Browser Vulnerability Report - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 12 of 12

Thread: Browser Vulnerability Report

  1. #11
    Senior Member
    Join Date
    Dec 2003
    Location
    Texas
    Posts
    158
    Quote Originally Posted by westin View Post
    Found this on Slashdot. Pretty interesting.

    http://www.net-security.org/secworld.php?id=8489



    Wonder what Byte is going to say...
    anytime you get a piece of software that is popular its going to be examined thoroughly so they can penetrate the most amount of machines
    im a Steve Wozniak in a bill gates world

  2. #12
    Senior Member
    Join Date
    Dec 2003
    Location
    Texas
    Posts
    158
    Quote Originally Posted by gore View Post
    Joe:

    I'll give you 50% of that

    I used to say that the argument that "If more people used Linux it would have just as many viruses as Windows" was flat out crap, but there is a little truth in that. If Linux had 90% of the Desktop market or whatever Windows has right now (Probably dropped after Vista) but at the same time, it's REALLY hard to get infected with Spy ware, Mal ware, and viruses if you so much as read the screens during an installation of anything else.

    In Windows, which is actually harder to install than Linux since Windows had a text based installer for a long time and REALLY bad partitioning tools built in, it didn't really ask you for any type of user names for extra users. I'm not going to talk about Windows 9X since it's not fair to the Windows users here, but the NT line, you'd install, and, to my shock, the thing didn't ask for any extra users if you didn't tell it you wanted that, and it even auto logged you in with Windows XP.

    Now, that means that anyone running Windows without customizing anything, was auto logging in as Admin.... That's bad. My Mom bought a new computer a few years ago with XP, I set up an account for Her as a basic user, and set the admin password, and to this day She doesn't know it. It's made fixing things easier since She can't access system files.

    If you install Linux, you're told that you should make a non root account for yourself because there are security implications for not logging in as a normal user for your day to day computing, and that you should only use root when you have to do so for patches and so on.

    That means during an install of Linux or BSD, you're told up front that you should not only make a different account for yourself, but why you should, and that if you don't security would be a joke. So why is it that Microsoft haven't made it default to "OK now make a user account that's not admin for yourself because the admin account has system wide access and you should not use this without needing to" and whatever else.

    I've been using Linux and FreeBSD for some time now, and I've yet to have even ONE infection of anything. No intrusions (I read logs and so on, have firewalls, have a hardware firewall for when I'm doing a fresh install and so on and my passwords aren't easy) and when I install one of those, it tells me to make an account for myself and that I shouldn't log in as root unless I need to install or change something and that when I do use root to take caution because nothing is stopping me from unlinking a file system.

    I don't understand why Windows lets you log in as admin without so much as a password. My own cousin one day was having troubles with his XP machine. I saw there was no password and put one on there so there was at least a password required. This machine was used to run their own business, had all their axes and legal documents, NO patches installed, no password for admin, nothing.

    When I put one on there.... My aunt actually told me not to touch her computer because "we use this to run our business on here and you putting a password on here messed with it"...

    I was shocked... And again, during the install, if it so much as mentioned that you should make an account for yourself that doesn't have admin access, at least people could know SOMETHING about the implications of that. But they don't. The average room temperature IQ user has no idea why there is a problem with looking at underground porn on their computer while being logged in as admin, and having no patches installed. At least they did put an update thing into XP that would tell you about updates and actually install them, but still, when something annoys a user they turn it off, like those pesky firewalls telling them that a Trojan is trying to upload it's pay dirt and they're tired of clicking on buttons so they shut the firewall off.

    Apache is used on more Web Servers than any server software out there. You can look at the source code for it. So how can Microsoft claim that seeing source code is bad because people can find exploits and not tell anyone, when really, everyone looking means they can be fixed faster, and on top of that, since more people use it for servers, why isn't it being taken out more?
    i agree Linux is easier to install i just set up my laptop with 250gb drive with 3 partitions ,one for xp one for storage and a third for ubuntu ,and out of the two operating systems Linux was easiest to install ,but im also running a customized install of xp with a lot of the old outdated files stripped out runs very fast , even at that ubuntu installed faster even being on the last partition on the disk
    Last edited by romanticcowboy; November 14th, 2009 at 01:05 AM. Reason: making the post more relavent
    im a Steve Wozniak in a bill gates world

Similar Threads

  1. FireFox Security Problems, released 4/17
    By Galiath in forum Web Security
    Replies: 7
    Last Post: April 21st, 2006, 02:57 AM
  2. Browser Security Test
    By therenegade in forum Web Security
    Replies: 13
    Last Post: April 1st, 2005, 08:03 AM
  3. Multiple browser timed document.write cross domain policy vulnerability
    By Szafran in forum Miscellaneous Security Discussions
    Replies: 1
    Last Post: September 7th, 2003, 09:41 PM
  4. NEWS: SANS Critical Vulnerability Report
    By xmaddness in forum Miscellaneous Security Discussions
    Replies: 0
    Last Post: January 28th, 2003, 08:12 PM
  5. IIS Patch announcement
    By souleman in forum Microsoft Security Discussions
    Replies: 5
    Last Post: April 11th, 2002, 11:39 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides