Tuesday, February 08, 2005
How to get spyware even if you use Firefox
Nothing's perfect. The Firefox web browser will improve your life by preventing a lot of the security problems Microsoft Internet Explorer causes but Firefox isn't magic. It can't know what software is good and what's bad so it can't always protect you.
Here are some things that can go wrong. The first two are kind of obvious, but the next ones are recent discoveries.
The easiest way to hurt yourself works with any web browser. If you download the wrong program you'll regret it, no matter how you downloaded it. Be suspicious of "viewer" programs for pictures and anything that comes from a shady web site. Take your business elsewhere if a web site demands that you install something you've never heard of unless you're very sure they're reputable.
You can add new features to Firefox by installing "extensions". Installing a malicious extension could damage you just as badly as installing any other malicious software. You can find good safe ones on mozdev.org. Stay in charge of your own computer -- install extensions only when you've read about them and want the features, not when some random web site suddenly shows you a dialog box asking you to install one. If that happens, just say no.
Then watch out for any web site that tries to trick you into doing something unusual. Here are some examples of activities that can hurt you in version 1.0 of Firefox, but which version 1.01 will prevent(*):
Dragging something from a web page to your desktop: this is a way of downloading software. See above, and remember the rule about software on the net: if it were meat, would you feed it to your cat? You don't feed your cat meat from strangers on the street and you don't want to feed your computer any software from random strangers on the web.
Dragging something from a web page onto an open tab: that would really be "something unusual". If you do that you could let a bad web site pretend to be a good web site. You'd be risking having passwords stolen at the very least.
Double-clicking places on a web site: this may be the most likely. The effect would be to trick you into accidentally changing your browser preferences while you thought you were doing something else. You could be tricked into turning off your popup blocking or you could have your start page hijacked to point to ads.
(*) Which reminds me of the real security advantage of Firefox. It's built by people even more passionate and enthusiastic than the programmers at Microsoft. Bugs can get fixed really fast.
|
Here are some things that can go wrong. The first two are kind of obvious, but the next ones are recent discoveries.
The easiest way to hurt yourself works with any web browser. If you download the wrong program you'll regret it, no matter how you downloaded it. Be suspicious of "viewer" programs for pictures and anything that comes from a shady web site. Take your business elsewhere if a web site demands that you install something you've never heard of unless you're very sure they're reputable.
You can add new features to Firefox by installing "extensions". Installing a malicious extension could damage you just as badly as installing any other malicious software. You can find good safe ones on mozdev.org. Stay in charge of your own computer -- install extensions only when you've read about them and want the features, not when some random web site suddenly shows you a dialog box asking you to install one. If that happens, just say no.
Then watch out for any web site that tries to trick you into doing something unusual. Here are some examples of activities that can hurt you in version 1.0 of Firefox, but which version 1.01 will prevent(*):
Dragging something from a web page to your desktop: this is a way of downloading software. See above, and remember the rule about software on the net: if it were meat, would you feed it to your cat? You don't feed your cat meat from strangers on the street and you don't want to feed your computer any software from random strangers on the web.
Dragging something from a web page onto an open tab: that would really be "something unusual". If you do that you could let a bad web site pretend to be a good web site. You'd be risking having passwords stolen at the very least.
Double-clicking places on a web site: this may be the most likely. The effect would be to trick you into accidentally changing your browser preferences while you thought you were doing something else. You could be tricked into turning off your popup blocking or you could have your start page hijacked to point to ads.
(*) Which reminds me of the real security advantage of Firefox. It's built by people even more passionate and enthusiastic than the programmers at Microsoft. Bugs can get fixed really fast.
# posted by Frederick @ 4:03 PM Email to a friend:
Haloscan: they provide trackback