1: Just because the extensions are hosted on the developer’s “store” doesn’t mean they don’t bite.
When you look through Firefox’s add-ons site or the Google Chrome store, you’ll find a ton of browser extensions, each with their own ratings and descriptions neatly laid out for you. There’s a ton of stuff you can get and most of it is free. Both of the above-mentioned sources are very trustworthy and come from the developers of the browser you may be using. Sadly, this doesn’t mean that you should just hop right in and download anything that meets your eyes. There are a lot of malicious extensions out there that can be used to hijack your computers. Granted, browser developers do their best to keep malware out of their extension stores. However, their security isn’t always going to stop the bad guys from butting in and giving you a bad apple. It’s the unfortunate truth of the Internet. To prevent compromising your computer, only get extensions that have lots of positive feedback. Search Google for the name of the extension, the name of your browser, and then the word “malware” after it. See what you find!
2: Extensions can be forcibly installed on your computer.
It shouldn’t have happened to me, but it did: I downloaded malicious software and opened it. It happens to the best of us. During the installation, it sneaked in an extension on my Chrome browser that popped up ads every few pages I visited. I looked at my list of extensions and, surely enough, there it was. There was something there I didn’t ever install myself. Forcible infections via proxy have a way with making your computer behave in all sorts of inexplicably funny ways. To prevent something like this from happening, download software that comes from trusted publishers. Avoid big green “Download” buttons that appear next to a ton of other “Download” buttons on some websites. A lot of people fall for this trick and it’s sad to see how many actually get infected.
3: Be careful when giving your information to an extension.
Seriously, I can’t stress it enough: Use extensions only from trusted developers. Just because an extension is working as it should be doesn’t mean that it won’t unintentionally leak information about you to malicious sources. A hacker can access the extension developer’s database and steal all the information it collected about you. In this day and age, that’s how most compromises happen. Large database leaks can really disrupt the lives of many people. Make sure you know what the extension is taking from you. Does it need your credit card info? Your phone number? How about your passwords? Don’t give a browser extension any information that you would mind being leaked, unless you’re certain the information is encrypted upon storage and decrypted on your computer with a passkey that you control.
Anything Else?
It’s all about trust and scrutiny. Before downloading anything, scrutinize it carefully. Playing detective is always fun, anyway! If you have more thoughts on the subject, leave a comment below!