• Quick note - the problem with Youtube videos not embedding on the forum appears to have been fixed, thanks to ZiprHead. If you do still see problems let me know.

Firefox has security problem

CFLarsen said:
Then, you lead a very happy life. Appreciate it. ;)
Click to expand...
Hey, ignorance is bliss. I'm not quite in extasis as Kumar must be, but I'm happy :)
 
The problems all boil down to the user, if you don't know what you are doing then Firefox isn't going to protect you anymore than IE. You are just as vunerable.
 
ssibal said:
The problems all boil down to the user, if you don't know what you are doing then Firefox isn't going to protect you anymore than IE. You are just as vunerable.
Click to expand...

Not to spyware you're not. Two absolute newbies on the net, one using IE and one using Firefox, are going to have quite different experiences when it comes to spyware. By default, Firefox doesn't even support ActiveX. No ActiveX means very little, if any, spyware is able to hitch a ride with the Firefox browser. I find that a pretty significant difference.

Don't you find it ironic that Microsoft has released software to remove spyware from your system, that their other software allowed on there in the first place?

RayG
 
Wudang said:
Sorry, perhaps I'm being slow but I don't see where this concusion comes from. Are you saying it's better because it's more tolerant of non-standard HTML?
Click to expand...

What, in the code, is not non-standard?
 
El Greco said:
If we had two browsers with about equal popularity, like the old Netscape vs IE, then such metrics would be useful for comparisons. As things are, I think they don't say much.

Again, just MHO.
Click to expand...

Riding a motorcycle without a helmet in California is very popular, but that doesn't make it safer. ;)

RayG
 
CFLarsen said:
What, in the code, is not non-standard?
Click to expand...

Okay I thought that you were saying that because IE was more tolerant of the misplaced TITLE tag that IE was better.
And your claim that IE was CSS compliant seemed to come out of nowhere.
BTW - this isn't my field of expertise, I'm just a hobbyist when it comes to the web.
 
wahrheit said:
I simply guess it is quite frustrating for a hacker trying to write a trojan which upon installation automatically pops up a system window asking the user for the machine's admin password to install "itself unnoticed".
Click to expand...

Just like my Windows XP system does? That's exactly the reason Microsoft recommendeds you don't run your computer as an administrator.

http://www.microsoft.com/resources/...docs/en-us/windows_security_whynot_admin.mspx

Originally posted by Darat
It does mean if I want to install most software I need to log-in with an administrator.
Click to expand...

Or, if you're already the administrator, right-click and Run As the administrator.

RayG
 
Iconoclast said:
Well, yes and no. The problem with Firefox at the moment (as is my limited understanding) is that you have to download a complete new version of the application to get updated, it's not a patch it's a new release. If you have broadband, then the size of this download isn't really an issue, but it's still a manual process.

Microsoft IE updates on the other hand (if you have "auto update" enabled, or "advise me of updates" enabled is that the patch (and it is just a patch) is automatically downloaded and installed for you, the user doesn't have to do anything to get updated.
Click to expand...

Many dial-up users were applauding the Windows XP upgrade that came out a few months ago...SP2 I think it was called. :D

Now THAT was a monster of a download.

RayG
 
RayG said:
Many dial-up users were applauding the Windows XP upgrade that came out a few months ago...SP2 I think it was called. :D

Now THAT was a monster of a download.

RayG
Click to expand...
That's true, but that was for an entire operating system upgrade. It's still a fair point.
 
RayG said:
Not to spyware you're not. Two absolute newbies on the net, one using IE and one using Firefox, are going to have quite different experiences when it comes to spyware. By default, Firefox doesn't even support ActiveX. No ActiveX means very little, if any, spyware is able to hitch a ride with the Firefox browser. I find that a pretty significant difference.
Click to expand...

It might not be able to "hitch a ride" but then again how often is that the case? From my experience, most of the junk ends up on the machine because people downloaded a spyware program(s) or programs that come bundled with spyware. The only style of websites that seem to have a problem with the hitch a ride style are porn and warez sites, which is not a surprise at all.
 
ssibal said:
It might not be able to "hitch a ride" but then again how often is that the case? From my experience, most of the junk ends up on the machine because people downloaded a spyware program(s) or programs that come bundled with spyware. The only style of websites that seem to have a problem with the hitch a ride style are porn and warez sites, which is not a surprise at all.
Click to expand...

