Friday, November 06, 2009
Why you might want to install Noscript addon
The Noscript addon for Firefox makes Firefox even safer. It blocks executable content like Flash and other things that have caused browsers to be compromised before.
It is a pretty powerful defense against drive by web attacks. If you are not displaying/executing the content that is trying to attack you, it cannot do any harm.
Noscript will not stop image exploits so you still have to be concerned about where you go. Firefox just fixed some image-handling vulnerabilities this week. Image exploits for various file types like WMF, JPG, and GIF have cropped up on Windows. While I do not recall reading in the news about any attacks on Macs using them, I do recall some vulnerabilities involving them getting fixed on Macs.
Image file vulnerabilities make me uncomfortable because we never seem to get to a place on any computer where they are solved. And since browsers might use the operating system to display an image, that poses a problem for everyone who browses the web, reads newsfeeds, or reads email.
Flash is something different though. Flash is not a part of any web standards. Flash is a plugin that runs on IE and on Firefox. It follows their standards for plugins so it can run in the browsers.
Some sites need it to run but most do not. Some ads need it. Some ads actually exploit flaws in Flash to hack your computer. This keeps happening in recent years.
Even when running Firefox on a Macintosh, Flash vulnerabilities could hurt. The ones that were in the news last month used IE-specific technology. But someday the authors of Flash malware might embrace Firefox or even the Macintosh as well.
With Noscript, all they will get back is the cold shoulder!
For sites you really trust a lot and figure you can trust their ads, you can enable their content. If a site does not use Flash for ads, it poses less hazard. The safest ads I have noticed so far are the Google Adsense ads. I have managed to get them turned on yet myself but I have seen them enough times to notice I never see any images in them. I think more advertisers need to consider text-only ads as something worth looking into.
To get some protection against Flash for Safari web browser on the Macintosh computer, get the ClickToFlash webkit plugin.
Reducing malware risks just takes making safer choices.
It is a pretty powerful defense against drive by web attacks. If you are not displaying/executing the content that is trying to attack you, it cannot do any harm.
Noscript will not stop image exploits so you still have to be concerned about where you go. Firefox just fixed some image-handling vulnerabilities this week. Image exploits for various file types like WMF, JPG, and GIF have cropped up on Windows. While I do not recall reading in the news about any attacks on Macs using them, I do recall some vulnerabilities involving them getting fixed on Macs.
Image file vulnerabilities make me uncomfortable because we never seem to get to a place on any computer where they are solved. And since browsers might use the operating system to display an image, that poses a problem for everyone who browses the web, reads newsfeeds, or reads email.
Flash is something different though. Flash is not a part of any web standards. Flash is a plugin that runs on IE and on Firefox. It follows their standards for plugins so it can run in the browsers.
Some sites need it to run but most do not. Some ads need it. Some ads actually exploit flaws in Flash to hack your computer. This keeps happening in recent years.
Even when running Firefox on a Macintosh, Flash vulnerabilities could hurt. The ones that were in the news last month used IE-specific technology. But someday the authors of Flash malware might embrace Firefox or even the Macintosh as well.
With Noscript, all they will get back is the cold shoulder!
For sites you really trust a lot and figure you can trust their ads, you can enable their content. If a site does not use Flash for ads, it poses less hazard. The safest ads I have noticed so far are the Google Adsense ads. I have managed to get them turned on yet myself but I have seen them enough times to notice I never see any images in them. I think more advertisers need to consider text-only ads as something worth looking into.
To get some protection against Flash for Safari web browser on the Macintosh computer, get the ClickToFlash webkit plugin.
Reducing malware risks just takes making safer choices.
Hopefully, someday I will get this page to validate!