Install “Search Engine Security” Firefox Add-on – Get Protection Against Fake Search Engine Results

image Cyber crooks are undoubtedly masters at seizing opportunity, and, they know when they’ve latched onto a good thing. Poisoned search engine results have proven to be a gold mine for the bad guys who, naturally, continue to be unrelenting in their chase to infect web searches.

Since drive-by downloads, which don’t require user action to create an infection, are resident on many of these compromised sites, this is bad news for the unwary Internet user.

This image (courtesy of Sunbelt Software), illustrates the results of a Google search with links to malware infected sites.

image

Search engines, including Google, do a relatively good job of scanning their index for potentially dangerous sites. Nevertheless, scanning does not detect all potentially dangerous sites – not even close.

To reduce the chances that you will be victimized by malicious search engine results, you should consider installing an appropriate Browser add-on, or if necessary, add-ons, to increase your safety margin. A list of recommended add-ons follows later in this article. But first, take a look at a new Firefox add-on I came across recently.

image

Search Engine Security turns the table on the bad guys by using using a technique familiar to most hackers – appearing to be something you’re not. Or, more properly, appearing to come from a location you’re not really at.

Basically, the addon changes the HTTP referrer (selectable by you), in the search string so that when you click on a returned link it appears to the link site that you have not arrived from Bing, Google, or Yahoo. In the screen capture above, you’ll notice I’ve changed the referrer header to my site.

Based on the theory that cyber crooks rely on you being directed to their sites by a search engine, and launching malware code only when the referrer string is identified as having come from a search engine, Search Engine Security should provide additional protection.

According to the developer here’s how it works:

This Firefox add-on handles Bing, Yahoo and Google search engines, in all languages. Normally, if a user clicks on a link within search engine results, the HTTP request to the external site contains a Referrer string from the search engine within the HTTP header.

For example, if a user searches for “this is a test” in Google, any request to a search result will include the following Referrer:

Referrer: http://www.google.com?q=this+is+a+test&hl=en&safe=active

For these requests, the add-on changes the Referrer header to a different value. This means that the requested page does not know that a given request came from a Google, Yahoo or Bing search.

This is critical as Blackhat SEO pages only deliver malicious content (fake AV, Flash/Java updates, codecs, etc.) when requests come from the SEO results. Changing the Referrer header, breaks the attack.

Download at: Mozilla

Requirements: Firefox 3.0 – 3.6.*

Additional Internet Browser Protection:

It’s foolish to rely on only one form of protection, it seems to me, so take a look at the following browser security add-ons that are noted for their effectiveness.

It’s important to recognize that cyber-criminals are crafty, and there are no perfect solutions.

Web of Trust (WOT)WOT is a free Internet Browser add-on (my personal favorite), that has established an impressive and well deserved reputation. WOT tests web sites you are visiting for spyware, spam, viruses, browser exploits, unreliable online shops, phishing, and online scams, helping you avoid unsafe web sites.

McAfee SiteAdvisorA free browser add-on that adds small site rating icons to your search results as well as a browser button and optional search box. Together, these alert you to potentially risky sites and help you find safer alternatives. These site ratings are based on tests conducted by McAfee using an army of computers that look for all kinds of threats.

Finjan SecureBrowsing Finjan SecureBrowsing searches major websites as well as search results for malicious content hiding behind links. By accessing and scanning destination URLs in real time, the add-on proactively warns you when a link is potentially dangerous.

ThreatExpert Browser DefenderThe Browser Defender toolbar allows you to surf safely by displaying site ratings as you browse the Internet. When you visit a site its address will be checked by our servers and a rating shown in the toolbar based on any malicious behavior or threats we have found associated with the site. The toolbar also integrates with the search results provided by popular search engines such as Google and Yahoo! so you can see if, in our view, it is safe to continue before you visit a site.

AVG Security Toolbar Free Edition AVG’s unique Search-Shield, available with the AVG Security Toolbar Free Edition, marks all web pages which are infected by zero day exploits and drive-by downloads. This powerful LinkScanner based technology works in real-time to provide comprehensive protection. Other programs rely on static databases and cannot protect you at the only time that matters – the time you click on a link.

TrendProtect TrendProtect is a free browser plug-in that helps you avoid Web pages with unwanted content and hidden threats. TrendProtect rates the current page and pages listed in Google, MSN, and Yahoo search results. You can use the rating to decide if you want to visit or avoid a given Web page. To rate Web pages, TrendProtect refers to an extensive database that covers billions of Web pages.

I’ve reviewed and recommended a bag full of Browser security add-ons in the past few weeks, or so. No disrespect intended to those developers who have the public’s interest at heart when they develop Browser security add-ons, but…..

Am I the only one who thinks that building protection into my Brower in this potluck fashion, has reached the height of ridiculousness?

Isn’t it long past the time, when a Browsers should be built with the most appropriate form of protection already on board?

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

17 Comments

Filed under Anti-Malware Tools, Browser add-ons, cybercrime, Don't Get Hacked, downloads, Firefox Add-ons, Freeware, Internet Safety Tools, Safe Surfing, Search Engines, Software, Windows Tips and Tools, WOT (Web of Trust)

17 responses to “Install “Search Engine Security” Firefox Add-on – Get Protection Against Fake Search Engine Results

  1. Pingback: Install “Search Engine Security” Firefox Add-on – Get Protection … | Download Free Software Now!

  2. Pingback: World Wide News Flash

  3. Jose

    It looks interesting but it’s quite new, not enough feedback.
    I’d stick with WOT (I’d stick with WOT anyway).
    Thanks Bill. (not the Gates one; but I thank that Bill as well).

