Slashdot Mirror
Spyware for Firefox Coming This Year?
EvilCowzGoMoo writes "One of the main reasons for the Firefox browser's successful seizure of market share from Microsoft's Internet Explorer is the desire to escape the inundation of PC-slowing spyware. However, spyware experts indicate that with its increased popularity, Firefox itself will become a target for spyware creators." From the article: "Basically, if you use Firefox today, you're not susceptible to any spyware, other than what you download when you're on Kazaa...The spyware writers target mostly Explorer users because that's the most fertile feeding ground for piranha-like (spyware) attacks. They'll watch as Firefox becomes mainstream, they'll see opportunity there and start targeting them."
Spyware already exists for firefox in XPI form. Please lookout of malicious XPI's More information on this can be found here. http://forums.mozillazine.org/viewtopic.php?t=6434 1
IE's spyware problems were largely due to exploits. Someone not up to date with patches could visit a website and have something remotely installed pretty easily.
For Firefox, though, it'll take social engineering. The place to look for the spyware threats is in the brand new extension you WANT to install. Most Firefox users have at least one extension, and many have a dozen. How do you know what each of those is doing behind your back? Most people don't bother to scan the code, and while some may do so and report problems publicly, will you find out about them? A firewall won't even help you in this situation since you've probably given Firefox free access to port 80 (plus 443, etc).
Mozilla should probably create some sort of permission system for extensions. Can it connect to a remote server? Can it write to disk?
because I use linux.
How is this news? If Linux was the #1 desktop operating system in the world, spyware authors would be targeting it, too.
Since xpi's are blocked by default, they're going to get there how? By a javascript dialogue that says "You must allow this installation to continue."?
:(
Hmm. That's probably exactly how it'll happen.
Karma: Chameleon (mostly due to the fact that you come and go).
While the spyware makers may initially try to target Firefox... the fact is, Firefox is written to prevent just these sort of things. Is it possible there will be bugs that allow unauthorized code to run? Yeah... but they will be patched, and patche quickly.
Overall, no matter how you slice it, Firefox is more secure and is designed from the ground up to prevent the "fertile feeding ground" that IE offers Spyware writers.
So no, you aren't going to see the same rampant irresponsibility that you see with IE, and the threat is a tempest in a teapot.
Of course, nothing is going to protect your computer from your own stupidity when opening executables, etc... that's all on the user whether or not they authorize code to run or not.
Security is a process, not a product. There is no magical one product or suite of products that will protect you while online. Security is risk mitigation, plain and simple. Far less people would be vulnerable to the tricks of the miscreants out there trying to do people harm if they would just employ a little common sense. But, alas, common sense isn't that common.
The issue isn't really how many people are using it. That certainly does figure into it, but the very basic design philosophy of IE allows spyware to propogate easily.
Firefox has far better controls on what programs can be installed and can't be. Also, the very multi-platform nature of the code makes it harder to write an app that will work well.
I'm not worried. On the IE side, the only people who can fix the code are microsoft drones, and they won't do it. On the firefox side, the people who fix the code are the people who use it, namely us.
Planet-GeekEvent Management Solutions : http://www.stonekeep.com/
"The only reason why X has $BAD_THING is because the system is popular. I'm 100% certain when Y has such popularity it too will have such problems." -- while ignoring any design differences that make Y less suceptable to $BAD_THING. Firefox is better designed from the ground up. Not saying that it's bullet-proof (it's not...), just less suceptable and less desirable to target. Would you rather target a locked door with an alarm system, or a door that's wide open and no security measures taken?
Karma whorin' since 1999
How about a program that takes the cryptohash of the virgin final installed code, and checks against that hash periodically (every 5 minutes, every new website, every app launch)? When spyware strikes, it changes the app fingerprint, and this sentinel could keep a log of recent traffic for analysis, and offer to reinstall. Our desktop immune system should take advantage of our "known good" info to detect these cancers when they start, and track them to their source.
