The dangers of browser add-ons
by Darragh Delaney
November 9, 2011
One positive outcome of browser wars is that we are now spoilt with choice when it comes to fast and feature packed Internet browsing applications. Not that long ago, I remember downloading browsers and then installing a series of add-ons so that I could search and open pages quickly. As developers of browser tried to get one up on their competitors, most of these cool features are now included in browsers by default.
This week, Mozilla updates to Firefox 8 and this switches off add-ons by default. After you update a start screen loads and you can choose what add-ons to enable or disable.
In a previous post I looked at reasons why an Internet connection can slow down. Some add-ons can actually slow down your browsing experience. An example of this would be applications that capture your search queries and send results back from dubious websites. Some browsers now disable add-ons as they can have excessive demands on memory and resources.
Other add-ons can also introduce security holes into your network. The more add-ons you install the greater your attack surface. The image below shows a sample of web activity associated with a PC where the end user had installed an add-on to speed up Internet browsing. The add-on is designed to pre-fetch web pages so that their load times are quicker when the user clicks on links. In order to pre-fetch pages, it sends data back to a third party site and this is where the problem lies. The URI field shows that email text was being sent back to the external site. I have blanked some of the data as it contains actual names and addresses.
I do want to make the point that not all add-ons are bad. I still use some for scheduling webinars and remote management of cloud services. However, if you have sensitive data on your network or if you have data compliance concerns I would recommend the following.
* Make sure users are aware of the risks of installing browser add-ons. Most of what they claim to do is now built into the off-the-shelf browsers. Personal devices at work can pose security risks if they connect to a network with browser add-ons that may access sensitive data.
* Check installed programs regularly. Remove any add-ons which are installed and not used. If an end user is complaining that they are getting unwanted pop-ups, or their search queries are being hijacked then a full scan for malware or scareware is required. If nothing is found then a reinstall of the operating system is recommended if the system is to be ever trusted again.
* Use at least two browsers. For general browsing use a fully updated default browser. For sensitive work like online banking use a separate browser with no add-ons installed. Browser add-ons normally install onto the default browser. However, this is not always the case so have regular checks of your trusted browser. I know individuals involved in IT security and they use 4 browsers with each one being used for specific tasks.
* Build a sandbox for testing. If end users are demanding that they need to install add-ons, then have a test procedure in place. I have built up virtual machines which match which operating system and applications a typical user has. I then take a copy a virtual machine, install the add-on and then watch to see what it tries to access. I covered a similar topic in a previous post where I looked at ways to troubleshoot applications by looking at network traffic.
Darragh Delaney is head of technical services at NetFort Technologies. As Director of Technical Services and Customer Support, he interacts on a daily basis with NetFort customers and is responsible for the delivery of a high quality technical and customer support service.