My experience differs. True, spyware comes bundled with downloaded programs, but I have removed literally HUNDREDS of spyware critters from a client's computer, and I can assure you those clients are not visiting porn OR warez sites. Anyone wanting to download a screensaver, smiley faces, icons, cursors, or games is exposing themselves to possible spyware. Ever click on a popup that promises something for free? Chances are, you've just infected your computer.

"Contrary to common belief that the installation of spyware is only from visiting a few "alternate" sites, the Webroot proprietary research system, Phileas, is quickly proving that spyware infections occur across a large number of sites.In March 2005 alone, Phileas identified 4,294 Web sites with 89,806 total associated Web pages containing some form of spyware."(1)
Click to expand...

Where does Spyware/Malware come from?

Spyware/malware programs are authored by clever programmers, and then delivered to your computer through covert Internet installs. Usually, malware will piggyback on innocent-looking web page components and otherwise-benign software such as game demos, MP3 players, search toolbars, software, free subscriptions, and other things you download from the web. Subscribing to online services is especially bad for getting malware. In particular, whenever you sign up for a so-called "free" service or install new software, you must accept an "end user license agreement" (EULA). The fine print of the EULA will often include the phrase "the vendor is allowed to install third-party software on your computer". Since most users don't bother to read this EULA fine print, they naively click "accept", and install malware out of sheer ignorance.(2)
Click to expand...

Bottom line, because of the way ActiveX can cause an interaction between Internet Explorer and a website, you can unwittingly allow spyware on your computer by merely visiting that website. No porn or warez required.

RayG

(1) State of Spyware Q1 2005, page 43. Webroot Software, Inc. http://www.webroot.com/stateofspyware]

(2) Spyware 101: Understanding The Biggest Internet Threat of 2005. http://netforbeginners.about.com/cs/viruses101/a/spyware101.htm
 
[quote[ Actually this was to be expected. The only reason less popular browsers have less security holes is that hackers spend less time searching for them. As they become more popular though... [/quote]

You guys are idiots. There are thousands of people and many very good hackers looking for holes in Firefox, Chrome, Safari and Opera all the time.

Besides you don't even seem to understand how Firefox vulnerabilities are exploited: by and large they aren't. 99.99999% of the time, when you get an update to firefox, it's been patched way before it's being exploited in the wild. Firefox holes are fixed and patches delivered before there's anybody out there with the skills or success to harm you. On top of this, nearly all firefox vulnerabilities are disclosed to the proper vendors privately, so that even though problems exist, all hackers minus the one that found the problem are not aware of it.

This is different from say, internet explorer, whose developers are busy with their thumbs up their butts to hear about vulnerabilities for weeks or sometimes even more than 6 months before they even get started on fixing a problem. And usually that problem is already demonstrated and released publically so that people know how to exploit it.

=================

Finally, lisa your first link is 404. Good job. Plus, Mozilla's website is NOT advising us to turn off javascript.
 
geni said:
Users are warned to disable Java Script full stop.
Click to expand...
That's what NoScript is for :)

The NoScript Firefox extension provides extra protection for Firefox, Flock, Seamonkey and other mozilla-based browsers: this free, open source add-on allows JavaScript, Java, Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank), and provides the most powerful Anti-XSS protection available in a browser.

NoScript's unique whitelist based pre-emptive script blocking approach prevents exploitation of security vulnerabilities (known and even not known yet!) with no loss of functionality...
Click to expand...

CFLarsen said:
And you are most safe, <insert>ignorant </insert> if you shut down your computer altogether.
Click to expand...
 
Aerik said:
You guys are idiots...*snip*


Finally, lisa your first link is 404. Good job. Plus, Mozilla's website is NOT advising us to turn off javascript.
Click to expand...

You're responding to a five year old post, plus you're rude and obnoxious on top of showing off your dimwittedness. Good job!
 
Last edited:
You must log in or register to reply here.

Back
Top Bottom