How to Prevent Yourself From Installing Malicious Add-ons and Extensions
Being a tech support for the whole family sometimes suck, especially when your aunt constantly complains about a weird search engine, which no one ever heard of, pushing numerous ‘call to action’ adverts and banners — straight to the desktop. When you hear this once every week, you kinda want to resort to strict methods like using parental controls to block them from installing things anymore! But then again, they would eventually find new ways to get their machine infected. I swear I even saw a desktop widget for a search engine one day! I decided to put an end to all this and ended up installing uBlock origin on her machine.
But that didn’t cut it. A few websites forced my aunt to disable her adblocker to access their content, which in turn opened the flood gates again. Sometimes when she tried downloading some software on her own, instead of downloading the actual software, she ended up downloading a crap load of adware that made their way to the startup folder. Later, I found that most of the adware were from the browser add-ons that Google forgot to vet.
On refreshing her laptop, I came across some useful stuff to remove and prevent any future installation of any adware. I hope this helps anyone who finds themselves in such situations more often.
- Chrome cleanup tool – Fixes issues with Chrome and removes all the persistent extensions.
- uBlock Origin – The best ad blocker out there. Chrome | Firefox
- Extension Defender – Detects any malicious extensions. Firefox
- Privacy Badger – Block unwanted tracking cookies. Chrome | Firefox
Installing uBlock Origin alone will take care most of the ‘prevention’ part, which is simply blocking the advertisements that target the gullible. But when websites, especially the freeware hosting sites, block the content and ask the users to disable their ad blocker, un-informed users may hit the wrong download button (the ones that scream DOWNLOAD) and infect their system.
Finally, I ended up blocking access to the extensions folder by changing the default permissions.
- For Chrome, go to
%userprofile%\AppData\Local\Google\Chrome\User Data\Default\. Find the extensions folder, and edit the permissions for the administrator account to deny write access.
- For Firefox, at the time of the writing, there is no easy way to do this other than modifying the config files. For now, the extension defender plugin should be of help. We’ll update a solution as soon as we find an easy method.
This post was first published on February 15, 2014.
I faced a similar situation once. The solution that worked for me is to deny write permissions to the browser’s extension folder.