Due to the fact that the criminals get more opportunities to infect computers and steal user data, security advisories have become commonplace. The hackers often send viruses and obtain data through browser plugins. The lower layers have become even harder for malware to attack. This is because security has improved greatly. For this reason, the criminals are now looking for another alternative vector, and browser plugins have become the most common attack avenue. The reason for this is that we all use these plugins, and in most cases, we don’t even need to keep track of which add-ons we install. What makes this situation even worse is that most available programs out there usually add their own plugins, and it is not easy to get rid of them.
Add-ons usually come in many different types. In case you don’t know, plugins are simply actual software programs on your computer that interface with your browser. This includes Java and Flash, which have a browser hook that enables any webpage to gain access to the code on the machine you are using. There are also extensions, which are the things that run inside the environment of the browser. Browser environments include NoScript, AdBlock, and everything that you can get through the Chrome web marketplace or the Mozilla extension library. These extensions don’t often have serious vulnerabilities since the attack surface in them is very low. They are unlikely to have access to the underlying system. In fact, even if a bug is detected, cross-site scripting is usually the worst that can happen. Although this is still a serious issue, it is difficult to exploit and gain access to useful data from you this way.
The focus of this blog article is on standard plugins. This is the kind that seems to be constantly hacked. For example, Java has had a very big number of security holes. This made Twitter to suggest that people should disable Java in their browsers. So, let’s talk about each of the popular browsers and the actions that you can take to prevent your system from being hacked.
1. Internet Explorer
You can easily see which plugins are actually installed in Internet Explorer. Just identify the gear icon on your toolbar and click on it. Then select “Manage add-ons”, and the add-ons window containing a list of plugins will appear. Go through the entire list and find the plugins you need and the ones you should disable. You need to do this on a regular basis because applications usually constantly add plugins to your browser. Simply disable the software program, which you do not want to gain access to your browser.
Having a long list of plugins is not actually a bad thing. However, the problem is that each of them is typically a direct link to your machine from any website. Any plugin with a bug is usually a potential security risk. So, reducing the number of plugins and ensuring that you leave only those that you need is a great way to minimize these security risks. As for Internet Explorer, its Achilles heel has always been ActiveX. This framework allows the software to hook into various components of your OS. The issue was that the ActiveX controls were allowed by Internet Explorer to be embedded into the webpages, and this gave a big opportunity to malicious sites. The good news is that in recent versions ActiveX is now sandboxed much more than it used to be.
2. Firefox
To access the list of plugins in Firefox, simply click the menu button, then “Add-ons”, and select “Plugins”. You will see a long list of plugins, which were installed in your Firefox browser. You can find detailed information about a certain one and enable or disable it depending on what you want. The best way to determine which ones should be disabled or left on is whether it is something you usually need regularly or not. Thus, Flash is still used on many sites, and most people prefer reading PDF files in their browsers, so you can find the Adobe Reader plugin. However, there are usually a lot that you don’t even need.
You can check if your plugins are actually up-to-date using the free tool that is provided by Mozilla. To get to the page where you can check the versions you are running, simply click on the link, which says “Check whether your plugins are up-to-date”. In case there is any available update, the page will definitely inform you. This is an excellent way to ensure that all your updates are not only made but also safe.
3. Safari
To find add-ons you need, press the “Safari” button in the menu bar and then click “Safari Extensions” from the dropdown. You will be redirected to the Extensions page in the App Store. There you can check permissions for each add-on and its version, turn it on/off, and even uninstall it. You can also install the new ones by clicking the “More Extensions” button at the bottom of the window.
But if you want to disable or delete the Java web plugin, simply go to “Preferences” and then click on the “Security” tab. Here, you will be able to uncheck the box that is next to “Enable Java”. You need to know that you cannot do this in the version 12 or above as Apple has removed the NPAPI plugin support after the update.
4. Chrome
After the release of version 57.0.2987.98, Google removed the plugin section and settings from the Google Chrome browser. Instead, the company decided to leave only the extension settings and the Adobe Flash Player components. But please note that the second one will also be removed and no longer be maintained as a new browser is have to be released this year. For now, you can type chrome://components/ on the URL bar and see the status of the component or check the updates.
If you want to find all the extensions you have in your browser, you need to click on the dropdown menu, then on “More tools”, and “Extensions”. Alternatively, you can just type chrome://extensions/ and you will see a list of all the plugins installed in your browser. You can click on the “Details” button to see the available information about any plugin, remove it, or simply disable it.
Conclusion
The security level of your computer is a very important task that you need to maintain every day in order to keep your data safe. That is why you need to cover all possible vulnerabilities, including the plugins of your browser(s). As you can see, the developers bring you the opportunities to do this in the easiest way without outside help, so don’t neglect it and use it to your advantage.