back to article Hey girl, what's that behind your Windows task bar? Looks like a hidden crypto-miner...

Miscreants have found a way to continue running cryptocurrency-crafting JavaScript on Windows PCs even after netizens browse away from the webpage hosting the code. Researcher Jerome Segura of Malwarebytes said on Wednesday his team discovered scumbags had written some custom code to keep Coinhive's freely available in-browser …

  1. gerdesj Silver badge

    Because you can't be arsed

    As it turns out: not everyone runs Windows. There are a few Unix styled boxes around, some are fruity but the rest are useful.

    1. Charles 9 Silver badge

      Re: Because you can't be arsed

      But if you read the article, you'll note that the process itself is mostly platform-agnostic. It's just that the "secret" window may find it harder to hide in unfamiliar territory, but given that most systems possess some kind of taskbar or analogue, browser fingerprinting can potentially allow it to hide virtually anywhere. Failing that, it could try to find ways to position the window along an edge so only a very obscure line would be visible.

    2. rmason Silver badge

      Re: Because you can't be arsed

      @geresj

      Unix systems never use browsers?

      You live and learn.

      1. Rich 11 Silver badge

        Re: Because you can't be arsed

        Or maybe it's just some Unix users who refuse to browse with anything other than Lynx.

        1. Anonymous Coward
          Anonymous Coward

          Re: Because you can't be arsed

          Lynx? You're lucky... when I were a lad all we had was wget...

          1. Alistair Silver badge
            Windows

            Re: Because you can't be arsed

            wget? Hrumph! had to use Kermit we did!

            1. Kiwi

              Re: Because you can't be arsed

              Kermit? LUXURY!

              Why, we had to use pen and paper, while walking BAREFOOT across the road to school, DOWNHILL both ways, on a mild summer's day!

              1. Jonathan Schwatrz
                Happy

                Re: Kiwi Re: Because you can't be arsed

                But did you get sliced in two with a bread knife?

            2. RegGuy1

              Re: Because you can't be arsed

              Kermit. Fucking hell, I've not used that in a looong time!

    3. phuzz Silver badge

      Re: Because you can't be arsed

      Given that this coin mining software will need to be run across millions of devices to be worthwhile, why would anyone take time out to find a way to secretly run it on a unix box, when the same amount of time and effort could be spent getting it to run on Windows machines, thus reaching an audience probably at least 100 times larger?

      1. Doctor Syntax Silver badge

        Re: Because you can't be arsed

        "why would anyone take time out to find a way to secretly run it on a unix box"

        It's written in Javascript so no effort at all is needed to make it run on a Unix box. The browser provides the platform. Pop-under windows are also a feature of the browser so what works on the browser on one OS is going to work on another.

        Noscript is your friend.

      2. d3vy Silver badge

        Re: Because you can't be arsed

        "Given that this coin mining software will need to be run across millions of devices to be worthwhile"

        Actually with the curent trading price of monero you could probably get a fairly decent return from anything above 500 machines.

        Generally I believe coinhive say that the to make it profitable vs adverts you need around 2000 users spending 10-20 mins on your site (Its been a while since I read this so it might not be accurate still) so if you can trick users into running the script for a few HOURS then you will need far fewer people.

    4. Mage Silver badge

      Re: Because you can't be arsed

      … to run NoScript properly configured.

      No platform is immune from evil on the Internet. Worst is 3rd party domain javascript, esp. in adverts. BBC and CNN have served malware.

      When will Advertisers and Webmasters / owners learn? Anything other than the same URL for everyone image and a link is evil.

      1. Claptrap314 Bronze badge

        Re: Because you can't be arsed

        The last Firefox update rendered noscript unusable. Also a couple websites unviewable.

        1. The Dogs Meevonks

          Re: Because you can't be arsed

          I found that out yesterday, thought I'd got some kind of infection that all of my security/protection had missed.

          Nope... just the fact that NoScript 10.1.3 was the culprit... I returned to 10.1.2 and everything was fine again... after double checking and comparing to another system that doesn't get firefox updated as often.

          Today after retesting this afternoon after a fresh boot... all is good again and 10.1.3 works once more... But I am having to relearn some sites... once of which was an internal one to my mediaserver.

        2. JLV Silver badge
          Boffin

          Re: Because you can't be arsed

          NoScript is back on FF57 Quantum and has been for about a week.

          Mine re-enabled itself somehow without me having to do anything. Looks legit enough though - same whitelists as before for each site.

  2. veti Silver badge

    Finally, a reason to move the task bar

    Just 20 years after Microsoft gave us the capability, at last there's a reason to do it.

    Unfortunately it would mean relearning 20 years' worth of muscle memory and habit - but hey, nothing's for free, right?

    1. Teiwaz Silver badge

      Re: Finally, a reason to move the task bar

      Traditional taskbar layout 'just doesn't look right' any orientation but horizontal (to me, anyway).

      And I've been using 'Linux soley (home system anyway) for 18 years.

      It's the clock and the system tray that don't look right mostly...

      1. bazza Silver badge

        Re: Finally, a reason to move the task bar

        Yet the same trick works on Linux and everything else too. It's the HTML/Javascript standards that allow this, and they're everything to do with Browsers, not operating systems.

        1. Teiwaz Silver badge

          Re: Finally, a reason to move the task bar

          Yet the same trick works on Linux and everything else too.

          + Although proly not on a Tiling Wm.....

          ...well, not unless you've set your browser to Float all the time.

          + Many 'Linux Desktops these days have unmovable panels that nothing can hide under (Gnome, Unity).

          +Then there are the hard-asses that have gone desktop comando (no pants, erm, panels whatsoever)....

          1. Charles 9 Silver badge

            Re: Finally, a reason to move the task bar

            Even without a taskbar, it may be possible to "shade" the window by putting it right on the edge so you'd have to spot a very thin line in order to know the window's there. Actually, a taskbar will be of help here since it can make you aware a browser window's still open.

            1. bombastic bob Silver badge
              Devil

              Re: Finally, a reason to move the task bar

              "Actually, a taskbar will be of help here since it can make you aware a browser window's still open."

              a good point. There may be a way to have it display "iconless" though. I haven't tried. But if it's a top level window, it will most likely be in any task bar that has icon windows listed in it.

              I run Mate with the upper panel having the CPU monitor in it. If I see unusual CPU activity, I typically kill that application and re-start it. Usually it's Firefox, due to garbage collection and being left open on 7 virtual desktops with 20 or 30 tabs for days or weeks on end. Sometimes it's something else. but if you see consistently high CPU usage, it's often a problem with the application. And if it's bitcoin mining, THAT would put a stop to it REALLY QUICK.

              That, and running 'NoScript'.

    2. Nick Ryan Silver badge

      Re: Finally, a reason to move the task bar

      The original "task bar" (start menu) in Windows was designed to be at the top of the screen however I understand that Microsoft Legal stepped in as this could have caused them some serious problems if manufacturers of other OSes complained. There may also have been design considerations where menus were stacked together, as in the OS shell menu and an application menu however as the task bar was designed to be very different to an application windows's title bar I don't really see this as an issue.

      It was almost certainly a last minute change and as a result of this, and doubtless and bit of obstinancy, it was possible from the outset to put the menu back in the designed location, the top of the screen, even if the default was set to the bottom.

      When you think about the original Windows start menu being located at the top of the screen it makes considerable more sense as the first thing on the start menu really shouldn't be shut down as this was entirely the reverse of common sense and all existing menus. The All Programs folder would have been at the top and Shutdown/Exit at the bottom which also made a lot more sense.

      1. Mage Silver badge

        Re: Finally, a reason to move the task bar

        Top of screen makes most sense. I have my programs menu and running applications panel there on autohide and autowidth. Less easily triggered visible as it's near title bars. I have autohide panels on the three other edges:

        Left: Local look up stuff / management (Calibre, Control panel, Filemanager)

        Right: Remote stuff (FTP/SFTP, Browsers, email, Shh, chat etc)

        Botttom: Like applications, it has status (CPU, Keyboard state, Network state, USB manager, Bluetooth etc).

