| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Microsoft faces up to browser flaws | |
|
||
| Time: 09:10 EST/14:10 GMT | News Source: VNUNet | Posted By: Brian Kvalheim | ||
|
Mass migration to Windows XP could raise serious security questions for users week, another security patch! Microsoft has been pressed into action to release yet another patch to plug a hole in its Internet Explorer 6 web browser, which has accumulated an impressive record of holes: over 150 since 18 April 2001. What is more, it is not even a final solution to the latest in a catalogue of security compromises and back doors created by what should be a harmless, albeit essential, piece of PC software. At Microsoft's TechEd developer conference in Amsterdam earlier this month, I took time out to have a frank discussion with Detlef Eckert, senior director of trustworthy computing at Microsoft about the continuing security problems that are blighting the world's biggest software developer. Right now the company is almost fanatically committed to completing service pack 2 for Windows XP, the most security-focused update the company has ever released for one of its products. The new service pack will introduce a new, more powerful firewall, with basic predictive scanning capabilities, it will enable almost every security feature by default, including the firewall and will also address many existing security glitches in the operating system through a combined patch install, which providing users actually install the service pack, will address any lax patching over the last year. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 156 Last | Next |
The time now is
11:35:11 PM
ET.
Any comment problems? E-mail us |
| #1 By 2332 (65.221.182.2) at 7/22/2004 9:59:00 AM |
| Parkker? Any insane comments? Were 149 of the 150 holes caused by Firefox? |
| #2 By 2332 (66.228.91.12) at 7/22/2004 12:07:39 PM |
| That's not was I was refering to. I was refering to Parkker's continued insistance that IE is safer to use that Firefox. |
| #3 By 135 (209.180.28.6) at 7/22/2004 5:49:53 PM |
|
RMD - I don't see Parkker's insistance that IE is safer to use than Firefox any more or less sane than the insistance that Firefox is safer to use than IE.
That is, both insistances are insane, but I find it terrible that one of them is regarded as conventional wisdom. |
| #4 By 3339 (64.160.58.135) at 7/22/2004 8:29:57 PM |
|
I find it perfectly reasonable to say that no browser is secure.
But I find it completely absurd to say that because no browser is completely secure that it is impossible to say that one browser is more secure than another. Of course, it is possible. By the very fact that they are different means that one is likely to be more secure than the other. As for which one it is... what I think, and many, many, many others, is perfectly obvious. |
| #5 By 135 (208.186.90.168) at 7/22/2004 11:27:07 PM |
|
sodajerk - Ahh, exactly my point. Because Mozilla is less used and fewer people are looking at it to discover vulnerabilities, you immediately assume that it is more secure.
Essentially you are relying upon Security through Obscurity. Perhaps you consider that a valid means for protecting yourself. Or the truth could be that the security issues are just plain overhyped, you know this, you just want to bash Microsoft about it anyway. |
| #6 By 2332 (65.221.182.2) at 7/23/2004 12:06:41 AM |
|
Sodablue, how can you possibly say that Firefox is not safer than IE?
Even if they both had the same number of vulnerabilities (which, of course, they don't), Firefox is used by basically nobody, so exploits are not heavily targeted towards it. IE, on the other hand, is used by 95% of people surfing the web. Since Firefox is obviously targeted less than IE, is it not safer to use than IE? If I randomly visit 1000 web sites, is there not a greater chance that one of them will have an exploit that targets IE than it will have an exploit that targets Firefox? If you accept that, then you must accept that Firefox is safer to use than IE. |
| #7 By 3339 (64.160.58.135) at 7/23/2004 1:43:01 PM |
|
" Ahh, exactly my point. Because Mozilla is less used and fewer people are looking at it to discover vulnerabilities, you immediately assume that it is more secure. "
I made no such assumption. I would assume that since a large number of IE vulnerabilities are ActiveX specific and/or are a result of IE/system ties, and that no other browser supports these "features" that is one indicator of greater vulnerability in IE. I could enumerate other more rational security assumptions which have nothing to do with obscurity. However, what are you arguing now? Have you abandoned the notion that since any browser can be vulnerable they are all equally insecure? That was your initial argument, and by arguing now that one is more so than the other, you have instantly abandoned your own argument. This post was edited by sodajerk on Friday, July 23, 2004 at 13:45. |
| #8 By 2960 (68.101.39.180) at 7/23/2004 4:12:43 PM |
|
I almost hate to toss fuel on the fire, but I must :)
I did a casual 'survey' of some friends and co-workers that use either IE or FireFox, with the basic question being "Have you been hit with Spyware, and how bad?" To summarize, the general answer from IE users was "Don't even get me started!". The general answer from Firefox users was either "Never", or "Only because I installed a freeware program that put it there". We all know the demon here is twofold: ActiveX, and the utterly open control it gives to web sites (especially with the exploit that allows drive-by installs, which has been verified to be in use), and IE's dominance. It's the bigger target. Whatever the reason, and regardless of the 'number' of holes either browser has or had, it is a plain fact that IE users get hit harder, faster and more often than Firefox users. Period. Now, I basically like IE. It is still the only Browser that takes me to the address field with a simple tap of the tab key (why the hell can't they ALL do that!). But facts are facts. IE is like swiss-cheese right now and all the low-life exploiters of the world know this, use this and will continue to unless all those holes are filled up, including the Golden-Retreiver nature of ActiveX (i.e. "Sure, come on in the house! Take what you want! I just wanna lick your face!) TL |
| #9 By 23275 (68.17.42.38) at 7/24/2004 3:16:54 AM |
|
I think some perspective is important...
How does one know whether they are infected with Spyware - that does not reveal itself in some very obvious way? The free and commercial tools designed to detect Spy/Ad-Ware are largely designed to test exploits, which target IE. That said, are we certain that systems not running IE are in fact, not infected with some form of Spy/Ad-Ware? Finally, ActiveX...it is just a COM Client. There are many methods of remote invocation. Are we certain that there are not undetected components that remain unknown becuase a very few people understand how to find them? Certainly, people skilled and seasoned enough to comment on one matter or another opposite browser security issues, are also capable of understanding what ActiveX is, and the many very effective tools one can make use of to protect IE on a Windows system. I've always been a little curious as to why a site's channel, devoted to an active Windows community, would not include more solutions, and more thoughtful discussions about what is supported by CS fact - over one position or another. In court, engaged in Title 26 actions, we are often presented with such issues, and I must share, many users of what they assess to be secure systems and browsers, are in reality, rooted to the hilt. They simply do not know, or know how to determine if/when they are. These issues - integrity, privacy, personal and national security are so serious, I assess they deserve both solutions from experienced users, and a more thoughtful discourse. I keep asking: "Is this all there is - such deep and permanent separations that we can no longer exchange facts, challenge facts and assist one another as we used to?" |
|
Write Comment
Return to News |
Displaying 1 through 25 of 156 Last | Next |
The time now is
11:35:11 PM
ET.
Any comment problems? E-mail us |
