Running Firefox as another user, using sudo
As the browser is one of the most common points of entry into a system, it makes sense to do everything that is possible to secure it.
Any sane user will never browse the web as root (or an account with Administrator access in Windows*), as any malware would then be able to do anything on the whole machine.
* This is insane. If you do it, you deserve everything you get.
So, in Linux, of course I use my normal user account, and trust in the fact that Linux, on an AMD64 processor is fairly safe.
However, this means that should my browser be compromised, the only files it can alter/delete are the ones owned by my own user account. Which is pretty much everything.
So, although something bad wouldn't mean I'd have to reinstall my box, I'd have lost all my files.
To see what files and directories you have write access to now, try this:
find / \( -user $USER -perm +u=w \) -o \( -perm +o=w \)
Solution? Run your browser as another user.
/bin/su - adduser -m ff (Don't assign it a password) visudo
(If you don't have visudo, install sudo - emerge sudo)
This will open up a vi window.
Add the following lines to it
User_Alias X_USERS = yourusername Defaults:X_USERS env_reset Defaults:X_USERS env_keep += DISPLAY Defaults:X_USERS env_keep += XAUTHORITY yourusername yourhostname=(ff) NOPASSWD: /usr/bin/firefox
Then transfer your whole .mozilla dir to the ff user directory.
mv ~yourusername/.mozilla ~ff/ -iv chown ff:users ~ff/.mozilla/ -Rfv
Exit out of the root shell, back to your normal user account.
Add this to /etc/conf.d/local.start (In Gentoo) so you don't have to remember to run it each time.
sudo -u ff -H firefox
Change your standard Firefox launch icon to run this command each time.
You should see a Firefox window pop up, with all your old bookmarks, settings, etc. However, it's running now as "ff".
This means that you can't access any files that the user ff can't access. Which hopefully should include all your files.
Create a directory in ~ff/, and change the permissions to allow your normal user account to read and write files there. You can use this to copy files between your two accounts.
To see what files and directories ff can write to, run:
find . \( -user ff -perm +u=w \) -o \( -perm +o=w \)
It should be much less than before.
(In Windows, you can look into the runas command.)
You can also use this system for maintaining multiple brower "personalities" - so that advertisers can't link user A at site X with user B at site Y.
This was tested on Gentoo Linux, running KDE, and Firefox 2. It works for me.
For further browsing enjoyment, install the Adblock, NoScript, and Flashblock plugins, extensions, add ons (or whatever they're called this week).