Spyware Warrior

[mikey]

I'm bringing this thread back up because in light of recent events, I'm hearing lots of that old bogus talk about FF being 'safe' and I would again point out that NO ware is safe. All wares are exploitable and the popularity of products govern the degree and abundance of attacks against them. The more popular it becomes, the more we will see vulnerabilities being exploited.

The rise in reported(not all are publically reported) exploits will as depicted in this graph continue to rise. It is inevitable.



Ref; http://secunia.com/product/4227/

Those who know me know that I'm not a fan of MS. However, I use their products as well as others...so I learn how to protect them all. Shouldn't you?
_________________
-
W2K/2K3/XP/2K8/Vista/W7/RHE/DEBIAN/SUSE

Spyware/Adware is NOT freeware, it costs all of us dearly.

Mikey's Stuff

Fiddler and friends...essential web diagnostic, forensic, & development tools.
-

[ld]

[marinesupergeek]

i have been using firefox for about a year, i could never go back to ie.the adblock plugin is amazing http://gauret.free.fr/adshare/adshare.php, i can now web surf virtuly clean of all adds,my pages load in a blink of a eye even though im on a slow dial up.there are lots of skins if your really into all the bling, as for tabbed browsing how did i ever live without it. keep fighting the good fight

[mikey]

An interesting article appeared @ PCMag;
http://www.pcmag.com/article2/0,1759,1775806,00.asp

The author makes some good points..they sound familiar.

[coffee-drinker]

[Forego]

Personally I like having both browsers at my disposal. So I will not argue that one is better than the other. I definitely agree with Mikey "no ware is safe unless you work to make it so" and of course it is as safe as you make it.

To really say it is safe I would do at least the following
(in addition to the firewall, anti virus, etc.)

1. Frequently update the programs (crime is never more than a step behind at any time)

2. Firefox does not allow Active X -- good, but IE can be set to do the same. I also tie down cookies, and Java. You can also set each browser a little different , one allowing for those trusted sites that need Java enabled.

3. Make sure I had the latest patches and other wares that I am aware of (such as tools to block open ports) Run Shields up, etc.

At this point could one say either system is more secure than the other?

I don't consider Microsoft to be an evil empire. They do come up with some good programs. But I wish they would be a little more proactive than reactive when it comes to dealing with security issues.

Perhaps the real issue here is maybe Computers should come with a security page that gives all the newbies some security precautions and tips before surfing. (One that is visible and up front, and not buried in a 76 page manual)

These forums have been valuable to me, but getting the users oblivious to security, to these (or like forums) is a real issue.
_________________
The Web is a crap shoot. Gamble Responsibly. Secure your computer!

[Dismas86]

aww thanks! I was just about to switch to firefox and now im just too damn confused! lol

[mikey]

[Forego]

Dismas 86:

If you want to add Firefox to your portfolio, you may as well use the new version 1.0.2 just out today (2005/03/23). It adds a security patch.

http://www.mozilla.org/press/mozilla-2005-03-23.html
_________________
The Web is a crap shoot. Gamble Responsibly. Secure your computer!

[Dismas86]

i suppose you're right. Might as well use them all since i suppose each has disadvantages as well as advantages

[edgein]

sorry to revive a dead thread in a way...

firefox all the way! ive been running it since the 0.8 release and havent had a problem with virus's or malware as was once stated in previous threads.
tabbed browsing, while a preference, is IMO a godsend.
extentions:
cookieculler
DOM inspector
adblock (in conjunction with adsbgone which works soley with ie)
spoofstick (displays the actual url you are connecting to in top of browser window...no guessing if the page is spoofed or not
disable targets for downloads (no blank pages when downloading from a site).
no active x (!)
simple configurations regarding security, updates, cache and cookie cleaning, etc.
frequent updates

only reason to break out ie, update windows, update gaming servers, and log into remote admin sites for gaming servers.

just thought id get my 2 cents in. heh

[Nightmaretony]

1. Spoofstick is fantastic, at leats until ti gets hacked.

2. Mikey: can you please show a comparison of IE advisories and Windows advisories compared to Firefox advisories? The only thing you showed is that hackers are only recently sitting up and paying attention to FF, nothing more.

