Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Not Worried about FireFox

Posted by CmdrTaco on from the taking-the-back-seat dept.

didde writes "It seems like our friends in Redmond are quite happy about IE. According to this article, they won't be updating it until Longhorn. My favorite quote would be [We have a very, very innovative set of capabilities that we're putting in the next version. And in the meantime it's an extensible platform, and there will be a set of extensions that Microsoft does as well as others.] Oh boy, are they actually working side by side with the virusmakers and phishers?" That just gives the MozBoys a year head start.

22 of 674 comments (clear)

  1. browser security check by exhilaration · · Score: 5, Informative
    If you're still using an older (more than 6 months since you've patched) web browser, I suggest you check out this browser security check, which will test it for exploits.

    At your own risk, of course. Firefox 1.0PR passed with flying colors.

    1. Re:browser security check by stratjakt · · Score: 3, Informative

      No it didnt, I just tried.

      Firefox 1.0 has 1 high risk vulnerability.


      High Risk Vulnerabilities
      Sun Java Plugin Arbitrary Package Access Vulnerability (idef20041123)
      Description

      Java Plugin allows web browsers to run Java applets. Java plugin may be used by Internet Explorer, Mozilla (and Mozilla-base browsers, such as Firefox), Opera and other browsers.

      When a browser opens a web page that contains a Java applet the browser automatically downloads the applet and runs it locally. To protect the user from malicious applets all the applets run in so called "sandbox". The sandbox restricts what an applet can do. For example, the sandbox will not allow an applet to open local files or start programs.

      This bug in Sun Java Plugin allows a web site to bypass the sandbox and execute Java code that the sandbox will normally not allow and possibly gain control over the client computer.
      Technical Details

      Sun Java Virtual Machine contains sun.* packages that are only supposed to be used internally, by the virtual machine itself. Some private classes allow direct access to memory or modifying private fields of Java objects. If an applet attempts to load one of those packages a security exception is thrown. If an applet could load those classes it could turn off Java Security Manager and break out of Java sandbox.

      JavaScript can access properties and methods of Java applets embedded on the page. It is possible to load a private package from JavaScript as shown in the code below:

      var c=document.applets[0].getClass().forName('sun.text .Utility');
      alert('got Class object: '+c)

      Java Reflection API allows objects to examine their own structure (for example, find out the class of the object or the available methods). Reflection API defines getClass() function that returns the object's class. forName method of Class object loads the named class. The same operation done from the Java applet instead of JavaScript would fail.
      Recommendations

      Upgrade Java Environment to version 1.4.2_06 or later. It can be downloaded from http://java.sun.com/j2se/1.4.2/download.html

      Sure, it's a Java vulnerability, but a vulnerability nonetheless.

      Why hasnt FireFox automatically updated Java for me?

      At the end of the day, every time one of you sticks FireFox on some clueless' machine, and tell them they're "safe", you're lying (or just ignorant).

      --
      I don't need no instructions to know how to rock!!!!
    2. Re:browser security check by Tarcastil · · Score: 2, Informative

      Funny how this article comes up when the media just released information about a new virus. Phel uses IE to remotely control any version of windows, even windows xp sp2.
      http://www.computerworld.com/securitytopics/securi ty/holes/story/0,10801,98636,00.html

    3. Re:browser security check by baba · · Score: 2, Informative

      Firefox 1.0PR passed with flying colors.

      I had less success with FF 1.0 release for OS X. I tried the test a couple of times, and FF crashed both time midway through the tests.

  2. Re:What would they Add? by electrichamster · · Score: 2, Informative

    Difficult to aquire you say?

    Choose your poison:
    apt-get update
    up2date
    emerge sync && emerge -u world

    (apologies to any I missed)

  3. Opera 7 passed. by eddy · · Score: 3, Informative

    Opera 7.54u1 build 3918 passed.

    The Browser Security Test is finished. Please find the results below:
    High Risk Vulnerabilities 0
    Medium Risk Vulnerabilities 0
    Low Risk Vulnerabilities 0

    --
    Belief is the currency of delusion.
  4. Re:'Innovations' by rainman_bc · · Score: 2, Informative

    Of course when you copy and paste you tard:

    ...At only 47.3MB (Windows), Firefox ...

    --
    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
  5. Meanwhile Pepsi says by stratjakt · · Score: 2, Informative

    Don't worry about the new formula from our competitor, we have something even better coming very soon.

    Seriously, this isn't news, this is basic marketing. No company is ever going to admit that the competition is superior, which is what they'd be doing if they said they were worried.

    No athlete is going to say he's worried on game day, either. "Gee we suck! I sure hope the Bears don't hurt us!". It doesn't happen.

    But anything to bash MSFT, I suppose.

    --
    I don't need no instructions to know how to rock!!!!
  6. Re:We're heard this line before by Haydn+Fenton · · Score: 5, Informative

    I think the grandparent is referring to the story about an MS article reviewing MSN Search which features a screenshot of MSN Search in the Firefox browser. Microsoft, being Microsoft, denied it completely, even though we all had the evidence on many websites.
    Of course I may be wrong.

  7. Re:MS has no reason to fear loss of market share. by The+One+KEA · · Score: 2, Informative

    Have you heard of Nvu? Being part of the coding-HTML-in-sleep brigade, I haven't actually tried it yet ;-)

    --
    SCREW THE ADS! http://adblock.mozdev.org/ Proud user of teh Fox of Fire - Registered Linux User #289618
  8. Browser based apps by L.Bob.Rife · · Score: 2, Informative

    but honestly, is anybody still thinking that an entire OS can be replaced by a web browser?

    At my workplace, I've implemented new browser based apps, and love them.

    Everything is centralized, so I don't have to worry about maintaining software on 50 different machines.

    There are no OS specific requirements. Any company computer can now run ANY os that has a browser, and still be able to do ALL of the core company work.

    That means, I can give people a bare bones box, with no hard drive, and a knoppix cd, and they can do everything required for work.

    Unless MS does somethign which makes me really want to use IE, then there is no reason to even be using MS.

  9. Firefox browsing speeds by Anonymous Coward · · Score: 2, Informative

    I'm a fairly long-term Firefox user anyway but until today I had thought that it was not much better than IE for browsing speed. However I just read this article from The Inquirer about how to make Firefox fly along - takes about a minute to change a few settings. If you're on broadband this is superb, particularly on sites with a lot of small graphics eg news.bbc.co.uk

  10. Re:We're heard this line before by Eric+Giguere · · Score: 4, Informative

    Here are some articles I wrote related to this topic:

    Eric
  11. Re:Some other famous quotes... by cain · · Score: 2, Informative

    No. He said it was the "end of major combat operations". And since then, 1000 US soldiers have been killed. In fact the heaviest fighting of the war so far happened after that speech.

  12. Re:We're heard this line before by upsidedown_duck · · Score: 3, Informative

    has MS EVER lost a market once they came to dominate it?

    They will. Every single market that Microsoft currently dominates has solid gaining competitors, because the technology is becoming commoditized more and more. Office suites are something people should not have to pay a lot of money for, any longer, as are operating systems. That could be a big one-two punch for Microsoft.

    When in history has there been such a broad line of software products with a common base? Sun JDS, Xandros, Linspire, Red Hat, SuSE, etc. all have the same overall source base plus their value added goodies for their target markets. This should be making Microsoft very very nervous about the future of Windows. No one can really take Windows, customize it, call it their own, and sell it, like people can with open source systems.

    --
    -- "Makes Little Debbie look like a pile of puke!" - Moe Szyslak
  13. Go-faster tweak for Firefox by Valiss · · Score: 4, Informative

    Yet ANOTHER reason Firefox is a great browser is the great plug-ins and tweaks the community produces!

    [ from boingboing.net ]

    Here's a great go-faster tip for Firefox, the free, rock-solid, secure browser from the Mozilla Foundation:

    1.Type "about:config" into the address bar and hit return. Scroll down
    and look for the following entries:

    network.http.pipelining network.http.proxy.pipelining
    network.http.pipeli ning.maxrequests

    Normally the browser will make one request to a web page at a time. When you enable pipelining it will make several at once, which really speeds up page loading.

    2. Alter the entries as follows:

    Set "network.http.pipelining" to "true"

    Set "network.http.proxy.pipelining" to "true"

    Set "network.http.pipelining.maxrequests" to some number like 30. This
    means it will make 30 requests at once.

    3. Lastly right-click anywhere and select New-> Integer. Name it
    "nglayout.initialpaint.delay" and set its value to "0". This value is the
    amount of time the browser waits before it acts on information it receives.

    If you're using a broadband connection you'll load pages MUCH faster now!

    Enjoy!

    --

    -Valiss
  14. Re:If they have to say they aren't worried... by msoftsucks · · Score: 2, Informative

    I guess you haven't tried to develop applications in .Net that will work correctly on both IE and non-IE browsers. M$ has done everything possible to corrupt and distort the Internet so that only their crap-o-lla works properly. In a default ASP.Net installation, any browser that is not IE is brought down to Netscape V4.0 standards. Basically, if you decide to use any of the ASP controls, your web site will display properly only in IE. Anything else gets crappy HTML and you have spent enormous amount of time to make sure it works properly. To change this, you have to mess with the machine.config file, and redefine the how .NET and ASP.NET respond to non-IE browsers. And even then you have to be very carefull. This requires abit more intelligence than what your average MSCE has. Basically, if you want a site that works properly across all browsers, ASP.NET is not it.

    Use something like Perl or PHP instead. This even gives you portability to other platforms later on.

    --
    Quit playing Monopoly with Bill.
    Linux - of the people, by the people, and for the people.
  15. Re:I am worried about Firefox. Still needs work. by arpy · · Score: 2, Informative

    I've watched Mozilla development for a few years now, and I can tell you that this is actually a good thing... By listening to everyone you end up with (among a million other things) a kitchen sink.

    Ahem.

  16. Re:We're heard this line before by complete+loony · · Score: 2, Informative

    That link to the picture is broken, This one works

    --
    09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
  17. Re:We're heard this line before by denison · · Score: 2, Informative

    So this means that Open Office is now relevant to the market?

  18. Re:Mozilla, Viruses and Exploits by roca · · Score: 3, Informative

    > Oh, gee, your impression? Well, hey, that proves
    > it.

    Without access to the IE source code, it's hard to be sure, but there have been a number of bugs related to string buffer overflows in different parts of IE.

    > In SP2, they recompiled all system libraries,
    > including IE, using the VS2005 compiler with
    > overflow detection.

    That approach is not perfect, and would have been less necessary if they were using a safe string library. Still, it probably would be a good idea for Mozilla.org to build Firefox with the same options if they don't already.

    > Has Mozilla done a code audit?

    Mozilla.org has not done a systematic code audit, as far as I know, other than the regular code reviews that happen before checkin. I do know that people have studied the code, some using automated tools, others by hand, but we only know if people choose to tell us. (Which they often do to claim money under the bugs bounty program.)

  19. Re:We're heard this line before by Decaff · · Score: 2, Informative

    Tell the users "We'd like to enable you to work faster. From this point forward, just doubleclick this. We installed a new version of Office and Internet explorer, they are called OpenOffice and Firefox. If you don't like this, feel free to use your Windows98 system."

    I had zero Win98 users within a month, and zero Windows XP users within 3 months. That's a 400+ user environment.

    Excellent!

    I have managed the same thing, even with users who were very familiar with Windows. After many complaints that extensive training would be needed for a new platform, they just got on and used the Linux desktop, with no productivity loss.