plugins/extensions for DA

I visited this past weekend and found that Safari has almost enough plugins and extensions to be safely used as a default browser. Likewise, Mail has had a lot of its problems fixed, and GPGMail implements the only extension in Thunderbird that I actually use (though I have yet to determine if Mail’s junk filter is as good as Thunderbird’s).

Given that I use DT a lot, I would like to make DA my default browser. I’m pretty convinced that it would take support for user-developed plugins or extensions in order for me to trust DA in hostile (i.e., everything but known-safe sites) browsing.

Examples of features I currently use in extensions (I’ve posted this before I think): IDN/TDN detection, on-the-fly enabling of Java/Javascript/Plugins, AdBlock (popup and banner ad protection), per-site enabling of Javascript/cookies/popups, SessionSaver (saves all open tabs and windows in event of a crash), Automatic display of IP address and Reverse-DNS lookups for hostname, and a web developer toolkit for things such as examining GET and POST strings.

Obviously DA provides some of these features, and others are well beyond the scope of the application; they simply do not justify developer time.

Is it possible that a future version of DA will provide a framework which will allow users to write extensions that perform the tasks I mentioned above? I apperciate that DA is intended more as a search tool than a browser, but it is still a browser (and a nice one), and extensions are a critical feature in any modern browser.

Hi, edf. I rather doubt that DEVONtechnologies will attempt to ‘open’ Apple’s WebKit browser core in order to provide for user installation of extensions, unless Apple itself does so. Given the popularity of extensions and plugins in FireFox (which I don’t use for other reasons), perhaps Apple may do that in the future. DEVONagent is my default browser, and it does a good job preventing ‘pop-up’ ads.

Which is ultimately more secure, trusting Apple to provide security fixes, or trusting third-party extension writers to provide security? To tell the truth, I’m not sure, but I’ve browsed for years in OS X with Safari or WebKit browsers and have never encountered a security problem yet with a malicious site (which I probably would never visit unless it were a DA search result, as I do most browsing from a list of several hundred ‘trusted’ bookmarks). But I have a sneaking suspicion that the extension route could allow malicious software to be installed.

Pfhishing scams are becoming more and more sophisticated, and ultimately the user must take responsibility to avoid them, as I don’t think there is any bullet-proof software protection against making a bad decision by the user. Every week I get email purporting to be from my bank, one of my investment firms, PayPal, etc. that would enable the bad guys to steal from me were I to respond. Not too long ago such phishing messages were full of typos and badly formatted. Now some of them are beautifully designed to look official, and if one inspects the links they contain they seem real (and could probably fool protective extensions in the long run). The only true user protection is to avoid responding to them by clicking in their internal links. Which is why all the financial institutions I deal with have warned me to never, never, never reply directly to a message that purports to be from them. Identity theft should be a serious concern to everyone. Don’t trust software to protect against it.

I run behind a firewall. I can see in my menu bar the network and disk activity that’s going on at all times. And I watch the Mac sites for alerts about security issues. I have not (yet) installed virus protection software. But I don’t download software except from trusted sites and I don’t download haxies or other software that modifies the OS, with very few exceptions (haxies not included among the exceptions).

I’ve been buying stuff over the Internet for years, with credit cards. I monitor activity reports on credit cards. There have been two credit card fraudulent transactions, neither from Internet purchases. In one case, a department store clerk kept my credit card number and bought hundreds of dollars worth of clothes and shoes. The department store cancelled the charges to my card. In the other case, my wife’s purse was stolen from her office desk and the thief within minutes had removed $300 from an ATM using that card. The bank refunded the amount to our account.

Actually, the integrity of my data – especially my DT Pro databases – is worth more to me than my checking account or the value of the computers that host it, so the most serious threat as far as I’m concerned is data loss. I combat that by preventive maintenance on my OS and disk directories plus external backups to external media. I use AppleJack, DiskWarrior and OnyX or C*ocktail for maintenance and DT Pro’s Backup Archive script for external (and internal) backups of my databases.

I haven’t lost data, I haven’t been scammed or compromised by malware or phishers and my computers are operating smoothly.

Hi Bill,

Having worked at my share of IT security firms, there is nothing you can say that will make me believe I need less browser security :slight_smile: Given the sophistication of firewalls, virus detection, and spam filters, hijacking the web browser is these days the easiest way to compromise a system.

As to which is more secure, the answer is neither: hedge your bets and use both. The point of using extensions is to make the operation of the browser more transparent, so unfamiliar sites (coming through RSS these days more often than email or browsing) can be viewed under greater restrictions until they are validated – all without crippling the browser when using trusted sites.

Opening Apple’s Webkit is not a problem, I would assume. The Safari plugins are basically Input Managers (Safari Block, SafariStand) or scripts built on top of the SIMBL Input Manager. I don’t do much OS X-specific programming, so I cannot hazard a guess as to how hard it would be to do something similar for DA, but it does not appear to require exposing the WebKit internals.


EDIT: It looks like plugins ala Input manager are a feature of WebKit: