Firefox Now Blocking All Plug-Ins Except Latest Flash

Status
Not open for further replies.

LuckyDucky7

Distinguished
May 5, 2010
131
0
18,630
That might be great, but how exactly does NoScript-by-default protect people from downloads and entities that they subsequently assume are safe (i.e. on completely legitimate sites)?
 

A Bad Day

Distinguished
Nov 25, 2011
344
0
18,930
[citation][nom]LuckyDucky7[/nom]That might be great, but how exactly does NoScript-by-default protect people from downloads and entities that they subsequently assume are safe (i.e. on completely legitimate sites)?[/citation]

If you done everything you can, then it's up to the website admin to maintain the website. For example, MS can do it's best to secure its OSes, but it's up to the users to not act like idiots.
 

sykozis

Distinguished
Dec 17, 2008
338
0
18,930
So, we inconvenience the user....for the sake of security.... Why don't they just stop releasing new browser "versions" now while people still have fond memories of Firefox....
 

A Bad Day

Distinguished
Nov 25, 2011
344
0
18,930
[citation][nom]sykozis[/nom]So, we inconvenience the user....for the sake of security.... Why don't they just stop releasing new browser "versions" now while people still have fond memories of Firefox....[/citation]

Tell that to Google.
 

tpi2007

Distinguished
Dec 11, 2006
75
0
18,580
One useful feature that IE has and that I'd like for Firefox to implement is a benchmark of how much time each plug-in adds to the start-up time of the browser. But, if possible, I'd like even more, I'd like to know what the impact of each plug-in is when loading a web page; the ability to perform this benchmark on demand, so you can appreciate the impact of the plug-ins on different websites would be ideal.
 

pythy

Distinguished
Apr 24, 2009
116
0
18,630
I dont't get it. If a user can pre-configure Click to Play on a trusted website to load plugins automatically, what happens if that "legitimate" website gets compromised? Does Click to Play have a way to tell whether a site has been compromised? If not, then what's the point of all this?
 
G

Guest

Guest
If a "legitimate" website gets compromised, and you told your browser to always load whatever comes from this website because you, as a user, trust it implicitly, then you will get owned. Period. You told Firefox that you want it to load whatever this website gives you and not question it. What's the solution? Don't tell your browser to implicitly trust ANY website. All websites are susceptible to getting hacked. Why would you lower the barrier for hackers by telling your browser to ignore its built-in safeguards?

This is something Mozilla should have done a long time ago, and I welcome this change. If users don't "get it", or think this is too much of a nuisance, then go back to IE or Safari and enjoy getting owned with the rest of those users.
 

webbwbb

Distinguished
Aug 18, 2009
76
0
18,580
I wonder how long it will be until they get sued by a patent troll who claims Mozilla stole their "invention". I seem to remember IE once having a similar feature that Microsoft subsequently removed for this very reason..
 

xpeh

Distinguished
Jun 25, 2011
27
0
18,580
[citation][nom]digiex[/nom]Many casual not "tech savvy" users can't comprehend this changes.[/citation]

Grey space and a button that says "Play." If those people don't know what to do, then those people shouldn't be using the internet.

[citation][nom]jackt[/nom]Firefox gonna lose share being security paranoid, stuf like this and the https ...[/citation]

I think it would gain market share instead. Not only is it more secure, it's going to be faster because it doesn't load the plugins.

[citation][nom]sykozis[/nom]So, we inconvenience the user....for the sake of security.... Why don't they just stop releasing new browser "versions" now while people still have fond memories of Firefox....[/citation]

I find it a convenience. Most casual users use Chrome.
 

spectrewind

Distinguished
Mar 25, 2009
194
0
18,630
[citation][nom]digiex[/nom]Many casual not "tech savvy" users can't comprehend this changes.[/citation]

Actually, you're correct. This feature fails the "grandma test". A lot of the techies in here will not recognize that (hence the - votes you receive). Most users are more concern with usability than security. Moreover, even after getting their computers hacked, I have still seen them remain this way.

The casual user will not see this as a feature. They will see it as a roadblock of just one more thing that doesn't work as they expect it (per their experience) to. Too many things to left click on... Or octuple right click on... etc.
 

martel80

Distinguished
Dec 8, 2006
123
0
18,630
Does it mean that I will have to explicitly enable adblock and flashblock for each site? I guess I'm going to disable the FF auto-updates until they wake up.
 

juan83

Distinguished
May 17, 2011
3
0
18,510
Since i've installed adblock plus, i just don't remember when was the last time i saw firefox crash.

And thanks to that the days of the annoying adds which play loud sounds are over, and the CPU utilization is pretty lower as well as memory consumption. At least, using linux i saw this very helpful. And my laptop with and old dual core, the cpu responsiveness improved a lot and also works cooler than before when ads put a burden bigger than 50% of cpu.
 

john15v16

Distinguished
Nov 19, 2009
42
0
18,580
Look, I'm all for security but the "Fix" for this issue is NOT the plugins...the issue is Mozilla's browser sandbox model and how it handles access requests...blocking plugins by default degrades the users experience and adds an extra step (or maybe two) to view the web as it is designed...that's the easy way out Mozilla, block everything cause you're too lazy or it takes to much time and $$$ to get the sandbox right...
 

tarzan2001

Distinguished
Dec 20, 2009
15
0
18,560
Well, hopefully this feature will at least prevent those annoying auto-play ads (with sound) for users that don't have AdBlock Plus installed. :)
 
Status
Not open for further replies.