button for "Normal".

You can also block, forge, or send a custom referrer on specific websites.

CS Lite
CS Lite lets you control cookie permissions and behavior.

In the Options you will see several tabs and heaps of options. Note that some of these options are present in Firefox's options. I use CS Lite primarily for its Blocklist feature.

Click on the Blocklist tab at the end and set your preferences. I make sure it's automatically checking for updates monthly and installing them.



If you spot any inaccuracies or have something to add, post it!
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!