Thursday, June 2, 2016

Browser Extensions

How to Permanently Disable Browser Extensions for Maximum Security

pasted_image_at_2016_05_23_02_02_pm

Browser extensions can be incredibly useful, but install the wrong one, and you’ll open yourself up to security risks. If you don’t use extensions (or someone you know doesn’t), here’s how to disable extensions entirely.

Why You Might Want to Turn Browser Extensions Off


If you use and love web browser extensions, great. This article isn’t for you–it’s for the people who don’t use them, and are more likely to harm their computer by allowing them.

I was recently helping a relative with their computer problem, and saw they had a browser extension I didn’t recognize. I asked them what it was, and they responded: “What’s a browser extension?” These are the people for whom browser extensions should just be disabled.

When extensions come from a reputable company (like LastPass) and perform a useful function (like helping your create and use strong passwords), browser extensions are really awesome. When they’re written by scummy companies that install them automatically to spy on you or outright hijack your web browser, browser extensions are a nightmare.

So for those of you that are on top of your security game, only use browser extensions from known and reputable companies, and frequently check in to make sure your browser hasn’t been hijacked by scummy extensions, by all means keep using those few and wonderful extensions you love.

For everyone else, however, there’s no good reason to leave their browser’s extension system active when they’re not even using it. Doing so simply leaves a giant door open for everything from stealthy tracking extensions to spy on them or malware extensions to pop up and scam them with fake tech support.

How to Permanently Disable Extensions, Browser-by-Browser


If you want to really lock down your web browser (or, more likely, the browser of a friend or relative plagued by malicious browser extensions) it isn’t sufficient to simply disable and remove existing browser extensions. The same shady websites and bad browsing habits that led to the browser filling up with malicious extensions will just cause it to fill up again.

So while removing a single malicious extension works if your goal is to keep the rest of you browser extensions active, that isn’t our goal today. Our goal is to disable the extension framework such that there’s no chance a malicious browser extension can even load in the first place. By doing so, you’ll never have to spend a holiday visit purging the computer of your relative because there won’t be anything to purge in the first place. The method we’re outlining here doesn’t remove the extensions, it doesn’t prevent, say, some anti-virus software from installing an extension into the extension directory, it outright circumvents any issue you would have with the browser extensions by simply refusing to load them.

Let’s take a look at how to disable the extension framework in the major web browsers, with notes on how the technique works differently between browsers.

Google Chrome: Extension Slaying Made Simple

By far, Google Chrome makes disabling extensions the simplest. In order to disable the extension framework on Chrome you simply launch the browser from a shortcut appended with the flag --disable-extensions .

The easiest way to take advantage of the flag is to simply edit the shortcut you use to launch Chrome. Right click on the shortcut, select “Properties” and look for the text box near the top labeled “Target:”.



Add --disable-extensions to the end of the entry such that an entry like this:

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"

Now looks like this:

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --disable-extensions

Now, when you run Chrome, the extension system won’t even load. That means there’s no risk of malicious extensions interfering with your browsing experience, spying on you, or otherwise causing problems.

You can confirm the flag is in effect by clicking on the menu icon in the upper right hand corner of your Chrome browser and looking in the “More tools” menu entry.



If “Extensions” is grayed out and you can’t select it, the flag was successfully applied.

We really like how Chrome handles this situation, as the flag is very specific and targets just extensions (leaving the rest of the browser experience untouched). More importantly it doesn’t get in your face with an announcement or splash screen each time you launch the browser–perfect for setting it up, unobtrusively, on a relative’s computer.

Internet Explorer: All-or-Nothing Add-On Disabling


Like Chrome, Internet Explorer has a flag you can use to disable extensions. Unfortunately, unlike Chrome, the Internet Explorer flag is sweeping in scope and disables all add-ons, extensions, and plugins. While this may not be problematic for everyone, it can cause issues with certain webpages that are dependent on browser plugins, like Flash for video.

To run Internet Explorer with extensions disabled, you simply append the browser shortcut (as we did with Chrome). Examine the properties of the shortcut and add -extoff to the shortcut found in the “Target” box.

For example, this:

"C:\Program Files\Internet Explorer\iexplore.exe"

becomes this:

"C:\Program Files\Internet Explorer\iexplore.exe" -extoff

You’ll know immediately if it worked because, upon launching Internet Explorer from the modified shortcut, IE will announce loudly that it is running without add-ons.



Like with our previous Chrome fix, you can now browser the web without any extensions loaded.


Firefox: Safe Mode Might Be Too Safe

Firefox, too, has a flag you can add to your browser shortcut in order to start with extensions disabled. Like Internet Explorer’s shortcut flag, however, it covers much more than just browser extensions (and the flag name itself reflects that). By appending your shortcut with the flag -safe-mode the browser will start in Firefox’s “safe mode” state–hardware acceleration, browser themes, and extensions are disabled and toolbars and button customizations are reset to the default state.

To start in safe mode you simply edit the browser shortcut, as we demonstrated in the previous sections with -safe-mode . So a shortcut target like:

"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"

becomes:

"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode

You’ll know if you’ve done it correctly because, immediately upon next start, Firefox will announce it is in safe mode.



While the settings change in Chrome just disables the extensions, like Internet Explorer the change in Firefox is a more intensive troubleshooting mode that isn’t necessarily conducive to simply browser sans extensions. We’ve included it here, however, so users of the three most popular browsers can see how to disable extensions. Depending on your needs, it could be worth the sacrifice.

By How to Geek

No comments:

Post a Comment