Protect your browser
Web browsers have become Oses in their own right, and the modern web is a jungle.
when to be Paranoid “Internet banking is naturally an area in which you should consider using a container, and exercise every caution.”
Drive-by downloads are pretty rare on Linux, and to be fair they’re becoming increasingly rare on Windows too. Gone, also, are the days where respectable programs bundled surreptitious ‘optional’ extras with their installers, such as browser search bars or spontaneous uncloseable popup adverts. But that’s no excuse for complacency.
Where these kinds of things do appear on Linux, it’s usually in the form of browser extensions, which are usually installed unwittingly by users. The goodly humans and machine-learn’ed bots that patrol the Chrome store and the Firefox extension page can’t
catch everything, after all. More often than not, these are easily uninstalled from the Add-ons (Firefox) or Extensions (Chrome/chromium) preferences. Recent versions of Chromium can log all extension activity; just start it with:
$ chromium --enable-extension-activity-logging Then go to the Extensions page, hit Details on the extension you’d like to interrogate, and scroll down to ‘View activity log’. If you don’t like what you see, disable or delete the extension.
Firefox’s Multi-account Containers are an extension well worth your attention. As with Docker and such, the idea is to segregate workflows, in this case through colour-coded browser tabs. So you can do all your social media, say, in one domain and all your research and actual work in another. They also provide the convenient ability to log into the same site with two different sets of credentials – useful if you manage multiple Gmail or Twitter accounts. Facebook gets its own special container (http://bit.ly/lxf251fbook) which ensures that its tracking cookies won’t know who you are outside this container.
Firefox containers address privacy concerns more than malware ones (we wouldn’t dare slander Facebook by calling it malware), but it’s not inconceivable that some advanced malware exists, or will exist, that can use the fact that the user is logged into the high-profile or high-value sites. See more extensions we approve of in the box on page 35 just bottom right.
Internet banking is naturally an area in which you should consider using a container. And in fact exercise every available precaution: long passwords, regular checks for dodgy transactions, carefully reading any emails purportedly from them for signs of fraud. In particular, check any links to suspect domains. Readers are often wary of our use of bit.ly shortened URLS. We think you should trust us (it’s impossible to change them after the fact) and oftentimes URLS are longer than a sane reader would dare transcribe, so it’s not something we’re going to stop. If in doubt, services like http://checkshorturl.com or https://urlex.org are your friends (but can you trust them?)
freshen up
More persistent browser infections have been recorded in the past, but these days rogue extensions have to fight with a lot of browser safeguards to hide, access files or siphon personal data. That being said, if you are at all worried about your browser then safety trumps sorryness anyday, and since any unwanted browser extras generally live in the user profile directory, an easy fix is just to delete the old profile and start with a new one. Even if you don’t think there’s anything untoward in there, a fresh profile will have a clean cache and so could speed up your browsing experience.
Firefox even has an option to do almost this straight from the browser. Just navigate to about:support and hit the ‘Refresh Firefox’ button on the top-right of the page. This will preserve your bookmarks, auto-fill information and passwords, but will purge any extensions and themes. Add-ons which live outside the profile folder will survive, but will have their preferences reset. The old profile folder will be backed up to the Desktop and its contents can be copied back to the original location if the situation isn’t resolved or you miss something.
If you want to nix your profile directory the old fashioned way, first find out where it is with:
$ cd ~/.mozilla/firefox/
$ ls
The profile directory will be something like zx9rh0k. default . It’s a good idea to move this rather than immediately delete it, and it’s probably a good idea to backup your bookmarks and make sure you know any saved passwords (or, better, have them saved in a password manager), because this information is all interred in the profile directory. Cookies are also stored in here, so any website preferences will be lost too. Let’s move the profile directory to our home directory:
$ mv ~/.mozilla/firefox/zx9rh0k.default ~/ Oldprofile
Now restart Firefox and see what life with a virgin profile is like. For Chromium, the default profile directory is ~/.config/chromium/default (or chrome/default
if you’re using Google Chrome). You can check this is indeed where the active profile is stored by visiting chrome://version. Substitute this directory in the command above to have a clean Chromium profile.
If you’re using Firefox Sync, or have your Chromium profile synced to a Google account, then bookmarks, extensions and passwords are synchronised automatically. This is useful, but in the unlikely event a rogue extension is degrading your browsing experience, using this feature may well re-animate the problem. So do try things without syncing first. If this solves your problem and everything works, then you should
$ rm -rf ~/Oldprofile
because it contains encrypted passwords (and potentially payment information if you use that feature), as well as the keys by which a knowledgeable attacker can decrypt them.
While everyone wishes it wasn’t the case, it’s always possible that just by visiting a web page you can contract some kind of malware – without so much as clicking, downloading or running anything. Browser developers go to extraordinary lengths to preclude this outcome, and in fact they do a marvellous job because this kind of malware (unless you’re running outdated software) is extremely rare.
For it to gain a foothold, there would need to be a vulnerability in the browser, perhaps in a font or image rendering library. Or perhaps a pop-up is able to render in some way that hides a malicious download behind the close button. Generally speaking, an unpatched vulnerability that allowed arbitrary code execution straight from the browser would be quite high-value, so unless you’re someone like an activist, political dissident or darkweb mastermind that people with considerable hacking resources (governments, nation states, other darkweb masterminds) are very interested in, then you’re probably fine. After all, why would such a group risk losing their 0-day edge on a civvy?
Besides privacy concerns around their tracking cookies (which isn’t the focus of this article), advertising networks have in the past been used to spread malware, by injecting malicious Javascript or Flash applets. There’s no reason for the latter to be a problem now: Flash is all but dead and should be uninstalled. Chromium comes with its own PPAPI Flash plug-in which is heavily sandboxed, and by default should prompt before launching. Check this by visiting Settings > Privacy and Security > Site settings > Flash. By all means disable it outright if you want to be sure.