Tag Archives: IFrames

Blog Comments That Make No Sense

Some time ago, TechPaul, in his Blog Tech – for Everyone, wrote a great piece on why FireFox users’ would benefit by installing the NoScript add-on. If you’re not familiar with NoScript, the developer describes it this way:

“The NoScript Firefox extension provides extra protection for Firefox, Flock, Seamonkey and other mozilla-based browsers: this free, open source add-on allows JavaScript, Java and Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank), and provides the most powerful Anti-XSS protection available in a browser.”

So I was more than a little surprised, to see a recent reader comment referencing this article, in which the reader (a self described “web developer”), complained:

“Ok, great! Block Javascript, IFrames, Flash and the like. Why not go ahead and block web sites from loading on browsers from now on? At some point you have to get real about web browsing. What you are doing by spreading this so called information is causing panic, and making people scared to browse”.

My immediate response after reading this uninformed reader’s comment was – What planet are you living on? What internet are you surfing?  How could you be totally unaware of the following?

Trojan horse programs

Back door and remote administration programs

Denial of service

Being an intermediary for another attack

Unprotected Window shares

Mobile code (Java, JavaScript, and ActiveX)

Cross-site scripting

Email spoofing

Email-borne viruses

Hidden file extensions

Chat clients

Packet sniffing

Yes, uninformed reader, you must be right – TechPaul and the following informed users, and reviewers, must be wrong.

CNET News: “Giorgio Maone’s NoScript script-blocking plug-in is the one-and-only Firefox add-on I consider mandatory.” (March 9, 2009, Dennis O’Reilly, Get a new PC ready for everyday use)

Forbes: “The real key to defeating malware isn’t antivirus but approaches like Firefox’s NoScript plug-in, which blocks Web pages from running potentially malicious programs” (Dec 11, 2008, Andy Greenberg, Filter The Virus Filters).

PC World: Internet Explorer 7 Still Not Safe Enough because it doesn’t act like “NoScript […] an elegant solution to the problem of malicious scripting

New York Times: “[…] NoScript, a plug-in utility, can limit the ability of remote programs to run potentially damaging programs on your PC“, (Jan 7, 2007, John Markoff, Tips for Protecting the Home Computer).

The Washington Post security blog compares MSIE “advanced” security features (like so called “Zones”) to Firefox ones and recommends NoScript adoption as the safest and most usable approach.

The final part of this uninformed reader’s self serving comment was as follows:

“ If you have half decent anti everything, the real nasties will be blocked by them and the need for these add-ons won’t be there. This is not great news for web developers!!!”

One of the aims of Bloggers like TechPaul, Sir, is to offer information to readers which allows them to determine, based on real information, what steps they need to take in order to enhance security to a level which is appropriate for their needs.

A self described “web developer”, such as you, would be well advised to keep the needs of his clients, and end users, uppermost in his mind. Otherwise,it seems to me, you may not remain a web developer, ‘”self described”, or otherwise, for very long.

6 Comments

Filed under Browser add-ons, Don't Get Hacked, Interconnectivity, Internet Safety Tools, Online Safety, Personal Perspective, Windows Tips and Tools