Firefox

Firefox went to its knees under the load, but it survived until I could kill the window. Yay for popup blockers.

Focus Generator is a really neat (and new) technology which will allow you to present an attention getting marketing message on your website without getting blocked by popup blockers.

You know I run a website and I work for a company, we're always looking for new ways to advertise in both areas. The issue is that people have learned to ignore advertisements in general media, people flip during commercials or tivo them out. Online fewer and fewer people are paying attention to banners and popup's are pretty much dead since the release of new browsers and popup blockers. So where are companies going to look for their marketing needs in the future? Well perhaps if things continue on the path they will head towards Cellit Mobile Marketing. This group does something quite interesting by allowing companies to utilize the SMS messaging system as a way to reach their target demographics.

Focus Generator is a really neat (and new) technology which will allow you to present an attention getting marketing message on your website without getting blocked by popup blockers.

It took me about 10-15 minutes to wrap everything up and I was pretty happy with what I had written. Then I go to preview what I wrote - simple enough. But no - IE7 (which I used to like, then I didn’t, then I kind of did until just now) decides to block the popup - apparently Mr. Gates didn’t get the memo that we all have several effective popup blockers already installed and we don’t need yet another one.

At the moment they’re rare (e.g., TVNZ and MSN only show them once per user per day) but if we learned anything from 2001 it’s that greed will ruin user experience if it can get an extra buck in ad revenue. We got popup blockers as a result of the 2001 popup orgy. What’s going to save us from the 2007 float invasion?

But then there is the issue of an antispyware app bundling adware to keep it free. I am sorry but that is stupid. With that mind set, McAfee and Norton should start bundling viruses with their products, popup blockers should have their own popups that they show you, spam filters should start sending you spam from them. It just doesn’t make any sense. It defeats the whole purpose of and antispyware program.

With the EWA, it’s harder to know when a session is no longer needed. It is hard (if not impossible with some popup blockers) to figure out when your browser closes down or when it navigates away from the page. That means that there’s a good chance that sessions that will be created from the EWA will actually linger for the full timeout period if we allow them. That said, one of the bigger scenarios for using the EWA is in dashboard scenarios where it is simply used to display information and does not need to actually do any operations. In those cases, there is no need for us to actually keep the session for a long time – we can get rid of it quickly – and since the user did not do any operations on it, they will not lose anything. For these two reasons, we have the short session timeout setting which will be assigned to all EWA sessions until the time when the user actually makes a request to the server, at which stage; the session will be assigned with the regular Session Timeout setting.

Anyone who has built rich web sites will know that there are a lot of problems around the area of displaying dialogs. Aggressive popup blockers, no cross platform compatible modal dialogs and simplistic, inflexible confirmation and alert popups all limit what a developer can do when creating a UI. WebDialog is designed to solve many of these issues:

Pretty cool, and its particularly useful if you haven’t implemented the Javascript to handle full size images (i.e. launch in new window, etc.). And since this plugin produces overlays, it won’t trigger popup blockers either. But overlays could actually prove to be a nuisance if readers regularly view full size images and would like to open them in new windows instead. Perhaps the plugin could have an option to launch full size images in new windows as well?

An old tip, but a goodie… if you don’t like working with popup blockers (or they’re not doing the job for you) grab hold of a hosts file that stops ads displaying, by fooling your computer about where the ad servers are.

Fire up your popup blockers and check out these eeerie images of airplane graveyards over here...

The first thing that stuck out was the post from September 30th and it links to a great site made Samsung. If you check it out make sure you have your popup blockers turned off. It is basically two concurrent flash animations that take place in two different windows but are meant to look like they are the same animation. It’s really cool. I went back a couple of weeks and the author highlights some web designers’ work that he finds interesting (at least I think that’s the case given that it’s in German) and also some corporate sites (like the Samsung one). It is really quite interesting and I wish I could read German because given the content that he links to it seems like he knows what he is talking about. Google doesn’t seem to do a great job translating this site. It’s probably because of all the technical/webspeak that the author would be using.

