How to Avoid Bad Browser Extensions

Odds are, you spend most of your day staring into a web browser. We’ve come a long way from the days when web browsing primarily meant consuming news and other content on the internet. Now, we can do everything from grocery shopping to word processing—or even work in browser-based versions of serious business applications—without leaving a browser window. Part of what has made web browsers so useful—but also potentially hazardous—is the proliferation of browser extensions.

Browser extensions are software programs, often developed by third parties, that users can download to expand the functionality of their web browsers. All major browsers—Firefox, Chrome, Safari, etc.—have extensions.

Many extensions are great, allowing users to minimize distractions and interface with important business applications. Others, however, promise to do great things but cause far more trouble than they’re worth.

Some of these “bad” extensions just cause annoyances, displaying ads or redirecting you to sites you didn’t browse to. Others are more insidious, spying on your browsing, stealing your data, or injecting malware into your system. What’s worse is that some extensions start out life perfectly legitimate, but then get bought by bad actors and become malicious.

So, how do you get the most out of browser extensions without falling prey to malicious ones? Here are 4 tips:

1. Only download extensions from parties you definitely trust.

Do some research into the company behind the extension you’d like to download. Many extensions are developed by companies you know, such as Google or major software vendors like Microsoft, and these are generally safe. If you don’t recognize the vendor, be sure to read reviews of the extension on the browser’s extension interface—such as Chrome’s Web Store or Firefox’s Add-Ons page. Many times, malicious extensions will receive enough bad reviews to warn careful users away.

2. Take time to read all dialog boxes.

Whenever you’re downloading extensions, slow down to read all the messages your browser gives you about the extension. Chrome, for instance, will tell you exactly what information the extension will have access to, as pictured below.

extension-dialog-box

In this case, you’d need to absolutely make sure that you want to give the extension—software from a third party—access to “read and change all your data” and to “capture the content of your screen” before clicking “allow.”

3. Be very wary of pop-ups advertising extensions.

Many users download extensions because they are prompted to in pop-up messages on websites. You always have the option to decline the extension. And if you didn’t go to a site looking to download a helpful extension, it’s best to decline, unless you do some research on the extension.

4. Don’t download extensions bundled with other apps.

We’ve written before about the potential dangers of free software downloaded from the web. In many cases, free software applications will include browser extensions, which the user may download without paying attention, simply because they click “Next” on the installer window without reading what’s happening. When downloading anything from the internet, always be sure to read every message carefully so that you are downloading only what you want and expect.

Think you may have downloaded some bad browser extensions in the past? Feel free to reach out for advice or help cleaning up your system.