ghacks – by Martin BrinkmannGoogle Chrome is not the only web browser plagued by rogue or malicious browser extensions.
I noticed that companies were buying popular extensions for marketing and monetization purposes back in January 2013 when several popular Firefox add-ons were purchased by Wisp.com.
One of the issues that I described back then was that ownership changes were not highlighted at all. This is problematic as ownership is a major trust factor for many users. If an author maintained an add-on for years, new updates are more likely to be trusted than a new extension, or the first update after an ownership change.
The Firefox add-on Extension Defender tries to be for Firefox whatextensions such as Chrome Protector are for Google’s browser.
The extension has two main purposes. It actively warns you if you are about to install an extension that has previously been detected as malicious or shady, and also allows you to scan all of your installed extensions to make sure they are all clean.
The automatic protection against malicious or unwanted extension installations works out of the box right after you have installed the add-on.
You will notice that it adds an icon to Firefox’s main toolbar which you can either move to another location, or remove completely. To remove it in new versions of Firefox, right-click on the icon and select the remove from toolbar option.
If you are using an older version, press the Alt-key instead and select View > Toolbars > Customize from the menu. Then drag and drop the extension icon from the toolbar to a blank spot in the browser UI.
The icon displays the number of malicious or unwanted extensions installed, and takes you to its scan and options page with a left-click. The only other way to open the scan and options page is to load about:addons and click on the options button of the extension there.
A click on the scan now button scans all installed extensions and notifies you if malicious extensions have been found during the scan.
How the extension does that? It uses signatures to determine whether an extension is malicious or not. According to the description on the Mozilla Add-ons page, it detects over 80 adware, spyware and malicious extensions currently, with new extensions being added regularly.
You can check out the signature database for Firefox add-ons or Chrome extensions on the developer website. Please note that it only lists eight add-ons for Firefox currently, while 78 are listed for Google Chrome.
Verdict
While it is likely that the signature count will increase over time, the low count of signatures for Firefox makes it rather needless right now. While some users may want to install it for the future protection that it will offer, most users may just want to browse the eight entries of the Firefox signature database instead to check extensions that the add-on detects manually instead.
Tip: Extension Defender is also available for Google Chrome.
http://www.ghacks.net/2014/02/14/extension-defender-firefox-makes-sure-dont-install-rogue-add-ons/