IS USING INTERNET SAFE?

-
Image
Many people surf the Internet as part of their work activities, others visit a wide range of pages to stay fully informed of the news in the world, perhaps simply to complement their educational training or to entertain themselves during leisure hours. But everyone wonders if it is really possible to surf safely on the internet and that is precisely what this article is about. What Is Internet Security? Within the operating rules and policies that are part of the management of the websites to which users have access, a series of parameters have been established in order to prevent and control unauthorized entry to the resources available within Internet. This is part of internet security and its goal is to maintain a level that allows users to enter each page without risks to their computer or the integrity of their personal information. Therefore, talking about security is having ways to prevent, protect and avoid unauthorized intrusion to private networks, such as corporate or ev...
Post a Comment

ARE BROWSER EXTENSIONS SAFE?

-

Surely you know browser extensions and they are part of your life. These extensions add useful features to browsers, but at the same time pose threats to your privacy and internet security. We are going to analyze what happens to browser extensions and how you can reduce the chances that one of them will turn against you. But first, what is a browser extension?

are browser extension safe
What Are Browser Extensions And Why Do You Need Them?

A browser extension is a plugin that adds certain functionalities and features. The extensions can modify the user interface or add the service of some website to your browser.

For example, some extensions are used to block ads on websites, translate text from one language to another, or store content from the pages you visit in notepads such as Evernote or Pocket. There are thousands of applications to improve productivity, personalize, shop or play.

Almost all of the most popular browsers have extensions, such as Chrome, Chromium, Safari, Opera, Internet Explorer, and Edge. There are many extensions and some are very useful, so most of us end up using a few, sometimes there can be up to a dozen on a single computer. But extensions can be as useful as they are dangerous.

What's Wrong With Extensions?

Malicious extensions

First, the extensions can be malicious. This mostly happens with extensions that come from third-party websites, but sometimes the malware leaks into official stores, as is the case with Android and Google Play.

For example, security researchers discovered four extensions on the Chrome Web Store  that looked like harmless note apps, but generated revenue for their creators with disguised pay-per-click ads.

 

How can an extension do that? Well, for this the extension requires permissions. The problem is that, of the most common browsers, only Google Chrome asks the user for these permissions. The rest allows the extensions to do whatever they want by default and the user has no choice.

In Chrome these permissions exist, but they don't work. Even the most basic extensions need permissions to read and modify the data on every page you visit, which gives them the power to do whatever they want with your data. And if you don't grant them that permission, they don't install.

We have seen other malicious extensions before, such as those used by criminals to spread malware on Facebook Messenger. Here you will find a post on the subject. Malware in Facebook Messenger

Hijacking and buying extensions

Browser extensions are a very interesting target for criminals because many have massive user bases and are updated automatically, meaning that if a user has a harmless extension downloaded, and it can be updated to make it malicious. This update would be sent directly to the user without notification.

A good developer wouldn't do something like that, but they could hijack your account and upload malicious updates to the official store. This is what happened when criminals used phishing to access the credentials  of the developers of the popular Copyfish extension, an optical character recognition plug-in that was used to deliver additional advertisements.

Sometimes developers get high bids for their extensions. It is difficult to make money with an extension, so developers often accept these transactions without thinking. Once the company buys the extension, it can add malicious functionality to it and send the update to users. For example, this is the case with Particle, a very popular extension to customize YouTube that was bought by another company and turned into adware.

Malicious no, but dangerous

Even non-malicious extensions can be dangerous, because most extensions have the ability to collect data about users (remember the permission to read and modify the data of the pages you visit). To make a living, some developers sell the anonymous data they collect to third parties. This usually appears in the end user license agreement.

The problem is that sometimes this data is not anonymous, which creates serious privacy problems. The parties that purchase the data can identify the users. This happened to Web of Trust, a very famous extension in its day for Chrome, Firefox, Internet Explorer, Opera, Safari and other browsers. The extension was used to rate web pages based on collective opinion. In addition, it collected the complete browsing history of its users.

