Good piece by ZDNET on a Firefox add that -on lets surfers tweak sites, but is it safe?
A new Firefox extension that lets people customize their experience of the sites they visit is stirring excitement among Web surfers and consternation among security experts.
The extension, dubbed Greasemonkey, lets people run what’s known as a “user script,” which alters a Web page as it’s downloaded.
That capability has gained the extension an avid following of Web surfers who want to customize the sites they visit, removing design glitches and stripping sites of ads. But the extension comes with substantial security risks, and could stir trouble among site owners who object to individual, custom redesigns of their pages.
Have to admit I haven’t looked at greasemonkey, but it’s an interesting conundrum. Makes me wonder, too, about all the other extensions I’ve loaded into Firefox. It would be real easy, wouldn’t it, to put some sneaky stuff in there too? Why are we so afraid of any IE toolbar, or free browser add-on, but so happy to download extensions to Firefox from folk we don’t know, and who haven’t had to pass any tests?
A) Firefox requires extension signing
B) Scripts you run from greasemonkey will still need to request elevated privileges (although it *is* true they could do a lot just messing with the site – I certainly intend to review scripts before running them).
Exactly what tests has Microsoft or any of the toolbar makers passed
that makes them better and/or safer than Joe Blow extension writer?
Have you looked at the MSN/Yahoo/AIM/Acrobat toolbars by any chance?
I wouldn’t allow any of them to be installed on your computer let
alone on a machine I maintain. I can almost allow the Google
Toolbar because it serves a valid function if you use IE (pop-up
blocking/searches) but all of my users are required to use Firefox