ActiveMac - The Most Activated mac Resource

ActiveMac

User Controls

New User

Edit/View My Profile

ActiveMac

Articles

Forums

Links

News

News Search

Reviews

News Centers

Windows/Microsoft

DVD

ActiveHardware

Xbox

MaINTosh

News Search

ANet Chats

The Lobby

Special Events Room

Developer's Lounge

XBox Chat

FAQ's

Windows 98/98 SE

Windows 2000

Windows Me

Windows "Whistler" XP

Windows CE

Internet Explorer 6

Internet Explorer 5

Xbox

DirectX

DVD's

TopTechTips

Registry Tips

Windows 95/98

Windows 2000

Internet Explorer 4

Internet Explorer 5

Windows NT Tips

Program Tips

Easter Eggs

Hardware

DVD

Latest Reviews

Applications

Microsoft Windows XP Professional

Norton SystemWorks 2002

Hardware

Intel Personal Audio Player 3000

Microsoft Wireless IntelliMouse Explorer

Site News/Info

About This Site

Affiliates

ANet Forums

Default Home Page

Link To Us

Links

Member Pages

Site Search

Awards

Credits
�1997/2004, Active Network. All Rights Reserved.
Layout & Design by Designer Dream. Content written by the Active Network team. Please click here for full terms of use and restrictions or read our Privacy Statement.

Site slams IE's security

Time: 11:56 EST/16:56 GMT | News Source: CNET | Posted By: Robert Stein

The group has set up a Web site reminiscent of Apple Computer's "Real People" ad campaign, which urged people to switch from Microsoft's Windows operating system to the Macintosh. The site features first-person testimonials of people who switched from IE to alternatives.

Write Comment
Return to News

Displaying 1 through 25 of 241
Last | Next

The time now is 6:43:18 PM ET.
Any comment problems? E-mail us

#1 By 40 (216.68.248.200) at 8/25/2004 1:53:09 PM

That site is funny. Firefox has more top security issues then IE does. There are plenty of holes in all of them, if you don't use basic security, and lock your system down.

If i am not wrong, the list of Security Risk went - 1 - Firefox, 2 - Moz, 3 - IE over the last 2 weeks.

#2 By 2332 (66.228.91.12) at 8/25/2004 2:27:11 PM

#2 - Hey Parkker, notice than all those numbers are less than 1?

IT'S A BETA VERSION OF THE BROWSER.

Regardless, Firefox is still safer than IE. You know why just as well as I do. Give it up and stop spreading your propaganda.

I won't even look at IE again until Longhorn.

#3 By 2332 (66.228.91.12) at 8/25/2004 6:32:08 PM

#8 - Curious, what excuse are the FireFox people going to use once it's out of beta...

First, I prefer to call myself a "rational person" not a "Firefox person".

Second, the biggest excuse is that Firefox is better in pretty much every possible way than IE. And as long as it doesn't reach a significant market share (20%+), it will be safer than IE no matter how many security holes it may have because bad guys will choose to target IE instead of Firefox.

Simple as that.

#6 - 4.7MB downloaded 5 times in 8 weeks is not trivial.

Ya, I mean on a 56k modem that would take a whopping 15 minutes for each download! That's an hour and 15 minutes over 8 weeks! That means you would spend .093% of your time over that 8 weeks downloading new version of Firefox! Those bastards!

Thankfully, most people have broadband these days (and I would venture a guess that an even greater percentage of Firefox users have broadband since they're typically more informed and tech savvy), so that probably brings it down to .01% or so. Still unacceptable.

Sigh...

#4 By 10896 (24.25.182.11) at 8/25/2004 6:46:32 PM

What a bunch of idiots that got for the those so-called switch browser ads. Both Mozilla and FireFox are unusable products for most users. No discussion of the security problems that have existed for years and are never fixed, the perpetual upgrade cycle with no installer upgrade, just uninstall, reinstall the new version and then reconfigure. And finally how about the severe memory problems that have never been fixed and appear to get worse with each version of Mozilla and FireFox.

#5 By 7797 (68.142.9.161) at 8/25/2004 9:26:51 PM

Firefox has lots of areas where it can improve. However it IS improving at a much faster rate than IE which will be pretty much stagnant for another couple of years until longhorn comes out. For most regular users i think Firefox will be "good enough" by the time it has enough market share to matter.

#6 By 21203 (4.5.32.137) at 8/25/2004 10:48:11 PM

Regardless, Firefox is still safer than IE. You know why just as well as I do.

Wrong-o. Firefox is exactly as safe as IE, if you're an intelligent user.

If you want to treat your browsers like you don't know anything about computers, ok ... firefox might be considered better. But are you comparing it to XP-SP2? Are you able to hit yes/no prompts with a moderate amount of intelligence?

Products don't have to be baby-safe to be "better", you just need to eventually learn not to bang the sharp corners against your forehead. If you really want to allow activeX to install without prompting, or click "Yes" to install stuff without reading the prompts, hey... by all means blame the product.

#7 By 2332 (65.221.182.2) at 8/26/2004 1:39:44 AM

#13 - Sure ... someone will go to all the trouble and risk to setup a phishing site and limit the exploits to IE instead of spending an extra 20 minutes to catch Mozilla/Netscape and Firefox users (same codebase, same exploits) too. Not a chance.

Huh? You're obviously not a coder. Developing exploits is often a difficult and tedious task. Just because somebody develops an exploits for IE doesn't mean anything even remotely similar will work for Firefox/Mozilla with "20 minutes" of work. In fact, it's usally more akin to starting from scratch.

