Tech – for Everyone

Tech Tips and Tricks & Advice – written in plain English.

How To Block iFrames*

If you are interested in Tech, and visit Websites such as this one, it will not be very long before you read about Firefox. (In fact just this week I posted an article.) And, it won’t be long before you see NoScript mentioned. Odds are, you already have.

NoScript is a small program you download and add ‘into’ Firefox to enhance its functionality (these small programs are known variously as “add-ons”, “plug-ins”, and “extensions”– different words for the same concept.)

NoScript gets mentioned in the Tech media a lot because it is a security tool that automatically “blocks” (prevents from running) certain web page ‘elements’ (scripts) — Java, Flash, JavaScript, and XSS– from running unlesNSOptss you click the Option button and select “Allow”, or “Temporarily allow”.

Which puts you in control, and goes a long ways toward preventing “drive-by downloads“, and other malicious Internet attacks and activity from occurring should you happen to visit a Website which has been poisoned” by a hacker.
(I don’t mean to depress you, but the current state of the Internet is so insecure that this can be, literally, any Website.)

By default, NoScript is a powerful tool (to read the NoScript “About” page, click here) and for many people is the primary reason they have made the switch to Firefox.

Tip of the day: Enhance your NoScript protection by turning on the IFRAME blocker feature.
IFRAMES are another dynamic Web element that cyber-criminals are now using as an “attack vector” (aka “method”) with great success. Like the scripts mentioned above, IFrame attacks can happen invisibly and automatically. Oh, the joys of Web 2.0!
[note: today's advice should be of interest to Mac and Linux users too.]

1) In Firefox, click on “Tools”, then “Add-ons”
Add-ons
2) Scroll ’till you find NoScript, and click the “Options” button. (If you have not yet installed NoScript, click the “Get Add-ons” icon in the upper-left.)
NoScript
3) Click on the Plugins tab. Place a check in the “Forbid <IFRAME>” checkbox.

That’s it. You’re done. Now when you visit a site that uses IFrames, you will have to approve them (aka “whitelist”) before they’ll appear.

[Note: the scripts and tools (Web 2.0 "features") mentioned in this article are NOT in themselves bad or dangerous, and it is thanks to them that the Web is such a rich and interactive environment.. but, in the wrong hands they can -- and are -- being used with criminal intent.]

Related: A short video tutorial for using NoScript can be seen here.

Today’s free link: One of the more disturbing (outright alarming, if you ask me) hacker uses of IFrame attacks is the alteration of Search Engine results (Yes, you can’t truly trust Google, Yahoo!, or MSN anymore) and Internet Security blogger Bill Mullins has posted an excellent article on this subject, Fake/Redirected Search Results – Consequences for You

Copyright 2007-8 © Tech Paul. All rights reserved. post to jaanix

Share this post :

November 7, 2008 - Posted by | advice, computers, Firefox, how to, Internet, PC, security, tech | , , , , , , , , , ,

6 Comments »

  1. Thanks for a great article. You are absolutely right – these sorts of issues are EXACTLY why I love Firefox. Now, I’m right on top of that.

    Comment by mykysue | November 7, 2008 | Reply

  2. mykysue–
    You might be curious to see what percentage of my readers agree with your opinion of FF.
    http://techpaul.wordpress.com/2008/11/07/how-to-block-iframes/capture-2/
    Why so many are still using IE 6 is why so many of my articles have a security slant.

    Comment by techpaul | November 7, 2008 | Reply

  3. I suppose that the percentage of people still using IE are the people who are not really thinking about security, or they believe that Norton will solve all problems. Maybe they just don’t know the difference. Spread the word. Please :)

    Comment by mykysue | November 12, 2008 | Reply

  4. mykesue–
    Well, enter “Firefox or FF” into my search box and you will see that this is not my first mention.

    But I would like to point out that I didn’t “ding” IE as a whole, just IE 6.. which quite sadly, more people are using than any other browser.
    I prefer IE 7 over FF3, but am forcing myself to use a properly defended FF as my primary.. simply because of NoScript.
    But no browser is safe.. and last month FF3 + NoScript + AdBlock Plus + FlashBlock let a drive-by through that IE 7 + Spyware Blaster + SelectView blocked.
    I may just use IE 7 inside of Sandboxie until IE 8 gets out of beta, or I may stick w/FF3.. I haven’t quite decided.

    And folks, if you think that all you need is Norton.. well, I hope you’ll keep coming back and reading Tech–for Everyone.

    Comment by techpaul | November 13, 2008 | Reply

  5. As iframe is, so is xframe and frame
    There needs to be more check boxes.
    squid rules, etc

    Comment by iframeXframeFrame | February 16, 2013 | Reply

    • iframeXframeFrame,
      The “average computer user” is baffled by NoScript as it is… so how would more checkboxes help?

      Comment by techpaul | February 16, 2013 | Reply


Post your Comment/Question

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 198 other followers

%d bloggers like this: