Saturday, August 4, 2007

Toolbars are hazardous to your browsing health

Every browser-based toolbar should come with a warning like what the cigarette makers have to put on their products: WARNING: Use of this product may be hazardous to your PC's health and cause all kinds of viruses and other infections.

I am being somewhat serious. The news last week of the potential exploits from the LinkedIn toolbar should be a sobering thought for anyone who has this or other toolbars installed on their system.

No one has actually observed this proof-of-concept exploit used by any malicious hacker, yet. But obviously this is just the tip of the virus iceberg here.

I don't know what the big deal with browser toolbars are, anyway. No one I know will admit to using them, and most people have them inadvertently because they downloaded something else and the toolbar got installed as collateral damage. Most of these toolbars are there for better access to search sites, but if you are already using IE 7 or Firefox you have this already as part of your browser without having to download something that will consume more screen real estate.

I actually was using the LinkedIn toolbar for a few days earlier this summer when I was experimenting with using the site for more than just finding where my friends now were working. But alas the toolbar didn't stick – it was buggy and kept crashing and causing me all kinds of grief, so now I am very happy going back to just bookmarking the site and coming in manually like ordinary civilians. I didn't see much savings and the notifications were getting annoying after just a few days, a sure sign that its toolbar didn't have staying power.

Now, my dissatisfaction with browser toolbars doesn't extend to browser extensions, which are an entirely different story. There are lots of useful ones that help me access FTP sites, Greasemonkey programs, and create TinyURLs, just to name a few.

Browser security is still a big, gaping chest wound for desktop computing. And having a toolbar just opens up another point of infection and isn't worth the trouble. I'm actually interested in this topic and doing some research this week for a story about honeyclients for Information Security magazine. If you are familiar with honeynets, these are a bit different: they are automated search programs that try to uncover new browser exploits by browsing thousands of Web sites and recording what they see. Obviously, lots of fertile ground. In the mean, if you have any toolbars installed, uninstall at least the LinkedIn toolbar, if not all the others.

No comments:

About Me

My photo
David Strom has looked at hundreds of computer products over a more than 20 year career in IT and computer journalism. He was the founding editor-in-chief of Network Computing magazine, and now writes for Baseline, Information Security, Tom's Hardware, and the New York Times.