        Easy to do on Mint + Mate and save for all users. Windows has become horrible with its pinning and unreadable flat icons and poor customisation, like back to Windows 1.0 and 2.0. The 3.11 was better, you could even make a desktop window like a pinned taskbar menu!

    3. Doctor Syntax Silver badge

      Re: Finally, a reason to move the task bar

      Just set the task bar to autohide.

    4. Anonymous Coward
      Facepalm

      Re: Finally, a reason to move the task bar

      Or Microsoft could fix their mess and not allow windows to be hidden behind the taskbar.

      1. Dinsdale247

        Re: Finally, a reason to move the task bar

        They already tried that. It was called Windows 8 and you all complained.

    5. Spanners Silver badge
      Happy

      Re: Finally, a reason to move the task bar

      As we are getting wider/narrower screens all the time, the best place for me is at the side in some of the waste space that I now have. I prefer it on the ,left for the same reasom that I prefer to drive there - I'm mostly right handed. YMMV on that.

      1. Orv Silver badge

        Re: Finally, a reason to move the task bar

        I have the dock on the left on my Mac and my Chromebook. Never felt like the Windows taskbar functioned very well in that position, though.

    6. d3vy Silver badge

      Re: Finally, a reason to move the task bar

      "Just 20 years after Microsoft gave us the capability, at last there's a reason to do it.

      Unfortunately it would mean relearning 20 years' worth of muscle memory and habit - but hey, nothing's for free, right?"

      I have mine set to auto hide anyway * , no changes to muscle memory needed as when the mouse moves down its there.

      * I dont like the clutter!

      1. 404 Silver badge
        Joke

        Re: Finally, a reason to move the task bar

        My taskbars have been up top for many years now because... you know... gravity. Machines run faster ;)

        1. ThomH Silver badge

          Re: Finally, a reason to move the task bar

          The apocryphal version I heard was that there were no Windows 3.1 apps that had an issue with screens being different sizes, there were some that had issues with the origin of the user-interactable area not being (0, 0), and the coordinate system was a shared and exposed resource with no coherent way to offer different versions to different apps.

          So the start bar went at the bottom because there were too many significant apps that either assumed the top left was (0, 0) when maximised or had a bad habit of spawning new windows at (0, 0), no coherent way to lie to them about the coordinate system, and too many edge cases in every attempted kludge.

          But unless and until I read it on something like Raymond Chen's excellent The Old New Thing, I'll continue to take that alleged version of events with a pinch of salt.

      2. Simon Harris Silver badge

        Re: Finally, a reason to move the task bar

        "* I dont like the clutter!"

        Maybe I'm just greedy, but I auto-hide it because I want that extra 40 lines of pixels all for myself!

  3. Anonymous Coward
    Anonymous Coward

    'If malvertising wasn’t bad enough as is'

    Speculators made millionaires of a lot of wannacry extortionists and hacker scumbags etc this month. Who knows, maybe they'll give up their craft???

    1. Doctor Syntax Silver badge

      Re: 'If malvertising wasn’t bad enough as is'

      "Speculators made millionaires of a lot of wannacry extortionists and hacker scumbags etc this month."

      Until that bubble bursts.

      1. Anonymous Coward
        Anonymous Coward

        'Until that bubble bursts.'

        The malware-writing cyber-crims have cashed out early as millionaires... (Ahead of regulation + money-laundering checks)..

  4. Anonymous Coward
    Anonymous Coward

    I'm old school

    Like chess-by-mail, I do the internet by correspondence.

    I am currently waiting for a ping letter...

    1. Teiwaz Silver badge

      Re: I'm old school

      I'm old school

      Like chess-by-mail, I do the internet by correspondence.

