Slashdot Mirror

"Bypassing current antivirus process is almost trivial." - by Nikademus (631739) * on Sunday April 27, @01:40PM (#23215396) Homepage

Which is why their "HEURISTICS" ('smells like a duck, tastes like a duck, & looks like a duck (must be a duck)') type tech in antivirus products is important... who leads that area, per current results? Apparently, NOD32 does & has kept such leadership in that category during formal testing @ av-comparatives.org & vb100 the past few years now over all other competition.

NOW, if you don't want scripted viruses (via java/javascript)? Don't run them in your webbrowser, you won't get any of this.

(Yes, that's a PAIN on some sites (so, you need a browser that allows "exception sites", & FireFox will do THAT, via an addon called "noscript" (Flashblock's another one that may help also, due to Adobe's products being rampantly exploited lately)... , & OPERA HAS LESS KNOWN SECURITY VULNERABILITIES THAN FIREFOX DOES (or, IE too))!

If you search a site like SECUNIA.COM, you can verify the browser vulnerabilities lists, as of today's date, here in these URL's to verify my statements:

=====
SECUNIA DATA ON BROWSER SECURITY (dated 04/28/2008):
=====

Opera 9.27 security advisories @ SECUNIA (0% unpatched):

http://secunia.com/product/10615/?task=advisories

----

Netscape 9.0.0.6 (0% unpatched - but, now discontinued by Mozilla, so it WILL be vulnerable to things FF won't be now & in the future):

http://secunia.com/product/14690/

----

FireFox 2.0.0.14 security advisories @ SECUNIA (17% unpatched):

http://secunia.com/product/12434/

----

IE 7 (latest cumulative update from MS) security advisories @ SECUNIA (33% unpatched):

http://secunia.com/product/12366/

----

MOST OF WHAT YOU SEE OUT THERE NOWADAYS ONLINE? Javascript + IFrame exploits... so, getting a secure browser, & creating "exception sites" for running IFrames &/or JavaScript, & for those exception sites ONLY, is a GOOD idea (sites like online shopping &/or online banking come to mind - they OFTEN DEMAND YOU USE JavaScript/Cookies etc. so on those sites, use them, since you are forced to... all others? TURN IT OFF, & BE SAFE(r)).

----

NOW - As far as "std. 'oldschool' binary infectors"?

If apps were coded to say, check their filesize &/or CRC-32 @ startup? They can "self-check" themselves for infestation/infection!

I did a "Dr. Who" (famous science fiction series, longest running there is iirc in fact) that does such checks (& in all of my freeware apps this takes place to protect users) that does this, here:

----

APK Doctor Who ScreenSaver 2008++: review:

http://www.drwhodaily.com/community/index.php?showtopic=386&st=0

(Multithreaded 3D animated screensaver that self-checks itself vs. viral infestation via filesize & crc32 checks @ its startup)

----

&, it works!

E.G./I.E. -> The screensaver will tell you if it has had its CRC-32 altered, OR, its filesize & warn you + shut itself down, so you are aware of it & so it does not continue to "spread-the-disease"...

(IF every Win32 PE app did that, we'd probably have LESS binary infector/attaching std. viruses imo @ least, & that of others, since my idea for this was "modded up" HERE @ SLASHDOT no less, in last year's "CODING FOR DEFCON" thread, see below):

----

APK CODING FOR DEFCON POST (technique modded up as "technically interesting" etc. et al, for coding securely):

The service pack has already been leaked (more info here with usenet and bittorrent links). So far its working fine. There have been some scattered reports of problems but this is mainly due to people missing updates via glitches within Windows Update.

1. My suggestion is everyone download Secunia PSI to scan their systems for older/vulnerable software. Update all software it finds to be out of date.

2. Use Filehippo.com's Update Checking utility to update any software that PSI misses.

3. Use a registry cleaner and temporary file cleanup utility to CCleaner.

Then do the update. It should go perfectly well then.

If clicking a link poses even the slightest risk, you need to replace your software ASAP.

What would you suggest replacing it with? Arbitrary-execution bugs have cropped up in every major browser (yes, even lynx) from time to time, and often the bad guys know about them first. Ditto with common browser plugins. Hopefully your browser is not running with root privileges, but probably it has full access to your personal files -- and besides, privilege escalation bugs are also constantly being discovered.

Short of using a temporary installation image (or live CD) on a separate network, I can't think of what sort of setup I could, with clear conscience, recommend to someone who wanted the freedom to click on targeted malware links.

Welcome to the grim paranoid realities of net security -- every link, every email, every IM, every packet heading into your network does indeed pose the slightest risk, because it will eventually be processed by one or more pieces of buggy software. There's a lot you can do to manage these risks, but pretending that they only exist in "bad" software is just putting your head in the sand.

Now that I think about it, maybe that link isn't as connected as I thought... :(

I was looking more for something like this.

Too bad I can't make that post disappear by moderating the thread. :)

"The unfortunate reality with PC infections is that once your box is compromised you need to pave and rebuild the thing" - by dave562 (969951) on Thursday April 10, @05:15PM (#23029784) That's NOT true, & certainly not with "std." viruses/trojans/spywares. I have cleaned over 1,000 systems alone this year, professionally, & I list a method of doing so in the URL below that works for that, & even vs. bootsector housed/originated rootkits (fixmbr &/or fixboot via Recovery Console on your Microsoft Windows-NT based OS of modern varieties since Windows 2000).

----

"use a secure browser (either IE7 or Firefox)" - by dave562 (969951) on Thursday April 10, @05:15PM (#23029784) Secure Browsers? Those are NOT secure!

(Man, you really ought to NOT dispense information, until you read up on things & verify them, first)

=====
SECUNIA DATA ON BROWSER SECURITY (dated 04/07/2008):
=====

Opera 9.27 security advisories @ SECUNIA (0% unpatched):

http://secunia.com/product/10615/?task=advisories

----

Netscape 9.0.0.6 (0% unpatched - but, now discontinued by Mozilla, so it WILL be vulnerable to things FF won't be now & in the future)

http://secunia.com/product/14690/

----

FireFox 2.0.0.13 security advisories @ SECUNIA (18% unpatched):

http://secunia.com/product/12434/

----

IE 7 (latest cumulative update from MS) security advisories @ SECUNIA (35% unpatched):

http://secunia.com/product/12366/

----

Because as you can see, your suggestions are way, WAY off... vs. Opera!

APK

P.S.=> Want a secure PC, & years of uptime (plus, peace of mind online)? Do what is in here, with a couple hours of your time, for years of secure uptime into the distance:

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA + make it "fun to do", via CIS Tool Guidance & more:

http://www.xtremepccentral.com/forums/showthread.php?s=86d01764b4339ac5e967dc217db35c55&t=28430

It REALLY works... apk

"The unfortunate reality with PC infections is that once your box is compromised you need to pave and rebuild the thing" - by dave562 (969951) on Thursday April 10, @05:15PM (#23029784) That's NOT true, & certainly not with "std." viruses/trojans/spywares. I have cleaned over 1,000 systems alone this year, professionally, & I list a method of doing so in the URL below that works for that, & even vs. bootsector housed/originated rootkits (fixmbr &/or fixboot via Recovery Console on your Microsoft Windows-NT based OS of modern varieties since Windows 2000).

----

"use a secure browser (either IE7 or Firefox)" - by dave562 (969951) on Thursday April 10, @05:15PM (#23029784) Secure Browsers? Those are NOT secure!

(Man, you really ought to NOT dispense information, until you read up on things & verify them, first)

=====
SECUNIA DATA ON BROWSER SECURITY (dated 04/07/2008):
=====

Opera 9.27 security advisories @ SECUNIA (0% unpatched):

http://secunia.com/product/10615/?task=advisories

----

Netscape 9.0.0.6 (0% unpatched - but, now discontinued by Mozilla, so it WILL be vulnerable to things FF won't be now & in the future)

http://secunia.com/product/14690/

----

FireFox 2.0.0.13 security advisories @ SECUNIA (18% unpatched):

http://secunia.com/product/12434/

----

IE 7 (latest cumulative update from MS) security advisories @ SECUNIA (35% unpatched):

http://secunia.com/product/12366/

----

Because as you can see, your suggestions are way, WAY off... vs. Opera!

APK

P.S.=> Want a secure PC, & years of uptime (plus, peace of mind online)? Do what is in here, with a couple hours of your time, for years of secure uptime into the distance:

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA + make it "fun to do", via CIS Tool Guidance & more:

http://www.xtremepccentral.com/forums/showthread.php?s=86d01764b4339ac5e967dc217db35c55&t=28430

It REALLY works... apk

"The unfortunate reality with PC infections is that once your box is compromised you need to pave and rebuild the thing" - by dave562 (969951) on Thursday April 10, @05:15PM (#23029784) That's NOT true, & certainly not with "std." viruses/trojans/spywares. I have cleaned over 1,000 systems alone this year, professionally, & I list a method of doing so in the URL below that works for that, & even vs. bootsector housed/originated rootkits (fixmbr &/or fixboot via Recovery Console on your Microsoft Windows-NT based OS of modern varieties since Windows 2000).

----

"use a secure browser (either IE7 or Firefox)" - by dave562 (969951) on Thursday April 10, @05:15PM (#23029784) Secure Browsers? Those are NOT secure!

(Man, you really ought to NOT dispense information, until you read up on things & verify them, first)

=====
SECUNIA DATA ON BROWSER SECURITY (dated 04/07/2008):
=====

Opera 9.27 security advisories @ SECUNIA (0% unpatched):

http://secunia.com/product/10615/?task=advisories

----

Netscape 9.0.0.6 (0% unpatched - but, now discontinued by Mozilla, so it WILL be vulnerable to things FF won't be now & in the future)

http://secunia.com/product/14690/

----

FireFox 2.0.0.13 security advisories @ SECUNIA (18% unpatched):

http://secunia.com/product/12434/

----

IE 7 (latest cumulative update from MS) security advisories @ SECUNIA (35% unpatched):

http://secunia.com/product/12366/

----

Because as you can see, your suggestions are way, WAY off... vs. Opera!

APK

P.S.=> Want a secure PC, & years of uptime (plus, peace of mind online)? Do what is in here, with a couple hours of your time, for years of secure uptime into the distance:

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA + make it "fun to do", via CIS Tool Guidance & more:

http://www.xtremepccentral.com/forums/showthread.php?s=86d01764b4339ac5e967dc217db35c55&t=28430

It REALLY works... apk

"The unfortunate reality with PC infections is that once your box is compromised you need to pave and rebuild the thing" - by dave562 (969951) on Thursday April 10, @05:15PM (#23029784) That's NOT true, & certainly not with "std." viruses/trojans/spywares. I have cleaned over 1,000 systems alone this year, professionally, & I list a method of doing so in the URL below that works for that, & even vs. bootsector housed/originated rootkits (fixmbr &/or fixboot via Recovery Console on your Microsoft Windows-NT based OS of modern varieties since Windows 2000).

----

"use a secure browser (either IE7 or Firefox)" - by dave562 (969951) on Thursday April 10, @05:15PM (#23029784) Secure Browsers? Those are NOT secure!

(Man, you really ought to NOT dispense information, until you read up on things & verify them, first)

=====
SECUNIA DATA ON BROWSER SECURITY (dated 04/07/2008):
=====

Opera 9.27 security advisories @ SECUNIA (0% unpatched):

http://secunia.com/product/10615/?task=advisories

----

Netscape 9.0.0.6 (0% unpatched - but, now discontinued by Mozilla, so it WILL be vulnerable to things FF won't be now & in the future)

http://secunia.com/product/14690/

----

FireFox 2.0.0.13 security advisories @ SECUNIA (18% unpatched):

http://secunia.com/product/12434/

----

IE 7 (latest cumulative update from MS) security advisories @ SECUNIA (35% unpatched):

http://secunia.com/product/12366/

----

Because as you can see, your suggestions are way, WAY off... vs. Opera!

APK

P.S.=> Want a secure PC, & years of uptime (plus, peace of mind online)? Do what is in here, with a couple hours of your time, for years of secure uptime into the distance:

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA + make it "fun to do", via CIS Tool Guidance & more:

http://www.xtremepccentral.com/forums/showthread.php?s=86d01764b4339ac5e967dc217db35c55&t=28430

It REALLY works... apk

"Yeah, Opera can do it" - by ceoyoyo (59147) on Wednesday March 26, @05:23PM (#22874326) Yes, they can & HAVE: OPERA PASSES ACID3 TEST FIRST:

http://my.opera.com/desktopteam/blog/2008/03/26/opera-and-the-acid3-test

AND, Opera's fsster than its competitors, OVERALL on the most OS platforms (since it is multiplatform, like FF but NOT IE (or as uch so in IE that is, since it runs on MacOS X too, but NOT Linux/*NIX (even on Javascript processing too (as well as commonly being accepted as "the world's fastest webbrowser program" in Opera, on ALL/other fronts, evidenced below in legitimate testing))):

BROWSER SPEED TEST COMPARISON:

http://www.howtocreate.co.uk/browserSpeed.html

JAVASCRIPT PROCESSING SPEED TEST:

http://nontroppo.org/timer/kestrel_tests/

(RECENTLY/HOWEVER - This category of Javascript processing speed MAY has FireFox in 1st place, currently, in THIS category (for now that is), & via their FF3 beta, IIRC!))

AND, Opera's more secure also:

SECUNIA DATA ON BROWSER SECURITY (dated 03/28/2008):

Opera 9.26 security advisories @ SECUNIA (0% unpatched):

http://secunia.com/product/10615/?task=advisories

FireFox 2.0.0.13 security advisories @ SECUNIA (18% unpatched):

http://secunia.com/product/12434/

IE 7 (latest cumulative update from MS) security advisories @ SECUNIA (35% unpatched):

http://secunia.com/product/12366/

----------

"but isn't going to release the capability -- wonderful." - by ceoyoyo (59147) on Wednesday March 26, @05:23PM (#22874326) The development temn @ Opera, WAIT until something is done, & done right - unlike their competition, as is evidneced by the amount of security holes & vulnerabilities present in them (including Mozilla variants AND Ms IE) noted below:

(By the way - IF you read the above URL? The Opera team will be releasing the build this week... look for one past nightly snapshot .9841!)

----------

"Safari 3.1 is a full release" - by ceoyoyo (59147) on Wednesday March 26 Yea, full alright - SAFARI IS FULL OF SECURITY HOLES:

Safari 3.1 For Windows Violates Its Own EULA, Vulnerable To Hacks

http://apple.slashdot.org/article.pl?sid=08/03/27/129236

(That is VERY recent also, like the past 1-2 days - FAR from "stale" news, that above - granted, NOW it's patched, but the point's there!)

----------

"and Firefox is a publicly available beta release" - by ceoyoyo (59147) on Wednesday March 26 That is again, FULL of holes, per the evidences above (& not as fast as Opera is on ALL possibly tested fronts, as noted in ths URL below):

----------

"In my book Opera is losing the race. The race is silly, but Opera is still losing" - by ceoyoyo (59147) on Wednesday March 26, @05:23PM (#22874326) Based on ALL of the data above, which IS easily verified & from reputable sources? I'd have to say your book needs revision...

APK

"Yeah, Opera can do it" - by ceoyoyo (59147) on Wednesday March 26, @05:23PM (#22874326) Yes, they can & HAVE: OPERA PASSES ACID3 TEST FIRST:

http://my.opera.com/desktopteam/blog/2008/03/26/opera-and-the-acid3-test

AND, Opera's fsster than its competitors, OVERALL on the most OS platforms (since it is multiplatform, like FF but NOT IE (or as uch so in IE that is, since it runs on MacOS X too, but NOT Linux/*NIX (even on Javascript processing too (as well as commonly being accepted as "the world's fastest webbrowser program" in Opera, on ALL/other fronts, evidenced below in legitimate testing))):

BROWSER SPEED TEST COMPARISON:

http://www.howtocreate.co.uk/browserSpeed.html

JAVASCRIPT PROCESSING SPEED TEST:

http://nontroppo.org/timer/kestrel_tests/

(RECENTLY/HOWEVER - This category of Javascript processing speed MAY has FireFox in 1st place, currently, in THIS category (for now that is), & via their FF3 beta, IIRC!))

AND, Opera's more secure also:

SECUNIA DATA ON BROWSER SECURITY (dated 03/28/2008):

Opera 9.26 security advisories @ SECUNIA (0% unpatched):

http://secunia.com/product/10615/?task=advisories

FireFox 2.0.0.13 security advisories @ SECUNIA (18% unpatched):

http://secunia.com/product/12434/

IE 7 (latest cumulative update from MS) security advisories @ SECUNIA (35% unpatched):

http://secunia.com/product/12366/

----------

"but isn't going to release the capability -- wonderful." - by ceoyoyo (59147) on Wednesday March 26, @05:23PM (#22874326) The development temn @ Opera, WAIT until something is done, & done right - unlike their competition, as is evidneced by the amount of security holes & vulnerabilities present in them (including Mozilla variants AND Ms IE) noted below:

(By the way - IF you read the above URL? The Opera team will be releasing the build this week... look for one past nightly snapshot .9841!)

----------

"Safari 3.1 is a full release" - by ceoyoyo (59147) on Wednesday March 26 Yea, full alright - SAFARI IS FULL OF SECURITY HOLES:

Safari 3.1 For Windows Violates Its Own EULA, Vulnerable To Hacks

http://apple.slashdot.org/article.pl?sid=08/03/27/129236

(That is VERY recent also, like the past 1-2 days - FAR from "stale" news, that above - granted, NOW it's patched, but the point's there!)

----------

"and Firefox is a publicly available beta release" - by ceoyoyo (59147) on Wednesday March 26 That is again, FULL of holes, per the evidences above (& not as fast as Opera is on ALL possibly tested fronts, as noted in ths URL below):

----------

"In my book Opera is losing the race. The race is silly, but Opera is still losing" - by ceoyoyo (59147) on Wednesday March 26, @05:23PM (#22874326) Based on ALL of the data above, which IS easily verified & from reputable sources? I'd have to say your book needs revision...

APK

"Yeah, Opera can do it" - by ceoyoyo (59147) on Wednesday March 26, @05:23PM (#22874326) Yes, they can & HAVE: OPERA PASSES ACID3 TEST FIRST:

http://my.opera.com/desktopteam/blog/2008/03/26/opera-and-the-acid3-test

AND, Opera's fsster than its competitors, OVERALL on the most OS platforms (since it is multiplatform, like FF but NOT IE (or as uch so in IE that is, since it runs on MacOS X too, but NOT Linux/*NIX (even on Javascript processing too (as well as commonly being accepted as "the world's fastest webbrowser program" in Opera, on ALL/other fronts, evidenced below in legitimate testing))):

BROWSER SPEED TEST COMPARISON:

http://www.howtocreate.co.uk/browserSpeed.html

JAVASCRIPT PROCESSING SPEED TEST:

http://nontroppo.org/timer/kestrel_tests/

(RECENTLY/HOWEVER - This category of Javascript processing speed MAY has FireFox in 1st place, currently, in THIS category (for now that is), & via their FF3 beta, IIRC!))

AND, Opera's more secure also:

SECUNIA DATA ON BROWSER SECURITY (dated 03/28/2008):

Opera 9.26 security advisories @ SECUNIA (0% unpatched):

http://secunia.com/product/10615/?task=advisories

FireFox 2.0.0.13 security advisories @ SECUNIA (18% unpatched):

http://secunia.com/product/12434/

IE 7 (latest cumulative update from MS) security advisories @ SECUNIA (35% unpatched):

http://secunia.com/product/12366/

----------

"but isn't going to release the capability -- wonderful." - by ceoyoyo (59147) on Wednesday March 26, @05:23PM (#22874326) The development temn @ Opera, WAIT until something is done, & done right - unlike their competition, as is evidneced by the amount of security holes & vulnerabilities present in them (including Mozilla variants AND Ms IE) noted below:

(By the way - IF you read the above URL? The Opera team will be releasing the build this week... look for one past nightly snapshot .9841!)

----------

"Safari 3.1 is a full release" - by ceoyoyo (59147) on Wednesday March 26 Yea, full alright - SAFARI IS FULL OF SECURITY HOLES:

Safari 3.1 For Windows Violates Its Own EULA, Vulnerable To Hacks

http://apple.slashdot.org/article.pl?sid=08/03/27/129236

(That is VERY recent also, like the past 1-2 days - FAR from "stale" news, that above - granted, NOW it's patched, but the point's there!)

----------

"and Firefox is a publicly available beta release" - by ceoyoyo (59147) on Wednesday March 26 That is again, FULL of holes, per the evidences above (& not as fast as Opera is on ALL possibly tested fronts, as noted in ths URL below):

----------

"In my book Opera is losing the race. The race is silly, but Opera is still losing" - by ceoyoyo (59147) on Wednesday March 26, @05:23PM (#22874326) Based on ALL of the data above, which IS easily verified & from reputable sources? I'd have to say your book needs revision...

APK

"as for security, as long as it is open-source it will probably be patched and up to date well enough to deal with all the problems except the one typing on the keyboard. - by webmaster404 (1148909) on Thursday March 27, @08:43PM (#22888732) Well, apparently? You are NOT correct:

SECUNIA DATA ON BROWSER SECURITY (dated 03/289/2008):

Opera 9.26 security advisories @ SECUNIA (0% unpatched):

http://secunia.com/product/10615/?task=advisories

---

FireFox 2.0.0.13 security advisories @ SECUNIA (18% unpatched):

http://secunia.com/product/12434/

---

IE 7 (latest cumulative update from MS) security advisories @ SECUNIA (35% unpatched):

http://secunia.com/product/12366/

---

It seems that OPERA "bucks your trend/hypothesis", especially vs. FF (is this "open sores", by the way? Nobody seems to understand that when an app IS "open source", it is FAR SIMPLER to find bugs in it, than it is taking a closed-source app & using disassembly + steptracing as well).

