katycomputersystems 1 Posted March 16, 2021 Share Posted March 16, 2021 Thankfully, I find LastPass is loaded with the Secure version of Chrome, other extensions are not. Is a list of acceptable extensions documented somewhere? Can this list be edited. For example, what if I have a client using Bitwarden and we find out, it's not on the list of acceptable extensions. What to do? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,399 Posted March 16, 2021 Administrators Share Posted March 16, 2021 2 minutes ago, katycomputersystems said: For example, what if I have a client using Bitwarden and we find out, it's not on the list of acceptable extensions. What to do? You can report it through your local ESET support. However, if the password manager is not commonly used by ESET users it won't be added since each trusted extension creates additional costs due to updates of the extension. Link to comment Share on other sites More sharing options...
katycomputersystems 1 Posted March 16, 2021 Author Share Posted March 16, 2021 How do we get a list of trusted extensions? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,399 Posted March 16, 2021 Administrators Share Posted March 16, 2021 6 minutes ago, katycomputersystems said: How do we get a list of trusted extensions? There is no such public list. Link to comment Share on other sites More sharing options...
itman 1,786 Posted March 16, 2021 Share Posted March 16, 2021 Fortinet has a blog article on the state of Chrome and FireFox extension here: https://www.fortinet.com/blog/threat-research/browser-extensions-a-new-threat . Although a bit dated, the article sums up that extension vetting is pretty much left to the browser developer. Current published articles on Google periodically pulling en mass extensions from its Store due to malicious status is de facto proof it does not perform an adequate job in its vetting process. Bottom line is extension use should be closely controlled in any commercial environment. Link to comment Share on other sites More sharing options...
itman 1,786 Posted March 16, 2021 Share Posted March 16, 2021 I will add that Firefox does have a recommended list of browser extensions here: https://addons.mozilla.org/firefox/search/?recommended=true&type=extension Quote Recommended extensions differ from other extensions that are regularly reviewed by Firefox staff in that they are curated extensions that meet the highest standards of security, functionality, and user experience. Firefox staff thoroughly evaluate each extension before it receives Recommended status. Link to comment Share on other sites More sharing options...
katycomputersystems 1 Posted March 16, 2021 Author Share Posted March 16, 2021 itman, you points are well-taken, however the day is going to come when a client wants to use their password manager to log into their bank and for whatever reason hates LastPass (actually there are a few reasons to hate LastPass starting with the PE firm holding title to the code) they will then say John what extension can I use. I will not have an answer. It seems like a silly eset position to take. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,399 Posted March 16, 2021 Administrators Share Posted March 16, 2021 If it was possible to allow any extension in the secure browser then it would not be secure anymore. If there are enough users who use a particular password manager extension, it shouldn't be a problem to add it. Therefore I'd recommend reporting it as a whish through your local ESET distributor. The more people request it, the higher chances it could be added. Link to comment Share on other sites More sharing options...
katycomputersystems 1 Posted March 16, 2021 Author Share Posted March 16, 2021 We purchase directly from eset. I see Bitwarden is one of the accepted password managers, Bitwarden is the password manager we recommend when clients don't want to use LastPass. I completely agree and applaud the blocking of extensions in secure browser. It is the lack of documentation that causes heart-burn. Link to comment Share on other sites More sharing options...
Recommended Posts