Insightful

Posted Mar 5, 2025 4:06 UTC (Wed) by felixfix (subscriber, #242)
In reply to: Insightful by cesarb
Parent article: A look at Firefox forks

What hurry? They can't uninstall what I have. If they do anything crazy, there's months and years of time to switch. I have a couple of old laptops running Firefox from years ago which still work fine.

Insightful

Posted Mar 5, 2025 5:57 UTC (Wed) by mcon147 (subscriber, #56569) [Link] (7 responses)

Is that a security concern? Aren't browsers a huge attack surface?

Insightful

Posted Mar 5, 2025 6:09 UTC (Wed) by felixfix (subscriber, #242) [Link] (6 responses)

They are seldom used, and only for a few common sites. My impression is that browsers are dangerous only when visiting attack sites, by clicking random links. I've never heard of any being attacked when sitting idle.

Insightful

Posted Mar 5, 2025 6:13 UTC (Wed) by intelfx (subscriber, #130118) [Link] (3 responses)

Sitting idle is hardly called “usage”. So if one is actually _using_ a browser, then it’s a reason to hurry.

Insightful

Posted Mar 5, 2025 9:39 UTC (Wed) by PeeWee (guest, #175777) [Link] (2 responses)

Not necessarily, if the visited site can be trusted, i.e. I wouldn't expect LWN or my bank to do anything nefarious. As long as one can be sure that the visited sites and are not spoofed version, i.e. by loading them from bookmarks, there is no problem.

Insightful

Posted Mar 5, 2025 10:03 UTC (Wed) by ballombe (subscriber, #9523) [Link]

I agree in principle, however some malware have been propagating through ads pushed by advertising networks.
One more reason to block them.

Insightful

Posted Mar 7, 2025 0:50 UTC (Fri) by Lennie (subscriber, #49641) [Link]

I can tell you sites that are not trying to hurt you might end up getting hacked and HTML-output is changed to them trying to install malware through your browser.

Having said that, it's less common now. It was especially bad when plugins (like Flash, Java and Acrobat, etc.) were common. But it definitely still happens.

Insightful

Posted Mar 5, 2025 13:50 UTC (Wed) by felixfix (subscriber, #242) [Link] (1 responses)

Good answers, and I should clarify. I don't visit random sights that I know nothing of, but if a site I have been using for a while has a link to some unknown site, such as a news summary pointing to the full news report, I don't take any special precautions. When I get email telling me new insurance documents or monthly statements are available, I never use their bookmarks. I've recently been getting a flood of spam from AAA (auto club), and the first one caught my attention, I checked its email headers, it was spam, and I delete those without opening. I either type it in myself or use my own bookmarks and navigate to wherever they store documents. I use uBlock Origin and seldom see ads; I understand I am undermining what makes sites "free", but if they actually want me to see their ads, they can try text ads, or at least simple static inline pictures instead of depending on javascript distractions. If a site says I need to click here to allow cookies, I close the tab rather than click. I use mutt for most email, and although I do remember someone way back in usenet days crafting a message which confused emacs, that hole was quickly fixed. I do use gmail for some secondary email accounts, and have it set to never show images (too many senders include those 1x1 pixel tracking images). Gmail is sometimes too aggressive in deciding something is spam, and I check once or twice a month, but never open anything I don't recognize.

Insightful

Posted Mar 5, 2025 14:32 UTC (Wed) by Wol (subscriber, #4433) [Link]

LWN is okay, they don't have many ads (and text only, I believe), but the problem is *any* site with javascript (and maybe others) ads. If the adserver serves a malicious advert, the reputation of (or how well you know) the site is irrelevant. You've been fed malicious js and you're pwned.

Cheers,
Wol