      I am currently waiting for a ping letter...

      Read that as Cheese by mail

      ...If it sounds like a good idea, I've got dibs...*

      'How are we on tilsit, red leicester, Venezualan beavers cheese'...

      * Yes, the website will be playing bouzouki music

    2. redpawn Silver badge

      Re: I'm old school

      With Spectrum internet they do a good job of simulating this.

    3. Kiwi
      Unhappy

      Re: I'm old school

      Like chess-by-mail, I do the internet by correspondence.

      I am currently waiting for a ping letter...

      Most of the time lately my current feed is like that, but with an electric typewriter attached.

  5. Frumious Bandersnatch Silver badge

    continuations...

    Hello, lambda calculus ...

    (I wonder will this curry favour with the readers?)

    1. bombastic bob Silver badge
      Joke

      Re: continuations...

      "I wonder will this curry favour with the readers?"

      lambda curry, and the enjoyable smells afterwards (give it an hour or so if it's properly spiced)

  6. Forget It
    Coat

    Firefox remedy via addon (WE)

    https://poperblocker.com/firefox/

    1. Anonymous Coward
      Anonymous Coward

      NoScript helps here, but be careful. Some of these popups are actually gates, meaning blocking them means you can't proceed.

      Also, I'm not too pleased with the script requirements for that homepage. For a site that touts protecting privacy, they don't adhere to privacy-protecting KISS principles.

      1. Anonymous Coward
        Anonymous Coward

        We pay nothing for no-script and it's bloody invaluable. Let them hawk some stupid pc performance boost Ads if they want, got to make a living somehow...

        1. Charles 9 Silver badge

          Not talking NoScript. They actually keep things simple. It's the Poper Blocker homepage I'm complaining about. And by my philosophy, if you can't get by without begging, you're in the wrong line of business.

          1. David 132 Silver badge
            Coat

            Charles 9 It's the Poper Blocker homepage I'm complaining about.

            Go easy on it, being able to block Popes is useful, they're always pontificating about things.

            Oh, wait, I might have mis-read.

        2. Doctor Syntax Silver badge

          "We pay nothing for no-script"

          Be a good A/C and give them a donation now and again.

          1. lglethal Silver badge
            Go

            Anyone got a replacement for NoScript? The new Version for Firefox 57 is atrocious and totally user unfriendly. Until they get it back to the ease of use of the old one, I need to find something else...

            1. Anonymous Coward
              Anonymous Coward

              @ lglethal

              You could trade off the new features of 57 for an older version where extensions still work properly.

              It's a trade off in using old version (where all your plugins happily work) vs. not having latest version & so not all security related patches. An awkward call, I prefer older version as I have more control over the browser (& when a must have security patch appears I'll switch to a Firefox fork that supports old style extensions but has security patches). I'm loyal to my "must have" extension functionality rather than any particular browser

              1. lglethal Silver badge
                Happy

                Unfortunately, I have noticed the speed gain in 57. Maybe its not huge but the fact that it is noticable at all says quite a lot. So I'm reluctant to go back to old Firefox.

                As such, I am pretty much looking for something else other than NoScript as I'm not overly confident that they will be able to turn it back into a user friendly interface. The old "trusted/untrusted/default to untrusted/temporarily allow" combination was intuitive and easy. I taught my mother to use it in 5 minutes with ease (and it has sense saved me a ton of malware call-outs!). But this new Version - where trusted doesnt really mean trusted it means trusted to do certain things and maybe only on https or maybe not, and untrusted does not necessarily mean untrusted and Default can mean something else entirely. My mother is not going to understand why she should (for example) allow scripts, but not fetchs. I'm all for giving advanced users and those who want fine grained controls to have them in the advanced Options, but forcing that on every day users. gahh...

                Sorry end rant... ;)

            2. Anonymous Coward
              Anonymous Coward

              uMatrix. It lacks some features (though I think a lot of those are also missing from the WebExtensions version of NoScript), but the javascript blocking is the same, in fact uMatrix had the more granular control of blocking cookies, scripts and frames before NoScript and has a much simpler interface for it.

              1. lglethal Silver badge
                Thumb Up

                I will give it a try! Cheers!

            3. J. Cook Bronze badge
              Boffin

              uMatrix works pretty well, and allows you to be a lot more selective as to what it blocks/unblocks.

              I was pointed at it after a raging night with NoScript's refusal to remember a setting I had just put in, and haven't looked back.

      2. Mage Silver badge

        popups are actually gates,

        "Some of these popups are actually gates, meaning blocking them means you can't proceed."

        GOOD!

        Idiots. I've not found a problem whitelisting SOME javascript domains on sites I visit regularly.

  7. Anonymous Coward
    Anonymous Coward

    Download Blocked - coinhive.com/lib/coinhive.min.js

    Saw this on SodaPDF support site when a search on their knowledge base is entered, Kaspersky to the rescue for non-US Gov users atleast.

  8. Anonymous Coward
    Anonymous Coward

    browser popups

    At this point in time, is there still a browser left which does not redirect popup windows to tabs - either by default or at least as an option?

    It is much harder to miss a new tab suddenly popping up ...

    1. Charles 9 Silver badge

      Re: browser popups

      Most do, but there are ways around it.

  9. arctic_haze Silver badge
    Holmes

    Auto-hide, Sherlock!

    "Auto-hide the taskbar" is the solution. I'm not sure it's available in Windows 8 and 10 because I successfully avoided upgrades but in Windows 7 it works beautifully.

    1. Spanners Silver badge
      Go

      Re: Auto-hide, Sherlock!

      It works on Windows 10,.

      There's an option "Automatically hide the taskbar in desktop mode".

      I haven't tested the button underneath for tablet mode as for tablets I use Android.

  10. Tom 7 Silver badge

    CPU monitor permanently on.

    Just make sure you can see what your CPU is doing. I occasionally get people trying to mine on my machine and the cpu monitor lets me know - and often the fans kicking in drowning out everything,

    1. Anonymous Coward
      Anonymous Coward

      Re: CPU monitor permanently on.

      > and often the fans kicking in drowning out everything,

      You've got some pretty unruly fans there. Are you a rock star?

  11. Terry 6 Silver badge

    Let me get this right.

    The article seems to be saying that these pop-unders are running out of sight when users close all the visible windows in the browser, but don't close the browser itself. So..... exiting the browser and not just xing the individual windows is all that is needed to be sure. Probably a good idea anyway - especially if you've been to web sites likely to have hidden nasties.

    And if the browser is still running, wouldn't it still be showing at the bottom of the screen?

    1. Neil Barnes Silver badge

      Re: Let me get this right.

      I wonder what happens in this case if you have your browser set to open all the windows open when you closed it (as I have)? I'd assume it would then re-open the offending|offensive miner.

    2. Nick Ryan Silver badge

      Re: Let me get this right.

      "Exiting the browser", as in using the File -> Close menu item, generally doesn't do anything more than close the current window. A pop up/under window is usually another instance of the browser and therefore a different process which is unaffected by closing a different instance to it. Closing a window will close all the tabs in it - although Microsoft are doing their level best to break this standard as much as possible in IE/edge of course.

      Yes, the symptom will be that you have no visible browser windows open however you may notice one in the OS's task bar. Some OSes, such as Windows Vista and 7, particularly in non-aero mode, make noticing whether or not an application is running or if it's just a launch icon very difficult. An application usually has to register a window with the OS's shell user interface in order to show as a switchable task, as a result it is relatively easy to hide a running task entirely - this does vary between OS shells though.

      1. Anonymous Coward
        Anonymous Coward

        Re: Let me get this right.

        > "Exiting the browser", as in using the File -> Close menu item, generally doesn't do anything more than close the current window.

        Which platform? Mine has File > Close Tab (Ctrl+W), File > Close Window (Shift+Ctrl+W) and File > Quit (Ctrl+Q) so there should be no confusion, apart from Ctrl+W and Ctrl+Q being inconveniently close together on a QWERTY keyboard.

    3. Mage Silver badge
      Facepalm

      Re: Let me get this right.

      Exiting browser can leave the browser running nowadays, sadly.

  12. tin 2

    Finally, an argument for...

    Setting my taskbar to windows 95 style icon+text and one for each window. Never got on with this stacking lark in win 7 so I restore it to old-school every time. New mysterious windows are VERY visible then.

    1. Neil Barnes Silver badge

      Re: Finally, an argument for...

      I am not alone! One window, one icon+text.

      1. tin 2

        Re: Finally, an argument for...

        Yeahhhs! Let us rejoice in our refusenik-ness!

      2. Anonymous Coward
        Anonymous Coward

        Re: Finally, an argument for...

        > I am not alone! One window, one icon+text.

        Definitely not alone! Plenty of people still run one program at a time. >:)

  13. Anonymous Coward
    Anonymous Coward

    Redirect

    Wish there was a way to redirect the script so it runs on their server and see how they like it.

    1. d3vy Silver badge

      Re: Redirect

      "Wish there was a way to redirect the script so it runs on their server and see how they like it."

      To be fair when its done properly and with the users permission instead of ads its pretty good, the users don't get distracted by ads and the site owner still gets some income.

      The issue is when the site has been compromised and the site owner is not aware that it is happening, in that case your suggestion hardly seems fair as the server would just belong to a completely innocent party.

  14. Anonymous Coward
    Anonymous Coward

    Complete popup-blocker for Chrome users:

    https://chrome.google.com/webstore/detail/popup-blocker-strict/aefkmifgmaafnojlojpnekbpbmjiiogg

    Catches all the various JavaScript tricks and so on used to try to get around the default blocking.

  15. John Robson Silver badge

    All Browsers?

    Will it work with Links?

    Or should I carry on browsing in a nice readable way?

  16. RyokuMas Silver badge

    Business model?

    This is probably going to get me downvoted to hell, but I just want to explore the idea...

    We're all sick of adverts on our websites. We all hate ads and the free-to-play model in our mobile apps and games. But the fact remains that devs, hosting, content providers and all the other resources do need to be paid for, which leads us to where we are now.

    What if on a website, alongside the "this site drops cookies" message, there is another notification, something like "this site needs to pay its way, so rather than put up a paywall or bombard you with ads, 10% of your processing power will be used to mine crypto - using the site means you agree to this". Or a similar message on the start screen of an app, with the possibility of increasing CPU allocation used for mining in place of currency-based in-app purchases.

    What if someone tried to use this as a legitimate business model? Rather than having to hide behind pop-under windows, be up-front and say "hey, we're doing this so you don't have to pay or deal with crappy ads!"

    Colour me curious...

    1. Patched Out

      Re: Business model?

      This is exactly the purported reason for coinhive in the first place. However, the developers naively did not consider that it would be abused by every malware miscreant on the planet.

      They no longer support coinhive and now have a fork that will not run without user authorization, but the genie has been let out of the bottle, the horse has left the barn, the chickens have flown the coop, Pandora's box has been opened, etc.

      1. Seajay#

        Re: Business model?

        The better model I think (and it's one which is heavily promoted by CoinHive) is mining as a catcha replacement. Go to sign up for a free site and instead of saying "click to prove you are not a robot" it says "click here to mine a tiny amount for us, if you're a robot that's fine, we're still getting paid."

    2. Patrician

      Re: Business model?

      I would immediately close the browser window and never go back to that site.

      1. Kiwi

        Re: Business model?

        I would immediately close the browser window and never go back to that site.

        Problem is, one day you may not have a choice but to never go back to that site, or many others.

        Advertising kinda works, but as more and more people get sick of ads and find blockers, advertising gets less effective.

        Hosting sites costs money, although widespread fibre is making home based hosting faster - but there are significant security considerations.

