Slashdot Mirror
Firefox Users Surf Safer
SenseOfHumor writes "According to two University of Washington Professors, Firefox users have a safer browsing experience than users of IE. These researchers sent their crawlers to 45,000 websites and studied the impact on Firefox and IE." From the article: "Levy and Gribble, along with graduate students Alexander Moshchuk and Tanya Bragin, set up IE in two configurations -- one where it behaved as if the user had given permission for all downloads, the other as if the user refused all download permission -- to track the number of successful spyware installations. During Levy's and Gribble's most recent crawl of October 2005, 1.6 percent of the domains infected the first IE configuration, the one mimicking a nave user blithely clicking 'Yes;' about a third as many domains (0.6 percent) did drive-by downloads by planting spyware even when the user rejected the installations."
Everyone knows that... I mean if a user has an idea what spywares are and heard of firefox he probably uses it, if not this study won't change anything.
\u262D = \u5350
Could somebody with power please post results like this somewhere that the general public would see?
Slashdot readers already know this!
This needs to be in USA Today, New York Times, on Fox News, CNN, local newspapers, local news, etc.
Then it would actually mean something.
So we can say that if you don't explicitly accept anything, you're safe with Firefox. Pretty much what I expected.
I wonder what the numbers will be for IE 7.
WTF IS AN EXPERICE?
From TFA:
"We can't say IE is any less safe," explained Levy, "because we choose to use an unpatched version [of each browser.] We were trying to understand the number of [spyware] threats, so if we used unpatched browsers then we would see more threats."
I hope they used a very old version of Firefox. Comparing FF1.5 to an old unpatched version of IE is hardly a fair comparison.
They should have patched both browsers and had them run the same crawl. Then we could see how each browser in its most current state handles spyware, and how much each one has improved via patch releases.
120 characters for a sig? That's bloody useless.
Could it mean the death of IE?
No, they should advise their users to use a real browser and then let them do what they will. Unless you consider yourself a babysitter, or your T&C doesn't specify that you are not responsible for the content of external links...
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Owning a computer now is a bit like having a pet rabbit. It never just is. You have to feed it the right stuff or it gets sick. If you leave the hutch door open it might run away then you have to search the street for the bloody thing.
People could choose to have computers which just do their job from year to year but they seem to want to believe that the thing is alive, just like the pet. They want it to have issues and risks, to get "infected" and require "cleaning".
They won't be happy with something which just browses the web and shows them pictures. It won't be as entertaining and involving that way.
http://michaelsmith.id.au
installed Firefox for me? Probably scanned my machine and then installed it out of pity.
Seriously though, since I installed Firefox last Summer it's made Ad Aware and HijackThis obsolete.
A better, but longer headline: Firefox browser less likely to automagically download malware that damages the operating system than internet explorer browser.
The misleading headline makes it sound like people who use firefox are less likely to visit a site that would take advantage of an unpatched exploit in their computer. That conclusion, however, would not surprise me if it were true.
In addition, there are very few people who just go the websites of the world in a random fashion. So who cares if around four percent of the websites out there have malicious programs - that is a problem of domain hosts that allow nasties to keep their sites on those servers. In a world where most people (probably around 80% of internet users) visit the top websites (probably around 20% of sites), I think the problem is one of user education (don't go to sites you don't trust, don't randomly click on crap - which probably needs to be applied most to pr0n surfers).
I just had this image of guys in suits yelling at each other about the merits of Firefox and IE; saying things like "Firefox is a liberal plot to undermine American values!", etc...
But you don't have any problems with "nave users"?
n : the central area of a church
If they kept the experiment going then the rest of the world could get an idea of how safe the sites are they're visting depending on which browser they're using. A bit like the service from Siteadvisor which I can't wait to see working.
Grad students are free. I'd imagine the professors did very little work.
Please dear God, let there be no "Hang 10" jokes in this thread...
Well you asked for it....
The reason why Firefox is safer is that you don't have to 'hang 10' seconds while the domain infects the first Internet Explorer configuration.
He who knows best knows how little he knows. - Thomas Jefferson
What a clown you are! Everyone knows you aren't meant to connect Windows XP to the internet! It's like putting your figure in a power socket!
EndElitismSection
It may be flamebait, but it's true. About a year ago I was helping set up a friend's computer with a clean install of XP, and a couple of minutes after first booting it was already infected, despite never opening a browser.
