How to check and configure your browser plugins techrepublic.com /blog/it-security/how-to-check-and-configure-your-browser-plugins/ By Patrick Lambert in IT Security , February 27, 2013, 5:00 AM PST // dendory Patrick Lambert offers some basic tips on how to check web plugins in four major browsers. Security advisories have become commonplace these days, with criminals going to unprecedented lengths in order to steal data and infect computers. Often, this is done through browser plugins. As security has improved in operating systems, the lower layers have become harder for malware to attack. So instead, the bad guys are looking at other avenues, and the one place that is now the most common attack vector is through a browser plugin. The reason is simple -- we all use them, and most of us don't keep track of which add-ons we have installed. Worse, plenty of software out there add their own plugins and it can be difficult to get rid of them. Add-ons come in many types. Plugins are actual software programs on our computers that interface with the browser. This includes Flash and Java, which have a browser hook so that any web page can get access to the code on your machine. And then there are extensions, things that run inside of the browser's environment, such as AdBlock and NoScript, basically anything you can get through the Mozilla extension library or the Chrome web marketplace. These extensions rarely have serious vulnerabilities in them because the attack surface is much lower. They simply do not have access to the underlying system, and even if a bug is found, the worst that can happen is something like cross-site scripting. This is still a serious issue, but it is harder to exploit and get useful data from you this way. Instead, we will focus more on the standard plugins, those that constantly seem to be getting hacked. Just recently, Twitter was suggesting that everyone disable Java in their browsers due to the unbelievable number of security holes it has had in the past years.

Internet Explorer

In order to see which plugins are installed in Internet Explorer, you can simply click on the gear icon on the toolbar and select Manage add-ons. This will bring you to the add-ons window where you can see a list of plugins. This list can be quite long and you may be surprised at some of the names that you will find. Fortunately the list is sorted by company so you can quickly see those that come from Microsoft and those made by some unknown entity. The main issue is that applications love to add plugins to your browser, which is why you need to go to this window on a regular basis. You can go through this list and see which ones you need and which you should disable. You don't necessarily have to uninstall each software program that you don't want to have access to your browser; simply disabling them works. The problem with having such a long list of plugins is that each of those are a direct link from any website to your computer. If any of them has a bug, then it is a potential security risk. In the case of Internet Explorer, its Achilles heel has long been ActiveX, the framework that allows software to hook into various components of the OS. The issue was that Internet Explorer allowed ActiveX controls to be embedded into web pages, which gave a huge open door to malicious sites. Fortunately in recent versions, ActiveX has been sandboxed far more than before.

Firefox

In the case of Firefox, you can access the list of plugins by going to Tools, Add-ons, and then selecting Plugins on the left side of the screen. Again, you will see a long list of plugins that were installed in your Firefox browser. This one is sorted by alphabetical order, and you can often see more information about a specific plugin by clicking the More link. From here you can enable and disable them as you need. A good way to judge which plugin you should leave on is if it is something you need on a regular basis. Flash is used on many sites still, and many people like to read PDF files in their browsers so you may see the Adobe Reader, but there are often far more plugins than the ones you really need. Mozilla also goes one step further and provides a free tool to check whether your plugins are up to date. If you click on the link that says Check to see if your plugins are up to date it will bring you to this page which checks the versions that you are running. If there is an update available, the page will tell you. This is a very nice and easy way to make sure all your updates have been done, and that you are secure.

Chrome

While the extensions are easy to get to in Chrome, the plugins are hidden unbelievably deep in the interface. To get to them, you have to click on the menu icon, then select Settings, scroll to the bottom and click on Show advanced settings, then click on Content settings under Privacy, and then click on Disable individual plugins. Fortunately, there is a shortcut which is to simply type chrome://plugins in your URL bar. The screen will then show you a list of plugins that are installed in your Chrome browser. Again, you can disable individual plugins, and I highly suggest disabling the ones you do not need. While getting to this list is harder in Chrome, it does include a lot more details than the other browsers if you click on the Details link on the right, which will even tell you the filename of the plugin on your system.

Safari Safari is a little trickier to check than other browsers. You have to navigate to the folder that holds the plugin (/Library/Internet Plug-Ins/) and there you can delete it from the folder. See the Apple support tip for Safari 6 here for more details. However, if you specifically want to disable the Java web plugin, you can go to Safari | Preferences and click on the Security tab. There, you can uncheck the box next to Enable Java.

Teach your users to be plugin-aware The bottom line of plugins management is that this is the number one way that security holes get exploited on the web today, and as such it is incredibly important to stay on top of what plugins are installed. Any computer that gets infected is likely to have many more plugins, often referred to as browser hijacks, attempting to spam the user, display popups, send spam or even gather personal information. But even the well known, trusted plugins like Adobe Flash or Java constantly get updated because new security holes have been found. So knowing which plugins are enabled in your browser and keeping them up to date is something that all users should be able to do. Patrick Lambert has been working in the tech industry for over 15 years, both as an online freelancer and

in companies around Montreal, Canada. A fan of Star Wars, gaming, technology, and art, he writes for several sites including the art news community TideArt. He's always at the forefront of the latest happening in the world of technology. You can find him online at http://dendory.net or on Twitter at @dendory.

techrepublic.com-How to check and configure your browser plugins ...

... sure all your updates have been done, and that you are secure. Chrome. Page 3 of 5. techrepublic.com-How to check and configure your browser plugins.pdf.
Download PDF
215KB Sizes 5 Downloads 241 Views
Report

Recommend Documents

Transferring your ID from Onename to the Blockstack Browser
https://blockstack.org/install. Page 3. 2. Go through Blockstack on-boarding process. Once you open Blockstack, you will be: a. Asked to pick a new password to ...
Securing Your Web Browser
configure them securely. Often, the web browser that comes with an operating system is not set .... Cookies are text files placed on your compute to store data that is used by a web site. A cookie ... These security models are primarily based on the
Check Your Source!
care to investigate the source to make sure it is valid and reliable... It is your responsibility as ... o .net (network or portal opening; sometimes a personal website).
answers to check your progress 8.13 terminal questions ... - eGyanKosh
describe t'he audit procedure for calls in arrears and verification of forfeited .... A copy 01 the letter of engagement is also sent to the company for signature as ae.
answers to check your progress 8.13 terminal questions ... - eGyanKosh
Partnership Audit : Audit of a partnership form of business organisation by an ..... Association, Prospectus or Statement in lieu of Prospectus, and examine ...
5.11 answers to check your progress 5.12 terminal ... - eGyanKosh
international production network more efficiently. -. 6.3 PDI AND ..... e Investors required to comply with norms related to national security, policy, customs,.
2.8 some useful books 2.9 answers to check your ... - eGyanKosh
company form of organisation, on the other hand, has the advantages of more resources, ... energy for complying with legal formalitjes and instructions. In some ..... Whatever alternative you choose, it must be able to meet all requirements of.
5.11 answers to check your progress 5.12 terminal ... - eGyanKosh
ordinary shares or voting power in an incorporated enterprise is normally considered thresh- ..... appropriation of foreign assets and compensation and regulation of the restrictive business ..... I Source: Statistical Outline of India 1999-2000.
Building SBT Plugins - scala-phase.org
Page 5. Command Plugin. • For when you don't need customization. Implementing your plugin. Friday, January 27, 12. Page 6. Command Plugin import sbt._.
How to configure OpenText HostExplorer.pdf
Page 1 of 8. OpenText HostExplorer emulator. Pre-Requisites. The versions specified in this document are not essential, but merely recommended.
8.1.2.11 Packet Tracer - Connect to a Wireless Router and Configure ...
There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. 8.1.2.11 Packet Tracer - Connect to a Wireless Router and Configure Basic Settings.pdf. 8.1.2.11 Packet Trac
Hudson plugins -
Schedule : Whenever developer commit changes info source repo. ... Run static analysis tools again when finishing development and ..... Android Issues. 4.
How to connect and configure a platform for gameplay.pdf ...
There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. How to connect ...
How to configure LDAP and Samba Server.pdf
Configure LDAP and SAMBA. Vong oun Page 3. Page 3 of 17. How to configure LDAP and Samba Server.pdf. How to configure LDAP and Samba Server.pdf.
EDU_DATASHEET VMware AirWatch Configure and Manage.pdf ...
Course Delivery Options. • Classroom. • Live Online. • Onsite. Product Alignment. • VMware AirWatch Enterprise Mobility. Management. Page 1 of 2 ...
How to configure IBM PComm.pdf
IBM Personal Communications Emulator ... The computer will need to be restarted at the end of the installation. IBM ... How to configure IBM PComm.pdf.
How to configure Attachmate InfoConnect.pdf
Page 1 of 6. How to configure Attachmate. InfoConnect for use with Blue Prism. Introduction. Attachmate produce a number of emulator products for emulating ...
How to configure IBM PComm.pdf
IBM Personal Communications Emulator. Pre-Requisites. Minimum Blue ... The computer will need to be restarted at the end of the installation. IBM PCOMM ...
Handouts - intro to ipad and skype, inc camera & web browser ...
Handouts - intro to ipad and skype, inc camera & web browser - complete (michael chalk, dec15) .pdf. Handouts - intro to ipad and skype, inc camera & web ...
android browser print to pdf
There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. android browser ...
Airport self check self check self check-in
then the admin will update its details in the panel and if the flight gets .... Microsoft SQL Server 2005 is comprehensive, integrated data management and ...
Hudson plugins -
Put your own JDK label(e.g : jdk 1.6.0_25) in the “name” field. 3. Put JDK path in JAVA_HOME(e.g ..... 2. 02(Severe). 40. Android Issues. 4. Denial of Service. 3.