Malwarebytes flags Firefox as malicious for checking Certificates?

For many years I have been pushing out Firefox through Active Directory to 150+ Windows machines. Currently all the machines are running Firefox 55.03. One user who runs the Professional version of Malwarebytes for additional security noticed a strange detection appearing yesterday. Malwarebytes was identifying Firefox as making outbound connections to which, as it turns out is a domain owned by Symantec. In Firefox, there is an option (under Advanced | Certificates) to “Query OCSP responder servers to confirm the current validity of certificates”.

Continue reading “Malwarebytes flags Firefox as malicious for checking Certificates?”

Google to drop support for older browsers

On August 1st, Google plans to drop support for older browsers. This is a good thing! Using an older browser makes it much more likely that you’ll get a virus on your machine (at least if you run Windows), or succumb to a nasty javascript attack to steal your passwords (a browser on any OS is vulnerable to that) but old browsers also don’t conform to the most current web standards (HTML5) which forces folks like me to do all sorts of hacks behind the scenes to make things display correctly just for you and slows down the pace of web development for everyone. Forcing people to “get with the program” and upgrade their old software isn’t as onerous as it sounds – most browsers are free and newer versions are generally faster and easier to use. Unless you’re already using Chrome (which auto updates behind the scenes – I’m currently on 11.0.696.77), you should check to make sure that you are using an up to date browser before August 1st so you aren’t caught unaware. Google plans to support only the current version and the prior version of modern browsers, which means after Aug 1 they will only support (read: “work on”) Firefox 4 and Firefox 3.6. Visiting Google in Firefox 3.5 will probably thow some kind of error telling you to get busy and upgrade. If you use Chrome, same thing. If you’re using Internet Explorer, what are you thinking!? Well, you can use whatever you want but you should know that after that time IE7 will no longer work (IE 9 is current version). Its not just Google pushing this either. Microsoft has a Moving the World off IE6 site.

official Google release

MySpace = Geocities circa 1995

I’ve been ‘online’ since before the internet was open to normal folks. Our school computers were connected to the nearby national lab in the mid 80s. I used to dial into many a BBS in the early 90s. I remember using the first web browser, Mosaic in 1993. Then Al Gore said that everybody else should be allowed to use the internet too and it started to suck.

AOL 3.0 came out the following year and people surged online. There were tons of small start-ups (usually old BBS providers) offering cheap, no frills connections to the internet too. Lots of kids started learning HTML and creating their own web pages.

Geocities (the old Geopages) started offering free web space to build ‘online communities’. While it was possible that a geocities site wouldn’t suck, it was really rare that one wouldn’t. The typical Geocities page was a mess of big slow-loading background graphics with impossible to read text of some color with no contrast to the background over it. Then came the flashing animated gifs and pop-ups and blinking text.

Most decent sites were still on University or government servers. What was decent? Sites with content, information, links to other useful pages. What was indecent? High School kids putting their personal diary online to share rude comments about their social studies teacher, or a bit later when snippets of code began to circulate, a lame ‘guestbook’ where visitors could ‘sign in’ and leave a terse comment ostensibly for the person visited, but really more as an enticement to others to view their own page (early viral marketing).

Well, Myspace is the 2003 version of Geocities.

The personal pages are just as hack, the communications are just as shallow, a ‘place for friends’ is a misnomer. The site is not designed to foster true communication between friends, it encourages quick one liners. It’s the web version of that annoying email forward your clueless friend sends to everyone in their address book.

Myspace is a lot like the High School experience I hated. The cliques, the superficial-ness, the adolescent practical jokes, public humiliation of anyone not in the ‘cool group’ – it’s all there.

One might argue that everything on myspace are aspects of real American society being reflected online, but I think that a different design would elicit a different result.

Look at Slashdot or Digg – while all users have a ‘profile’, a user’s ‘karma’ or status in the community is a result of the reaction of the community to a user’s participation over time. If you don’t participate, you’re just another member, but if you do – others can rate you as a good guy or otherwise and this ‘rep’ develops over time. Others who read what you’ve written later on may find you to be of like mind and choose to follow your future conversations, or weight them more heavily. The conversations that develop on these kind of sites (and on topic specific personal blogs like that of my friend NonProphet) are generally deeper, and since friendship is based on the quality of communication between people – this is a major point.

Block pop-ups and banner ads

A while back I posted a story here about Mozilla (the web browser). I maintain a small network at work of around 35 PCs [update 2010: this is now 120+ but we’re still using Mozilla, though now it’s Firefox] and we’ve been running along just fine with various flavours of Netscape/Mozilla for years. This is why I am aften baffled when I hear folks complain about pop-ups ads and see advertisements for programs that ofter to block them. This is built right into Mozilla! An additional bonus is that if you put a specially formatted (css) text file in the right place, you can filter out all the annoying banner ads too! Find out how!Assuming you’ve already visited the links from the story linked above and have downloaded and installed a nice new Mozilla, begin by blocking all those unrequested pop-ups: Go to Edit | Preferences | Privacy & Security | Popup Windows and put a check mark next to “Block Unrequested Popup Windows”.

Don’t worry, you can make exceptions for those sites you visit that need to open a new window for full functionality of the site (online banking, etc.). Just click the “Allowed Sites” button next to this check box and enter the web site address to allow popups from.

The quickest way to get going with ad blocking is to visit and copy the latest userContent.css file there into the chrome directory deep inside your mozilla profile. In Windows this is something like C:WindowsApplication DataMozillaProfiles John Smithlm34qgkq.sltchrome. In linux, its in the ~/.mozilla/ directory. In MacOS try ~/Library/Mozilla/Profiles/.

The userContent.css file is just a css (cascading style sheet) which you can edit and craft to block or allow any specific file types that get by the default settings. Some example edits are shown on this site. More info on user profiles in Mozilla can be found here. Customizing Mozilla is the official page and gives a good overview of the process.

Installing Mozilla does NOT break your Internet Explorer installation (All the machines at work have both installed and we have no problems, though I have deftly removed IE shortcuts from everywhere and practically no one knows its still there). Hopefully this stuff will help those folks out there who want a more pleasant browsing experience get one!