The actual session extension server hit must not affect the current page for fear of corrupting the user's input. Loading a simple (blank?) aspx sever page into a popup that I immediately close (but prone to popup blockers), or into a hidden or zero size frame or iframe should satisfy this requirement.

I don’t hate IE, I just really love Firefox. When I used IE I had to download a bunch of little programs that made it operate like Firefox does right out of the box (popup blockers, tabbed browsing, Google toolbar, etc..).

I have virus protection on my XP boxes. I have no need for anti-spyware or popup blockers because I use Firefox and take a little care about what software I install and sites I visit (though this episode looks a little embarrasing on that front). I have a hardware firewall, and use the XP one as well, when I’m running windows, so I don’t need whatever tat they are peddling. My copies of XP are patched up to date, and I don’t have a wide-open wireless network. Somehow, i can’t see PCGuard improving on this.

That’s beside the point. I don’t really mind helping out Brain’s family. I’m here to talk about computer overkill…again. Last time I was over at Brain’s, I wanted to get online and show him the videos of Danny Way 360°ing the Great Wall of China. She had his computer buried in a mountain of stuff, so we had to try it on her spyware-ridden Dell. This computer…I can’t even describe how messed up it was. It took about 5 solid minutes to boot, and not only was her system tray LOADED with all sorts of strange icons, there were at least 20 unidentifiable processes running in the background. She had Norton anti-virus installed, along with Norton firewall AND the Windows XP firewall. 3 popup blockers were running, and shortcuts to 4 or 5 spyware remover programs littered the desktop, along with an “internet privacy tool” (read: pr0n history eraser).

I’m not looking to WIN or any other publication to be assaulted with advertising, and yet at the same time if I enjoy the content I’m definitely willing to pay for it. We went down this road with popups and look where it took us? Almost every major toolbar now has popup blockers. Programs like GreaseMonkey are borne out of users totally frustrated that they have to constantly read around the not so cleverly placed noise to get to the ever diminishing signal.

Be advised that most of the things that we want to block are either unsolicited email offers like spam, viruses that get sent you through HTML email or as attachments, free offers that mask spyware which are programs that monitor your online activity and send this information to someone you don't know who will sell this information to the first company with a checkbook, popup blockers to kill off those annoying advertisements that clueless companies use to try to sell you products and services, suck up your time and attention. Notice that all of the things we want to block are almost all advertising of one sort or another.

Eventually we get to the download part proper, where a popup window opens and something should happen. Only thing is, the window opens, and then freezes. If I go to the download page it tells me to turn off popup blockers (which I don't use because I use Firefox). But there is a Start button, so I think , well, maybe it will work this time.

Finally, if you have ever surfed the Internet, you are aware of popup ads. Popup ads are the windows that open all across your computer screen and contain ads for products and services that you are likely not interested in or at least not interested in seeing at that particular moment. Popup blockers prevent these windows from opening and keep them from slowing your connection. Popup blockers are fairly inexpensive -- under $20 -- but many Internet Service Providers, including Yahoo, offer free popup blockers.

Maxthon also incorporates 2 POPUP blockers (Auto POPUP blocker & a POPUP blocker list filter) and a Content Filter. The Content filter can be used to filter offensive pictures on a web page,

If you select “Force links that open new windows to open in: a new tab", Firefox diverts links with target="_blank". It also diverts JavaScript window.open() calls, but only calls that don’t specify window features (e.g. size and which toolbars are displayed). Most calls to window.open() specify the size of the window. You can change this by setting the browser.link.open_newwindow.restriction pref in about:config.

Either way, if you’re using Firefox with the wonderful AdBlock extension, chances are you’re not seeing any ads anyway, on this site, nor any other. And you’re probably just as smug about it as I am.