"Open Sores" is truly that... FAR easier to spot bugs in, than closed source code, period.

APK

"as for security, as long as it is open-source it will probably be patched and up to date well enough to deal with all the problems except the one typing on the keyboard. - by webmaster404 (1148909) on Thursday March 27, @08:43PM (#22888732) Well, apparently? You are NOT correct:

SECUNIA DATA ON BROWSER SECURITY (dated 03/289/2008):

Opera 9.26 security advisories @ SECUNIA (0% unpatched):

http://secunia.com/product/10615/?task=advisories

---

FireFox 2.0.0.13 security advisories @ SECUNIA (18% unpatched):

http://secunia.com/product/12434/

---

IE 7 (latest cumulative update from MS) security advisories @ SECUNIA (35% unpatched):

http://secunia.com/product/12366/

---

It seems that OPERA "bucks your trend/hypothesis", especially vs. FF (is this "open sores", by the way? Nobody seems to understand that when an app IS "open source", it is FAR SIMPLER to find bugs in it, than it is taking a closed-source app & using disassembly + steptracing as well).

"Open Sores" is truly that... FAR easier to spot bugs in, than closed source code, period.

APK

"as for security, as long as it is open-source it will probably be patched and up to date well enough to deal with all the problems except the one typing on the keyboard. - by webmaster404 (1148909) on Thursday March 27, @08:43PM (#22888732) Well, apparently? You are NOT correct:

SECUNIA DATA ON BROWSER SECURITY (dated 03/289/2008):

Opera 9.26 security advisories @ SECUNIA (0% unpatched):

http://secunia.com/product/10615/?task=advisories

---

FireFox 2.0.0.13 security advisories @ SECUNIA (18% unpatched):

http://secunia.com/product/12434/

---

IE 7 (latest cumulative update from MS) security advisories @ SECUNIA (35% unpatched):

http://secunia.com/product/12366/

---

It seems that OPERA "bucks your trend/hypothesis", especially vs. FF (is this "open sores", by the way? Nobody seems to understand that when an app IS "open source", it is FAR SIMPLER to find bugs in it, than it is taking a closed-source app & using disassembly + steptracing as well).

"Open Sores" is truly that... FAR easier to spot bugs in, than closed source code, period.

APK

"Yeah, Opera can do it" - by ceoyoyo (59147) on Wednesday March 26, @05:23PM (#22874326) Yes, they can & HAVE: OPERA PASSES ACID3 TEST FIRST:

http://my.opera.com/desktopteam/blog/2008/03/26/opera-and-the-acid3-test

AND, Opera's fsster than its competitors, OVERALL on the most OS platforms (since it is multiplatform, like FF but NOT IE (or as uch so in IE that is, since it runs on MacOS X too, but NOT Linux/*NIX (even on Javascript processing too (as well as commonly being accepted as "the world's fastest webbrowser program" in Opera, on ALL/other fronts, evidenced below in legitimate testing))):

BROWSER SPEED TEST COMPARISON:

http://www.howtocreate.co.uk/browserSpeed.html

JAVASCRIPT PROCESSING SPEED TEST:

http://nontroppo.org/timer/kestrel_tests/

(RECENTLY/HOWEVER - This category of Javascript processing speed MAY has FireFox in 1st place, currently, in THIS category (for now that is), & via their FF3 beta, IIRC!))

AND, Opera's more secure also:

SECUNIA DATA ON BROWSER SECURITY (dated 11/29/2007):

Opera 9.26 security advisories @ SECUNIA (0% unpatched):

http://secunia.com/product/10615/?task=advisories

FireFox 2.0.0.13 security advisories @ SECUNIA (18% unpatched):

http://secunia.com/product/12434/

IE 7 (latest cumulative update from MS) security advisories @ SECUNIA (35% unpatched):

http://secunia.com/product/12366/

----------

"but isn't going to release the capability -- wonderful." - by ceoyoyo (59147) on Wednesday March 26, @05:23PM (#22874326) The development temn @ Opera, WAIT until something is done, & done right - unlike their competition, as is evidneced by the amount of security holes & vulnerabilities present in them (including Mozilla variants AND Ms IE) noted below:

(By the way - IF you read the above URL? The Opera team will be releasing the build this week... look for one past nightly snapshot .9841!)

----------

"Safari 3.1 is a full release" - by ceoyoyo (59147) on Wednesday March 26 Yea, full alright - SAFARI IS FULL OF SECURITY HOLES:

Safari 3.1 For Windows Violates Its Own EULA, Vulnerable To Hacks

http://apple.slashdot.org/article.pl?sid=08/03/27/129236

(That is VERY recent also, like the past 1-2 days - FAR from "stale" news, that above)

----------

"and Firefox is a publicly available beta release" - by ceoyoyo (59147) on Wednesday March 26 That is again, FULL of holes, per the evidences above (& not as fast as Opera is on ALL possibly tested fronts, as noted in ths URL below):

----------

"In my book Opera is losing the race. The race is silly, but Opera is still losing" - by ceoyoyo (59147) on Wednesday March 26, @05:23PM (#22874326)

Based on ALL of the data above, which IS easily verified & from reputable sources? I'd have to say your book needs revision...

APK

"Yeah, Opera can do it" - by ceoyoyo (59147) on Wednesday March 26, @05:23PM (#22874326) Yes, they can & HAVE: OPERA PASSES ACID3 TEST FIRST:

http://my.opera.com/desktopteam/blog/2008/03/26/opera-and-the-acid3-test

AND, Opera's fsster than its competitors, OVERALL on the most OS platforms (since it is multiplatform, like FF but NOT IE (or as uch so in IE that is, since it runs on MacOS X too, but NOT Linux/*NIX (even on Javascript processing too (as well as commonly being accepted as "the world's fastest webbrowser program" in Opera, on ALL/other fronts, evidenced below in legitimate testing))):

BROWSER SPEED TEST COMPARISON:

http://www.howtocreate.co.uk/browserSpeed.html

JAVASCRIPT PROCESSING SPEED TEST:

http://nontroppo.org/timer/kestrel_tests/

(RECENTLY/HOWEVER - This category of Javascript processing speed MAY has FireFox in 1st place, currently, in THIS category (for now that is), & via their FF3 beta, IIRC!))

AND, Opera's more secure also:

SECUNIA DATA ON BROWSER SECURITY (dated 11/29/2007):

Opera 9.26 security advisories @ SECUNIA (0% unpatched):

http://secunia.com/product/10615/?task=advisories

FireFox 2.0.0.13 security advisories @ SECUNIA (18% unpatched):

http://secunia.com/product/12434/

IE 7 (latest cumulative update from MS) security advisories @ SECUNIA (35% unpatched):

http://secunia.com/product/12366/

----------

"but isn't going to release the capability -- wonderful." - by ceoyoyo (59147) on Wednesday March 26, @05:23PM (#22874326) The development temn @ Opera, WAIT until something is done, & done right - unlike their competition, as is evidneced by the amount of security holes & vulnerabilities present in them (including Mozilla variants AND Ms IE) noted below:

(By the way - IF you read the above URL? The Opera team will be releasing the build this week... look for one past nightly snapshot .9841!)

