intro-image

A bad extension is never a pleasant experience. It can do very unsavory things to your computer such as snoop on your browsing or steal your credit card number and passwords. Same can be said for a malicious app on your mobile device. Before downloading any extension or app, whether you use Firefox, Chrome or Android – it has become a must nowadays to check for red flags.

These red flags are pretty easy to spot too. From taking a look at the developer to reading user reviews, knowing what to look for and avoiding the hassle of a malicious extension is easy to do. Our guide will outline the best ways to avoid bad extensions in Firefox and Chrome and the bad apps for Android.

Tips to Avoiding Malicious Extensions and Apps

Avoid Bad Chrome Extensions

Chrome has a reputation of being a pretty locked down browser, and they’re also good at policing their Chrome Web Store when glaringly obvious bad third-party extensions are put up. In June of this year, Chrome started making it impossible to install their party extensions outside of the Chrome Web Store to prevent bad extensions, and it’s helped. There are however a few things you should always look for just to be on the safe side.

Check the developer

One of the easiest ways to spot a bad extension right from the get go is when no developer is listed, or if they are, but it’s from a small or shady-seeming company. When you’re looking at an extension you want to download in the Chrome Web Store, take a look at the developer. The developer’s name is always listed next to the title of the extension.

looking-at-the-developer

To find more information on the developer, click the “Details” tab. On this page is where you will usually find a link to the developer’s website. If you have never heard of the developer’s name before, it’s always a good idea to visit their website briefly to see if they’re a legitimate company.

clickin- the-website-link-for-the-developer

A well-designed website is always a good sign of a company you can trust.

reputable-developer-website

Read reviews

Another way to avoid malicious Chrome extensions is to read user reviews. While Chrome is good at policing itself and removing bad extensions when they’re reported, they started doing this in more gusto earlier this year. A slew of extensions made by Turkish developers had the trojan virus, which infected a person’s Facebook page and liked hundreds of pages, including several companies.

While Chrome has cleared most of these out, it’s always smart to be careful with third-party international extensions. The Chrome community is another great way to avoid bad extensions too. Users tend to give pretty accurate reviews.

When checking out a possible extension in the Chrome Web Store, click the “Reviews” tab to see what people have said.

extension-user-reviews

Be Careful with Permissions

An extension you can trust should also never ask for permissions, such as permission to access your Facebook information or anything else. Allowing an extension these things can lead to a vulnerability on your part, especially when automatic updates are allowed. An extension may be good at first, but malicious attacks frequently occur in so-called extension updates.

So when an extension asks for extra permissions after an update, Chrome automatically disables it and notifies you about the changes. Take some time to check the new permissions and if something seems fishy, remove the extension or if you really need it, get in touch with the developer.

Another option would be to use the “Report bug” or “Report abuse” option under the details tab. If the Google devs approve it as being safe, you can rest assured about the extension or app.

erxtension-asking-for-permissions

Avoid Bad Addons on Firefox

Avoiding bad extensions, aka “add-ons” in Firefox, is pretty much the same as with Chrome – reading user reviews and not allowing an extension to have multiple permissions. Mozilla scans all third-party apps for viruses just like Chrome, but no scanning job is 100% perfect.

It’s up to the user to look for red flags before downloading an extension. Firefox may be regarded as a browser that’s tough to crack, but shady extensions have been known to infiltrate Firefox.

Avoid “Untrusted” Sources

As mentioned above with Chrome, one of the best ways to avoid a bad extension in Firefox is checking who the developer is and making sure they’re a “trusted source.”

untrusted-developer-warning

Install NoScript

A popular way for viruses to infect your computer is through JavaScript, but you can prevent malicious attacks by installing NoScript, as the extension that allows you to restrict which sites use JavaScript.

noscript-software-logo

Download NoScript

Avoiding Malware on Android

Linux, on which the Android OS is based, has literally no malware issues to speak of. It’s ironic that Android is the primary target for malware creators – mainly because of its rapid growth and popularity.

Steven J. Vaughan-Nichols over at ZDNet has compiled a list of precautions one can take to make sure they are safe from malware on their Android device. In brief, they are as under:

1) Don’t visit, and whatever you do download, materials from suspicious Websites

2) Don’t download programs from third-party Android stores

3) Look carefully at any program before you install it to make sure it’s legitimate, and it only asks for necessary permissions.

4) Upgrade, if possible, to the latest version of Android

5) Read user reviews carefully – especially the ones that have rated the app as of low-quality. Also, take the opinion of the 5-star reviews with a pinch of salt as the developer could have easily forged these reviews by creating multiple accounts.

6) Use a good Anti-Virus software on your Android device. Most Android A/V programs available on the Play Store today, do a good job of protecting you

av-test-v2-android

(via Av-Test.org)

Conclusion

Avoiding every single bad extension or app out there can be difficult, but remember, if you keep your browser and mobile OS up-to-date, it can help greatly, especially when new security measures are being offered to prevent the latest malware attack.

We didn’t mention iOS as it has a pretty solid record of filtering the apps that are approved in the App Store and with such a tight ecosystem the users are not as vulnerable. However, iOS users who circumvent Apple’s content protection technology – or “jailbreak” their phones – are quite vulnerable to malicious infection, especially when loading applications from external application marketplaces that cater to jailbroken iOS devices.

For more information on avoiding malware, read our post – 9-lab Removal Tool Scans for Malware and Threats for You