Firekeeper and NoScript help against cross-site scripting attacks..

Hi users of Firefox and Flock,

I’ve been using one other Firefox extension that might help protect against such cross-site scripting attacks: Firekeeper http://firekeeper.mozdev.org/

Firekeeper is an Intrusion Detection and Prevention System for Firefox. It is able to detect, block and warn the user about malicious sites. Firekeeper uses flexible rules similar to Snort ones to describe browser based attack attempts. Rules can also be used to effectively filter different kinds of unwanted content. Features of Firekeeper include:

* Ability to scan HTTP(S) request URL, response headers and body, and to cancel processing of suspicious requests
* Encrypted and compressed responses are scanned after decryption/decompression
Privacy friendly - no data is send to external servers, all scanning is done on the local computer
* Very fast pattern matching algorithm (taken directly from Snort).
* Interactive, verbose alerts that give an ability to choose a response to detected attack attempt.
* A detailed view of suspicious response headers and body
* Event logging
* Ability to use any number of files with rules and to automatically load files from remote locations.

An earlier version I was using was a bit buggy, but the latest updates seem to work really good, although it is still called “alpha” stage by the developer.

Worth looking into if you are really paranoid about these things and you do use Firefox with all the other things Jim previously mentioned.

polonus

I’ll take a look on it… the test page seems good…
http://firekeeper.mozdev.org/tests/index.php

I will certainly have a look at it, I was concerned if it might have a collision with NoScript’s XSS function, but it doesn’t seem to do so.

Hi DavidR and Tech,

After Firekeeper was updated to the 3.0.1 version it works beautifully alongside NoScript and ABP, tested this Firekeeper to the hilt now over the last few weeks.
It is like having a Snort-ruled IDS inside your Firefox 3, and actually the rules are written in a similar way as Snort rules. This is what I mean with behavioral analysis of what goes on under the hood.
I feel a bit more secure with it. If it did not deliver or was superfluous or not adding anything valuable for me security-wise, I have it out immediately, I am not paranoid. I am a realist, and while I am on MozillaZine and filing bugs for Bugzilla’s as “in-browser security” is my thing, and it is a major vector of malware infections, believe me,

pol

Three tests flag the Free Download Manager to start.

test_clsid
test_media_player_content
test_realplayer

I did not test if the download could continue, but probably not.
The others were blocked.
Seems ok, without crashes and bugs…

Hi Tech,

Ye gonna like this one, my friend,

pol

Whilst my tests didn’t start my download manager Star Download, but the Firefox default Download did pop up in some of the tests, no that in itself would be enough for me as that would trigger my response to cancel it without firekeeper.

Provided any intrusion wasn’t covert that would be enough without firekeeper, but it is the ones that might be covert and you get no response from firefox that could be dangerous.

However, then there is still the fact that these intrusions are kicked off by scripts and if you are using NoScript as I do the script wouldn’t launch. The only reason they currently do is because mozdev.org is allowed in my NoScript.

So the upshot is, with NoScript, the need for Firekeeper is lessened, IMHO.

Hi DavidR,

While NoScript is no cure for all, as that does not exist I cannot agree with you fully here.
They are not completely overlapping, you can understand that rule based intrusion detection is something quite different than an adjustable script blocker. For instance manipulation of IMG etc.
I tested this Firekeeper extension and it alerted while NoScript was sitting there idly, and what if NoScript has scripts partially or completely allowed? Is not it that malware is not spread by malware sites, but that every website , also the renowned, can get abused. Firekeeper is lean as an extension, and so I vote for the extra protection.
The same was with the BetterPrivacy protection against Flash cookies, did not think much of it, until Giorgio Maone, the maker of NoScript told me, that NoScript does not protect against Flash cookies or Super Cookies for that matter, that is why I kept BetterPrivacy as an added add-on.
I have published my experience with the new Firekeeper on MozillaZine and we will wait what Mr. Maone has to comment. So for me, my inside browser protection consists of: NoScript, BetterPrivacy, Redirect Remover, ABP and Firekeeper. Furthermore why deny Firekeeper as it does not produce any wrong interaction with other extensions? Believe me, I test it out, I really do not believe in SnakeOil add-ons, and when found they are the first ones to get dropped, but for now: better safe than sorry, that’s it boys,

polonus

I’m not denying firekeeper has a place, but neither is it the panacea as other single security add-ons aren’t, collectively they provide a better overall level of protection.

However, if I didn’t have firekeeper I don’t believe that I would be adversely effected, given the other pro-active measures that I take and exercising a healthy dose of common sense and safe hex.

The same, except Redirect Remover… I need redirection to download (example: sourceforge.net).

given the other pro-active measures that I take and exercising a healthy dose of common sense and safe hex.
Like you David, this may not be something I need however, most people aren't as cautious and for them, this would probably be an excellent addition to their security arsenal. :)

Well I still have it installed and this morning when I first connected to the forums it threw up its first alert.

Shame on me I didn’t do a screen capture, what it related to I’m sure is the McAfee SiteAdvisor add-on, so that was white listed.

I can also see potential for problems for those people who are less cautious as they may not be able to interpret the alert and see it for what it is and just block or worse just allow/whitelist.

So this tool does require a degree of experience I think or you don’t know what to answer and you then would have to trust the add-on knows best and take it as bad and block.

So this tool does require a degree of experience I think or you don't know what to answer and you then would have to trust the add-on knows best and take it as bad and block.
The same thing can be said for any of the security related programs we run. Your firewall, anti-virus and malware scanners all at one time or another require user intervention to decide if a certain program should or should not be allowed to run. That's where Google or another search engine can be of great help. This forum can also be very helpful in guiding a novice computer user. :)

Anytime I try firekeeper, I end up with [b][color=blue][u]this problem.

[b]After installation Firekeeper label is red and preference window displays message "Firekeeper load failed component @firekeeper.mozdev.org/firekeeper not registered ...". What happened?[/b] This is the most common problem people are having with current Firekeeper alpha release. It means that Firekeeper library couldn't be successfully loaded because some library dependencies weren't fulfilled on the user's system. Upcoming Firekeeper releases should run on wider variety of systems.
I guess I'd better wait till they solve the issue. :P