Keeping Your Browser Safe is a Hard Day’s Night
We all love making our internet experience a little less out-of-the-box and a lit bit more ours. Extensions and add-ons are the most common way of doing this. From ad blockers and password managers to daily jokes, including those from our favorite TV shows (such as the hilarious The Good Place), we like our computers and browsers to fit our specific wants.
But there’s a dark underbelly to this customization. Not all extensions and add-ons are safe.
Browser hijackers have been around for a while. Remember those horrible search toolbars that felt impossible to remove? Over time, browser hijackers are becoming more sophisticated and also more popular. They:
- Are easy to mask as legitimate services
- Don’t require a dedicated download such as an .exe or .dll
- Are easy to install without admin rights on the device
Browser hijackers can do several different things. They can modify your homepage, add other extensions without your knowledge, and change your search engine. They are also employed to install adware, malware, spyware, viruses, and keyloggers.
This may not seem like a big deal. Who cares if you’re using Joojle instead of Google. You’re getting search results, right?
What you may not realize is that ads are being served, slowing down your internet browsing. Bad guys are using your machine with thousands of others to help them mine bitcoin, eating up your CPU and slowing down your PC. Even that may not seem like too big a deal—until you go to Weelsfargo instead of Wellsfargo and now the bad guys have your login and money, while you’re left looking at an empty account and trying to get it all back.
A major part of the problem is that the extension and add-on stores aren’t always able to keep their stores clean and hijacker-free. Even as stores shut down some of these malicious extensions, they don’t always remove them from the store. More often than not, the links become non-searchable and are hidden. What’s more, the stores don’t remove them from machines that have the malicious extension installed.
Help! (I Need Somebody)
So, as users, what can we do? For starters, use common sense before installing any extensions. Some of the most common hijackers are related to Flash and ad blocking. Flash is built into Chrome (at least for a few more months) and doesn’t need an add-on. Flash can also be downloaded from Adobe and installed on the system if you must have it. For ad blocking, go with well-known brands. Don’t always trust install count or reviews, as bots can be purchased to increase install count, ratings, and reviews.
If you’re a Chrome user, CRXcavator.io* offers a great service! You can search by the extension name or ID and see its risk rating. It looks at things like permissions being granted, if there’s a content security policy, third-party vulnerabilities, and other things to determine how risky the extension is. At the end of the day, if in doubt, don’t use it or install it.
If you’re an IT admin, what can you do? There are a few different things. For example, Mozilla and Google have created templates to be used in your GPOs that can whitelist, blacklist, or prevent extensions entirely for you. A bonus to using GPO templates is that they remove any blacklisted extensions as well as preventing them from being reinstalled. Ivanti also offers Ivanti Cloud whose real-time engine can help you discover what extensions are installed in your environment.
The Long and Winding Road (to Being Safe on the Internet)
Like most other things in life, common sense goes a long way:
- Make sure you have an antivirus installed and that it’s up to date and running.
- Think twice before installing something. Do you really need to have Flash installed? Really?
- The old adage of “If it’s too good to be true, it probably is” applies to the internet. Installing an extension won’t win you an iPhone. Installing an extension won’t get you the premium version of Spotify for free. Installing an extension won’t magically get you YouTube Red for free, either.
- Keep your browser up to date. Browsers are getting better at sandboxing their processes.
- Keep your OS up to date.
- If you get prompted to install something, go to the vendor’s website and get it from them. Don’t trust a pop-up.
*No affiliation with Ivanti. Just one awesome company giving kudos to another awesome company.