----------

"Safari 3.1 is a full release" - by ceoyoyo (59147) on Wednesday March 26 Yea, full alright - SAFARI IS FULL OF SECURITY HOLES:

Safari 3.1 For Windows Violates Its Own EULA, Vulnerable To Hacks

http://apple.slashdot.org/article.pl?sid=08/03/27/129236

(That is VERY recent also, like the past 1-2 days - FAR from "stale" news, that above)

----------

"and Firefox is a publicly available beta release" - by ceoyoyo (59147) on Wednesday March 26 That is again, FULL of holes, per the evidences above (& not as fast as Opera is on ALL possibly tested fronts, as noted in ths URL below):

----------

"In my book Opera is losing the race. The race is silly, but Opera is still losing" - by ceoyoyo (59147) on Wednesday March 26, @05:23PM (#22874326)

Based on ALL of the data above, which IS easily verified & from reputable sources? I'd have to say your book needs revision...

APK

"Yeah, Opera can do it" - by ceoyoyo (59147) on Wednesday March 26, @05:23PM (#22874326) Yes, they can & HAVE: OPERA PASSES ACID3 TEST FIRST:

http://my.opera.com/desktopteam/blog/2008/03/26/opera-and-the-acid3-test

AND, Opera's fsster than its competitors, OVERALL on the most OS platforms (since it is multiplatform, like FF but NOT IE (or as uch so in IE that is, since it runs on MacOS X too, but NOT Linux/*NIX (even on Javascript processing too (as well as commonly being accepted as "the world's fastest webbrowser program" in Opera, on ALL/other fronts, evidenced below in legitimate testing))):

BROWSER SPEED TEST COMPARISON:

http://www.howtocreate.co.uk/browserSpeed.html

JAVASCRIPT PROCESSING SPEED TEST:

http://nontroppo.org/timer/kestrel_tests/

(RECENTLY/HOWEVER - This category of Javascript processing speed MAY has FireFox in 1st place, currently, in THIS category (for now that is), & via their FF3 beta, IIRC!))

AND, Opera's more secure also:

SECUNIA DATA ON BROWSER SECURITY (dated 11/29/2007):

Opera 9.26 security advisories @ SECUNIA (0% unpatched):

http://secunia.com/product/10615/?task=advisories

FireFox 2.0.0.13 security advisories @ SECUNIA (18% unpatched):

http://secunia.com/product/12434/

IE 7 (latest cumulative update from MS) security advisories @ SECUNIA (35% unpatched):

http://secunia.com/product/12366/

----------

"but isn't going to release the capability -- wonderful." - by ceoyoyo (59147) on Wednesday March 26, @05:23PM (#22874326) The development temn @ Opera, WAIT until something is done, & done right - unlike their competition, as is evidneced by the amount of security holes & vulnerabilities present in them (including Mozilla variants AND Ms IE) noted below:

(By the way - IF you read the above URL? The Opera team will be releasing the build this week... look for one past nightly snapshot .9841!)

----------

"Safari 3.1 is a full release" - by ceoyoyo (59147) on Wednesday March 26 Yea, full alright - SAFARI IS FULL OF SECURITY HOLES:

Safari 3.1 For Windows Violates Its Own EULA, Vulnerable To Hacks

http://apple.slashdot.org/article.pl?sid=08/03/27/129236

(That is VERY recent also, like the past 1-2 days - FAR from "stale" news, that above)

----------

"and Firefox is a publicly available beta release" - by ceoyoyo (59147) on Wednesday March 26 That is again, FULL of holes, per the evidences above (& not as fast as Opera is on ALL possibly tested fronts, as noted in ths URL below):

----------

"In my book Opera is losing the race. The race is silly, but Opera is still losing" - by ceoyoyo (59147) on Wednesday March 26, @05:23PM (#22874326)

Based on ALL of the data above, which IS easily verified & from reputable sources? I'd have to say your book needs revision...

APK

Only vulnerabilities which were not previously released were allowed. There are un-patched vulnerabilities (8 of them) for IE7. There are no known un-patched vulnerabilities for Safari 3. This means that discovering a new vulnerability for Safari (which has 8 total advisories for the two most recent versions) is bigger news than discovering one for IE (which has 148 for the two most recent versions). Obviously, if more exploits are discovered, then it will be less of a big deal.

One should not draw the conclusion that Macs are less secure than PCs from the results of twenty people going at them in a room for a day.

Only vulnerabilities which were not previously released were allowed. There are un-patched vulnerabilities (8 of them) for IE7. There are no known un-patched vulnerabilities for Safari 3. This means that discovering a new vulnerability for Safari (which has 8 total advisories for the two most recent versions) is bigger news than discovering one for IE (which has 148 for the two most recent versions). Obviously, if more exploits are discovered, then it will be less of a big deal.

One should not draw the conclusion that Macs are less secure than PCs from the results of twenty people going at them in a room for a day.

OS X: Unpatched 6%; Partial Fix 1%; Vender Patch 93% (Advisories 113)
Windows XP Professional: Unpatched 14%; Partial Fix 1%; Vender Work Around 1%; Vender Patch 85% (Advisories 183)
Windows Vista: Unpatched 8%; Vender Work Around 4%; Vender Patch 88% (Advisories 25)

http://secunia.com/vendor/1/
http://secunia.com/vendor/17/

OS X: Unpatched 6%; Partial Fix 1%; Vender Patch 93% (Advisories 113)
Windows XP Professional: Unpatched 14%; Partial Fix 1%; Vender Work Around 1%; Vender Patch 85% (Advisories 183)
Windows Vista: Unpatched 8%; Vender Work Around 4%; Vender Patch 88% (Advisories 25)

http://secunia.com/vendor/1/
http://secunia.com/vendor/17/

So basically, you're saying that it's a bald-face lie that other browsers have better support for web standards than Internet Explorer, and that Internet Explorer is, in actuality, more than other browsers? If so, perhaps you should check out other stories on Slashdot, or look at this page, this page, this page, or perhaps even this page.

Statistically, IE is the least secure browser, with the most vulnerabilities that have yet to be patched. This is documented in enough places that I'd like to see you prove that I'm lying. While you're at it, please demonstrate that a shipping version of IE has better standards-compliance than Firefox, Opera, or Safari. Ideally, use widely accepted tests, such as this one.

See also: argumentum ad hominem .

So basically, you're saying that it's a bald-face lie that other browsers have better support for web standards than Internet Explorer, and that Internet Explorer is, in actuality, more than other browsers? If so, perhaps you should check out other stories on Slashdot, or look at this page, this page, this page, or perhaps even this page.

Statistically, IE is the least secure browser, with the most vulnerabilities that have yet to be patched. This is documented in enough places that I'd like to see you prove that I'm lying. While you're at it, please demonstrate that a shipping version of IE has better standards-compliance than Firefox, Opera, or Safari. Ideally, use widely accepted tests, such as this one.

See also: argumentum ad hominem .

So basically, you're saying that it's a bald-face lie that other browsers have better support for web standards than Internet Explorer, and that Internet Explorer is, in actuality, more than other browsers? If so, perhaps you should check out other stories on Slashdot, or look at this page, this page, this page, or perhaps even this page.

Statistically, IE is the least secure browser, with the most vulnerabilities that have yet to be patched. This is documented in enough places that I'd like to see you prove that I'm lying. While you're at it, please demonstrate that a shipping version of IE has better standards-compliance than Firefox, Opera, or Safari. Ideally, use widely accepted tests, such as this one.

See also: argumentum ad hominem .

The Fully Modded phpBB website is down, but it is basically a fork or extension of the base phpBB code, which remains secure.

I know I've labored the point about phpBB not being vulnerable to this kind of attack, but it really is built from the ground up for security. This exploit does not affect phpBB, just the heavily modified for "Fully Modded phpBB".

