| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Firefox security | |
|
||
| Time: 11:52 EST/16:52 GMT | News Source: *Linked Within Post* | Posted By: John Quigley | ||
|
What would happen if Mozilla's Firefox suddenly became the browser that everyone was running? What would happen if it was as big a target for hackers and for virus and spyware authors as Internet Explorer is now. How would Firefox's reputation for security hold up? One has to wonder how secure a default Firefox installation is, and if there are things that can be done to make a Firefox deployment more secure? | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 325 Last | Next |
The time now is
10:33:34 AM
ET.
Any comment problems? E-mail us |
| #1 By 37 (67.37.29.142) at 1/12/2006 12:45:16 PM |
|
"Firefox security"
Now THAT is an oxymoron. |
| #2 By 29664 (38.116.145.116) at 1/12/2006 1:08:12 PM |
| HA! Yeah I won't be going back to IE any time soon!!!! |
| #3 By 37 (67.37.29.142) at 1/12/2006 1:12:03 PM |
| We won't feel any less about you. |
| #4 By 15406 (216.191.227.68) at 1/12/2006 1:39:42 PM |
| The whole big target argument is a fallacy. If the app is more or less secure, then there still won't be as many exploits no matter how many people are plugging at it. However, if it's swiss cheese, then being the big target will result in many exploits that seemingly never end a la IE. |
| #5 By 2231 (71.126.176.80) at 1/12/2006 2:45:23 PM |
|
The MS decision to integrate IE into Windows whilst the default user is running as admin will and should go down as one of computing history's greatest blunders. This post was edited by schwit on Thursday, January 12, 2006 at 14:46. |
| #6 By 15406 (216.191.227.68) at 1/12/2006 3:37:26 PM |
| #6: It was only a blunder as far as MS' users were concerned. As I recall, MS did that to counter the DoJ's antitrust claims where they wanted MS to remove the browser from Windows. MS could then say that it was impossible to do so as it was too integrated to just rip it out. Turns out that was a lie, but that was the story they stuck to. |
| #7 By 8556 (12.217.111.92) at 1/12/2006 3:45:56 PM |
|
schwit: After we are all gone, history is also likely to point out the IE was integrated into Windows because Bill Gates said that was what he wanted. The reason for the Gates decision was mainly because MS wanted to kill off Netscape, which it did. Steve Ballmer (Bill Gates's very own "Dick Cheney") likely forced things that way as he is notorious for not just wanting to make a profit, the primary goal of business, but to smother the competition until they no longer exist.
http://news.com.com/Court+docs+Ballmer+vowed+to+kill+Google/2100-1014_3-5846243.html |
| #8 By 32132 (142.32.208.231) at 1/12/2006 4:13:10 PM |
|
"The MS decision to integrate IE into Windows whilst the default user is running as admin will and should go down as one of computing history's greatest blunders."
If that were true, then the vast numbers of Netscape, Mozilla, Firebird, Firefox security issues would be less than the number for IE. But that isn't true. There is no evidence a non-integrated browser is more secure. The evidence, for those without their heads up their *ss, is that adding features to a browser makes it less secure. Remember, this list is only for 2005: http://www.mozilla.org/projects/security/known-vulnerabilities.html. IE 6 only had 17 in 2005 according to Secunia. |
| #9 By 20505 (216.102.144.11) at 1/12/2006 8:12:45 PM |
|
gentlemen, face it, the problem with software security is that the security is as much a problem with the user as it is with the author of a piece of software. if all computer users were as savvy the users of this august forum then security would be a minor problem.
as it stands i believe the future of software security is the same as with the manufactures of ladders. slap dozens of warning stickers on the product to try to prevent the average idiot from killing himself using it in an unsafe fashion. firefox basically benefits from the fact that it is still largely used by the intelligencia of the computer world and not by my granny. ie and ms software in general, as the peoples software, must be bullet proof to try to prevent granny from giving away her life’s saving to a pay pal scam. no amount of security can make any device idiot proof. |
| #10 By 32132 (64.180.219.241) at 1/12/2006 11:56:41 PM |
|
#10 "Darn, too bad this would be a valid point except that the number of security issues and the severity of them are barely related at all!"
Barely related? Do you look at the list of Firefox vulnerabilities? Mozilla admits to more CRITICAL vulnerabilities in 2005 than total IE 6 vulnerabilites in 2005. Grow up. You are embarassing yourself. |
| #11 By 23275 (68.17.42.38) at 1/13/2006 12:28:09 AM |
|
Gawd....please just shoot me....
