Friday, November 06, 2009
Why you might want to install Noscript addon
The Noscript addon for Firefox makes Firefox even safer. It blocks executable content like Flash and other things that have caused browsers to be compromised before.
It is a pretty powerful defense against drive by web attacks. If you are not displaying/executing the content that is trying to attack you, it cannot do any harm.
Noscript will not stop image exploits so you still have to be concerned about where you go. Firefox just fixed some image-handling vulnerabilities this week. Image exploits for various file types like WMF, JPG, and GIF have cropped up on Windows. While I do not recall reading in the news about any attacks on Macs using them, I do recall some vulnerabilities involving them getting fixed on Macs.
Image file vulnerabilities make me uncomfortable because we never seem to get to a place on any computer where they are solved. And since browsers might use the operating system to display an image, that poses a problem for everyone who browses the web, reads newsfeeds, or reads email.
Flash is something different though. Flash is not a part of any web standards. Flash is a plugin that runs on IE and on Firefox. It follows their standards for plugins so it can run in the browsers.
Some sites need it to run but most do not. Some ads need it. Some ads actually exploit flaws in Flash to hack your computer. This keeps happening in recent years.
Even when running Firefox on a Macintosh, Flash vulnerabilities could hurt. The ones that were in the news last month used IE-specific technology. But someday the authors of Flash malware might embrace Firefox or even the Macintosh as well.
With Noscript, all they will get back is the cold shoulder!
For sites you really trust a lot and figure you can trust their ads, you can enable their content. If a site does not use Flash for ads, it poses less hazard. The safest ads I have noticed so far are the Google Adsense ads. I have managed to get them turned on yet myself but I have seen them enough times to notice I never see any images in them. I think more advertisers need to consider text-only ads as something worth looking into.
To get some protection against Flash for Safari web browser on the Macintosh computer, get the ClickToFlash webkit plugin.
Reducing malware risks just takes making safer choices.
It is a pretty powerful defense against drive by web attacks. If you are not displaying/executing the content that is trying to attack you, it cannot do any harm.
Noscript will not stop image exploits so you still have to be concerned about where you go. Firefox just fixed some image-handling vulnerabilities this week. Image exploits for various file types like WMF, JPG, and GIF have cropped up on Windows. While I do not recall reading in the news about any attacks on Macs using them, I do recall some vulnerabilities involving them getting fixed on Macs.
Image file vulnerabilities make me uncomfortable because we never seem to get to a place on any computer where they are solved. And since browsers might use the operating system to display an image, that poses a problem for everyone who browses the web, reads newsfeeds, or reads email.
Flash is something different though. Flash is not a part of any web standards. Flash is a plugin that runs on IE and on Firefox. It follows their standards for plugins so it can run in the browsers.
Some sites need it to run but most do not. Some ads need it. Some ads actually exploit flaws in Flash to hack your computer. This keeps happening in recent years.
Even when running Firefox on a Macintosh, Flash vulnerabilities could hurt. The ones that were in the news last month used IE-specific technology. But someday the authors of Flash malware might embrace Firefox or even the Macintosh as well.
With Noscript, all they will get back is the cold shoulder!
For sites you really trust a lot and figure you can trust their ads, you can enable their content. If a site does not use Flash for ads, it poses less hazard. The safest ads I have noticed so far are the Google Adsense ads. I have managed to get them turned on yet myself but I have seen them enough times to notice I never see any images in them. I think more advertisers need to consider text-only ads as something worth looking into.
To get some protection against Flash for Safari web browser on the Macintosh computer, get the ClickToFlash webkit plugin.
Reducing malware risks just takes making safer choices.
upgraded to Firefox 3.5 today
I finally upgraded from Firefox 3.0 to 3.5 today.
Firefox 3.5 has been out for a number of months. My reasons for not upgrading right away is that I wanted stability issues to be addressed and I wanted to wait for upgrades the addons I use to be upgraded.
Another thing that pushed me to make the upgrade is that I do not want to get left behind.
Old versions eventually get less attention from maintainers, for one thing. So there can be new vulnerabilities arising. That is not good for a program whose job it is to display files from the Internet all the time
There is more support for new standards in Firefox 3.5. HTML 5 is gonig to be a good deal and I wanted to be able to start authoring some pages that take advantage the increased support for it in Firefox. CSS 3 is another area where things are getting better and better.
Last week, Firefox 3.5 was patched to fix some possibly exploitable flaws in the graphic media libraries that arose during a retooling of them as part of the 3.0 to 3.5 evolution. I feel as confident about 3.5 as I did about 3.0 now. The paint is not wet anymore.
Flash has become a real risk though much less for me than a lot of people. The folks that are getting harmed by it are running Microsoft Windows and IE.
Unless I am testing web pages I am developing, running Windows Update to install security updates and bug fixes from Microsoft, or accessing a work-specific portal I give IE a wide berth.
I have been using the web since back in the old days when there was no IE or Netscape, just Mosaic. I have learned a thing or two. One of them is avoid the highest risk places, software, and media.
I also found out recently that the addons I use were as ready as they were going to get for 3.5.
Unfortunately, I had to say goodbye to Google "Bookmarks" as Google announced last month they are no longer going to support it. I have not used it in a good while so as brilliant a tool as it is, I probably will not miss it anytime soon. So addons, one of the things that usually holds me up a while when a new version of Firefox comes out are no longer an issue.
One of my relatives recently upgraded to 3.5 too and I wanted to stay in sync with them to make it easier to give tech support when they had questions or problems.
Firefox 3.5 seems really fast. I hope it stays this fast. I have noticed for years that when I do a browser upgrade as opposed to a minor patch, it really speeds up. Then it gradually slows down. Not sure if this has to do with some disk caching of pages or RSS feeds or what. If Firefox 3.5 keeps operating at the speed it is right now I am going to be extremely happy.
Firefox 3.5 has been out for a number of months. My reasons for not upgrading right away is that I wanted stability issues to be addressed and I wanted to wait for upgrades the addons I use to be upgraded.
Another thing that pushed me to make the upgrade is that I do not want to get left behind.
Old versions eventually get less attention from maintainers, for one thing. So there can be new vulnerabilities arising. That is not good for a program whose job it is to display files from the Internet all the time
There is more support for new standards in Firefox 3.5. HTML 5 is gonig to be a good deal and I wanted to be able to start authoring some pages that take advantage the increased support for it in Firefox. CSS 3 is another area where things are getting better and better.
Last week, Firefox 3.5 was patched to fix some possibly exploitable flaws in the graphic media libraries that arose during a retooling of them as part of the 3.0 to 3.5 evolution. I feel as confident about 3.5 as I did about 3.0 now. The paint is not wet anymore.
Flash has become a real risk though much less for me than a lot of people. The folks that are getting harmed by it are running Microsoft Windows and IE.
Unless I am testing web pages I am developing, running Windows Update to install security updates and bug fixes from Microsoft, or accessing a work-specific portal I give IE a wide berth.
I have been using the web since back in the old days when there was no IE or Netscape, just Mosaic. I have learned a thing or two. One of them is avoid the highest risk places, software, and media.
I also found out recently that the addons I use were as ready as they were going to get for 3.5.
Unfortunately, I had to say goodbye to Google "Bookmarks" as Google announced last month they are no longer going to support it. I have not used it in a good while so as brilliant a tool as it is, I probably will not miss it anytime soon. So addons, one of the things that usually holds me up a while when a new version of Firefox comes out are no longer an issue.
One of my relatives recently upgraded to 3.5 too and I wanted to stay in sync with them to make it easier to give tech support when they had questions or problems.
Firefox 3.5 seems really fast. I hope it stays this fast. I have noticed for years that when I do a browser upgrade as opposed to a minor patch, it really speeds up. Then it gradually slows down. Not sure if this has to do with some disk caching of pages or RSS feeds or what. If Firefox 3.5 keeps operating at the speed it is right now I am going to be extremely happy.
Labels: firefox
Hopefully, someday I will get this page to validate!