Lynx is a very safe browser. Flash ads are rendered impotant. Animated GIFs are defeated on load. Active X; no way! Lynx is the browser of the future! Now let me get back to my 3270 terminal.
One ring to bind them - should probably have more fiber and less rings in their diet.
Then why don't you unplug the ethernet port on your computer until you've changed the "internet options" to be more secure and are ready to download updates? It's really not that hard.
What are they doing?
They're popping up a dialog box that says "To view this site, you must install the "Fuck My Computer Up Beyond Recognition" ActiveX Control". Please click "Yes" to continue."
Sad but true. Most people just blindly click "OK, YES, I AGREE". There's no good way to stop that.
Whoops, should have RTFAed. They intentionally used unpatched browser versions to maximize infections. That's really sucktacular of them. They should have at least included a fully updated XP SP2 IE in its default "secured by Microsoft" state, as an experimental control.
Please, stop wasting funding researching things that are blatantly obvious. The rest of us knew this already and we dont consider ourselves lucky that you were able to scientifically prove this. This reminds me of the graduate psychology experiment I was a subject for. They ended up proving that the majority of people in the downtown area on a friday night are drunk. Way-to-go guys!! When you feel like doing something difficult and/or actually contributing to society I have a computer system for you to optomize, thanks.
What about comparing the mindset of people using Firefox to the mindset of those who use MSIE? I know people who are seriously under MS't thumb, in that they simply do not care if there is any alternative and quality is completely irrelevant. They also don't care enough about the world to be careful on the web. One friend of mine (who's nearly 31 years old now) I won't let use my computer without supervision because he doesn't want to "learn how" to use Firefox, and he's often impulsively copying crap from god knows where on to my machine or other people's machines to show off the latest stupid gimmick he's found out there someplace. I don't like gimmicks off some random web page running on my PC as I'm afraid of what computer illnesses may come along for the ride...
I think that a lot of people using Firefox go beyond just having a different browser to be safer doing the exact same things. I think that the average firefox user probably has a somewhat different web surfing habit than IE users. Many are using Firefox because they sought out something "safer" than MSIE in general, and are probably actively trying to be safer in their usage as well by not doing some of the things or going to the sorts of sites that those less interested or less knowledgable are doing or going to.
Regardless of the browser in use, who is more likely to click through the bank account phishers, the average MSIE user or the average Firefox user? Things like that...
Heh heh. Here's how you avoid that: On XPSP1 installs, turn on the firewall before connecting. On XP without SP, you use the IP Filtering option, which has been there at least since NT4, and probably 3.51. Filter all incoming connections of all three filterable types (ICMP, TCP, UDP.)
I know you were just making a funny but maybe this will help someone clueless... or, if you were serious, someone more clueless.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
From the article:
"The moral, said Levy, is: "If you browse, you're eventually going to get hit with a spyware attack."I strongly disagree. If you browse smartly, you won't be hit, even when you use IE. You need to be really careful, but again using the computer properly, won't get any infection. What the author states above is simply an overstated semplification, just as saying that "if you will get enough emails with suspicious attachment, you will open them".
Advise: 1) browse smartly (always). 2) Get Firefox (just in case you were not very focus on what you were browsing) 3) Get a Unix/Linux/Mac if you really plan to browse safely with little thinking.
Even more sucktacular is the fact that the summary omitted this detail. You know it was intentional.
Argh! What the fuck does leveraged mean!? I was under the impression that it involves a lever and a pivot point. Yes, I know it's a buzzword, but this one is getting fucking ridicilous!
With all due respect, the meaning of the word "leverage" in every example you gave is plainly obvious, and not really even that buzzwordy.
Within the business world, "leverage" is ABSOLUTELY NOT a meaningless buzzword -- no more so than "quantum" is a buzzword in the science community. In case you really don't understand, the word is used to mean "utilize to one's own advantage", with a specific implication of coercive or forceful action. It's a single word that combines several concepts that would otherwise require more space to explain.
Moreover, within financial circles, "leveraging assets" is the practice of using items of value as collateral for further borrowing. For example, a real estate investor may mortgage existing properties to purchase more properties. This reduces cash investment, but increases debt and risk. Asset leveraging of some type is a necessary component of most investment schemes to attain a reasonable rate of return. Thus, whem business types speak of "leveraging assets" they aren't blowing marketspeak out their asses -- they are using specific technical jargon just like computer geeks talking about those so-called "memory leaks".