--
make install -not war
...being a 100% full time user of Firefox, I was surprised to find a site in a random web search a week or two ago that actually got a pop-up window going, but also appeared to attempt to execute some code as Firefox popped open a dialog asking me what I wanted to do with the file that was being downloaded. Thankfully, I have it ask me what I want to do, but if I was a typical user, I would have already associated the *.DOT file with MS Word and god knows what would have happened. Keep in mind that I didn't actually click on any links that indicated a download, I only clicked on a Google search result which took me to a site that displayed a blank screen and then the pop-up. I have to wonder what would have happened if I had associated OpenOffice.org with the *.DOT file since I run Linux. Probably not much... but it definitely indicates that Firefox will be targetted. The real question is: will the Mozilla project be able to keep up any better than MS has with IE? I'm guessing that they will.
-"...bad old ideas look confusingly fresh when they are packaged as technology" - Jaron Lanier (Digital Maoism on Edge.o
Sure, there will probably be companies like that. That's the risk you take when you use open source software.
At least I have a better chance of less exploits created because there are so many eyes on the code.
I've heard that openBSD developers have founded and fixed other security bugs while working to fix exploits, so I still don't see an inherent disadvantage to using FireFox vs. Explorer.
Huh, that's funny. A quick search on Google says that ISTbar is an Internet Explorer toolbar, homepage, and search engine hijacker and will pop up porn advirtisements. I didn't see anything about Firefox, but, like I said, it was just a quick Google search. It doesn't make sense, why would someone deliver spyware that only effects IE through Firefox? Are you sure that you guys are the only one using your computer?
Their expert is the Vice President of Threat Research at Webroot. That much is from the article. The article doesn't take the next logical step, however, and point out that Webroot is in the business of developing and selling software to prevent, detect and eleminate spyware. So it's certainly in this guy's interest for people to think that spyware is still a problem.
Their other expert is also from a company that makes similar software. So people who make anti-spyware software agree: you need anti-spyware software.
I'll be more concerned when independent parties think spyware in Firefox is an issue.
ISTbar's "infection vector" is ActiveX.
Probably didn't come through Firefox.
--You will rephrase your request for me to go to hell. Goto statements are not acceptable programming constructs
If the market is indeed split into two major parts, this is actually a bad thing, because it gives you only two huge targets. That makes it easier and less expensive to create viruses, or take over computers for monetary purposes.
What we need is several browsers that each have a significant part of the market. Not just IE and Firefox/Gecko based browsers, but also Opera and KHTML based browsers. Maybe there would be room for even more as well.
It is good that an alternative browser is growing rapidly, but monoculture or duoculture makes life easier for virus makers. With four browsers, it would take four times the effort to get as much "bang for your buck" for virus authors looking to make money by infecting people.
Clever signature text goes here.
Don't forget-these dire predictions come from AV software makers, who have an interest in keeping you scared.
Heh, when spyware makers really do begin to actively target Firefox users en masse, maybe a toast is in order. Pop open the bubbly! Why? Because spyware and spam are playing a numbers game. Of all the spam sent out and machines infested with spyware, only about 1 percent of those are going to make any money for the exploiter. But because we're talking about total numbers in the tens of millions at least, that 1 percent is good money.
So when Firefox becomes worth the effort, the folks in Redmond will really have to worry. In this game, nothing flags success like being the target of abuse! Tens of millions of Firefox users might just mean ten of millions of people considering something other than Windows. And that affects the bottom line for Microsoft. Hmmm, anyone heard of any OpenOffice exploits yet?
To the making of books there is no end, so let's get started
Look here:
c /data/trojan.wimad.html
c /data/adware.istbar.html
http://securityresponse.symantec.com/avcenter/ven
or here:
http://securityresponse.symantec.com/avcenter/ven
for information about that spyware program. It's very likely that you contracted it in another way than some unknown exploit in FireFox. What email program are you using for example? Outlook Express maybe?
Let's not get carried away here. I voted for him over the other guy, but I don't think I would describe anything he's ever said as "immortal."
....
Typographical error -- should read "immoral words"
-kgj
-kgj
IMHO that's a lot of FUD. Firefox is not nearly as vulnerable to spyware as IE is. Firefox by default has XPI installation disabled except by approved sites.
Installing spyware on Firefox would be much more about social engineering (if you want to see this website, follow these instructions: download, choose "save as...". Then double click on it, yadda yadda..."
Of course, with people falling for phishing attacks, it wouldn't surprise me they'd be so stupid to do this. In that case, Firefox should issue a warning about "evil XPI files". At least that way when some moron says "bwaaa they told me firefox was spyware-free", we can ask: "Did you follow the evil website's instructions when they told you to install this XPI?"
