Top 10 Firefox extensions to avoid

Discussion in 'other software & services' started by ronjor, Apr 10, 2007.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,779
    Location:
    Texas
    Article
     
  2. Lamehand

    Lamehand Registered Member

    Joined:
    Mar 2, 2006
    Posts:
    428
    Location:
    the Netherlands,very near to the North sea
    The message regarding Adblock and Noscript seems to be to get rid of them, the poor litlle dot com boys can't get their crap in, very lame stuff indeed.

    And always using that stupid argument; 'without advertising there would not be an internet'

    Lamehand
     
  3. tayres

    tayres Guest

    At least they're clear about whose interests determined that recommendation.
     
  4. strangequark

    strangequark Registered Member

    Joined:
    Jun 22, 2005
    Posts:
    296
    Location:
    OZ
    I read this last night before it got posted here by Ron, and almost had to check my calender t see if it was April 1st. Lamehand points out their pathetic and predictable comments over Adblock. But it's their remarks on Noscript I find a worry, particularly this bit of advice.
    Change it just a little to see how silly that sounds.
    Does locking your car make it safer? Sure. Is it worth the hassle? No. For some reason, paranoia seems to be cool among BMW drivers, but for the most part, it is totally unwarranted unless you own an expensive car.

    The only trouble is we know, or at least in Oz, that it's the old family car that is targeted much more than the expensive ones.

    [ok, ok, cut me a little poetic license on this one, I'm trying to ram the point home :p ]
     
    Last edited: Apr 10, 2007
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,779
    Location:
    Texas
    I'm sure the author of that piece will have some explaining to do judging by the comments on their site alone. :D
     
  6. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    I looked it over, along with their list of 20 recommended extensions. Save for one item, not much piqued my interest. And that item is the NoScript opinion.

    NoScript makes a somewhat safer browser much safer. I cannot disagree one bit that it takes some time to get NoScript configured (so that websites work correctly.) But to imply it makes minimal impact on safety is, IMO, factually wrong...
     
  7. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    First they say about NoScript.

    (Is it worth the hassle? No. For some reason, paranoia seems to be cool among Web geeks, but for the most part, it is totally unwarranted unless you're sending and receiving sensitive data)

    Then this about Greasemonkey.

    (It can potentially get you in trouble because it allows JavaScripts written by other people to run in Firefox. If one of those scripts is malicious, your system could be at risk.)

    Hello, anybody in lol ?


    StevieO
     
  8. Bambo

    Bambo Registered Member

    Joined:
    Dec 10, 2006
    Posts:
    194
    I think they are right about Noscript and the paranoia = webgeek. Not in any way what Firefox is about, practically the opposite. That some prefer and feel good about barricading them self is their business, does not belong on a general top xx list that is for sure. Extension ok but have special purpose. When promoted as a must have it is a solution in search of a problem as said here http://adblockplus.org/blog/usability-vs-security

    An easy observation to make but they did not check out Adblock Plus very well. Power is on user side with white listing, probably not comforting either - should make most ADMs concentrate on more important things though.

    I think there was one Greasemonky script having some security flaws, 2-3 years ago. Was fixed instantly. 1 out of 5000 and nobody should or does care. But as with those who advice to "harden" Firefox they see a scenario where a case can be made. Has nothing to do with reality.

    Avoid the buggy ones...
     
  9. tayres

    tayres Guest

    Granted, for some people, it still proves valuable. But as a general recommendation for a 'typical user', a good case can be made against using it.
     
    Last edited by a moderator: Apr 11, 2007
  10. Bambo

    Bambo Registered Member

    Joined:
    Dec 10, 2006
    Posts:
    194
    I think the question is if it has any relevance at all. It treats javascript/java as a danger we all must protect against. Sooner than later it will go wrong - http://noscript.net/ Has nothing to do with safe surfing - internet and Firefox would be in poor shape if that was the case. I doubt you have gotten malware on computer through Firefox, with or without noscript. You can argue that exploits are being revealed in test labs and occasionally see their way to Secunia, Bugzilla and other places. Sure and there will be more. But not the same as impact on general browsing/security and all must improve on Firefox security or pay the price. Firefox is not IE4! If whatever becomes a problem it will be dealt with by Mozilla and the many people who watch these things. If not project die out very fast.