Now "synergy" on the other hand, is a total load of crap...
I am a geek attorney, but not your geek attorney unless you've already retained me. This is not legal advice.
While I use Firefox myself and believe it is marginally more immune to exploit, I suspect that the most likely reason for the results in the FA is that Web users who know how to use Firefox in the first place are more likely to be cognisant of such threats to begin with, and are also more likely to protect their computers from spyware/adware/etc.
Yeah, it didn't affect me at the time because I was on a Mac, and, of course, I use Firefox when on Windows unless absolutely necessary, like a good little nerd.
This sig, aah-ah, is comin' like a ghost-sig...
Seriously, somebody queue up Ric Romero from Fark...
/troll, I don't care.
Ok, let me start by saying that I really don't know if you are right or not... but I think not. Do you think PCs are more common at homes or at corporations? In every corporation I worked, patches are installed automagically by the network admin. In every home I know of non-techs, it's the opposite -- patches are NEVER installed.
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
"It's like putting your figure in a power socket!" /.er's figure! LOL!!
I hope that you meant "finger", as I doubt that there are many power sockets that could handle a typical
Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
I'm really sick to death of all the "Firefox kicks everyones' ass" pieces all over the place. I really can't stand being in the mindset to defend MS, but yet...
/. post even more stupid). The conclusion is if you take two unpatched browsers, you'll get spyware a lot, and moreso for IE.
.00000001% of malware that got through I guess!)
This whole "study" was stupid in terms of proving one browser more secure from malware than the other (which wasn't their point apparently, which makes the
Ok, as others have said, that's not exactly like finding out the Sun orbits the Earth or anything.
It is much like saying "hey, you know, if you go into a burning building without firefighting gear, your gonna get burnt".
REALLY?!? WOAH! HEADLINE NEWS!
"If you have sex with a number of HIV-positive people you may well contract the virus".
SERIOUSLY?!?
"If you vote republican, you will slowly lose your personal rights".
THE HELL YOU SAY?!?
"If you vote democrat, you will pay a bunch more in taxes".
YEAH, I GET IT, IT'S OBVIOUS!
Let's see what happens with two FULLY-PATCHED browsers. Will FF still come out on top? Yes, I would imagine so. I'm not about to say IE isn't inherently more dangeruos than FF, because I think it is. But it's a question of degrees... are two completely up-to-date installs of FF and IE going to be *that* much different? I would seriously doubt it. I'd be willing to bet they are close enough that you could effectively ignore the difference (until your machine gets wiped out by the
It's interesting to me... I've been using IE all along... there are some things that annoy me about FF that keeps me from using it full-time. In all that time, I can count on one hand how many times I've been infected with anything. And, once I moved to Maxthon a year or so ago, I haven't been infected with anything even once. The difference between IE and FF is not THAT big, when you are fully-patched.
Talking about anything less is pointless... and yeah, I know the argument... "But grandma doesn't know she should be patching her browser and doesn't know how". Well, get grandma off the computer! We don't let kids drive cars because THEY DON'T KNOW HOW TO (neither do many adults of course, but I digress). Using a computer is no different than using any other tool: you can hurt yourself, and sometimes others, if you don't know how to use it. Can't you smash your hand with a hammer? Can't you cut a finger off with a can opener? Can't you badly burn yourself using your oven? There is a certain amount of risk to using any tool, and you accept that risk, but more importantly, you learn about the tool to some minimal degree that allows you to mitigate the risk as much as possible. People need to start doing the same with computers. Not everyone has to know how to hook a system call or spawn daemon threads in a VM or whatever else, but keeping a browser up to date, especially as relatively easy as it is today? Yeah, I'd say that's the MINIMUM level of knowledge one should have, and if you don't have it, git knit a sweater, you shouldn't be touching a computer.
Enough with all the "FF rules and IE sux0rs" crap... if you like one or the other, great, no problem, choice is good, use what you like. But enough with constantly telling me how unsafe I am using IE (or an IE derivative). My experience does not bear it out, and even if it did, the answer would still be what it's been all along: the USER is more at fault than the browser.
