Antivirus Chrome extension. Do you actually need it?

Published by Adrian in Web Security

Not sure if you really need a security extension for Chrome? The thought of yet another browser extension might make you roll your eyes. But you do need a reliable antivirus extension for your internet browser! With so many threats that specifically target Google Chrome, an extension that will enhance privacy and security becomes mandatory.

You might not be aware of all the perils out there. Even though you’re facing it every time you launch a web browser and start surfing the web.

And the malware you might easily become vulnerable to, at some point… simply because you let your web browser store certain pieces of information? It’s hard to believe it until you see it. The thing is, however, that you have plenty of chances to see it firsthand.

Your antivirus can have a hard time blocking what’s coming from your web browser. Threats that can go from minor inconveniences to significant, life-shattering events. So, make no mistake! Dedicated security for the web browser itself can only help increase your protection.

You’re already raising an eyebrow right now? Bear with me for a moment.

You’re guaranteed to find out things that will change your mind. Possibly your life, too. Hopefully, for the better.

Your web browser, their front door to phishing attacks

Is Google Chrome the browser you rely on to access the web? Every time you use it, Chrome learns a little bit more about you. About your preferences and your needs. And it stores that information in order to provide you with a more valuable, customized experience.

You certainly enjoy seeing relevant ads for the things you want to bring into your life.

You love the comfort of not having to type all of your passwords.

Or the convenience of not having to manually fill in the forms whenever you sign up to a new service or website.

But have you ever paused and thought for a minute…

What if all that information of yours will get into some not-so-friendly hands?

Did you know that there are people out there with the sole purpose of getting their hands on the personal information you store within your web browser?

Needless to say, this makes your whole web surfing experience quite risky.

Those people know how much trust you put into your web browser. And so, they never cease trying to crack the Google Chrome security mechanisms. The thing is they don’t even need to try too hard.

The Chrome browser can serve as a gate to quite a few common browsing security threats. All of which are strong reasons for you to add some kind of antivirus Chrome protection. And while I promise to give you a couple of suggestions on this topic, we’re not quite there, yet.

First, we’d like to emphasize those threats, so you’ll know better what you’re putting up with. And so that you’ll have no doubt about the importance of yet another web extension – this time, a security extension.

The 2 issues that make a security extension a must-have

On one hand, the way your web browser works right now, it doesn’t make it too hard for hackers to use it against you. On the other hand, even those third-party extensions you’re currently running don’t make your security their priority.

Sure, those extensions are useful and nice to have. But because they don’t put much emphasis on security, they can pose as a vulnerability in itself. And that’s when adding extra protection to the web browser can close some of the gaps that they create through your defense wall.

Google itself emphasizes the risks that extensions can bring in terms of security. It makes it clear that browser extensions have, by definition, access to special privileges within a browser’s operation mode.

What’s worse, when such an extension is compromised, every single one of its users is compromised. Those people become vulnerable to malicious actions. So, it only makes sense for extensions to be an extremely attractive target for attackers.

Google is working to fix that, especially after the scandal with its Google+ vulnerability hidden until exposed by a Wall Street Journal report. Part of its efforts implies requiring browsing extensions to request just the minimum amount of data to function properly. That, and promoting a series of browser development best practices.

If you’re curious to find out more about the latter, check their security guide.

Now, back to the first issue that I mentioned in this section… How can hackers use your web browser against you?

For starters, your browsing history and stored cookies can tell a lot more than you think. The autofill information I mentioned you enjoy can also play like an open book. Whereas your saved login credentials can do more harm than good.

Let’s take them one at a time…

Your browsing history and stored cookies can tell a lot more than you think

What if they can see exactly what websites you’ve been to?

Well, the websites you visit paired with when exactly you’re visiting it can reveal your browsing behavior patterns. Someone with the right knowledge can use those patterns either to expose you to better targeted ads. Or to orchestrate phishing attacks against you.

If they know you’re a regular visitor to a particular website, they can start using that website as bait to all sorts of phishing attempts. You will be more likely to fall for one of their tricks when a favorite website of yours is being used, won’t you?

Even worse, if you are a regular customer of, let’s say, sportswear on Amazon… Your bank won’t find it suspicious if your compromised credit card will start showing purchases for similar items from the same source. It will fit your purchasing profile, right? So, never mind that it’s being used by someone who hacked your credit card details…

If I had to add, the cookies stored on your device may reveal just as relevant information about your online actions.

The autofill information is like an open book for anyone willing to read it

An open book of the information you provide most often when you go online.

Letting someone know your full name might not sound too scary. But how about knowing what email addresses you use most often to register for particular services? Or your physical home address and postal code? Even your phone number?

All these can tell an attacker more than you’d want!

Your saved login credentials can do more harm than good

You clearly had the best intentions in mind when decided to start letting Chrome store your web passwords. But if you also have the habit of bookmarking those websites, you’re heading for a fall.

Anyone who gets access to your device can see what websites you use and have the login credentials at hand. As long as you’re not required to go through the two-factor authentication process every single time, the dangers are real.

Most websites use the two-factor authentication only to confirm that your device is safe for login. So, if anyone else is trying to connect to that website from a different device, the two-factor authentication will be, once again, required.

But what if someone other than you will access that website, in your name, from your device? In that case, the two-factor authentication becomes useless. Unfortunately, that’s not the worst thing that can happen!

The worst thing is if someone gains access to your email account. From there, a hacker can reset your password to pretty much any other service or website you’ve registered to, using that password.

If I was to sum up…

Certain people, with certain knowledge, can find out many things about you. The solution isn’t to stop using your web browser altogether. But rather to start taking measures against the entire above.

Measures against people trying to steal your personal information or banking account details.

Measures against people trying to track your moves, learn your habits and preferences, and exploit them all.

Measures against people trying to impersonate you or use your profile for all kinds of malicious actions.

All of which are possible through your web browser.

Next, I will walk you through some of the most popular and best-rated antivirus or Security Chrome extensions. People also call them security extensions. And they can help with lots of things, providing you ad-blocking, anti-tracking, and even password management solutions.

1.   Avast Online Security

The Avast Browser Security and Web Reputation Plugin is one of the best-rated security products you can use with your Google Chrome browser. On one hand, it brings a wide range of security features, just like many other extensions of this kind. On the other hand, it makes a particularly appealing choice due to Avast’s famous website reputation system.

The force that a 220M+ users community brings is hard to beat. And it certainly gives you extra confidence when it comes to trusting this product’s security feedback. But what kind of feedback would that be, you wonder?

For starters, Avast Online Security for web browsers piles up loads of data on phishing sites around the world. Whenever you try to visit one of them, it will issue specific warnings, according to the information it finds in its huge database.

But before you get to access a bad reputation website, the extension will even show you a rating for it. It all happens right in the search results window, where next to the website’s link, you’ll see the rating.

The colorful marks – red, green, or gray – will also tell you if a website is malicious, safe, or if it just hasn’t been rated so far.

As a user of this tool, you too will get the chance to give your security feedback on the websites you access. You can rate it with a thumbs-up or a thumbs-down, bringing a personal contribution to the system.

On top of this, the plugin helps you to avoid being followed online. It blocks the analytics sites and the nosy advertisers from keeping track of your online actions. It helps you block cookies. And it lets you tweak a series of other data collection mechanisms.

All you need to do is to right-click its toolbar icon and head to the Options menu. You’ll see everything you can block in there. I strongly advise you to have a go at it and check all of its options.

2.   HTTPS Everywhere

HTTPS Everywhere is an extension that makes browsing more secure by encrypting communication. It does so with an overwhelming selection of major websites. And it is compatible with Google Chrome, but also with Firefox and Opera.

Now, if you know even the slightest thing about the importance of HTTPS connections and SSL certificates, you’ll want to take a look at it. Just as natural, you might already be telling yourself that this isn’t the only tool out there that promises to offer support with encryption over HTTPS. What sets it apart, you wonder?

For once, it is how easy it makes it for the end-user to benefit from encrypted technology. Plus, it fixes many of the problems that other tools bring along. All through a smart technology that can rewrite requests and automatically switch connections. From the shady HTTP to the well-praised HTTPS connectivity, it protects you in an instant.

And did I mention that it also helps you counteract many common forms of surveillance? Or that it fights back censorship and account hijacking? Go ahead and take a peek at it. Click on its dedicated toolbar icon, right after installation.

You’ll see that the option to enable HTTPS is active by default. If you want it to stop you from accessing an insecure HTTP site, make sure you activate the EASE feature – Encrypt All Sites Eligible. If you’re extra curious, you can always look up in its settings for a list of all the websites that the extension forced the HTTPS for.

Don’t really know what we’re talking about? Do yourself a favor and read more in our comprehensive guide about the importance of HTTPS and the SSL certificates, here.

If you’ve come this far, you probably have one specific question in mind. Will this security extension for Chrome force HTTPS with any website out here? The answer is no, not with ANY, but certainly with MANY.