    • LOL! Very good Jose. I wouldn’t mind being Bill Gates – even for one day.

      I agree. No matter what addons I test, I always leave WOT on. Wouldn’t be without it.

      Bill

  4. Pingback: Install “Search Engine Security” Firefox Add-on – Get Protection … | Firefox Blog

  5. Liam O' Moulain

    I’ll give this one a try Bill. But, yes I’m getting tired of even thinking about another security addon.

    Still, thanks for writing this up.

    Liam

  6. Mal

    Hey Bill,

    This looks like a very interesting addon and I will definitely be trying it out. Already using WOT, but you can never have enough security in my view.

    Cheers

    • Hey Mal,

      I just said to Jose (and I mean “just, since I’m in my Dashbooard at the moment), that no matter what addon I test, I always leave WOT on. I find the Gmail link checking absolutely invaluable.

      Still waiting to sort out that election mess, I hear. Seem a coalition might be the way to go. Could be not such a bad thing. Might just scare the hell out of all of them and the Great Wall gets kicked to the curb.

      Bill

      • Mal

        Hey Bill,

        Well, the coalition have already stated previously they will adopt an opt in approach, that is free filters for families who want them. But nothing mandatory. Which I like a lot. The result was a great kick up the pants of the Labour party, and so it should have been, they carried on like a pack of 5 year olds in the last year.

        Cheers

        • Hey Mal,

          The results in your election, and the “kick up the pants” delivered, has drawn great attention here, since our political parties are totally inept liars. The politicos are projecting that unless these morons make substantial changes in their approach to politics, we will see a repetition of what happened to your guys in Australia. I can hardly wait to see it happen. Up the Revolution!!

          Very cool the opt in approach is on the table for the Great Firewall.

          Best,

          Bill

  7. mrlokinight

    ###
    Hi Bill ~ I drift a good way off topic towards the end in the interest of added value

    I’m out of my depth here. Suspect I’m missing the point of this addon

    The software site recommends that the ‘Use Referer (sp) header:’ field not be left blank. I note that in your case you have entered your blog url
    Q1. What would I enter ~ not having a blog or the like ?
    Q2. The top pic gives Uvouch as MALWARE, but I don’t understand this (I take it that the word ‘MALWARE’ doesn’t appear in the browser – it’s an edit, but how would I know this search result is to be avoided ? )

    ###
    I’ve left the ‘referrer’ field blank for now & google-searched “rihanna nude”
    Observations:
    1] I get ‘SES on’ at top of the page
    2] Next week I’ll be saying “Rihanna – who?”…

    ** … But, I will never forget Herzigová & the “Hello Boys” Wonderbra campaign from 1994 ~ a sales bonanza. The added element of wit made all the difference to both sexes I guess:
    http://www.bbc.co.uk/cult/ilove/years/1994/fashion2.shtml

    ** Incidentally the Wonderbra was voted 5th in a poll for The Greatest Canadian Invention of ALL Time 🙂 :
    http://www.cbc.ca/inventions/

    Peace’n’Love ~ nightjar

    ###

    • Hey Nightjar,

      I can see how this might be a little confusing, so here’s the key –

      If you should click on a bad link in search results you will be directed to that site, just as with any link you click on. The bad guys can identify that your ripe for the plucking, since the header will include info from Google, Yahoo, or Bing, and the malware sitting on that site will be triggered (by the header), and downloaded to your machine. But if the header doesn’t include info from one of these previously mentioned search engines, then the malware download can’t be triggered, and you’ll escape being infected.

      The following is repetitive but – The benefit of this addon is, since you can’t always rely on your existing security addons to pick up bad sites (bad sites change almost daily), if you end up clicking on a bad link (not improbable), because the header (the one who have inserted), fools the site into thinking you didn’t come from a search engine, and the malware on the site is only programmed to download when triggered by the search engine header, you’ve escaped.

      Yes, you do get SES on at the top of the page simply to let me know the addon is up and running. Once you change the referrer header you’ll no longer see this. BTW, change the header to a site you trust. Any trusted site will do. You can, if you like, change it to my site address.

      The topic pic comes from SunBelt who have added the block text “malware” for illustrative purposes only.

      Thanks for the links. LOL I’m into inventions like this. 🙂

      Bill

      • mrlokinight

        Hi Bill

        Thank you. I’m not expecting a reply, but FYI…

        1] I put https://billmullins.wordpress.com into both fields & restarted
        I still can see ‘SES on’ in google search & I can only suppose this might be my “OptimizeGoogle 0.78.1” extension which amongst other things…
        contains security features related to SSL
        anonymizes the Google cookie UID &
        also doesn’t allow cookies to be sent to Google Analytics: https://addons.mozilla.org/en-US/firefox/addon/52498/

        Will try & investigate further

        2] I still don’t see from Sunbelt Software image how either link marked ‘MALWARE’ is recognizable as such by me – Sorry. I will think about this

        Nightjar

        • mrlokinight

          Hi Bill ~ no dice

          Disabled all extensions bar SES
          Disabled all plugins bar the ‘Mozilla Default plug-in’

          No change ~ I just get ‘SES on’ in Google

          I suppose it might be one of my edits in ‘about: config’, but I’m not changing those

          Regards ~ Nightjar

  8. Pingback: money making blog