Welcome to @ You Place Computer Services

Firefox is Killing Support for Browser Plugins, and That’s a Very Good Thing

This is a daily opinion column written by Lowell Heddings, the founder of How-To Geek, featuring his take on the latest in the world of technology.



Portrait of a Red Panda, Firefox or Lesser Panda (Ailurus fulgens)

Firefox used to lead the charge when it came to making a better web experience, but these days they are a little behind — thankfully the good news is that they are catching up quickly. Google Chrome and Microsoft Edge have both abandoned plugins and integrated Flash in a more direct way to make sure that it stays updated, and now Firefox is joining the party.

Mozilla to Disable Browser Plugins (Except Flash)

Mozilla intends to remove support for most NPAPI plugins in Firefox by the end of 2016. Firefox began this process several years ago with manual plugin activation, allowing users to activate plugins only when they were necessary. This decision mirrors actions by other modern browsers, such as Google Chrome and Microsoft Edge, which have already removed support for legacy plugins. Moreover, since new Firefox platforms do not have to support an existing ecosystem of users and plugins, new platforms such as 64-bit Firefox for Windows will launch without plugin support.

Because Adobe Flash is still a common part of the Web experience for most users, we will continue to support Flash within Firefox as an exception to the general plugin policy. Mozilla and Adobe will continue to collaborate to bring improvements to the Flash experience on Firefox, including on stability and performance, features and security architecture.

Browser plugins are the biggest security risk on your computer at this point. If you download and run something bad, nothing can really protect you, but most people aren’t downloading and running sketchy software all the time. So the people creating malware to infect your computer have changed tactics, and now they try to infect people using vulnerabilities in the Java, Silverlight, Reader, or Flash plugins in your browser.

They generally either try to trick you into visiting a malicious link — which isn’t all that hard to do, since very few people know where a link is going to go when they click it, or they hack popular (or lots of less popular) websites to insert malicious code, or they try to trick low-quality advertising networks into running ads that actually contain malware. In any of these cases, they use zero-day attacks in browser plugins (or older versions of Internet Explorer) to get malware running on your computer.

Google Chrome runs Flash in a sandbox that protects against a lot of drive-by attacks, and when there is a security update, they can instantly push down a patch to everybody to make sure that people are protected. Microsoft Edge was designed from the start to forbid browser plugins, and of course Apple long ago banished Flash and all plugins from your iPhone or iPad (a good part of the reason why they are more secure).

Flash is slowly dying, and that’s a really good thing. The web doesn’t need plugins — I’ve disabled all plugins in my primary browser for the last year, and virtually everything on the web functions just as it should. And I use a separate browser for the few things that do require a plugin (like Netflix).

What You Can Do Right Now to Be More Secure

Stop what you’re doing, and go disable all browser plugins that you don’t need. It’s the most important thing you can do to keep yourself more secure. You probably won’t even notice a difference in your web experience (well, it might speed things up a bit).

And if you are really worried about security while browsing, you should check out our writeup of Malwarebytes Anti-Exploit, which adds protection against zero-day attacks by prohibiting them from accessing memory they shouldn’t or files that they shouldn’t have access to. The basic version is completely free.