Hey, when something gets through FF by the way, do we start screaming that it is insecure and no good? Of course not! We first ask "well, what did the USER do to let the garbage in"? Because OF COURSE it could never be FF's fault. And you know what? 9 times out of ten, it isn't! Just like 9 times out of 10, it isn't IE's fault... ok, to be fair, 8.5 times out of 10 for IE... like I said, I don't doubt FF is a bit better.
Ok, I'm done, rant over.
If a pion (n-) collides with a proton in the woods & noone is there to hear it, does lamdba decay into the source pa
One of my routines when I install a new copy of Windows is to set all file/directory perms so that the average user can only write to their local home directory. This is usually a game of 1) set the perms, 2) see what breaks, 3) make an individual decision about whether to reset the perms for a particular file or directory to fix the brain dead program that requires users be able to write to a non-home directory in order to properly run.
How many of the infections are caused by the silly default perms that Windows starts with? I once secured the permissions on NT3.5 and discovered that ordinary users could not use any system help files because they could not write to C:\winnt\system32\help or some such system directory. On that same NT3.5 box, I installed a utility from the resource disk that was supposed to set the system up to be C3 (or C-Something) secure. The utility immediately reset all permissions back to the default of "Anyone Can Do Anything Anywhere(tm)". NT4 and Win2K defaults were not much better.
I've mostly given up on Windows for this and other reasons and have been running Linux on all but one of the family boxes for years which basically solves the default permission problem. But I've got one Windows laptop left that I need to upgrade to XP (my wife needs to run a student version of ArcView). Have they done anything to fix the lax default permissions and does this make any difference for preventing spyware?
FreeSpeech.org
A better idea is to keep a hardware firewall handy.
Or even better yet, keep a copy of SP2 slipstreamed into Windows XP. Saves alot of time with having to patch too.
..Firefox "beams on" faster; as
option {BurnAllBridges: on;}, and, -alas-; there's no
http://slashdot.org/comments.pl?sid=176645&cid=146 67513 Turning Back(tm)..
[ Never trolling, but not quite serious either.. ]
A horse can't be sick, you know, even if he wants to.
Nice post. I didn't know you could do this during an install but am eager to try it out on a machine exposed directly to the internet (no firewall/router protection). Mod parent up (no more points, sorry!).
Yep. Slashdot at its finest!! :-)
-- "I never gave these stories much credence." - HAL 9000
If by "browse smartly" you mean "only visit one or two well-known sites and go noplace else", then I agree, you probably won't get hit. But one of the points they made in this study was that spyware installed itself in a 'drive-by' fashion, with or without user interaction. Sometimes those suckers come from 3rd part ads on well-known sites, so it's hard to cover that particular vector of attack altogether. I suppose if you disabled ActiveX, Java and Flash, you might only come across malware in the case of exploitation of some unpatched flaw in IE or in Windows ... but we all know how on-the-ball Microsoft is for security, so that's not a problem, right? Right?
Working in a DevOps shop is like playing in a band made up entirely of keytarists.
Not a single user running Konqueror on FreeBSD has been infected by malware through their web browser.
I'll probably be alright using Firefox on Linux though.
i agree about the funding issue. but at one point, university of washington and hank levy in particular did research into fundamental concepts of system design and performance. its very sad that this kind of thing is what the grad students are working on these days.
big deal...last year, you could install a fresh linux server install while connected to the internet, and within 5 minutes 2 scripts running out of the west coast would have your root password changed...we tested it first hand several times with red hat...intall it while connected to the ethernet through a router/firewall ot the internet...and boom...root password changed within 5 minutes. The sources of these scripts were california and alaska..and there are/were many more like it that we researched and found.....so by the logic on this board, linux is now crappy insecure bloatware constructed by an evil corporation.....
I'm not quite sure what to say to that...
I don't think you could have a telnet server running on a system with a blank root/admin password behind a router and get hacked in 5 minutes, that's Windows, Linux, FreeBSD, Solaris... ANYTHING.
Even if your router is extremely old and unsupported, people probably won't have worms/malware/viruses/whatever searching for routers like that constantly, that's absurd. New-ish and Newer routers are usually supported by their company, so I'm not quite sure what you are talking about.