Then all we have to do is repeat the worldy-famous Nelson quote.
I doubt that this is true. Apache has a greater market share than IIS. There are more exploits and worms for IIS than there are for Apache.
You may be safe if you are small. You are safer if your design takes security into account up front, and that design remains intact through implementation.
Windows is insecure by design. Therefore, there are windows exploits. Unix, Linux, and MacOS X were designed with multi-user security in mind from the beginning; they are more secure than Windows.
Nevertheless, Stiennon also indicated the creators, maintainers, and even users of Firefox will quickly and aggressively step up their anti-spyware efforts along with the increased threat. "The people who use Firefox -- their reaction to any spyware-type attacks will be pretty vehement," he said. "There'll be fast reaction from both Firefox developers and users."
;)
I think this part sums up the beauty of Firefox, and the reason why I don't think this is any sort of cause for alarm:
There is a whole community of brilliant frickin' people out there who have taken a personal interest in making sure Mozilla products are secure & as bug-free as possible. I don't think it would be an exaggeration to say that they might look at Firefox as "their baby."
More importantly, some of these individuals are well-versed with the shadier aspects of software...so I predict Firefox security holes being patched as quickly as they're found.
Not only that, but I don't see many Firefox users (especially not those that have used it since its early days) taking spyware/adware lightly...turning the other cheek or throwing hands up in frustration don't seem to be personality traits of bastards like us
Just once I'd like someone to call me 'Sir' without adding 'You're making a scene.'
What about those guys who offered $15,000 to anybody who could hack their Mac web server back in the 90s? Nobody ever collected the prize.
Real security is something which can be accomplished.
*BSD is secure because it was designed to be secure, not simply because it's less common than other solutions. Likewise, if Internet Explorer 6.0 only represented about 15% of the market, it would still be hacked with shocking regularity, because Microsoft's security is a joke.
I'm not saying that all this means Firefox is as secure as some of the other technolgies I just mentioned. I'm no expert on the codebase for Firefox. It might be downright vulnerable. I will say, however, that it's hard to imagine it being worse than IE.
Information wants to be anthropomorphized.
Firefox doesn't rely on security through obscurity. It relies on security through process and architectural improvements, the same way anything should. Nobody has made any claims of perfection, simple of a superior process and architecture coupled with a much faster response time. So far, that has proven to be true.
...same old argument: spyware experts indicate that with its increased popularity, Firefox itself will become a target Like when they say Unix/Linux is just as insecure as anything else, it just doesn't have a large enough userbase for viruses/trojans/spyware/whatever to be fashionable.
I don't doubt snippets written to exploit Firefox's vulnerabilities will pop up, eventually in larger numbers. But that does not make the above argumentation any more valid, nor any less stupid. And we've been trhough argumentations about that, so I'll just skip that one.
I am putting myself to the fullest possible use, which is all I can think that any conscious entity can ever hope to do.
they'd have the same access as a regular desktop java-app?
No. Java Applets have always been sandboxed and run with a security manager that disallows reading/writing to the hard disk and connecting to any network domain but the one that the applet came from.
So yes, you could run it, but the applet can't actually see or do anything outside of itself.
Stats from your personal blog or whatever don't report an accurate display of browser dispersion.
Since mostlikely your site is a geek related site, sure there will be more firefox and mozilla users, geeks are more likely to use them. We need to see stats from non-technical sites cnn.com, expedia.com, etc... to see the real trend.
..isn't the malware authors. It isn't the browser authors. It's the web designers.
Sorry, but it is. The direction is toward more whiz-bang on pages. Flash. Shockwave. More stuff that makes people say "ooh...pretty."
And it all runs off of plugins. So users get used to seeing popups for "hey, this needs a plugin to run. Click here to get it" or warning messages "hey, this site is trying to run scripts. You OK with that?" And they get numb to it.
Sure, a more secure and harder-to-exploit-without-explicit-consent browser is a good thing. But until people stop writing pages that REQUIRE you to run code locally to view them, there will be exploits. The users are always the weak point--this is why e-mail viruses continue to exist.
And until page authors start toning down the whiz-bang stuff, users will continue to "get used to" these warnings and either turn them off because they're annoying, or simply click "OK" without reading them.
That and OSS has coders that aren't being hamstrung by marketing weasels. If something is awesome, but would take too long to develop ("cost too much"), an OSS developer can still do it if he wants.
