The number of users of Firefox browsers is increasing. Users may worry about security when using Firefox. The following six browser security settings skills eliminate all doubts.
1. Modify useragent
In FF, enter about: config to add general. useragent. override.
Set to GoogleBot 1.2 (+ http://www.google.com/bot.html)
You can also set it to another one.
When set to googlebot, access to some sites is restricted, such as yahoo, wiki, and gmail. You can also use the firefox plug-in to switch the useragent.
2. Install the Security plug-in
Install NOSCIRPT and FIREKEEPER.
In NOSCIRPT, set "JAVA/adobe flash/SILVERLIGHT/Other plug-ins/IFRAME" to prohibit all check.
If you select to apply these restrictions to a trusted site, these settings do not affect your use.
3. Install TOR and TORBuTTON
Use TOR to browse untrusted websites. But do not use a TOR for E-mail or anything. The fbi and tianchao both set a lot of sniffable exit nodes.
4. Cancel File Association
Files in wma, avi, and swf formats can be automatically opened and played by default. This is dangerous. On the one hand, you can use these objects to determine the operating system version. In addition, Windows media player overflow may also affect ff.
In the file type, set all file-type actions to save to the local disk. If you want to view flash, No matter flash.
5. XSS/CRSF Protection
There are noscirpt and firekeeper, which should have done well in anti-Cross-Site defense. But you have to set it just in case.
Clear my data when I quit FIREFOX.
In this way, the firefox cookie will be cleared every time you exit. If someone else sends a URL to ask you to click something, it will not steal cookies or anything.
6. prevent other EXP attacks and catch 0-day attacks
The above settings are safe. But not enough! Firekeeper can help.
The following is a rule of firekeeper.
Alert (body_content: "anih | 24 00 00 00 |"; body_re: "/^ RIFF. * anih $. * anih (?! $)/S "; msg:" possible ms ani exploit "; reference: url, http://www.determina.com/security.research/vulnerabilities/ani-header.html ;)
Similarly, we can determine whether any jpg or gif contains a unique file header. In this way, you can determine whether the image is true or not. However, if the image overflows, there is still a file header. This can also be disabled, but it does not make sense for browsers.
So I gave some keywords for firekeeper:
Unescape
Eval
0x0A0A0A0A
0x0d0d0d0d
0x0c0c0c0c
Payload
5% u * in a row *
5 In a row &#
......
In this way, we can not only defend against the attack, but we may be able to catch any 0day if we are lucky.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