The popular open-source browser already contains a pop-up blocker by default, but this does not handle pop-ups launched by plug-ins such as Flash and Java. Mozilla employee Asa Dotzler wrote in his blog last week that Mozilla developers are responding to the increasing number of advertisers that are using plug-ins to launch pop-up ads. "A lot of people have been reporting a new breed of pop-ups on the Web," Dotzler said. "This increasing menace is rooted in the pop-up capabilities of plug-ins like Flash and Java. If you're seeing pop-ups and pop-unders, you're probably visiting sites that have Flash or other plug-ins and those plug-ins are being exploited by advertisers to abuse you with annoying pop-ups and pop-unders."

A lot of people have been reporting a new breed of pop-ups on the web. This increasing menace is rooted in the pop-up capabilities of plug-ins like flash and Java. If you're seeing pop-ups and pop-unders, you're probably visiting sites that have flash or other plug-ins and those plug-ins are being exploited by advertisers to abuse you with annoying pop-ups and pop-unders.

Firefox has the capability to disable these pop-ups but it wasn't enabled by default in Firefox 1.0 because we had concerns about websites that rely on plug-in triggered pop-ups for legitimate functionality.

Give that these pop-ups and pop-unders have really started to spread on the web, we're testing a quick patch that enables the Firefox pref to block them. I blogged about this earlier this month and included manual steps to disable these nasty pop-ups and pop-unders. In addition to this fix, the good news is that for sites where you need these pop-ups, you can just whitelist them like you do other "wanted" pop-ups. This looks (at this stage) like a reasonable trade off.

Maxthon also incorporates 2 popup blockers (Auto popup blocker & a popup blocker list filter) and a Content Filter. The Content filter can be used to filter offensive pictures on a web page,

The US House of Representatives has recently passed the “Spy Act” - or to give it its full title - the Securely Protect Yourself Against Cyber Trespass Act. This aims to prevent software companies from installing spyware on users PCs without their knowledge, and anyone found guilty of breaching the act faces a fine of up to $3 million

Does this mean the end of spyware as we know it? Unfortunately the answer is no, not really. The problem is that most spyware can continue to operate in exactly the same way as it does now, by asking the computer user to agree to a licence before it installs itself. The majority of people who are faced with a lengthy legal-looking page of text when installing a new program, automatically click the “I Agree” option without reading the terms. Therefore spyware programs can quite legally continue to piggy-back their way onto PCs.

Congratulations! Your PC is boned!

It goes without saying that, apart from Webrebates opening up adverts in the bottom right hand corner, whole swathes of entries in my favourites advertising "Adware removers" that also sell popup blockers (with popups!), Powerscan which loads at startup, yelling "DON'T GET CAUGHT WITH PORN ON YOUR PC!", a Sidefind bar that doesn't actually do very much and an MTV toolbar to keep the kids quiet, there was my jaw being slowly scraped off the floor as I realised in that instant that for all Firefox's bravado, it had been cut down dead in an instant by what would normally be a bunch of rather average Adware installs.

The problem is, IE shouldn't have been hit in this way - especially as it was locked down so tightly, and wasn't even being used at the time. Vaguely worried by this, I tried some other browsers...the results aren't exactly fantastic reading for the Mozilla Foundation.

Happily, help is available. Ciphire Mail, a new and soon-to-be-open-source application, aims to put an end to these sorts of annoyances with strong and user-friendly e-mail authentication and encryption.

E-mail authentication -- confirmation that the stated sender actually sent the message in question -- could make many e-mail hassles fade away, since most scams and computer viruses rely on bogus sender information to lull recipients into a false sense of security. Encryption is also a good idea, given the increasing prevalence of snoopy software.

The Ciphire Mail application, free for individual users, nonprofit organizations and the press, works in conjunction with all standard e-mail programs. It operates almost invisibly in the background, encrypting and decrypting e-mail missives and digitally signing each message to confirm its source.

