Is It Still Safe For You To Install Plugins Into Your Browser?

When we first started to see alternative browsers pop into the marketplace it was a great thing. Even before the big browser wars in the 90’s there was always a choice of browser that you could use ever since Netscape came out with 1.0. But when it seemed that Microsoft was going to dominate everything on the web, out came Firefox. We were excited about the possibilities of another titan being able to go against the mighty Microsoft browser Internet Explorer. And the great thing about this new up and comer was that it was open source and that people from around the world would get a chance to work on it and mold it. One of the features that were added during this movement was the ability to place extra functionality into the browser.

This extra functionality was known as a plugin and it made the browser better than it was before. Now everyone could download a lean browser and add the extra functionality that they wanted later. You didn’t have to worry about a browser that was packed with features that you would never use. If you wanted something extra that the browser did not have you would either go to the plugin repository or pay someone to make it for you. It is great to have this option but there were also some dangers that came as well.

And now the power of the plugin is being realized in other browsers as well. Firefox is not the only browser that you can install plugins with. Chrome has the same ability and even to a lesser degree the new version of Internet Explorer has it as well. This is why we must look at whether it is still safe to install plugins in your browser. Now that they have gone mainstream more and more attacks are targeting them.

Is It Still Safe For You To Install Plugins Into Your Browser?

The problem with plugins

The problems that come with the plugins is that the bad guys are able to trick you into installing plugins that would damage your system. They hide malware into the plugins that would not activate until you least expected it. And they have an easier time doing it because the Firefox browser was open source. They can see how the program works without having to reverse engineer it. But of course the open source nature of Firefox also lets you see any problems ahead of time. And you can count on the community to always be watching.

But a problem with the bad guys when it came to plugins is not the only problem either. You have to worry about plugins that have security issues dues to negligence by the creator. No one is perfect, not even software developers and their mistakes can let in holes to other parts of the system. Even if a security flaw is put there by mistake it is still a security flaw.

How can you avoid having problems with your browser plugins?

If you want to make sure that you do not have any problems with your browser plugins there are a few things that you can do. The first thing that you can do is to make sure that you only install plugins that are available in the official repository of whatever browser that you use. Some browsers including Firefox allow you to install plugins from whatever web site that you visit. This is not a good idea if you are new to the site because these plugins have not been vetted. You are not one hundred percent sure if they will mess up your computer or not. So to be on the safe side, make sure that you only install plugins that are only available in the official repository unless you really, and I mean really, trust the third party web site that they are hosted on.

Another way that you can avoid having problems with a plugin is to make sure that you read the comments and the ratings about the plugins before you install it. The comments are there to help you assess whether when the repository vetted the plugin if they miss anything. Normal people that have used the plugins will be able to tell you if anything is wrong or not. Most of the people who use a plugin early have experience in testing and they want to be sure that the community puts out a good product. So listen to their recommendations when you are not sure about the product.

For the most part it is still safe to use a plugin in your browser but you should be careful when you do. The bad guys are using them as exploits more and more and you do not want to fall victim in that trap.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Comments

  1. Well i have been using Firefox for about 2 years or so now. Yes i use plug-ins, quite a few actually. Being careful of the ones you pick to use is important, do you really need it or does it just look ‘cool’ an you want it. Of course a few of the ones i have are for security so yes i wanted an needed them.- NoScript, Ghostery, Better Privacy , AdBlock+ , being 4 of them.

  2. I wholly agree that badly written plug ins are a major threat. To my shame, I have absolutely no knowledge of how the Twitter authorisation features work and I’ve no idea what the sites I use do with my information. Extrapolate that into the areas that I _do_ care about and it’s clear there’s a risk.

    fortunately most plug ins are installed via a central repository and we are relying on the observations of the crowd to spot a fake. the issues come when we have niche plug ins or plug ins that are distributed from ad hoc web sites

    chin chin
    Infosec chap

    • My guess, and it is only a guess, is that rogue plugins are probably more of an issue on the ad hoc sites. I have many friends who have converted to Firefox, for example, who see something they like, install it and then ask questions later. I still need to educate them on the risks of picking up plugins (and downloading files) from strange web sites!

Trackbacks

  1. […] the browser itself has caused some amazing UX interaction when it comes to the web.There has been some security issues reported when it comes to browser plugins as well. Once again we are talking about both within the web page and also installed in the browser […]

Speak Your Mind

*