        As advertising dies (Yay!) there'll have to be other ways for sites to pay their way. Some will use paywalls, some will use donations, many will disappear. We may soon find a situation where much of the web requires some form of payment to proceed.

        I'd love it if El Reg were to do something like this, and a few of other sites I like. I'd happily keep a tab open for each, let them mine to their hearts content (well, as much CPU as they can get from me anyway). )

  17. Horridbloke

    Next step

    All the cryptomining perps have to do in the next round is give the mark a compelling reason to leave the window open. Social Media? Stock Monitor? Hugely clever customisable notification solution? Or perhaps the next big thing that makes absolutely no sense to anyone over forty?

    It's another arms race.

    1. Seajay#

      Re: Next step

      If they do that (and make it clear that's what they're doing) then it's absolutely fine.

      If they're providing me with something of so much value that I want to leave it open all the time, it's perfectly reasonable that I should provide them with a bit of mining time. The current situation is a problem because a domain squatter whose site I don't actually want to see at all might be able to trick me in to mining for him.

  18. CrysTalK

    Block js.miners via hosts file on your router or OS

    https://github.com/hoshsadiq/adblock-nocoin-list/

    on linux OS or routers powered by linux OS just edit: /etc/hosts

    if on windows then just edit: windows\****\drivers\etc\hosts

    Restart your machine after applying changes on your hosts file.

    You're welcome.

    1. Anonymous Noel Coward
      Boffin

      Re: Block js.miners via hosts file on your router or OS

      Uh, I'm pretty sure you don't need to restart your machine after updating the HOSTS file...

    2. Charles 9 Silver badge

      Re: Block js.miners via hosts file on your router or OS

      Many of us can't access the HOSTS file (computers that aren't ours tend to restrict access for obvious reasons). And what about mobile devices you don't want to root?

  19. Anonymous Coward
    Anonymous Coward

    I might have misunderstood

    But don't a lot of people change windows by pressing alt-tab? I never really do it any other way. Wouldn't that bring up the unknown window?

  20. nikos

    why bother hiding under the taskbar and not just send the window outside the monitor?

    1. Nick Ryan Silver badge

      Not all OS shells allow windows outside of the monitor display area, for good reasons such as this.

  21. Anonymous Coward
    Anonymous Coward

    ways to catch offender

    From TFA: " and the Windows taskbar will show that the browser is still running after all windows have been closed."

    Sooo, Firefox acting as it always does? Thanks.

  22. david 12 Bronze badge

    Say no to small windows.

    Can't think of a reason why my browser should allow sites to open windows small enough to hide on the desktop. Can't think of a GOOD reason why it should allow new windows at all -- it's always advertising.

    1. Anonymous Coward
      Anonymous Coward

      Re: Say no to small windows.

      Ancient shitty websites (like the HR one we have where I work (hence AC)) will pop up a calendar in a new tiny window when you try to select a date. So there are some reasons to allow it. Disallowing that behaviour would break a lot of old sites, even if those old sites were standards compliant, so browsers can't really do it, certainly not be default.

  23. el_oscuro
    WTF?

    How does this even work?

    Every browser I have used in the last decade has had a pop-up blocker enabled by default. I have seen sites that get around this by implementing a pop-up within the same window, but that is not what this is. I don't really use IE anymore, but it has a pop-up blocker too. Is it not enabled by default?

  24. Dinsdale247

    HTTP 2 To The Rescue

    Don't worry guys HTTP 2 will fix this. There will be no way for someone know what is running in the browser (hello binary) and no way to block things that are listed as mandatory. Now these pesky users can't turn off your crytpo miners at all.

    I love technology. It's not paranoia when everyone really is out to get you.

  25. Anonymous Coward
    Anonymous Coward

    Aren't popups disabled by default?

    I haven't installed a new browser in a while. One without an accompanying user.js for even longer.

    But I had the impression that popups were disabled by default these days and you had to give explicit permission if you wanted a site to show one? I take it that's not the case?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019