{"id":65776,"date":"2017-08-23T09:45:13","date_gmt":"2017-08-23T16:45:13","guid":{"rendered":"https:\/\/www.intego.com\/mac-security-blog\/?p=65776"},"modified":"2017-08-24T09:51:49","modified_gmt":"2017-08-24T16:51:49","slug":"how-malicious-plugins-can-compromise-your-mac","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/how-malicious-plugins-can-compromise-your-mac\/","title":{"rendered":"How Malicious Plugins Can Compromise Your Mac"},"content":{"rendered":"

\"How<\/p>\n

I cannot remember a time in which my browsers did not have a few plug-ins installed. My Safari has three\u00a0and my Firefox has seven;\u00a0they’re the first thing I install on a new system, and I really dislike browsing the Web without them. Plug-ins (also called extensions or add-ons) are not always useful enhancements though,\u00a0and may even be installed without your knowledge \u2014 some of which may even be malicious and can compromise your Mac.<\/p>\n

So what are some\u00a0things you should look out for when using plugins? And how can you tell if they’re legit or malicious plugins? It’s not always easy to tell, but there are tried and true methods to help you navigate the Web more safely.\u00a0In this article, we will cover some best practices for the use of plug-ins and how you can stay safe when using them.<\/p>\n

Get plug-ins only from a trusted source<\/h3>\n

If you need to use a plug-in, it’s best to only get it from a trusted source. For example, if you want the Adblock plug-in for Safari, you should get it from the official\u00a0Adblock website<\/a> or from the Safari Extensions web page<\/a>\u00a0hosted by Apple.<\/p>\n

Do not get plug-ins from a web page or a pop-up that prompts you to install it!\u00a0These potentially harmful prompts are\u00a0most often seen in the form of fake Flash Player updates. If you do see a pop-up that suggests a plug-in you might actually want to install, close the pop-up window and get that plug-in from a trusted source. (RELATED: How to Tell if Adobe Flash Player Update is Valid)<\/strong><\/a><\/p>\n

Note:<\/em> While blocking ads makes my browsing experience much better overall, I do unblock websites that show a normal amount of ads that are relevant to the site’s content. Ads pay the bills for a lot of websites, so I’m happy to contribute to sites I frequent often.<\/p>\n

Plug-ins to avoid<\/h3>\n

Flash Player, Java, Silverlight and Acrobat are most often exploited and should be avoided if you can. That said, each plug-in that you install increases the potential attack surface, so don’t install a plug-in unless you really need it.<\/p>\n

Keeping your plug-ins up to date<\/h3>\n

Your browser should be doing this for you, but you can verify your browser is set up for auto-updating plug-ins. Here are steps to keep your plug-ins up-to-date in Safari and Firefox:<\/p>\n

Safari<\/strong><\/h4>\n

Open the Preferences,<\/strong>\u00a0and then click the Extensions tab<\/strong>. At the bottom of that window, you will see a checkbox that will enable the automatic updating of extensions; make sure it’s checked.<\/p>\n

\"Update<\/p>\n

Firefox<\/strong><\/h4>\n

From the Tools menu<\/strong>, select Add-ons<\/strong>. Click on the button with a cog wheel in it and make sure “Update Add-ons Automatically” is checked.<\/p>\n

\"Update<\/p>\n

How your Mac and browsers protect you<\/h3>\n

Every major browser has implemented a system where plug-ins are activated only if you tell it to activate. This way you can choose to let one website use a plug-in while every other website cannot access it. A website that requires one of your plug-ins to work will display a message similar to\u00a0this one:<\/p>\n

\"Click
\nAnd when you click that button, the browser will show an additional warning and asks you to confirm.<\/p>\n

\"Do
\nThis gives you two chances to really consider the choice you’re making, and unless it’s content you really need from a site you trust, will likely make you think twice before granting the site access to that plug-in.<\/p>\n

macOS disables known vulnerable versions of plug-ins for you as well, through its XProtect<\/a> mechanism. Though it mostly focuses on Flash Player, in the past it has been used to set a minimum required version for Java and Silverlight as well. Unless you have the version Apple recommends or newer, the plug-ins do not work on your system. While a nice additional security measure, it has a very narrow focus when it comes to plug-ins and is not updated to keep up with all threats.<\/p>\n

How a plug-in can compromise your Mac<\/h3>\n

There are two types of plug-ins that can compromise your Mac: vulnerable plug-ins and malicious plug-ins.<\/p>\n

Vulnerable plug-ins<\/strong>:\u00a0These are plug-ins that are not designed with any malicious intent, but they have vulnerabilities that can be exploited by a malicious website or script. In some cases, such as with Flash Player, these vulnerable plug-ins have been\u00a0riddled with vulnerabilities for so long, they should be labeled as intentionally malicious just for being stubborn and keeping it available; but, that’s just my two cents. Vulnerabilities can happen to any plug-in and, if exploited, can allow a maliciously crafted website or script to gain access to more data than it should. Saved browser passwords or even data on your hard drive are at risk; it depends on the type of plug-in and the vulnerability.<\/p>\n

Malicious plug-ins<\/strong>:\u00a0<\/strong>These plug-ins are specifically designed to put your system or your information at risk. These are the plug-ins that are typically installed by malware or a PUA (Potentially Unwanted Application) and cause advertisements to be injected on webpages that you visit. They can also be installed through malicious websites that prompt you to install “this amazing plug-in” and end up giving you a plug-in that does something completely different. One such example is Awesome Screenshot<\/a>\u00a0from some years ago. Genieo<\/a> is another adware that typically gets installed through application installers that come from dodgy websites. You think you’re downloading VLC Player, MPlayer X or UnRarX, but the installer also puts plug-ins in your browser, so it can start injecting ads on pages you visit. InstallCore<\/a> is another such adware. Malicious plug-ins are not built to provide the best quality in terms of code and quality control, so they likely introduce several vulnerabilities that can be exploited by other 3rd parties as well.<\/p>\n

When it comes to malicious plug-ins, Intego\u00a0VirusBarrier<\/a> has you covered. Intego’s anti-virus for Mac blocks\u00a0the malware\/PUA\/Plug-in before it gets installed, and\u00a0if you’ve recently joined the Intego family, it keeps you safe by neutralizing whatever malicious software was already on your system. As for non-malicious but vulnerable plug-ins, use the tips above to either stay away from them completely or at least make sure they stay up-to-date and only activate when you explicitly tell them to.<\/p>\n

Happy browsing! \ud83d\ude42<\/p>\n","protected":false},"excerpt":{"rendered":"

I cannot remember a time in which my browsers did not have a few plug-ins installed. My Safari has three\u00a0and my Firefox has seven;\u00a0they’re the first thing I install on a new system, and I really dislike browsing the Web without them. Plug-ins (also called extensions or add-ons) are not always useful enhancements though,\u00a0and may […]<\/p>\n","protected":false},"author":79,"featured_media":69340,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[151,13],"tags":[86,243],"yoast_head":"\n\n\n\n\n\n\n\n\n\n\n\n\n\t\n\t\n\n\n\t\n\t\n\t\n