I used to hate IE Security Zones, Then I got Firefox...

Journal Deathlizard's Journal: I used to hate IE Security Zones, Then I got Firefox... 1

Journal by Deathlizard on Saturday June 28, 2008 @11:42PM

With all the hype surrounding Firefox 3 these days, I decided to finally give it a try. The last time I used a Mozilla product was back during the Mozilla 1.7 days. Back then I liked the way Mozilla was laid out, but then Firefox took the spotlight and pushed Mozilla into obscurity. add a few annoying bugs here and there and I just stayed with IE.

The first thing I noticed is that it has a robust plugin system. I quickly added some plugins for some settings I use in IE7. Unfortunately, there is one feature You cannot add to Firefox as far as I can tell, and that's Security Zones.

For the longest time, I looked at security zones as a dangerous security problem in IE. They were exploited a lot in the beginning, and some of the settings were set too low, Especially when it came to the Intranet and Trusted Site Zones. But after playing with them for some time, I saw the potential that Zones give you security wise.

For example, there's a Program out there called Spywareblaster that really puts security zones to good use. Basically it's a blacklist that adds known badware sites to the restricted zone. Spybot Search and Destroy also uses this in their immunity function.

Now when I browse in IE, every once in awhile I'll notice that I'll be browsing not in the Internet Zone, but in an Unknown zone(Mixed) zone. That usually means that the site I'm browsing is most likely calling an ad provider that's not too friendly. This alone stops most drive by downloading and obnoxious flash ad's with sound right there. In Firefox however, there is nothing like security zones in it, From what I can tell, it has a default method of browsing that it applies to all sites. The only things I found in Firefox that had site by site restrictions was for images and cookies. Which I guess is a start, but it would be nice if there was an exception section to block scripting too.

Since I didn't see this functionality built into Firefox, I started looking for plugins that would add similar functionality to Firefox. The closest Thing I could find however was Noscript which is a free security enhancement for Firefox. It does work good and increases security dramatically but it's not quite the same. For one thing it's a Whitelist system. Noscript Assumes that all sites are bad, and you have to allow sites on a site by site basis. While this is the most secure way of handling scripts, it also requires a lot of work for the user, especially if the user browses a lot of sites. From my experience, it works the same as 2003 server's Enhanced Security configuration without all of the annoying prompts that IE likes to show. Basically if you go into IE, set the Internet Zone to high security, changed the security of trusted sites from low to medium, and added every site you frequently browse to your trusted sites zone, you would have the same functionality. Although In IE it's more of a pain to add sites to zones than it is in Noscript, which is a bar above the status bar.

I guess what I would like to see is something akin to security zones in Firefox. It doesn't have to be like security zones as much as a "exception" section similar to the one for the "load images automatically" and "accept cookies from sites" options except for "Enable JavaScript". That will allow users to add a domain to it and disable all scripting from that particular domain and will function as a blacklist. You could also add Whitelist functionality as well but Just Like IE's Trusted Sites zone, it could lead to sites adding themselves to the whitelist in order to attempt infection, Although I don't see how this would affect Firefox much since if a Site added itself to the whitelist it would still have to go through the Firefox security channels unlike the IE Trusted Site zone, which by default used to bypass IE security altogether until IE7 fixed that.

Generally speaking however, I'm pretty happy with Firefox so far. It's definitely come a long way since the Mozilla days.

Edit: I noticed that someone made a Firefox Extension called YesScript that adds a blacklist feature in Firefox. Although it's a relatively new plugin, it works well. The only problem is that I can't figure out a way to add a group of sites to the program easily. If it had an option to import restricted sites from IE it would be perfect, since SpywareBlaster fills in Restricted sites for IE. It has a minimalistic user interface that's basically an icon that you click on to allow or deny a specific site which changes color if it's black or white listed, although I wish that it also had an option to select specific domains contained in a site. (such as AD banner domains)

It's a step in the right direction and this plugin is looking promising.

Edit: I finally found an acceptable answer in AdBlock Plus. It's a add on for Firefox that blocks malicious sites similar to Spywareblaster. It also automatically updates and blocks by reference as well as by URL. It's definitely the protection I was looking for without the nagging "Cancel or Allow" protection I was not.

This discussion has been archived. No new comments can be posted.