    How to evaluate when scripting is needed?, when it breaks a site? Pain in the butt extension if not used correctly and the way it is being promoted I doubt very much half can manage it. Javascript off as default is more like saying the earth is flat than an extra layer of security - or I stay in bed to avoid being run over by a car.

    On that site there is a comment about Firebug being vulnerable and so should not be on top list - better replaced by Noscript or something. Well yes and how many hours went by before it was fixed? Bugs and exploits never go away - Firefox and the better extensions deal with problems.

    Anyway, and speaking of where real crap comes from, I find it more interesting Noscript site advertise for SpyFighter - is on Rogue list http://www.spywarewarrior.com/rogue_anti-spyware.htm for delivering Adware among other things...
     
  11. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I keep my extensions "Adblock" and "Noscript", I don't listen to everybody's opinion/advice, if I don't see a DECENT explanation.
    You are more vulnerable without Noscript than with Noscript. If you don't use Noscript, you better disable Java and JavaScript
     
    Last edited: Apr 11, 2007
  12. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,

    Generally, I loathe these kinds of anti-advice. Instead of explaining the situation to people and leave the choice to them, they hand you a platterful of opinion. Not good.

    The proper advice for Noscript should be: can cause problems with certain sites, requires per site handling etc while offering protection against ... Then people can make their own decision whether the tradeoff is worth the sacrifice.

    The same applies for all other extensions, save the "spy" ones, which really fall into a different category.

    Hell, listening to every piece of advice anyone puts on the net, one should be Anti-Phishing CookieLock Toobar and paying monthly tribute to AOL.

    Mrk
     
  13. silver0066

    silver0066 Registered Member

    Joined:
    Dec 31, 2004
    Posts:
    929
    Erik,

    Check out Hyperwords. Decent explanations are available. It is one of the most useful extensions I have ever used, plus the two you also use.

    Silver
     
  14. Bambo

    Bambo Registered Member

    Joined:
    Dec 10, 2006
    Posts:
    194
    Hopefully you dont mean the old buggy Adblock but the new Adblock Plus.

    Well there is enough explanation in the fact you cant show any real life security value coming from Noscript. Not any warranting the claim Im vulnerable because I shake head at your reasoning. You like to feel secure and like to think you have made an extra effort, wants to protect yourself against the unknown - all there is to it. Anyone who does not is in danger - you think people listen when you ignore facts? Your business - just stop the vulnerability for mankind talk, why I dont like the way it is being promoted. Firefox, Opera or IE dont need this, part of paranoia, extreme/nonsense security thinking. Have to give Computerworld that. Normal users have and should not have a clue.

    I could go for a little extension I cant remember name of, puts 2 buttons on statusbar. JS and JV I think. Disable/Enable Javascript/Java. No need to expect the worst/unknown.

    In case you did not read my link to the blog post go there again. Wize words based on logic and reality. Nobody stops you from building a bunker with a little peek hole of course.
     
  15. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    Noscript is a useful app, if nothing for making the Internet less noisy.
    Mrk
     
  16. Lamehand

    Lamehand Registered Member

    Joined:
    Mar 2, 2006
    Posts:
    428
    Location:
    the Netherlands,very near to the North sea
    I rather stay in the bunker,when the ICBM's fly around, no crap on desktop, very nice. :D

    Lamehand
     
  17. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I'm still working on my bunker, as long my bunker isn't finished I keep Adblock and Noscript. The security experts told me that FF is safer without Java and JavaScript and Noscript makes it just easier to allow Java(script) or not, depending on the website I'm visiting.
    Once my bunker is ready, I might not need Adblock or Noscript anymore.
    The only extension I really like is Forecastfox, because it has nothing to do with security.
     