#20 - Wrong-o. Firefox is exactly as safe as IE, if you're an intelligent user.

No, I'm afraid you're "wrong-o". Internet Explorer is targeted FAR more often than Firefox. No matter how intelligent you are, many of the exploits for IE require absolutely no user interaction and there is nothing you can do to prevent them from running aside from sometimes turning off all scripting which makes IE essentially useless.

All it takes is for somebody to buy $5000 worth of banner advertising on some popular sites and they can infect millions of machines with whatever they wish - typically spyware of some kind. In fact, this is currently the most popular way to get spyware on people's machines... buying ads and using commonly available IE exploits (including exploits that work on a FULLY patched machine... yes, even SP2) to get it installed on anybody's machine who happens to visit a page with their ad on it.

Sure, most sites remove this advertising once they realize what's going on, but it only takes a day of ads to get millions of machines infected.

So, no matter how intelligent you are, using IE is like asking people to rape your machine.

Is Firefox riddled with security holes? Could be! But the fact of the matter is nobody cares about < 1% of the market. Everybody cares about the other 99%.

#8 By 23275 (68.17.42.38) at 8/26/2004 2:37:05 AM

Fundamental security vice practical security?

Is that the real issue? If it is assumed that IE is attacked more frequently, or simply more apparently and attended by more press when it is attacked - does this then mean that it is fundamentally less secure? Similarly, if Firefox/Mozilla are attacked less frequently, or less apparently, does this mean they are fundamentally more secure, or simply practically so?

If we accept that Windows/IE are attacked with far greater frequency, and more apparently, is it not then fundamentally more secure than other browsers and deserving of that judgment? This may be more valid than we assess, because IE has more capabilities than a base install of Firefox/Mozilla. The reverse then must also be true, when for example Mozilla is enabled with the ability to handle COM Clients like ActiveX [which it can], and if fully enabled with plug-ins, what is their <Firefox/Mizilla> fundamental level of security actually assessed to be? Has it been tested, and when evaluating patch proliferation, are they also fairly assessed - mindful of the time and file download of various plug-ins?

I suspect that any judgment that IE is fundamentally less secure cannot be supported in science - not even amongst a study-group much less within a control group. Now, given the proliferation of IE and the incidence of infection, the science arguing that IE is practically less secure is at best an unsupported assumption. I maintain that insufficient data has been assembled against IE's installed potential in the context of XP SP2 to be mentioned, much less commented upon conclusively. One might "assume" that SP2's impact will elevate IE's fundamental and certainly, practical security position.

As long as we are dealing with simple assumptions and based upon both sides of the discussion, one, and without the benefit of science, but simply based upon numbers which are both so high [installed based] and also so low [incidence of infection relative to that installed base], that IE is both fundamentally and practically more secure, because the IC is "manifest" or so overwhelmingly large that such assumptions may be arrived at without the need for any specialized knowledge.

Finally, I maintain that no lay parties outside of IE's base of support actually want to engage in meaningful studies designed to scientifically challenge what is manifest. It is simply easier to treat opinion as fact, which makes for interesting boards and spirited exchanges - it does not however, form the basis for making a sound decision opposite which browser to use.
"I mean, at one of the examples, there was a business consultant...do you really want a person challenged by securing a browser to consult you on the complexities of growing a business? I should think such an achievable task would be within the intellectual capacity of any decent business person."

#9 By 2332 (65.221.182.2) at 8/26/2004 11:59:00 AM

#22 - I maintain that insufficient data has been assembled against IE's installed potential in the context of XP SP2 to be mentioned

http://www.mikx.de/scrollbar/

Nough said.

By the way, be sure to check your startup folder after you visit that page. You'll have "boom.exe" in there, regardless of whether or not you have the latest and greatest patches from MS.

#10 By 23275 (68.17.42.38) at 8/26/2004 1:19:43 PM

#24 - it didn't work and no Boom.exe was installed to the system [XP Pro SP2 RTM].
Is there another link that demonstrates the exploit? I checked all processes, msconfig, startup folder, explorer and registery and did not note an exe for Boom. I do harden all of our systems, so it may be that this process stops the exploit as listed. Thanks

This post was edited by lketchum on Thursday, August 26, 2004 at 13:20.

#11 By 17996 (69.21.203.150) at 8/26/2004 1:41:10 PM

Well for me it copied "booom[1].exe" to my Startup folder... is it supposed to be a zero-length file (for demo purposes) ?

Oddly, it won't let me delete it because its still in use... maybe it will after I close IE.

Glad I use my scroll wheel :-)

#12 By 116 (24.173.215.234) at 8/26/2004 1:47:05 PM

I just tried it with a brand new install of XP and SP2 and it didn't do anything. Whats the deal?

#13 By 2332 (65.221.182.2) at 8/26/2004 9:54:09 PM

You need to scroll down the page using the scroll bars on the right of the window. You can't just use your scroll wheel.

The exploit works by fooling a user into dragging an element on the page to a local security zone. In this case, there is a hidden image over the scroll bar which, when clicked and dragged down, copies that EXE to the startup folder.

This definitly works on ALL Windows XP installs as long as javascript is enabled.

#14 By 23275 (68.17.42.38) at 8/26/2004 11:25:46 PM

#28 - Yes, I read the instructions on the page, then clicked on, held and drug the scroll-bar as instructed. Yet, boom.exe did not execute as suggested.

[System is WXP SP2, IE 6.0.2900] Binaries and Scripting are enabled. Thanks

This post was edited by lketchum on Thursday, August 26, 2004 at 23:48.

#15 By 4240821 (213.139.195.162) at 10/26/2023 12:17:53 PM