I've had a fresh install of Windows XP installed on my network (behind a router), no SP1, no SP2, no patches, no firewall, nothing, and it has never been infected by viruses (I periodically run HouseCall and NAV, which has auto-protect disabled), spyware (at that time I also run spybot (no teatimer), adaware and a couple other spyware removal things on it), or any type of malware on it.
It's been up for years, and it's never had any problems. Considering the proliferation of Windows attacks out there, the router seems to be more than enough to protect that PC. How in the world did Linux of all things (small marketshare, I'm not going to get into a security discussion) get rooted in 5 minutes?
Mods, your Insightful rating for this post was way off. I call -1, Bullshit.
Why are you installing XP (or any other OS) with it directly connected to the internet?
Get a router with NAT to block most of the bad stuff - and heck, disconnect IT from the internet. Get the computer working and as much security in place before going online with it.
A simple netgear or linksys router provides tons of protection and costs about $50... definitely worth the time saved from reinstalling windows once or twice.
If you're really paranoid, download the security patches and burn them to CD so you can install them without going online.
According to the article, "We can't say IE is any less safe," explained Levy, "because we choose to use an unpatched version [of each browser.] We were trying to understand the number of [spyware] threats, so if we used unpatched browsers then we would see more threats."
So reporting this on CNN and the like wouldn't have the impact that you hope it would. In fact, this study might be useful in studying malware but is meaningless in comparing FF with IE regarding security (as they rightfully admit).
-- "I never gave these stories much credence." - HAL 9000
You can do it right after the install, before you connect. If you are using a version of XP requiring activation, then tell it you want to activate later, log in, make the changes, THEN activate. You can't do it during the initial install that I know of, although it SHOULD be possible to make your own automated install disc (fun job! what a PITA!) that will not only answer questions for you, but will have SP2 in it, avoiding the whole problem entirely.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
SP2 out of the box is vulnerable - I've seen it happen.. unfortunately after installing windows the first thing you have to do is hunt down device drivers for everything, which means going on the web :(
Still not got into the reflex of downloading FF as the very first thing.. bad I know.
This was on Yahoo's front page today at about 10:00 AM MST http://news.yahoo.com/s/cmp/20060210/tc_cmp/179102 616
Should forum administrators block links to websites in the former Soviet Union?
Bah. I've seen plenty of bad sites from the US. Occasionally, I see a pretty interesting site from russia. (Famous example: http://www.artlebedev.com/portfolio/optimus/) I think blocking all russian sites would be shooting yourself in the foot.
If it's so secret, then how come I've never heard of it?
Really? Care to give us an example? Or are you just playing the "Opera Fanboy" again?
UNIX: Find it, fsck it, forget it.
You can test the browsers yourself by placing the URL to the Yahoo Random Link http://random.yahoo.com/bin/ryl in a toolbar bookmark and click it a few thousand times. Although be warned it can take you anywhere! So I really wouldn't recommend using it in IE.
There used to be a "browser buster" on mozilla.org that would reload this URL (loading a new page each time) automatically in a frame. But I don't see that out there anywhere any more. Probably because the YRL was busted for a long time.
Could this open some eyes and increase interest in alternative (Linux, Mac) offerings?
If you don't know where you are going, you will wind up somewhere else.
In Soviet Russia, obvious states YOU!
If you choose to manually set up networking during the install, you *should* be able to set up filtering then.
jred
I'm not a mechanic but I play one in my garage...
I'm not sure if you were serious about disabling ActiveX, Java, and Flash completely, but you forgot to mention JavaScript. IMHO, it's usually more annoying than Java, which at least runs in a sandbox.
birds more likely to get avian flu than fish.
Vote for Pedro
Someone needs a router, methinks. Just because your software firewall isn't running doesn't mean the hardware firewall isn't.
How are sites slashdotted when nobody reads TFAs?
I don't remember the particular release of Red Hat.
I would think that a good number of people from small villages in Africa would tell you that drunk people on a Friday night is obvious.
From personal experience (Madagascar not mainland Africa), I can say that without a doubt, most of the people 'downtown' in the village I lived in for a year would be drunk on Friday night. Especially if they were fishermen.
[All Your Fish Are Belong To Us]
Further to this, in financial and business circles it means exactly what it means in physics - using some sort of mechanism to amplify the force of your action - like in futures contracts, or contracts for difference, or spread betting - where you can realise the same absolute loss or gain with much smaller capital.
