If the most important step you can take to secure your system is to use a secure browser -- advice held by everyone apparently, including Microsoft, which is working feverishly on IE 7 to close the years'-long security gap it created by not keeping the app up to date -- then the second step is to lock down the browser beyond what it offers out of the box, and/or learn how to use the security tools it does provide.
Firefox, which recently regained some of its market share momentum, fits the bill as a secure browser (more secure, anyway, than IE 6.x, its prime competitor).
We've wrapped up the second step for you by sniffing out five tools -- four extras and one integrated -- that we see as the most important security add-ons.
Now when malware and spyware and adware walk through the door, you can tell them
Not so fast, buddy. I'm Firefox armed and dangerous.
NoScript: We Don't Need No Stinkin' Java
Firefox may not allow ActiveX -- the Microsoft Internet Explorer technology at the root of numerous vulnerabilities over the years -- but it does support other active content that can be as dangerous, like JavaScript. The bulk of Firefox-exploitable active content vulnerabilities are, in fact, JavaScript bugs. (The most recently reported was one that hit the wires in early June; TechWeb covered it here.)
Although it's possible to disable JavaScript entirely -- Tools|Options|Web Features, clear the Enable JavaScript box -- that's not such a good idea; at times you'll not only want JavaScript, you'll need it. (Some online banking sites, for instance, put log-in forms on the screen using JavaScript.)
Enter NoScript.
The extension blocks Java and JavaScript (and Flash if you tell it) on all sites but those on a user-defined whitelist. Better still, you can authorize a site to use JavaScript for that session, or add it to the whitelist.
A small icon at the bottom of Firefox indicates the NoScript status of the site; a click there lets you allow some or all scripts on the page, or turn them off on a previously-whitelisted site.