3. One giant advantage is the quick respoinsiveness of the Firefox team in the patching. Microsoft is catching up, but is still a ponderous method for them.
_________________
For this is the place
where dreams
and nightmares
are birthed
and bred

Nightmare Park

[Munch]

The newest threat I have seen with Firefox is that instead of a "pop-up" or Pop-Under" it is actually a new tab. If your not paying attention and happen to click on the new tab, then there is a good chance you will be infected.

[farmer6re9]

Actually there is a JavaScript vulnerablity that has been corrected recently (though I haven't updated yet) that may have been mentioned earlier in this thread. For those who wish to check their version of Firefox, see this article http://secunia.com/advisories/14820/ for good information on this browser and a proof-of-concept link to test what your browser reveals from memory through a JavaScript Error.

It would be prudent for me to not enter into this melee of browser preferences.
_________________
Eating Crow is better with MyCrowSauce

[The Flying Dutchman]

Hi folks,

Firefox or Opera is the safer browser at the moment. FF with Adblock and NoScript it is even safer. It is tweakable, you can build your own filters for instance (XML-filter). A browser plug-in like the link pre-scanner from Dr. Web is a great add-on for security, you can pre-scan all your links for malware, script, safe HTML etc. at the global update server of this St. Petersburg AV vendor. Download frequency bi-hourly, just behind Kaspersky's. You do not download it onto your computer, all scanning is done there, no risk and you can click the pre-scanned links scarefree. To keep script further at bay I got AVX Script Wall from the Romanian vendor Bitdefender to check MS Scripting Host and its scripting-actions. You can analyze the script, before blocking or allowing it to run.

There were two things that made IE basically unsafe, and there is no easy way back. That was the decision to build IE deep into the OS of a good NT4 design OS. Better to keep browser code and system code apart. But IE was not designed with security at heart, but to please easy functionality for every Jack and Jill, and to please every Webmaster around, also those who did not stick to WWW standards (50%), as IE does not follow up full standards by design.
FF does not comply fully, but tries to anyway, as Opera does.

The second reason wasunsafe Active X, a technology that does not always stay in the sandbox as forseen. As long as this basic concept is not changed, a nice anti phishing utility or an anti-spoof bar cannot get me to use IE 7.0 beta. Since I have loaded and updated Firefox malware has been rare, next to that I have made my own host file with hoster, so my browser does not connect to the nasties anyway. I hope together we can keep FF safe and make safer builds.

greets,

The Flying Dutchman
_________________
We sail the FreedomFlag atop

[Gary R]

Like so many here, I'm a confirmed Firefox fan.

Nothing really to add (Herbalist pretty much said it all) but to add my endorsement for tabbed browsing.

Could'nt get by without it when analysing HJT logs.

As Mikey says no browser is bulletproof, so don't use it thinking you're invulnerable to attack, however it's still "safer" than IE, and best of all it's not by M$.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations

[suzi]

People should keep in mind that even if you are using an alternative browser, you still need to lockdown Internet Explorer with tight security settings and protection like IE-SPYAD, SpywareBlaster, SpywareGuard, etc.

Case in point:

http://www.vitalsecurity.org/2005/03/firefox-spyware-infects-ie.html
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn.

[Nick]

That was more of a Java thing than a browser problem, but I'm not going to open that can of worms again.

Never the less, plenty of programs open IE even if it's not the default browser. Most weather programs utilize IE when they show weather maps for example.
_________________
Nick's Security Ticker

[TNT-6]

[quote]Again, NO WARE IS SAFE unless you work to make it so. BTW Expect to see more revisions soon...or as soon as they get around to the fixes. Because all wares are exploitable and FF is no exception.[/quote]

Sorry, but that's EASILY THE MOST RIDICULOUS CONCEPT I've heard in a while. There are softwares inherently more secure by default than others without much tweaking to make them "secure", and there are softwares with security bugs in them that stay inherently insecure unless you re-write them almost from scratch. It all depends on (a) the quality of the programmers writing the code, (b) the priorities of the company or the individuals who work on the code.

