I’m a fan of FOSS and reasonable privacy with data. I also often look for and install software on my computers for random tasks as they come up. Today, when I was looking to install an extension to Firefox called Wikipedia-EN that helps me search Wikipedia by highlighting a word, the Mozilla page for the extension states:
This add-on is not actively monitored for security by Mozilla. Make sure you trust it before installing.
As someone that is not educated in programming or perpetually current on tech news, what can I do to assess the safety of this and other software? Is there a site that transparently evaluates software and publishes its findings?
As a techie, I would say rather stay away from browser extensions. A lot of them do add great functionality but browser extensions are much more difficult to verify and it’s a lot easier for them to be malicious without you knowing
Both practically and theoretically, it might be impossible. It basically comes down to trusting trust. https://www.youtube.com/watch?v=SJ7lOus1FzQ
Try virustotal.com. You can scan files and URLs.
If you have some sort of decent antivirus/antimalware like Malwarebytes, that would work for standalone applications to an extent.
Browser extensions are a lot harder to check.
Always make sure you get the RIGHT extension from the PROPER SOURCE. Same with most downloads and app store stuff on your mobile devices, but at least with executables, you can additionally run virus scans for some peace of mind.
Some tips…
- Always make sure you’re accessing the extension’s download/install page from a trusted source.
- Check reviews AND READ THEM. Make sure they don’t look suspicious/bot-generated.
- Consider what permissions you’re giving the extension. Your browser has a lot of personal and sensitive information… including the “keys” to a lot of your accounts. Basically any website that you don’t need to sign into every time you access it? That “key” is stored in your browser.
I believe you can generally trust what permissions an extension or app needs (since the browser/device knows which permission an extension/app uses, and locks them away otherwise), but be wary of the implications of some of them (such as data from other websites, or accessibility features).
Running any software is inherently unsafe. It’s basically the computer equivalent of eating something given to by a stranger, and you just have to trust them that it’s good for you.
But we do it anyway, simply because we have to - not all of us are software devs with unlimited time on our hands.
It basically comes down to whether you trust the origin or not, as well as check the reviews/comments to gauge the reception of other users. If something fishy is going on, word spreads relatively fast.
Tip: While no means foolproof, if the software in question has a github repo, it adds a layer of trust, because that means anyone can review the source.
