OCS banner and logo
Keeping clients' computers safe and profitable for over 30 years

Home Forms About Current Newsletter subscribe 
Search All Articles

Browse by Category

powered by pmc2m


Enable Click to Play

There are continuous security threats from Java and Flash as well as other browser plugins. You have probably read about some of these. Problems are not just caused by opening malicious objects, but also by "drive-by" attacks, which run even when you don't click on them. These are sometimes on legitimate sites, which were hacked, so staying away from bad sites, though it helps, can still leave you exposed.

I use NoScript in Firefox to prevent any script from running unless given permission, but this causes too many hassles for most users, so I do not recommend it. Sites tend to work fine, and then all of a sudden break as they attempt to invoke some script.

Now, there is a good solution to 90% of the problems. It is simple, clean, and will solve most problems without undue hassle.

The 90% solution

Both Firefox and Chrome now offer "click to Play". Click to play stops browser plugins like Flash, Java or Silverlight from running automatically, and presents an image to click on which runs the plugin to display the video.

One single click, and that particular script is allowed to run. Very clean. Very simple. Just fabulous!

Neither browser has Click to Play on by default. They are both testing it. Firefox turns plugins off if they are out of date, but leaves plugins on if they are up to date. This is not satisfactory because so many attacks are present against fully updated Flash and Java. I'm so happy with Click to Play, that I recommend everyone turn it on.

I will be turning this on as a standard part of my monthly maintenance for those computers I update.

Turn it on in Firefox

In Firefox, type about:config in the address bar. Click ok on the warning that if you screw up you could be screwed. Be careful now. I will do this for you if you like.

In the search bar type plugins.click and that will filter the options to just one: the plugins.click_to_play option. Double click in the value area and it will toggle the false to true. Leave the About:Config area by going somewhere else.

Now Click to Play is turned on in Firefox and your browsing is safer.

Turn it on in Chrome

Pull down the menu on the top right and choose Settings. Under settings type click to play in the search bar. Click the highlighted Content Settings... button.

Scroll down the menu to Plug-ins and choose Click to Play

That's it. Now your browsing is safer.

Let's try it out!

First, go to http://www.screencast.com/t/sMR3KscYV7VB and you'll be at a safe page with a flash video I did on using Keepass.

In chrome you get just the Lego or plugin icon requesting a flash activation. However in Firefox there are 4 things to see:

  1. Capturing your attention right away is the big Lego (plug in symbol). Don't click it yet! If you did click it, it would activate flash and the address bar icon would disappear.
  2. Also notice the plugin symbol in the address bar. This one is even more useful and could be the only one if there is Java behind the scenes and no video box.
  3. If you click on the new icon in the address bar, it'll open the menu above. It tells you which plugins want to run and allows you to activate them. You can click the activate button to activate adobe flash on this page. This works like the big button (#1)
  4. You can click the Activate All button to activate all plugins if more than one were used at the web page. You can pull down this menu and choose to always activate all plugins on this site so a site that uses scripts and which you frequently visit won't keep hassling you, or never for one you go to but don't trust or want flashing stuff in your face. Or cancel, which they call "not now".
Once you've activated the plugin, then the new special plugins icon will disappear from the address bar.

That's all there is to it. You are now much safer than you were just a few minutes ago!

Date: April 2013

Creative Commons License
This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

  Please direct questions/suggestions about website to the webmaster