Blocking iframes

Discussion in 'other software & services' started by Gullible Jones, Feb 21, 2013.

Thread Status:
Not open for further replies.
  1. Gullible Jones

    Gullible Jones Guest

    A lot of malware seems to be spread by iframes embedded hostile content; and off the top of my head, I can count one single website I know of that uses iframes legitimately (that would be WineHQ). I'm thinking it would be high time to start blocking these things.

    I figure Privoxy should be able to do the job easily, for HTML iframes on plain HTTP pages... But what about JS generated iframes?

    Alternatively, for browser-based blocking - I know Firefox/Noscript can handle this, but what about other browsers? Chrome? Opera? IE?
     
    Gullible Jones, Feb 21, 2013
    #1
  2. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,066
    Location:
    Canada
    If you have Pro version or higher of Windows...

    Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Launching applications and files in an IFRAME

     

    Attached Files:

    wat0114, Feb 21, 2013
    #2
  3. sm1

    sm1 Registered Member

    Joined:
    Jan 1, 2011
    Posts:
    570
    So if we answer the query by internet explorer correctly we will be safe from malicious iframes right?
     
    sm1, Feb 22, 2013
    #3
  4. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    Opera lets you control frames globally:

    opera_frames.jpg

    and per site:

    opera_frames2.jpg

    ----
    rich
     
    Rmus, Feb 22, 2013
    #4
  5. JeffreyCole

    JeffreyCole Developer

    Joined:
    Dec 29, 2012
    Posts:
    433
    Ad Muncher handles this well.

    It blocks many forms of malicious iframes, even ones generated by scripts but without causing any collateral damage.

    I.E. the sites you want to work, will work, but you'll be protected at the same time.
     
    JeffreyCole, Feb 22, 2013
    #5
  6. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    Quite a few sites I frequent, use them. Here is time.com:

    opera_iframes.gif


    ----
    rich
     
    Rmus, Feb 22, 2013
    #6
  7. Gullible Jones

    Gullible Jones Guest

    Thank you very much for the answers. :)

    Edit: NY Times works for me without iframes in Opera. Maybe because I don't have a subscription? Or maybe because they only use them for ads...
     
    Last edited by a moderator: Feb 22, 2013
    Gullible Jones, Feb 22, 2013
    #7
  8. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    I turned off i-frames on time.com and two advertisements and several banners did not display. Everything else is functional. The banners are for content on other parts of the web site.

    All of these i-frames are loaded via a script, so when I disable javascript on time.com, the i-frames don't display, even though turned on in the site Preferences.


    ----
    rich
     
    Rmus, Feb 22, 2013
    #8
  9. Gullible Jones

    Gullible Jones Guest

    Hmm. Is it possible to block JS-based iframes in Adblock Plus?
     
    Gullible Jones, Feb 26, 2013
    #9
  10. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,297
    As per the example by Rmus in post #4, I tried those settings and Ghostery doesn't work, even after I allowed javascript for individual sites.

    So I have allowed, globally. A risk, no doubt! ;)
     
    Tarnak, Feb 26, 2013
    #10
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...