A German website claimed that Web of Trust sold the data it collected to third parties without completely removing the personal information, which led to Mozilla removing it from its store. So the creators of the extension removed it from the rest of the browser stores. However, a month later the extension returned. Web of Trust is not a malicious extension, but it can be dangerous if it exposes your data, the websites that users visit and what they do on them, to those who should not see them.

How To Use Extensions Safely?

Although extensions can be dangerous, some of them are very useful and so you don't want to abandon them entirely. I still use about a dozen and I know that two of them have the permission we discussed to read and modify.

It may be safer not to use them, but it is not the best, so we need a more or less secure way to use extensions.

Don't install a lot of extensions. Not only do they affect the performance of your computer, but they also represent a possible vector attack, so reduce their number to how many you find useful.

Install the extensions only from official stores. There they are subjected to some scrutiny, with security specialists filtering out those that are malicious.

Pay attention to the permissions that extensions require. If an extension that is already installed on your computer requests a new permission, something may be wrong. Someone may have bought or hijacked the extension. And before installing any extensions, it's always a good idea to take a look at the permissions it requires and consider whether they are related to the function of the application. If you can't find a logical explanation for the permissions, you'd better not install the extension.

Use a good security solution. An Internet Security can detect and neutralize malicious code in browser extensions. Our antivirus solutions use a large database of malicious extensions that are updated frequently. We find new malicious extensions in Chrome almost every day.

Comments

Post a Comment

Popular posts from this blog

HOW TO STAY UP TO DATE ABOUT KEEPING DATA SAFE?

-
Image
Secure Your Wi-Fi Network Wi-Fi is that the most convenient thanks to hook up with the web, especially if you would like to attach quite one device in your home. However, make sure your Wi-Fi network is secure. This involves: Using encryption, preferably Wi-Fi Protected Access II (WPA2) because it's the strongest. You should be ready to do that within the security settings. Change the router settings so that the SSID remains hidden and could not be found by potential hackers. Change the name of your network (the Service Set Identifier or SSID) so that hackers cannot guess the manufacturer of the router. Making sure to use a strong password to gain access to your network. Also be careful when using a public Wi-Fi network like in a café. Never visit a sensitive site like online banking on a public Wi-Fi network because criminals can easily steal your data this way. Beware Of Dangerous Links Sometimes your computer can get infected with a virus if you simply click on a w...
Read more

COMPANIES INTERNET SECURITY

-
Image
The Internet today allows companies to break down many barriers. The first is the barrier to entry in relation to larger businesses. And it is that although a few years ago small companies were destined to a small growth and to advance with their products only to the market that was geographically closest to them, today an SME can literally compete as equals and sell anywhere in the world 24×7, with the same capacity. In fact, the trend in the medium term is the emergence of micro-multinationals, SMEs that focus on a global market. All can go out into the world. Using the internet in the company also facilitates teleworking and increases productivity within the company, making it efficient and turning its service into a remote one. That it can be handled from anywhere in the world, the trend indicates, that you must become independent of any ties right now. It seems like magic, but no, the internet is a tool that, well used, can be very beneficial for a company. Focus and find the be...
Read more

IS USING INTERNET SAFE?

-
Image
Many people surf the Internet as part of their work activities, others visit a wide range of pages to stay fully informed of the news in the world, perhaps simply to complement their educational training or to entertain themselves during leisure hours. But everyone wonders if it is really possible to surf safely on the internet and that is precisely what this article is about. What Is Internet Security? Within the operating rules and policies that are part of the management of the websites to which users have access, a series of parameters have been established in order to prevent and control unauthorized entry to the resources available within Internet. This is part of internet security and its goal is to maintain a level that allows users to enter each page without risks to their computer or the integrity of their personal information. Therefore, talking about security is having ways to prevent, protect and avoid unauthorized intrusion to private networks, such as corporate or ev...
Read more