Why --ANY-- Tool-bar is Bad

By | May 22, 2015

There are two main reasons why any browser tool-bar is bad:

  1. code injection
  2. infection vector

Code Injection:

If you are lucky enough to have installed one of the tool-bars that actually injects code into your browser, congratulations:  You have just figured out why several of your web pages do not work the way they are intended.

Web pages are increasing programmed pages.  As time goes on, you will likely see this be the continuing trend.  There are two major types of web-based programming:  server-side and client-side.  With server-side programming, all the programming executed on the web-server serving you the web-page.  What you get is generally clean code that just needs to be displayed by your browser.  Code injection can do limited damage to this style of web-page as the location of the running program is remote.  However, through specially crafted client-side scripts, code injection can still ruin your day.

Client-side programming on web-pages will likely break with code injection.  At this point, the sky is the limit.  If you go to a web-page that exists on a server you trust and you are sending up your personal information:  Congratulations, you could have just sent your personals to the producers of that tool-bar.  The sky is the limit with tool-bars.  They own your browsing experience.

If tool-bars were just short-cuts, I wouldn't have a problem with them.  However, they are not.   Even the anti-virus tool-bars parse your web activity and analyze it.  Here's the deal:  If you get infected, it will be on the computer:  A decent anti-virus program should handle that for you, as long as you keep it updated and active.

Infection vector:

If you are keen on updating your system, you are in the minority.  Tool-bars are one more thing to be updated, that usually are not.  Unsupported code, or ill-supported code is one of the major vectors of infection (how you get infected) that exists today.  As a matter of protocol, before I do anything on a computer (every day) I check for updates.  Then I get to work.  Tool-bars are one more step on the way.  I can live happily without having to update a tool-bar.

If a vulnerability is found in a tool-bar and you have not updated it, not only are you having the tool-bar what all of your Internet activities, but if you travel to the wrong page, you are now owned.  Through vulnerability exploitation, you have just given a program that has a high-degree of access to your computer system and your personal life, the code it needs to malign your system.

Bottom line:

No tool-bar is worth the uncertainty it inflicts on the browsing experience.  Uninstall, disable, do what ever it takes to get rid of them.  Now.

Thanks for reading,

Jay