Quote from the parent comment: "XP's successor (Vista) was released about 13 months ago."

Vista may have been "released" 13 months ago, but that is missing the point. Microsoft "releases" software LONG before it is finished, in my opinion.

Windows XP was very troublesome for 3 years after it was released. All the evidence we have is that Windows Vista will be troublesome for that long also. One of the MAJOR issues here is that customers are being pressured away from Windows XP to Windows Vista before Vista is stable. For many, being pressured is not equivalent to being forced, but for many it is, especially at the end of June, when Microsoft stops selling Windows XP, except to preferred customers.

In my opinion, it is not correct to compare an upgrade of Linux with upgrades of Windows. Microsoft sells upgrades of Windows as entirely new products. To do that, it introduces incompatibilities with old software and hardware. Of course the biggest incompatibility is with hardware. Each upgrade of Windows tries to force the customer to buy completely new hardware. That way, Microsoft's true customers, the big system builders, get what they want, more sales.

In contrast, the latest version of any kind of Linux will run fine with minimal hardware.

Yes, Apple tries to use lock-in to make more money; Apple is also adversarial, but far less adversarial than Microsoft.

You said, and I quote: "The vast majority of XP's vulnerabilities take advantage of users always running in Administrator mode, which Microsoft was forced to allow because incompetent developers of popular applications (e.g. Intuit)..."

First, Microsoft did not supply the necessary support to get software vendors to design their software properly.

Second, running as a limited user has shortcomings due to the poor design of Windows. Fast user switching has serious limitations, for example.

Third, yes, versions of software can be expected to have vulnerabilities. However, one effect of Microsoft releasing software before it is finished is that there are a wide variety of vulnerabilities that would not be present in finished software.

Fourth, Microsoft is slow to fix vulnerabilities; note that 15% are still not patched. It is easy to guess that Microsoft is slow because vulnerabilities make money; people buy new computers rather than try to fix corrupted computers.

I agree that Intuit has shown incompetence, but Intuit is also extremely adversarial towards its customers, in my opinion, perhaps following Microsoft's lead.

Anyone who would like to read more about some of Microsoft's adversarial behavior can read Ed Foster's Gripelog: Microsoft.

Ed Foster has detailed Intuit's adversarial behavior, also.

Now, don't get me wrong, *any* protection is obviously better than none

Not exactly hole after hole, but there was one remote vulnerability midway through 2006. See the Secunia advisories.

That's a lie. I mean, ten years ago, maybe; but IIS today is pretty damn secure by anybody's standards.

Where are all these vulnerabilities that you insist exist in IIS, from any time during the last five years? OSS FUD doesn't smell any better than Microsoft FUD.

In all seriousness though, IIS 6 has a pretty darn good security track record; seemingly better than Apache 2's, even if it is blasphemy for me to say it. I've previously decried the use of raw vulnerability statistics to make comparative claims about different products' security, but I think the fact that such a widely-deployed product as IIS 6 has been found to have only a single remote access vulnerability in the last four years really speaks for itself.

I mean, I'm just a Unix guy who's never had much use for a Windows web server, but that's my $0.02...

http://secunia.com/product/1438/?task=advisories

"use Firefox and install NoScript. When you find a site that requires JavaScript (Youtube, I'm looking at you) just add it into the allowed list" - by ladadadada (454328) on Wednesday January 09, @03:45AM (#21966160) Homepage Opera does the job, better, because it is faster & safer, first of all... see this info., first:

----

SECUNIA DATA ON BROWSER SECURITY (dated 12/31/2007)

Opera 9.25 security advisories @ SECUNIA (0% unpatched):

http://secunia.com/product/10615/?task=advisories

----

Netscape 9.0.0.5 (0% unpatched):

http://secunia.com/product/14690/

----

FireFox 2.0.0.11 security advisories @ SECUNIA (26% unpatched):

http://secunia.com/product/12434/

----

IE 7 (latest cumulative update from MS) security advisories @ SECUNIA (33% unpatched):

http://secunia.com/product/12366/

----

Those %'s are the latest for FireFox 2.0.0.11, Netscape 9.0.0.5, IE7 after last "patch Tuesday" from MS with the "CUMULATIVE IE UPDATES" they have & Opera 9.25... all latest/greatest models.

So, as you can see? Well, NOT ONLY IS OPERA MORE SECURE/BEARING LESS SECURITY VULNERABILITIES?

It's faster too, on just about ANYTHING a browser does[/b], & is probably one of the MOST standards compliant browser under the sun (not counting HTML dev tools) on multiple OS platforms.

OPERA = FASTER OVERALL & ON THE MOST OS PLATFORMS TOO - This is borne out in these tests:

http://www.howtocreate.co.uk/browserSpeed.html

AND, yes others (most recently in Javascript parsing speeds), right here:

http://nontroppo.org/timer/kestrel_tests/

Opera's just more std.'s compliant, faster, & more secure (overall combined) than the others... so, "where do you want to go today?"...

----

ALL that, & WITHOUT having to use a 3rd party addon (like FireFox has in its .zpi ones), & thus, natively in its OWN featureset (fastest & safest browser there is that also passes most all standards tests well no less)...

That's done via its TOOLS menu -> Quick Preferences submenu item TO BLOCK JAVASCRIPT wholesale/universally & EASILY, first.

Secondly, IF you find a site you like that you ABSOLUTELY NEED to use Javascript (a key vector & tool used in today's attacks, even thru adbanners, just as bad ActiveX controls have been found to do, as well as Flash/Shockwave exploits also) on?

Then, heck - right click that site's page, & use Opera's native "EDIT SITE PREFENCES" popup menu item, & enable that which you need (the CONTENT &/or SCRIPTING tabs provide MOST of what you need to alter, even IFrames/Frames usage too, another present possible danger)!

(The ONLY thing NoScript MIGHT have over Opera's native feature is blocking javascript BY SOURCE, meaning some adbanners & such might show, others not, due to what YOU personally pick... & personally? That's nice, for a developer feature @ MOST imo... because in MY book @ least? Once a site's been shown to say, have BAD adbanners (but, decent content)?? I would block their adbanner servers WHOLESALE, anyhow... so, why would I want to see ANY of their banners @ that point?? To get infected???)

"use Firefox and install NoScript. When you find a site that requires JavaScript (Youtube, I'm looking at you) just add it into the allowed list" - by ladadadada (454328) on Wednesday January 09, @03:45AM (#21966160) Homepage Opera does the job, better, because it is faster & safer, first of all... see this info., first:

----

SECUNIA DATA ON BROWSER SECURITY (dated 12/31/2007)

Opera 9.25 security advisories @ SECUNIA (0% unpatched):

http://secunia.com/product/10615/?task=advisories

----

Netscape 9.0.0.5 (0% unpatched):

http://secunia.com/product/14690/

----

FireFox 2.0.0.11 security advisories @ SECUNIA (26% unpatched):

http://secunia.com/product/12434/

----

IE 7 (latest cumulative update from MS) security advisories @ SECUNIA (33% unpatched):

http://secunia.com/product/12366/

----

Those %'s are the latest for FireFox 2.0.0.11, Netscape 9.0.0.5, IE7 after last "patch Tuesday" from MS with the "CUMULATIVE IE UPDATES" they have & Opera 9.25... all latest/greatest models.

So, as you can see? Well, NOT ONLY IS OPERA MORE SECURE/BEARING LESS SECURITY VULNERABILITIES?

It's faster too, on just about ANYTHING a browser does[/b], & is probably one of the MOST standards compliant browser under the sun (not counting HTML dev tools) on multiple OS platforms.

OPERA = FASTER OVERALL & ON THE MOST OS PLATFORMS TOO - This is borne out in these tests:

http://www.howtocreate.co.uk/browserSpeed.html

AND, yes others (most recently in Javascript parsing speeds), right here:

http://nontroppo.org/timer/kestrel_tests/

Opera's just more std.'s compliant, faster, & more secure (overall combined) than the others... so, "where do you want to go today?"...

----

ALL that, & WITHOUT having to use a 3rd party addon (like FireFox has in its .zpi ones), & thus, natively in its OWN featureset (fastest & safest browser there is that also passes most all standards tests well no less)...

That's done via its TOOLS menu -> Quick Preferences submenu item TO BLOCK JAVASCRIPT wholesale/universally & EASILY, first.

Secondly, IF you find a site you like that you ABSOLUTELY NEED to use Javascript (a key vector & tool used in today's attacks, even thru adbanners, just as bad ActiveX controls have been found to do, as well as Flash/Shockwave exploits also) on?

Then, heck - right click that site's page, & use Opera's native "EDIT SITE PREFENCES" popup menu item, & enable that which you need (the CONTENT &/or SCRIPTING tabs provide MOST of what you need to alter, even IFrames/Frames usage too, another present possible danger)!

(The ONLY thing NoScript MIGHT have over Opera's native feature is blocking javascript BY SOURCE, meaning some adbanners & such might show, others not, due to what YOU personally pick... & personally? That's nice, for a developer feature @ MOST imo... because in MY book @ least? Once a site's been shown to say, have BAD adbanners (but, decent content)?? I would block their adbanner servers WHOLESALE, anyhow... so, why would I want to see ANY of their banners @ that point?? To get infected???)

"use Firefox and install NoScript. When you find a site that requires JavaScript (Youtube, I'm looking at you) just add it into the allowed list" - by ladadadada (454328) on Wednesday January 09, @03:45AM (#21966160) Homepage Opera does the job, better, because it is faster & safer, first of all... see this info., first:

----

SECUNIA DATA ON BROWSER SECURITY (dated 12/31/2007)

Opera 9.25 security advisories @ SECUNIA (0% unpatched):

http://secunia.com/product/10615/?task=advisories

----

Netscape 9.0.0.5 (0% unpatched):

http://secunia.com/product/14690/

----

FireFox 2.0.0.11 security advisories @ SECUNIA (26% unpatched):

http://secunia.com/product/12434/

----

IE 7 (latest cumulative update from MS) security advisories @ SECUNIA (33% unpatched):

http://secunia.com/product/12366/

----

Those %'s are the latest for FireFox 2.0.0.11, Netscape 9.0.0.5, IE7 after last "patch Tuesday" from MS with the "CUMULATIVE IE UPDATES" they have & Opera 9.25... all latest/greatest models.

So, as you can see? Well, NOT ONLY IS OPERA MORE SECURE/BEARING LESS SECURITY VULNERABILITIES?

It's faster too, on just about ANYTHING a browser does[/b], & is probably one of the MOST standards compliant browser under the sun (not counting HTML dev tools) on multiple OS platforms.

OPERA = FASTER OVERALL & ON THE MOST OS PLATFORMS TOO - This is borne out in these tests:

http://www.howtocreate.co.uk/browserSpeed.html

AND, yes others (most recently in Javascript parsing speeds), right here:

http://nontroppo.org/timer/kestrel_tests/

Opera's just more std.'s compliant, faster, & more secure (overall combined) than the others... so, "where do you want to go today?"...

----

ALL that, & WITHOUT having to use a 3rd party addon (like FireFox has in its .zpi ones), & thus, natively in its OWN featureset (fastest & safest browser there is that also passes most all standards tests well no less)...

That's done via its TOOLS menu -> Quick Preferences submenu item TO BLOCK JAVASCRIPT wholesale/universally & EASILY, first.

Secondly, IF you find a site you like that you ABSOLUTELY NEED to use Javascript (a key vector & tool used in today's attacks, even thru adbanners, just as bad ActiveX controls have been found to do, as well as Flash/Shockwave exploits also) on?

Then, heck - right click that site's page, & use Opera's native "EDIT SITE PREFENCES" popup menu item, & enable that which you need (the CONTENT &/or SCRIPTING tabs provide MOST of what you need to alter, even IFrames/Frames usage too, another present possible danger)!

(The ONLY thing NoScript MIGHT have over Opera's native feature is blocking javascript BY SOURCE, meaning some adbanners & such might show, others not, due to what YOU personally pick... & personally? That's nice, for a developer feature @ MOST imo... because in MY book @ least? Once a site's been shown to say, have BAD adbanners (but, decent content)?? I would block their adbanner servers WHOLESALE, anyhow... so, why would I want to see ANY of their banners @ that point?? To get infected???)

"use Firefox and install NoScript. When you find a site that requires JavaScript (Youtube, I'm looking at you) just add it into the allowed list" - by ladadadada (454328) on Wednesday January 09, @03:45AM (#21966160) Homepage Opera does the job, better, because it is faster & safer, first of all... see this info., first:

----

SECUNIA DATA ON BROWSER SECURITY (dated 12/31/2007)

Opera 9.25 security advisories @ SECUNIA (0% unpatched):

http://secunia.com/product/10615/?task=advisories

----

Netscape 9.0.0.5 (0% unpatched):

http://secunia.com/product/14690/

----

FireFox 2.0.0.11 security advisories @ SECUNIA (26% unpatched):

http://secunia.com/product/12434/

----

IE 7 (latest cumulative update from MS) security advisories @ SECUNIA (33% unpatched):

http://secunia.com/product/12366/

----

Those %'s are the latest for FireFox 2.0.0.11, Netscape 9.0.0.5, IE7 after last "patch Tuesday" from MS with the "CUMULATIVE IE UPDATES" they have & Opera 9.25... all latest/greatest models.

So, as you can see? Well, NOT ONLY IS OPERA MORE SECURE/BEARING LESS SECURITY VULNERABILITIES?

It's faster too, on just about ANYTHING a browser does[/b], & is probably one of the MOST standards compliant browser under the sun (not counting HTML dev tools) on multiple OS platforms.

OPERA = FASTER OVERALL & ON THE MOST OS PLATFORMS TOO - This is borne out in these tests:

http://www.howtocreate.co.uk/browserSpeed.html

AND, yes others (most recently in Javascript parsing speeds), right here:

http://nontroppo.org/timer/kestrel_tests/

Opera's just more std.'s compliant, faster, & more secure (overall combined) than the others... so, "where do you want to go today?"...

----

ALL that, & WITHOUT having to use a 3rd party addon (like FireFox has in its .zpi ones), & thus, natively in its OWN featureset (fastest & safest browser there is that also passes most all standards tests well no less)...

That's done via its TOOLS menu -> Quick Preferences submenu item TO BLOCK JAVASCRIPT wholesale/universally & EASILY, first.

Secondly, IF you find a site you like that you ABSOLUTELY NEED to use Javascript (a key vector & tool used in today's attacks, even thru adbanners, just as bad ActiveX controls have been found to do, as well as Flash/Shockwave exploits also) on?

Then, heck - right click that site's page, & use Opera's native "EDIT SITE PREFENCES" popup menu item, & enable that which you need (the CONTENT &/or SCRIPTING tabs provide MOST of what you need to alter, even IFrames/Frames usage too, another present possible danger)!

(The ONLY thing NoScript MIGHT have over Opera's native feature is blocking javascript BY SOURCE, meaning some adbanners & such might show, others not, due to what YOU personally pick... & personally? That's nice, for a developer feature @ MOST imo... because in MY book @ least? Once a site's been shown to say, have BAD adbanners (but, decent content)?? I would block their adbanner servers WHOLESALE, anyhow... so, why would I want to see ANY of their banners @ that point?? To get infected???)

> The more professional Flash websites will be quicker to address this vulnerability,
> whereas the ones that have been thrown together will make for bigger targets. Maybe this
> will motivate employers to hire Flash devs who really know what they're doing. After all,
> with Flash's scripting capabilities, developing in it for a client should be a serious
> matter based on trust.


WRONG; do NOT trust ANY web site.
So the "good guys" clean up their *.swf files. *WHAT ABOUT THE BAD GUYS*??? And please don't feed me that "don't go to untrustworthy websites" crap.

- Can you claim that you've never ever mistyped a URL and landed on a typosquatter's site?

- Are you sure that your ISP's DNS-server is 100% immune to cache-corruption? With pharming attacks, *EVEN IF YOU TYPE IN THE URL EXACTLY CORRECT* you will still get diverted to a malicious site.

- Do you only visit websites that don't have any 3rd-party banner ads? One of the current favourite attack methods is to insert malicious code in ad-servers that many mainstream sites use.

- Can you be absolutely certain that your favourite "trusted website" won't be compromised like the Superbowl teams' websites in Jan/Feb of 2007?


Almost exactly 2 years ago, MS WIndows was hit with the WMF exploit. They got a lot of flack when they said they wouldn't send out a fix until "Patch Tuesday". So they sent out quick fix before "Patch Tuesday". Meanwhile, Adobe isn't merely saying they'll have a patch out 2 weeks from this coming Tuesday. It's more like "no patch in site". I didn't give MS a free pass on the WMF vulnerability, and I don't think Adobe deserves any slack here. Another reason I'm more concerned is because my home PC, running linux was immune to the WMF vulnerability, but is subject to the Schlockwave Trash vulnerability.

DIE SCHLOCKWAVE TRASH, DIE.

You can say the same about Java, Javascript, Ruby, Python, browsers in general. Just revert back to using lynx I guess, but that had a remote hole as well! Actually 2 remove holes,

http://secunia.com/advisories/17372/
http://secunia.com/advisories/17216/

That is with just a text-only browser.

So, should we go back to using
    echo -e "GET / HTTP/1.1\nHost: slashdot.org\n\n" | netcat slashdot.org 80

Kinda sucks!

Clearly one of the answers is to limit the browser to sub-user access. I think that is what Vista tells us is happening there. Debian doesn't do that by default. But then I'm not sure how easy it would be to limit iceweasel (firefox) to not executable stuff except known plugins, etc...

As for the solution to problems like this, it is clearly the client that needs patching!! A client needs to handle ALL cases without allowing someone to compromise information, etc.

There is a balance between security and usability. You can't have both perfect at the same time.

You can say the same about Java, Javascript, Ruby, Python, browsers in general. Just revert back to using lynx I guess, but that had a remote hole as well! Actually 2 remove holes,

http://secunia.com/advisories/17372/
http://secunia.com/advisories/17216/

That is with just a text-only browser.

So, should we go back to using
    echo -e "GET / HTTP/1.1\nHost: slashdot.org\n\n" | netcat slashdot.org 80

Kinda sucks!

Clearly one of the answers is to limit the browser to sub-user access. I think that is what Vista tells us is happening there. Debian doesn't do that by default. But then I'm not sure how easy it would be to limit iceweasel (firefox) to not executable stuff except known plugins, etc...

As for the solution to problems like this, it is clearly the client that needs patching!! A client needs to handle ALL cases without allowing someone to compromise information, etc.

There is a balance between security and usability. You can't have both perfect at the same time.

> we noticed the following entry in the changelog for GeSHi 1.0.7.18 and
> are about to issue an advisory based on this information.
>
> "Committed security fix for htmlspecialchars vulnerability. Also makes
> supporting multiple languages a lot easier"
> http://sourceforge.net/project/shownotes.php?release_id=489035
>
> To serve our mutual customers best we would appreciate to receive your
> comments on this issue before we publish our advisory.

Surely the weakest part is between the chair and the keybord.

A search on secunia tells a story of an old Linux virus (or rather, a piece of malware). The virus comes from a phishing mail in C sourcecode. Unless the luser has root privilege and is nuts, nothing could happen at all.

Consider one day M$ is dead and every luser in the corner of the world runs a Linux desktop. Then the luser happily su and make install, without even a single glance at the sourcecode.

One of IE bugs (currently exploited 0-day bug),
  http://secunia.com/advisories/28036/
is not very pretty.

For example of Mozilla bugs,
    http://secunia.com/product/12434/
vs. IE,
    http://secunia.com/product/12366/

Of course, how the fsck how is 3rd party software the fault of the OS, I have no idea. IE is bundled, but can be disabled to browsing web sites (2003 server edition disables it). Most of the software is quite safe these days, but it still depends on how you use it. Exploits triggered by things like web browsers are the worst, but at least Vista addresses that issue by running IE in "lower than regular user account", not sure if that would protect vs. the IE bug in first link.

Summary: stop trolling for one side or another. If you get hacked it doesn't matter if you run Windows or Linux or BeOS.

One of IE bugs (currently exploited 0-day bug),
  http://secunia.com/advisories/28036/
is not very pretty.

For example of Mozilla bugs,
    http://secunia.com/product/12434/
vs. IE,
    http://secunia.com/product/12366/

Of course, how the fsck how is 3rd party software the fault of the OS, I have no idea. IE is bundled, but can be disabled to browsing web sites (2003 server edition disables it). Most of the software is quite safe these days, but it still depends on how you use it. Exploits triggered by things like web browsers are the worst, but at least Vista addresses that issue by running IE in "lower than regular user account", not sure if that would protect vs. the IE bug in first link.

Summary: stop trolling for one side or another. If you get hacked it doesn't matter if you run Windows or Linux or BeOS.

One of IE bugs (currently exploited 0-day bug),
  http://secunia.com/advisories/28036/
is not very pretty.

For example of Mozilla bugs,
    http://secunia.com/product/12434/
vs. IE,
    http://secunia.com/product/12366/

Of course, how the fsck how is 3rd party software the fault of the OS, I have no idea. IE is bundled, but can be disabled to browsing web sites (2003 server edition disables it). Most of the software is quite safe these days, but it still depends on how you use it. Exploits triggered by things like web browsers are the worst, but at least Vista addresses that issue by running IE in "lower than regular user account", not sure if that would protect vs. the IE bug in first link.

Summary: stop trolling for one side or another. If you get hacked it doesn't matter if you run Windows or Linux or BeOS.

I was actually going to comment about the same.. i do have a few additional comments. - Some of the listed issues don't even apply to MacOS when you look into description.. just start from the top * CVE-2007-1218 * CVE-2007-1661 and at least 10 out of 20 or so that i checked. Others have several references to the same issue. A number is for third party products (openssl, etc). However packaged MSFT products are not included.. as far as i can see there are 123 advisories for IE 6.x http://secunia.com/product/11/?task=statistics_2007 Lies, damn lies, and statistics..