New study: spyware barely touches Firefox...
Results 1 to 8 of 8

Thread: New study: spyware barely touches Firefox...

  1. #1
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242

    New study: spyware barely touches Firefox...

    ...may as well stir the pot this a.m. Some interesting finds by a couple of profs out of Uof W.

    "...1.6 percent of the domains infected the first IE configuration, the one mimicking a naive user blithely clicking 'Yes;' about a third as many domains (0.6 percent) did drive-by downloads by planting spyware even when the user rejected the installations.

    In the same kind of configurations, Firefox survived relatively unscathed. Only .09 percent of domains infected the Mozilla Corp. browser when it was set, like IE, to act as if the user clicked through security dialogs; no domain managed to infect the Firefox-equipped PC in a drive-by download attack."

    http://news.yahoo.com/s/cmp/17910261...NlYwN5bmNhdA--

    Was it d0pp trying to tell me in another thread IE in an NT environ was actually safer than Firefox? Lots o' luck, d0pp!
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  2. #2
    T̙͓̞̣̯ͦͭͅͅȂͧͭͧ̏̈͏̖̖Z̿ ͆̎̄
    Join Date
    Dec 2004
    Posts
    3,171
    Shhhhhhhhhhhhhhhhhhh!

    It's a secret...don't give the riff-raff ( spyware companies ) any ideas

    Eg

  3. #3
    Hmmm, pretty interesting research, but I tought that Firefox is made for beating spy-ware, I don't see the amazement.
    The access to the computer or
    anything else that shows us how the
    world works must be total and
    unlimited.

  4. #4
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    What? Are you some kinda smartaleck? A Windows PC with no spyware? I find that amazing!

    “Everybody is ignorant, only on different subjects.” — Will Rogers

  5. #5
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    OK, I mostly use Mozilla for day to day stuff on most of my machines. It is IMO more secure "out of the box", but only at this moment in time. It is really "security through obscurity" in a lot of cases, as a lot of undesirable stuff is still IE/Windows specific because of their dominance in the marketplace.

    Now, you can harden Windows and IE, that I will not deny. What I will say that FireFox with the "noscript" and "adblock" plug-ins, and no ActiveX, is probably easier for an inexperienced user to handle and give them better protection. After all, it will automatically block scripts, and it is very easy to allow a particular site permanently or on a per session basis.

    Sure you can do the same sort of thing in IE, it just happens to be rather more "involved" to achieve it. I would have no problem with that, other than it might be rather too much for "Granny" to handle?

    I guess that in this area I take the "herd" or "anthill" attitude.............."if one of us has a problem, we all have a problem", so, I would feel a lot happier if the illiterates didn't get infected either

    As for the article, unfortunately, the link does not work, so I could not comment on the statistical significances of the results.

    One comment I would make If I set IE to block everything, it will, just like Mozilla. If I set it to "prompt" then it will do just that.................so if the user is assumed to say "yes" to everything, then you might as well have set it to "allow" in the first place. That is CHEATING

    / me, pulls out whistle, notebook and yellow card............that was a foul!

    FireFox will block unless you proactively tell it otherwise, so it would pass the "dumb user" test with flying colours.

    Just my £0.02
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  6. #6
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    Why spend the time and energy config'ing IE? ActiveX isn't ALL bad. Comes in handy for online AV scans and other stuff like camera viewers. I installed a Samsung camera system for a client, patched it thru his router on port 80 so he could do remote viewing, only to run into beaucoup problemos trying to view them via IE under XP SP2 and its security settings. Apparently Samsung wrote an applet that wasn't trusted by IE running under SP2 (the thing ran fine on IE6 under Win98). I finally got SP2's archaic IE settings properly toggled to run an untrusted ActiveX applet, but wasn't comfortable leaving the client more open to hacks. But that's what it took to make it work, and making this stuff work is what I get paid to do.

    I still say it's far better to run Firefox as your default browser, leave IE settings where they are because there's legit outfits out there writing apps for those default settings. You never know when you might need IE. Yar, I was even running IE under Crossover Office on my old Xandros box. I used to like to go to M$ Updates with the Xandros machine just to see what would happen.

    Did I ever tell y'all I was an anarchist is one of my past lives? Glad I got over that...
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  7. #7
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    Can't believe that link's busted already. Yahoo likes to do that. Here's the same article:

    http://www.informationweek.com/share...leID=179102695
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  8. #8
    AO Curmudgeon rcgreen's Avatar
    Join Date
    Nov 2001
    Posts
    2,716
    The root of this issue is not so much with IE vs Firefox per se,
    but with the "integration" that Microsoft has said so much about.

    http://www.kb.cert.org/vuls/id/998297

    IE is designed, for better or worse, to be a command shell for
    the OS, and not merely a web browsing app. All of its problems are rooted
    in this design philosophy. Because of this integration, it has an advantage over competitors
    because features provided by activeX cannot be accessed by other peoples'
    browsers. It is a brazen attempt to extend (violate) web standards to
    freeze competitors out of the browser market.

    They are hoping that users will be unable to conceptually distinguish
    between the "browser" and the "desktop".

    http://en.wikipedia.org/wiki/Active_Desktop

    For those of us who remember using computers before there was
    an internet, integration is just jargon, but for most users, there is
    no distinction between "using the computer" and "going online".
    They don't want to sacrifice the convenience of installing software
    off a web page with one click.
    I came in to the world with nothing. I still have most of it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides