This is a daily opinion column written by Lowell Heddings, the founder of How-To Geek, featuring his take on the latest in the world of technology.
Yesterday I talked about how Firefox is killing support for browser plugins, and half the comments on the forum and social media were from people that thought extensions (like Adblock and NoScript) are going away. Extensions aren’t the same thing as plugins. Let me explain.
Browser Plugins Are Like Automatically Opening Every File You See
Since the dawn of time on the Internet, browsers have supported a standard plugin API to add additional features to the browser. This is how Java applets, Flash objects, and lots of other elements are allowed on a web page. Internet Explorer famously created their own version of plugins called ActiveX Controls, which unfortunately had the side effect of letting hackers actively control your PC. Here is an artist’s rendition:
Browser plugins are actually applications compiled into a special format. Instead of being a .EXE file, they are usually a .DLL file and they are loaded only by the browser. But once they are loaded they are running much like any other application on your computer, except they are used to open a video (or other) file from the website you are visiting. So when there is a security hole bad things are going to happen.
Using a browser plugin is much like opening every file that has been emailed to you by a stranger except the file being opened is on some random website. Not good.
So the older form of browser plugins are being banned from all browsers, and plugins like Flash that are still somewhat important for the web are being moved into secure sandboxes so they can’t hurt your computer. But eventually plugins like those will go away — they were all banned from Apple’s iOS browser from the beginning, because Steve Jobs famously didn’t want to allow Flash on the platform since it was riddled with security holes and performance problems. Which is what the lead picture on this article is all about.
To protect yourself, you should disable browser plugins you don’t need, set the rest to click-to-play mode, and check out our writeup of Malwarebytes Anti-Exploit, which adds protection against zero-day attacks by prohibiting them from accessing memory they shouldn’t or files that they shouldn’t have access to. The basic version is completely free.
Browser Extensions Are Like Tiny Web Pages That Live In Your Browser
The heading pretty much says it all — extensions are essentially little web pages that are loaded into a section of your browser and then given access to your browsing session. It’s almost like when somebody makes a mashup of two songs except they are two pages being combined into one. It’s not always a good combination, but sometimes it really works.
Extensions are generally written in JavaScript and are only given access to do a few things, mostly involving messing with web pages, but very little access to the underlying computer. For the most part, they are no more dangerous than a web page, and Google or Mozilla makes sure they don’t contain actual malware. Or at least no serious malware. Spyware it seems, is sometimes allowed as long as it’s mentioned somewhere in the terms and conditions.
The fact is that tons of browser extensions are spying on you. When you install a browser extension it usually is granted access to every single page you are visiting. So many of these extensions track every single page you are visiting and send that information back to their servers. (We should point out that there’s nothing wrong with LastPass)
So while people are all worried about advertising tracking people on the websites they visit, many of them are installing browser extensions that are doing the same exact thing. Which is kinda funny. And sad. Mostly sad.
Browser extensions are not going away. Chrome, Firefox, and even soon, Microsoft Edge, will continue to support browser extensions.
No comments:
Post a Comment