How To Block iFrames*
If you are interested in Tech, and visit Websites such as this one, it will not be very long before you read about Firefox. (In fact just this week I posted an article.) And, it won’t be long before you see NoScript mentioned. Odds are, you already have.
NoScript is a small program you download and add ‘into’ Firefox to enhance its functionality (these small programs are known variously as “add-ons”, “plug-ins”, and “extensions”– different words for the same concept.)
NoScript gets mentioned in the Tech media a lot because it is a security tool that automatically “blocks” (prevents from running) certain web page ‘elements’ (scripts) — Java, Flash, JavaScript, and XSS– from running unles
s you click the Option button and select “Allow”, or “Temporarily allow”.
Which puts you in control, and goes a long ways toward preventing “drive-by downloads“, and other malicious Internet attacks and activity from occurring should you happen to visit a Website which has been “poisoned” by a hacker.
(I don’t mean to depress you, but the current state of the Internet is so insecure that this can be, literally, any Website.)
By default, NoScript is a powerful tool (to read the NoScript “About” page, click here) and for many people is the primary reason they have made the switch to Firefox.
Tip of the day: Enhance your NoScript protection by turning on the IFRAME blocker feature.
IFRAMES are another dynamic Web element that cyber-criminals are now using as an “attack vector” (aka “method”) with great success. Like the scripts mentioned above, IFrame attacks can happen invisibly and automatically. Oh, the joys of Web 2.0!
[note: today’s advice should be of interest to Mac and Linux users too.]
1) In Firefox, click on “Tools”, then “Add-ons”
2) Scroll ’till you find NoScript, and click the “Options” button. (If you have not yet installed NoScript, click the “Get Add-ons” icon in the upper-left.)
3) Click on the Plugins tab. Place a check in the “Forbid <IFRAME>” checkbox.
That’s it. You’re done. Now when you visit a site that uses IFrames, you will have to approve them (aka “whitelist”) before they’ll appear.
[Note: the scripts and tools (Web 2.0 “features”) mentioned in this article are NOT in themselves bad or dangerous, and it is thanks to them that the Web is such a rich and interactive environment.. but, in the wrong hands they can — and are — being used with criminal intent.]
Related: A short video tutorial for using NoScript can be seen here.
Today’s free link: One of the more disturbing (outright alarming, if you ask me) hacker uses of IFrame attacks is the alteration of Search Engine results (Yes, you can’t truly trust Google, Yahoo!, or MSN anymore) and Internet Security blogger Bill Mullins has posted an excellent article on this subject, Fake/Redirected Search Results – Consequences for You
Copyright 2007-8 © Tech Paul. All rights reserved. post to jaanix
| Share this post : |  |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
6 Comments »
Post your Comment/Question
• About Tech Paul
I am a Retired computer & network technician. I used to think the machines were pretty cool. Now I don’t.
They’re anything but.
I regularly posted how-to’s and tricks & tips and general computing advice here starting in 2007. (Use the Search tool to find answers. But be aware, many are rather dated.) Sometimes I answered (your) specific questions in an article if I believed the answer was generally helpful to “everyone”. All the writing you see was my own, typos and all. There always is/was an implied “IMHO” in what you see here.
Note: You are responsible for using this blog and its content. I am in no way liable for any losses caused by user error, viruses and/or other malware, hardware or software failure, or any other conceivable reason.
-
Say "thank you!" Buy Tech Paul a cup of coffee (and keep T4E ad free).
-
-
McAfee® Cybersafety Resource Portal, an online help center designed to assist victims of computer crime and provide information on how to avoid becoming a victim.
-
Subscribe to Tech--for Everyone by EmailRecent Comments
-
-
-
-
Also:
-
-
Tech - for Everyone 
Thanks for a great article. You are absolutely right – these sorts of issues are EXACTLY why I love Firefox. Now, I’m right on top of that.
LikeLike
mykysue–
You might be curious to see what percentage of my readers agree with your opinion of FF.
Why so many are still using IE 6 is why so many of my articles have a security slant.
LikeLike
I suppose that the percentage of people still using IE are the people who are not really thinking about security, or they believe that Norton will solve all problems. Maybe they just don’t know the difference. Spread the word. Please :)
LikeLike
mykesue–
Well, enter “Firefox or FF” into my search box and you will see that this is not my first mention.
But I would like to point out that I didn’t “ding” IE as a whole, just IE 6.. which quite sadly, more people are using than any other browser.
I prefer IE 7 over FF3, but am forcing myself to use a properly defended FF as my primary.. simply because of NoScript.
But no browser is safe.. and last month FF3 + NoScript + AdBlock Plus + FlashBlock let a drive-by through that IE 7 + Spyware Blaster + SelectView blocked.
I may just use IE 7 inside of Sandboxie until IE 8 gets out of beta, or I may stick w/FF3.. I haven’t quite decided.
And folks, if you think that all you need is Norton.. well, I hope you’ll keep coming back and reading Tech–for Everyone.
LikeLike
As iframe is, so is xframe and frame
There needs to be more check boxes.
squid rules, etc
LikeLike
iframeXframeFrame,
The “average computer user” is baffled by NoScript as it is… so how would more checkboxes help?
LikeLike