For those where it cannot force it, a privacy error will pop-up. To continue navigating on those websites, you’ll need to disable the extension. The advantage, however, is that you do it consciously, meaning you will be well-aware that you are entering a website without HTTPS encryption.

3.   Click&Clean

Remember all those things I keep telling you to do in order to protect your privacy online? Click&Clean can help with it all, in a simple and intuitive manner. Instead of you having to manually go through all the settings of the Google Chrome browser, you can stick to the Click&Clean panel.

From there, you can delete browsing history, cache, and stored cookies. You can choose to navigate incognito or to run privacy checks. You can even scan specifically for malware. And, of course, there are many other options available there.

In a nutshell, the control panel of this  Chrome extension lets you either choose a protection level or manually tweak all the options. For the former, the protection levels go from low to high. If you want to take care of everything yourself, go for the manual check of all the options I mentioned above.

Using this extension as a part of your common-sense protection mechanisms when surfing the web seems natural. But it is also a great option to have at hand, for situations like the ones when your online security is compromised. You want to erase everything as fast as possible. And you can do it with ease, without having to look in more than one place.

As a side note, the extension can even clear the bites of information stored when you navigated Incognito. The list of unexpected – but welcomed – features also includes alphanumerical password generation. And you get to choose the length of those passwords. How do you like that?

4.   Ghostery

Ghostery pretty much aims to offer you a ghost-like web navigation experience. It protects your privacy and it blocks the potentially annoying and intrusive ads. By doing so, it also speeds up your web browsing.

It can do things automatically, notifying you of the latest events. Or it can let you manually check the available information when you’re on a specific website.

Say you’ve landed on some website. If you click the Ghostery icon, you will be able to see the active trackers on categories such as advertisements, analytics, or social media. And you can manually tweak permissions from there.

At the opposite end of the Ghostery experience, you can let this Chrome security extension run in the background. When it finds a tracker, it will block it and notify you about it.

Whenever you want, you can go back and check the blocked trackers, for a more general review of its activity. All in all, I find it to be a pretty cool and effective option for handling trackers.

Knowing who’s looking over your shoulder is a must, these days. So, don’t ignore the opportunity that Ghostery is bringing your way.

5.   Adblock Plus

After seeing an option that blocks both ads and tracking, we’re now introducing you to one of the most popular ad blocker options available out there.

Adblock has over 10 million users around the world, which speaks for its popularity and efficiency.

At its core, Adblock Plus lets you block all ads without discussion, or at least whitelist some of your favorite websites and the ads that come through it. The latter means you have the option to configure a list of Acceptable Ads, the ones that are either not-too-intrusive or necessary for the website to keep offering you free content.

To top it off, it lets you manually flag a specific type of content that you consider an ad and that you no longer wish to see. Just access its icon from the toolbar and look for the Block Element option.

Simply put, you’re supposed to prevent advertisers from tracking your moves. But, also, to see fewer ads. And to reduce the risks of encountering malvertising, meaning to get malware from simply visiting a website.

Here are 5 things to keep in mind before adding a Chrome extension

As I said, many threats can target you when surfing the web via Google Chrome. But because Chrome is the most popular web browser in the world, there’s a myriad of solutions out there that developers are taking out.

It’s not easy to stick to just one. Though it should be easier if you keep a few best-practices in mind. To choose your Chrome extensions safely – and I mean any extension out there, not just your security Chrome extensions – you’d have to:

  1. Keep an eye on the rating that the extension got so far. Ideally, pick one with a minimum of 4.3 stars if you can’t find anything higher for your area of interest.
  2. Take the time to read other users’ reviews. You are guaranteed to find some useful information in there, too. Sometimes, more useful information than the one provided by the developer.
  3. Do your best to find out exactly who is the developer. The source of an extension can make the difference between a blissful and a painful experience with that extension.
  4. Always keep a minimum number of Chrome extensions installed. Use only the ones you really need because, as we’ve seen, the more you install, the riskier it can get. Plus, it can slow down your browser.
  5. And always pay close attention to the permissions required by each extension. If you ever happen to notice a previously installed extension suddenly asking you for new, different permissions, there’s a chance it has been compromised!

Last but not least… Make sure you also run some anti-malware solution, if not an effective antivirus software. The Google Chrome security extension should complement the security provided by your regular antivirus.

In cybersecurity, they say the risk is a multiplication of likelihood and impact. To minimize the risk, you have to minimize either the likelihood of encountering a threat, or the impact it may have on you, once it hits you. With the best security Chrome extension out there, you should be working on minimizing both the likelihood and the impact!