  18. Bambo

    Bambo Registered Member

    Joined:
    Dec 10, 2006
    Posts:
    194
    Sorry for the late reply. Yeah I know you are and Im not - but not more vulnerable. Loads of other "hardening" extensions available and tricks to do with Firefox. Just not an extension which should be advertised for like author does him self. Only for bunker builders. Phishing is a real danger and so Opera, IE7 and Firefox now have phishing filters build in. Have to relate risk to real life, Noscript does not.

    I think IEs zone policy could be useful in Firefox. Idea is ok, matter of how to implement. Actually it already is in Mozilla/Firefox - look at Policy Manager from 2002 http://piro.sakura.ne.jp/xul/_policymanager.html.en I guess they dumped that because of what is said in blog post, will only be false security/pain for majority. And probably also convinced that Firefox would be safe enough without this, why claim superiority over IE then play copycat when it comes to security? Probably what they have been thinking.
     
  19. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    I read that several days ago in GRC NewsGroups. I thought it was silly. I only use one of the extensions but it is the reason I use Fx. Without it, I wouldn't bother with Fx. Of course, I am talking about the original extension...the first ....Tabbed Browser Extensions for Fx and Mozilla/Seamonkey. It was TBE that got me hooked on tabbed browsing. But tabbed browsing without TBE is awful. I still use Fx 1.5.0.11 and will not move to 2.0 unless and until Piro finishes writing TBE for 2.0. I have 2.0 on a virtual machine and have TBE working fairly well but not like it works on 1.5. Plus, 2.0 is not to my taste for many reasons. So, I just ignore articles like this usually.
     
  20. Bambo

    Bambo Registered Member

    Joined:
    Dec 10, 2006
    Posts:
    194
    Well, TBE as nice and original as it might be, also turns the interest to the real deal with extensions. Avoid those who dont play ball with Firefox. The old Adblock, Forecastfox and even Noscript are all among those which are or have been questionable as being "safe" - safe in the meaning of code flawless coding and interaction with browser. Check out Mozillazine Knowledge base for this. They even keep a list of problematic extensions - sadly it should be more updated and a mile longer. Lots to avoid but then issue is not some made up security weakness but solid browser, no more memory leaks than what is build in etc. etc.

    Piro who made TBE also did Policy Manager - nobody else did at the time. If only he had been sucked up by Mozilla team... His early versions of TBE actually did mess up with original code from what I understand and so it got a (very) bad name - distracting the fact extension was ahead of its time and just brilliant. Have you seen the attempts to make Firefox able to have window in window or rather tab in tab? Sorry attempt, try Piros Split browser - now we are talking. He could do wonders with Firefox if he was assimilated! But Tabmix Plus and Firefox itself take care of most needed features today. You have to be very stubborn or look way down the feature list to find something that warrent attitude of not wanting to upgrade. Not upgrading browser is not the most clever move you can make - except compatibility with not supported/broken extensions there are no advantages what so ever with old code.
     
  21. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    in my experience the opposite is true
    as the paranoia neophyte starts to set rules for the commonly visited sites and observes the sheer volume of extraneous javascripts many sites employ that offer them no real utility value, they learn just how much tracking of their habits and client side crapware they are avoiding

    it then becomes perfectly acceptable to play the game of how few permissions you need to grant to get the thing to work, they even start to make judgments about temporary and permanent rules.

    an educational odyssey with an ever increasing utility value
    it becomes an important part of educating the consumer about security decisions and threat vectors
    a gateway drug to security :p
     
  22. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    This is the key ;)
     
  23. tayres

    tayres Guest

    The author of the article seems to agree with Wladimir Palant (developer of Adblock Plus), who has some well-reasoned arguments against a general recommendation for Noscript's use.

    Wladimir Palant prefers Firekeeper's approach, rather than Noscript's. (see here)
     
Loading...
Thread Status:
Not open for further replies.