What guarantee do we have that the people looking at the code are even qualified to review? What insurance do we have against their work if it goes wrong?
None, same as closed source developers. No company will pay you, either voluntarily or in a lawsuit, for bugs in their code; neither will OSS. Read your EULAs.
Who's accountable?
Nobody, same as closed source developers. Both have reputations to uphold, but commercial developers only care about their reputation as a means to profit. If they can make money without bothering to have a good reputation, they will.
One advantage is that OSS developers have a reputation they would like to uphold. If they write crappy/insecure code, people stop using their code. Closed source developers will often say "well, it works, and it sells, so.." and let the developer stay on, making more bugs.
Firefox itself will become a target for spyware creators.
And that's why there's an option to "Allow websites to install software (extensions)." Just be sure you limit these sites to Mozilla-related sites (like mozilla.org and mozdev.org) and you will be fine.
I've actually had some borderline-illegal sites try to install Mozilla extensions (XPI's) as well, and the built-in protection scheme stopped it cold.
Just be thankful that there's no "code" to exploit (like the ActiveX component in IE) in Firefox.
Example is here (NSFW), try to download a file if you want to see what I mean.
All right, I'll bite.
Middle-click on link to open in new tab. Deny www.cracks.am from setting a cookie. Click the letter "C" in the alphabetical set of links. Click the link for "C++ Editor v1.0". Deny install.xxxtoolbar.com from setting a cookie. Click the "Download a File" button. Then two dialog windows appear. One is titled "JavaScript Application" and says "Download ABORTED -- You must click YES". Hitting "OK" (the only button on that window) lets me access the other window.
The other window is a standard Firefox download window saying "You have chosen to open C++_Editor_v1.0.zip which is a: ZIP file from: http://www.cracks.am/", etc. Clicking "OK" for the default choice, which is "Open with /usr/bin/file-roller", gives me a look inside a zip file filled with wholesome-looking files with names like iNFECTiON.nfo.
Meanwhile the web page itself complains "Download Error - wrong URL! Please turn off any download managers" even though the ZIP file appears to have downloaded fine.
Using the packaged version of Mozilla Firefox on Debian GNU/Linux (unstable), version 1.0+dfsg.1-5. Also using Privoxy as a proxy; don't know whether this made a difference. Conclusion: at least on this platform, installing unsigned XPIs isn't going to work on a properly updated Firefox.
- Kevin B. McCarty
I truely believe you are only half right
Yes, we will see more Firefox/Linux/Mac viruses/exploits in the future.
However, the 'barriers to entry' will be higher, because these systems simply are MORE secure.
Evidence? Server marketshare. Linux has comparable marketshare to Windows, yet Linux is compromised less often.
Not never. Linux IS indeed compromised, and at statistically significant levels.
But given the comparable marketshare, linux is compromised quite a bit less.
I suspect the desktop landscape will become similar. Linux/Mac marketshare will approach windows. Linux/Mac viruses/exploits will become more popular.
But they will never reach the levels of Windows exploits in their heyday.
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
Clever signature text goes here.
Let's let them continue to forget, so that I can browse the web in peace, huh?
If the market is indeed split into two major parts, this is actually a bad thing, because it gives you only two huge targets. That makes it easier and less expensive to create viruses, or take over computers for monetary purposes.
This is very true, that our security is well served by heterogeneity. And not just in browsers, but in platforms. I'd bet we'll find that some of the attempts to infect Firefox are targeted specifically at Windows exploits, and even don't work on Linux/OSX. Maybe they'll come up with an extension/toolbar that reports searches and browsing habits back to some marketing team, but that in itself doesn't bother me so much.
The shear fact of spyware, that some software reports some kind of information back to someone, that's one issue, but at least users can choose that for themselves. It's the self-installing programs, impossible to remove, inflicting damage on your system as you force-remove them, installing other spyware as it goes, reinstalling itself as it's removed, etc.-- those facets of spyware are what trouble me. And I doubt it will be terrifically easy to create platform-agnostic spyware that exhibits those properties, even if you have a common browser.
Microsoft ActiveX for Netscape plugin is installed maybe?
(It works with Mozilla and Firefox too, but MS always likes to call them Netscape...)
# cat
Damn, my RAM is full of llamas.
