Recently, I ran ClamTK on my Home directory and it discovered about 30 instances of malware that came from Firefox with Privacy Badger add-on. Interestingly, no malware came from my Brave or Chromium browsers that I also use. Most of the malware found looked like this:
This is making me no longer trust Firefox and I was wondering what privacy and secure browsers I can use instead of Firefox. On other platforms I used Librewolf but I don’t think it works on Manjaro.
It is hard to comment on that without context. Were were these found? In extensions? In cache? Well those are things that you have control on - visiting malicious sites or downloading bad extensions.
Besides, PUAs can often be false positives.
Consider emptying your Firefox caches, and installing UBlock Origin instead of PrivacyBadger. I would question whether ClamTK is presenting too many false positive detections; or whether any such malware as you have labelled it is possibly coming from a Windows installation (if Firefox Sync is used, for example).
Then go in Option> Privacy& Security>
check Delete cookies and site data when Firefox is closed.
check Always use private broswing mode.
uncheck Autofill
OK, thanks for the suggestions. I removed Privacy Badger and added Ublock Origin to Firefox. I cleaned the history as usual.
Then, I ran ClamTK again and it found 3 more PUA’s in Firefox cache. I can’t see any way to copy the scan results in ClamTK and I wasn’t able to pinpoint a ClamAV log file. Sorry. Maybe someone can show me how to find the ClamAV log files.
It should also be noted that Firefox is a free, open source browser, which would make embedding malware without any of its millions of users noticing a near-impossible task.
Another option which pretty much obviates uBlock is to merge /etc/hosts with the file available at https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts which blocks thousands of known malware domains (as well as advertising servers, trackers, etc) at the DNS level, so they never get anywhere near your computer.
Another useful addition is https://raw.githubusercontent.com/jmdugan/blocklists/master/corporations/facebook/all which blocks everything owned by Zuckerberg’s surveillance operation.
Both files are updated regularly, so it’s worth setting up a systemd timer to re-do the merge from time to time.
A hosts file can be quite fiddly to set up with Firefox, which uses its own DNS settings for DNS-over-HTTPS, thus bypassing the system’s DNS settings. I’m sure there are ways to do it (possibly even addons available that will make it easy), but I tried using a hosts file a few years ago & gave up in the end. It was much easier to go down the path of uBlock Origin & a few other addons to improve security. A lot depends on the security level set by the user in Firefox’s preferences.
its store of malware signatures will be detected by another malware detector as malware itself. 