Are you trying to make us believe that say, every operating system is equal to another out of the box in term of security? Is this supposed to be funny? OpenBSD had one remote "root" exploit in 8 years, do you think that's just because it's "not very popular"? I'd like to see Theo de Raadt have a good laugh at that.

[aquias]

Personally, I can't understand all the passion and fire a browser/OS can stir up among us geeks...

To the point. TNT, you're completely missing Mikey's point. At least I'm going to assume this is the point being made...

Everything is exploitable, nothing is safe. Paranoid? Yes! True, yes. No matter how secure a software claims to be or how strong you believe it to be. Someone, can find a way to exploit you and the software, if you don't take the correct steps to protect yourself.

[TNT-6]

[mikey]

[sivran]

Use what you feel is best for you, but be aware that no browser--no, not even Firefox, Mozilla, or Opera--is completely immune to exploitation.

As for me, I can't stand IE. I can run it safely, but I just can't stand it. I also prefer Mozilla or Opera over Firefox, which I find annoying.
_________________
Because I can't surf DSLR at work.

[thejynxed]

As for getting infected by going to websites in Firefox... anyone ever bother to do a little thing such as Tools>Options>Web Features>Allow Websites to Install Software (uncheck the box)...? Along with disabling Javascript and Java, it works miracles.

There is also a nifty little extension I love by Jan Dittmer called ShowIP.

[aquias]

Mikey,

I think we've all had those moments with software..."Why don't they GET it!"

But OS/Browser seems to be of a different kind of fanatic. Go visit BBR when anyone states that they've got a problem with a Mac/MS/IE/FF/Opera...etc...

TNT,

The point is, preaching that (insert software here) is safe, is a fallacy and a dangerous one. You are correct, some software is written, for lack of better term, better. It is more secure out of the box. But it is a dangerous mentality that lends people to say..."Get (insert software here) it's more secure than (insert software here)" and leave the conversation at that.

I can make IE as secure as FF. The point that is being made is for people to start explaining why to use a software package over the other and to understand that they are still vulnerable.

[thejynxed]

That is all true, and once marketing companies and dubious affiliates of said marketing companies and their subcontractors find it monetarily worthwhile to search out exploits for Firefox and Opera, we'll see alot more of what has happened to Internet Exploder.

For right now though, I'd rather deal with the better design (yes, holes exist, but they get fixed quickly) of a Firefox or an Opera than with the broken from the get-go (needs ten patches to fix the holes opened by the last patch) Internet Explorer.

I've always viewed IE as the one step forward, two steps back kind of thing. Microsoft seriously either needs to fire their entire Q/A department or get them some proper training, because those guys don't seem to be doing their jobs very well.

I've read alot of the Secunia reports and some of these holes that are found are just from really poor programming practices. The kind you are taught in first-year CS to avoid (.I.E. taking too many shortcuts that deviate from the flow-charts).
_________________
"I stab thee with a rusty spork."

[ÆǶµÅÆÈÉÃ¥¢¤§ýŠ]

I perfer IE,specially that the new MonkeyHoneyPots that M$ has probing the internet for spyware threats and other exploits,will only be applied to their browser.Microsoft said they will not share these exploits (wich are also pointed at Firefox) with Mozzila.

Firefox and Opera,and other browser may make one feel safer,but that doesnt mean you are,expesially if you practice in surfing PORN sites,were most of the baddies originate from,though there are other sites that know of exploits that MS and Mozilla have not shared with the public.It all comes down to what a user feels safe behind,just do not throw IE out the window,as IE7 will be a decent browser.

[mikey]

Sorry to bump this old thread but considering that I've linked to it recently, I want it easier to find.

Ref; http://www.spywareinfoforum.com/index.php?/topic/132442-ie-alternative-to-firefox/
_________________
-
W2K/2K3/XP/2K8/Vista/W7/RHE/DEBIAN/SUSE

Spyware/Adware is NOT freeware, it costs all of us dearly.

Mikey's Stuff

Fiddler and friends...essential web diagnostic, forensic, & development tools.
-