I have to say we are in good hands for the time being. Mozilla has been pretty quick to release patches and fixes to bugs that were found. Additionally we have to consider one important thing -- Firefox does not integrate with your operating system, like IE does. This is why when you log onto the net 'unpatched', you can get infected just by being online (which is amazing to me). The future of spyware may be aimed more towards Firefox but in a way, it's helpful to Firefox for spyware/malware writers to target it -- it helps them close security holes that aren't known about and help prevent and protect against other things. And since the Mozilla community (oh yea, open source!) is very good in turnaround time to support the browser, the patches will be relatively swift.
So while the author may be right that malware and spyware authors may target Firefox as it gains popularity -- Mozilla and its hordes of programming legions (the open source community) will work together to close the holes that open and see they can't be opened in different ways. In IE, if you closed one hole, you opened another, very similar one. Not that IE is bad, but it was really just abandoned and now that Firefox has the head start -- it's going to stay ahead for the foreseeable future. We will see what Longhorn brings to the table, with the next iteration of IE though.
Either way, I am the type of person that's convinced we will see the end of SPAM in the foreseeable future... I don't see why continual development can stop spam entirely.
The price is always right if someone else is paying.
The sites that claim they require Internet Explorer for video, usually can work fine with other browsers but the web developer blocks those browsers. You can get a firefox extension to fake being IE to get into those sites and it will work, but I forget what the name is. The real solution would be a law that prohibits sites from intentionally not working on browsers which follow the standards.
http://illhostit.com/ - Webhosting
when using Firefox or Mozilla is the Java virtual machine, most often the Sun JRE is used. There are some security holes in the JRE and this has nothing to do with Firefox. I mean, if you think you're safe with Firefox - update your JVM first. Or don't use any. Bizarrely, nobody ever talks about the Sun JRE. It's very far from perfect though, and must certainly be taken into account.
...Microsoft begins developing spyware for FireFox.
Mike van Lammeren
It will challenge your head, your brain, and your mind.
It's *rare* that I talk to ACs, especially ones who present themselves as asshat blowhards as you've done repeatedly (here and to the two responses to your 'question'.) But I s'pose it's fun to stir the poo sometimes, and you definitely count.
Anecdotally, I don't have security issues with my Windows boxes when I use Firefox. When my wife uses IE, I find myself removing spyware. For me, in my experience, Firefox is more secure. You may write that off as a niche user in a niche market, but fuck you anyways, AC.
As far as other people, STFW - there's plenty of other people reviewing the ways and means which make Firefox less exploitable than IE. Type 'Firefox IE more secure' into Google and see which way the order comes out on your links. I know you won't, since you're just trolling, but maybe somebody reading this will and learn something.
Back under the bridge with you, then.
But what does my opinion matter, I just vote here. It's not like I have any money or anything.
Yea, like that plugin that supposedly extracted all the graphics form a web site, saved them to disk, and tried to "guess" what other images MIGHT be there based on the file name patterns.
Seemed like a great idea, right?
That's when I found out it was infected with that nasty "Piss off your wife" virus. The one where you're denied "marital benefits" for a while when she finds out what happened to all that hard drive space.
"Live Free or Die." Don't like it? Then keep out of the USA
Details here: http://www.shmoo.com/idn/homograph.txt
Watch the exploit in action here: http://www.shmoo.com/idn/
To patch this (in most browsers):
1) Goto your Firefox address bar. Enter about:config and press enter. Firefox will load the (large!) config page.
2) Scroll down to the line beginning network.enableIDN -- this is International Domain Name support, and it is causing the problem here. We want to turn this off -- for now. Ideally we want to support international domain names, but not with this problem.
3) Double-click the network.enableIDN label, and Firefox will show a dialog set to 'true'. Change it to 'false' (no quotes!), click Ok. You are done.
4) Go check out the shmoo demo (above) again and notice it no longer works.
Sure, Firefox will be attacked. But the implications of a successful attack are much less likely to disrupt the whole system - Firefox is a self-contained application with pretty good controls for avoiding non-trusted XPIs from being installed. IE is really just the front-end for a whole series of system-level tools that are, for better or for worse, completely linked in to the OS itself.
So the consequences of an IE exploit are typically far worse than the consequences of a Firefox exploit. This is just how it works with modular applications instead of system-level everything.
Of course, if you run ActiveX within Firefox, all bets are off...
-- Josh Turiel
"2. Do not eat iPod Shuffle."
But, I went to a Lutheran HS in Chicago. We had chapel every Thursday. One day, a girl I had had a crush on forever (she went to my grade school as well), a well-perceived, good-faithed, honor roll student, was giving the sermon at chapel. :)
The service was supposed to be decrying sexual immorality, but the entire 20 minute sermon, she unknowingly used the term
"sexual immortality."
Every time. And everyone laughed. Every time.
A lot of us were suprised they didn't cut her short. Just thought I'd share
put the what in the where?
Security is a priority for Firefox. For M$, it isn't. The Firefox folks won't deliberately leave obvious unpatched security holes the way His Billness does.
People are confused by change. They LIKE stuff that doesn't change. Do you have any idea how many lonely people their computer is their only window to the outside world?
Patch it too quickly and they won't have anything to talk about, they won't have all those spams from other computers that are pwn3d, and they'll end up committing suicide some lonely Christmas day because they are now completely and utterly alone.
Do you have any IDEA what sort of class-action lawsuit Microsoft would be looking at? And the bad publicity? "Microsoft patch kills seniors". Seniors are the most likely to vote, and no government can afford a bunch of old people in leaky diapers camping out in their offices protesting Microsoft.
I'd disagree, I am not saying that Mozilla support 100% perfectly the w3c's standards, but then they are constantly working towards supporting as much of it as reasonably possible (some of the more esoteric areas of the CSS specification will probably never be fully supported). Microsoft OTOH had pretty much just left IE to rot until relatively recently (infact their main motivation for modernising it seems to be the rise of FireFox), but even when IE7 is released it will only be made available to either >Longhorn or >XP users (I don't recall which).
I strongly disagree, for the end user propriatary extensions to the HTML/XHTML specifications are not a good thing, it means they're restricted to viewing a site on a particular browser which is unnecessarily taking choice away from them.
I'm not sure what you're trying to say...
I assume you're referring about agreeing to work off a single specification telling them what markup and such to support... this is the goal of the w3c is, and they've got many specifications which browsers are supposed to aim to follow. The Mozilla team seem to be trying to follow these specifications but Microsoft seem content to just do their own thing and/or only do a half-arsed implementation of certain specifications.
There's mischief and malarkies but no queers or yids or darkies within this bastard's carnival, this vicious cabaret.
At least on Windows, Firefox has Java enabled by default, and also the "allow web sites to install software" option. If you don't turn those off, you're be vulnerable to a lot of stuff. I have both off. When I need to install a Firefox update, extension, or theme, I just turn on "allow installs" to do it, then turn it back off. Same for making use of Java applets that I trust.
I've been trying to tell people this for years. Whatever browser is the most popular will have the most software attack it. Same with your operating system.
Mike @ The Geek Pub. Let's Make Stuff!
Who said anything about Levis and MTV? I never said that it was our "culture" that the terrorists are opposed to.
It is not our culture, but rather our FOREIGN POLICY.
Our government propping up leaders and overthrowing elected governments and things like that, ALL OVER THE WORLD, is what has caused Terrorism to flourish.
Ask ourselves these simple questions: Why Did Osama Bin Laden switch sides? What caused him to stop working FOR the United States and start working Against it? Where did Iraq get all the weapons that they are now shooting at our sons and daughters? Why are people starving in Cuba but Castro is doing fine? Why did we really oust the Taliban from Afghanistan? Do people in other cultures really *want* democracy forced on them?
Generally attacks come to places that have American interests or places that help American interests. But also, there is one thing people seem to overlook - How come no one hates Canada (besides Canadians...)? How come no one burns Swiss flags in protest?
The United States government has a long history of meddling and pushing. Both Republican and Democrat. We have pushed with Military Might. We have meddled with covert actions. We have coerced with financial influence. That is why we are targets for Terrorism.
They don't "hate our freedom and liberty" - they hate our government. And they see the American people who continue to support the governments policies, and who pay tax dollars to fund those policies - as enemy combattants.
The Levis and MTV are just icing on the cake. Just one more reason for them to hate us.
People in the USA are just as guilty of religious fundamentalism, and just as guilty of killing in the name of religion. More people have been killed in the name of Christianity than any other single cause. People resent that over time...