2.11 Given a scenario, configure relevant security settings in a browser.
📘CompTIA A+ Core 2 (220-1202)
1. What Are Browser Extensions and Plug-ins?
Browser extensions and plug-ins are small software components that add extra features to a web browser.
- Extensions
- Installed inside the browser
- Add or change browser features
- Examples of what they do in an IT environment:
- Block ads
- Manage passwords
- Check grammar
- Control downloads
- Plug-ins
- Older browser add-ons used to run specific content
- Often require deeper access to the system
- Many modern browsers now block or limit plug-ins due to security risks
Exam note: CompTIA focuses more on extensions today, but you must still understand plug-ins for security reasons.
2. Why Extensions and Plug-ins Are a Security Concern
Extensions and plug-ins can:
- Read website data
- Track browsing activity
- Modify web pages
- Access files or system resources
If they are not secure, they can:
- Steal login credentials
- Install malware
- Redirect users to malicious websites
- Collect private information without permission
Because of this, where an extension or plug-in comes from (its source) is very important.
3. Trusted Sources
What Is a Trusted Source?
A trusted source is an official and verified location where browser extensions or plug-ins are safely distributed.
Examples in an IT environment:
- Official browser extension stores
- Chrome Web Store
- Mozilla Firefox Add-ons
- Microsoft Edge Add-ons
These stores:
- Review extensions before publishing
- Check for malware
- Provide updates automatically
- Allow user reviews and ratings
Why Trusted Sources Are Important
Extensions from trusted sources:
- Are less likely to contain malware
- Receive regular security updates
- Can be disabled or removed easily by administrators
- Follow browser security policies
Best Practices for Trusted Sources (Exam-Relevant)
For CompTIA A+ exams, you should know that a technician should:
- Install extensions only from official browser stores
- Check:
- Developer name
- Number of downloads
- User ratings and reviews
- Keep extensions updated
- Remove unused or unnecessary extensions
- Use browser settings or policies to:
- Allow only approved extensions
- Block unauthorized installations
Exam tip: If a scenario asks how to reduce browser security risks, choosing trusted sources only is the correct answer.
4. Untrusted Sources
What Is an Untrusted Source?
An untrusted source is any website or location that is not officially approved by the browser vendor.
Examples:
- Random websites offering browser add-ons
- Email attachments claiming to be extensions
- Pop-ups asking users to install extensions
- Download links from unknown developers
Risks of Untrusted Sources
Extensions or plug-ins from untrusted sources may:
- Contain malware or spyware
- Capture keystrokes (keylogging)
- Hijack browser settings
- Redirect traffic to malicious websites
- Bypass browser security controls
These risks are higher because:
- The code is not reviewed
- Updates may include hidden threats
- The source may disappear after causing damage
Exam-Focused Security Actions Against Untrusted Sources
For CompTIA A+ exams, you should know that a technician should:
- Never install extensions from unknown websites
- Disable:
- “Allow extensions from outside the store”
- Use browser security settings to:
- Block unverified extensions
- Warn users about suspicious downloads
- Remove extensions that:
- Were installed without permission
- Request excessive permissions
- Reset browser settings if malicious extensions are detected
Exam tip: If an extension is causing browser redirects or unusual behavior, the correct action is usually remove the extension and scan the system.
5. Managing Extensions and Plug-ins Securely
Key Security Settings to Know (Exam Important)
A technician should know how to:
- View installed extensions
- Enable or disable extensions
- Remove suspicious extensions
- Review extension permissions
- Block plug-ins by default
Modern browsers often:
- Disable unsafe plug-ins automatically
- Require user permission for extensions
- Warn users if an extension is risky
Extension and Plug-in Permissions
Extensions may request access to:
- All websites
- Browsing history
- Downloads
- Clipboard data
Security rule:
If an extension requests more access than needed, it should not be trusted.
6. Key Differences: Trusted vs Untrusted Sources
| Feature | Trusted Source | Untrusted Source |
|---|---|---|
| Verified by browser vendor | Yes | No |
| Malware scanning | Yes | No |
| Automatic updates | Yes | Rare or none |
| User reviews | Available | Usually not |
| Security risk | Low | High |
7. Exam Summary (Must Remember)
For CompTIA A+ Core 2 (220-1202), remember:
- Extensions and plug-ins can be security risks
- Always install from trusted sources only
- Avoid extensions from:
- Unknown websites
- Emails
- Pop-ups
- Regularly:
- Review installed extensions
- Remove unused or suspicious ones
- Plug-ins are mostly deprecated due to security risks
- Managing extensions is part of browser security configuration