The Windows interface runs in Kernel Mode. IE is part of that interface - read sentence one above, again. The above neither increased, or decreased security opposite Windows, or IE. Facing any system, by any means, to any public network, like the Internet, will expose any flaw to discovery and probable exploitation. The frequency of that discovery and exploitation will exhibit an increase in incidence of coincidence in direct proportion to the number of absolute systems deployed relative to the number of systems exposed to the public networks. In the case of Windows, and IE, where both the absolute frequency and relative frequency are significantly higher than any other similarly disposed computing systems, the actual number of discovered flaws and known exploits is astonishingly low. Conversely, and by direct relative comparison, the absolute frequency, and relative frequency of discovered and exploited flaws for non-Windows systems is alarmingly high. Similarly consistent comparisons opposite the human and material benefits opposite Windows, relative to the losses associated with its exposure, remain equally and measurably significant - rendering any associated loss materially insignificant. Conversely, the reverse may be measured against non-Windows systems. As Windows and IE's exposure to the public networks increased, an architectural flaw in the common elements which provided for remote code execution - specifically, COM, its clients, and servers, as developed and marketed as a platform connecting systems and processes - often remote from one another, manifest as ActiveX, were revealed as, a) the context in which remote code was executed, and b) unattended handling of unsigned and potentially malicious client controls in that context - most often a user with administrative rights to the local host. The architectural flaw has been addressed and corrected - coincident to increases in absolute frequency, and incidence of coincidence. This is a natural process and one that may be entirely predicted - against any process - regardless of platform, manufacturer, or incident factors. Maturation comes to mind, but that too, is entirely predictable. Greed, or even legitimate and lawful efforts to generate profit have little influence on such processes. At least Parker is entertaining... |
| #12 By 37 (67.37.29.142) at 1/13/2006 7:01:30 AM |
|
"Firefox security"
Now THAT is an oxymoron. |
| #13 By 32132 (64.180.219.241) at 1/13/2006 11:09:07 PM |
|
I looked the logs of one of my webservers for 3 days this week at random.
I counted the number of references to Firefox/ and the number of references to Firefox/1.5 The following is the logname: then the number of Firefox 1.5 hits, then the number of Firefox hits in the same log file. EXTEND570.LOG: 82 / 305 EXTEND571.LOG: 361 / 1555 EXTEND572.LOG: 445 / 1701 EXTEND573.LOG: 84 / 270 EXTEND574.LOG: 71 / 323 EXTEND575.LOG: 85 / 441 EXTEND576.LOG: 81 / 451 EXTEND577.LOG: 457 / 1684 EXTEND578.LOG: 120 / 511 EXTEND579.LOG: 89 / 165 About 20-25% of Firefox users are "safe" - up to date. The rest were conned into thinking Firefox was safe without upgrading. Only a small portion of Firefox users know how to download the daily builds. The average user is running an unprotected version of Firefox. Just because a patch exists doesn't mean it is downloaded and installed. Quit embarassing yourself. |
| #14 By 32132 (64.180.219.241) at 1/14/2006 10:39:37 AM |
|
"Perhaps you are displeased with the updating system?"
Not personnally since I don't use Firefox. But since I see Firefox .9x users in my webserver logs, I must assume the people using those versions are disappointed with the crappy patching mechanism in those versions. You can keep citing Secunia to me, but the reality is, every version of Firefox has been compromised. And most users are using a compromised version of Firefox. And you can claim that the tiny percentage of 1.5 users are safe from the hundreds of exploits affecting earlier versions of Firefox ... but the users of .91 said the same thing at the time, as did the users of 1.0 and 1.01 etc etc. The Firefox evangelists lied and said Firefox was secure. It isn't. |
| #15 By 37 (68.190.87.184) at 1/15/2006 2:12:39 PM |
|
"The reason why Firefox has 65 vulnerabilities in 2005 versus IE's supposed 6 vulnerabilities, is because Firefox ADMITS that there are vulnerabilities, while Microsoft DOESNT ADMIT that there are vulnerabilites. "
OPINION noted. |
|
Write Comment
Return to News |
Displaying 1 through 25 of 325 Last | Next |
The time now is
10:33:34 AM
ET.
Any comment problems? E-mail us |