Microsoft this week agreed to both apologize and pay a Dutch portal for mistakenly flagging it as a purveyor of malicious content, the latest in a rash of problems that anti-spyware vendors -- including Microsoft -- have recently faced.

The Startpagina.nl directory site objected to being classified as a "browser hijacker" by the first edition of Microsoft AntiSpyware, the beta software Microsoft first released in early January, and demanded that Microsoft change its tune.

After being threatened with legal action, Microsoft gave in on Monday, and agreed to pay an undisclosed sum to Startpagina.nl's parent company. It has also posted an apology on its own Dutch and Belgian sites dedicated to the AntiSpyware application.

Many people have pointed out recently that the reason "alternative" browsers like Safari, Firefox and Opera seemed to be more secure than IE was because no one was using them. That is, they aren't any more secure in reality, but the people who exploit security holes saw no reason to target them. With the recent growth (and related attention) of Firefox, however, some now expect spyware makers to start targeting that browser as well. The question, really, is how well Firefox/Mozilla will be able to fend off these attacks compared to IE. That might show how secure Firefox really is in comparison to IE.

Firefox has good pop-up blocker technology, but the pop-up coders are figuring out ways around Firefox pop-up blocking.

I’m starting to notice lately that there are a few site that have figured out how to bypass the pop-up blocking in Firefox. My fear is that this is the beginning of the end for current pop-up blocking technology – I remember how it started in Internet Explorer. A few pop-ups here, a few there … and then someone bought a pop-up gatling gun and blasted you in the face with it.

Or maybe I’ve just been so spoiled by Firefox that I freak out at the first sight of any pop-up ads.

The purveyors of pop-ups are getting smarter, but they haven't outfoxed Firefox yet.

One thing that gives Firefox its mass appeal is it’s solid pop-up blocker. Now Mozilla’s pop-up blocker is being challenged. There are some websites that have found a way around the blocker after its first pop-up is blocked. One such website is Ngemu.com; Firefox and Mozilla will both block the first pop-up, however after the user clicks on a link such as “XBOX”, a pop up appears. Bugzilla’s website contains a bug report of the problem including the source code for the work around.

This is the summary of an in depth look at configuring Firefox to block spyware, etc. It also compares Firefox and Internet Explorer approaches to the problem.

To continue my benevolent fairness, I actually think Firefox is a nice browser. It seems to render HTML without any problems, and the tabs are nice for browsing Slashdot. But just because it doesn't currently have any unpatched security vulnerabilities talked about in the press doesn't mean they don't exist (Secunia currently lists three unpatched vulnerabilities, for example).

Mozilla has had its share of security vulnerabilities in the past (just as IE has), and -- despite what the open source folk might say -- Mozilla keeps their security bugs hidden from the public (just like Microsoft does) in order to protect their customers from coming under attack by malicious users. Note that this is not a bad thing; all vendors should treat security bugs responsibly to ensure customers are not put at undue risk. It's just something you should be aware of. Just because you don't see any unpatched security bugs in Bugzilla doesn't mean they don't exist, either.

But the thing that makes me really not trust the browser is that it doesn't matter how secure the original code is if the typical usage pattern of the browser requires users to perform insecure actions.

- Installing Firefox requires downloading an unsigned binary from a random web server

- Installing unsigned extensions is the default action in the Extensions dialog

- There is no way to check the signature on downloaded program files

- There is no obvious way to turn off plug-ins once they are installed

- There is an easy way to bypass the "This might be a virus" dialog

This is what the "Secure Deployment" part of Microsoft's SD3 C campaign is all about; we design and develop secure software, but we make sure that customers can deploy it securely as well.

I personally don't care if people choose to run Firefox or Linux or any other software on their computers -- it's their computer, after all -- but we'll never get past the spyware / adware problem if people continue to think that installing unsigned code from random web sites is A Good Idea.

So, at this point in time, installing (and using) Firefox encourages exactly the sort of behaviour we are trying to steer people away from, and to me that makes it part of the problem, not the solution.