Of course IE is unsafe, because it is the primary target. Is there even a secondary target? Did any of the sites contain Firefox exploit code?
It says they used an unpatched machine. No shit, you need patches. If Linux and OS X were completely immune, why is it that patches exist for them? Nothing to hide, right?
Blame the user, not the software.
And I don't believe synergy is total crap either. Synergy is what catalysts do in chemical reactions or what musical instruments do when combined - you can listen to a drum player and not get anything. You can listen to a bass player and not get anything either. Now put the two together, and they make sense... music... Add a violin solo, which on its own is crap, and the whole thing is better than its parts separately. Synergy is the difference between the value of the sum of the parts and the value of the parts acting together. Firefox with no extensions is quite basic. Mouse gestures on their own don't work. Put them together and you get something useful....
Mod parent up. Everytime I see that stat saying, "WinXX will be infected x minutes after installation!" it just makes me want to beat my head. Sweet zombie Jesus, is it so hard to exercise proper protocol when you set these things up? Yes, windows sucks hard and fast, but as technologists, we've got to work around it.
Yay, nationalism! Let's just treat people in one country different for people from another!
> Filter all incoming connections of all three filterable types (ICMP, TCP, UDP.)
Wow, that'll REALLY make it easy to download the patches, Spanky.
I mean, downloading the patches IS the reason you'd have it networked right after an install but before patching, right?
That's the weirdest fucking typo I've made in a while. I'm probably going to obsess for hours over it too - it's a pretty bad mistake. Thanks for pointing it out though mate.
The real solution -- Microsoft should be sending free updates to all registered XP owners with updated CD's that contain pre-patched installations.
Actually, the best way to stop it would be to have people who are functionally illiterate run from a read-only partition. ;-)
Mod parent down. The vast, vast majority of Windows XP users are clueless. None of these things suggested come naturally to them. I can't fathom what would happen if I asked my mother to keep a CD of security patches handy, enable the software firewall, don't connect the cable until she's protected, etc... She can install the OS if need be, but that's about it. I understand what you're saying, and I do agree. The vast majority of XP users do not know proper security procedure to keep from fucking things up. Much the same way that the vast majority of automobile owners don't know the proper procedures to keep their vehicals running correctly.
However, unlike computers, when a car owner encounters even a basic problem ("I need new oil/tires/shocks/headlamps") they don't just half-ass it themselves, they take their expensive machine to a qualified mechanic.
Just because your mother can install the OS doesn't mean that she knows how to do it correctly, any more than a novice would know how to change their own oil in their car.
It's long been obvious that there are two different types of computer users. Those who "just want it to work" and those who "want to know *how* it works." To continue my car analogy, those who just want it to work should open their wallets and hire a good mechanic. Those who want to know *how* it works will be willing to spend the time and effort to get it right.
If you don't want to know how it works, then you probably shouldn't be doing your own upkeep, modifications, and tinkering, regardless if the machine is a car, a computer, or an other technologically complex machine. The real solution -- Microsoft should be sending free updates to all registered XP owners with updated CD's that contain pre-patched installations. Now *that* is a good idea.
No problem...honestly wasn't trying to be a Grammar Nazi! :) I thank you for that, sir!
The mental image that came up had my rib muscles (ouch!) cramped from laughing too hard!
Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
.. and they are much more fun to use too!
Use nLite to apply SP2 to the disc, silly. :-P
Really? Let's try replacing the word 'leverage' with the word 'use' in all the three examples, and see if we lose any significant meaning:
Most of the exploits that used IE vulnerabilities to plant spyware were based on ActiveX and JavaScript, said Gribb.
World Wind uses satellite imagery and elevation data to allow users to experience Earth terrain in visually rich 3D, just as if they were really there.
learn how other organizations leverage the pod
Even given your argument concerning business use of 'leverage' - which I still consider dubious - the only one of the three that might fall into that category is the last one. The other two work just fine with 'use', and so to use the word 'leverage' can only be put down to the author thinking that it makes him seem more intelligent to leverage a long word when he could equally well use a short one.
Real Daleks don't climb stairs - they level the building.
They're owned more times and by more people than the ipod.
In Soviet Russia, Spyware installs YOU!
I'm not not licking toads.
How much safer is Firefoxs really, considering there's ~7000 open bugs, thousands of extensions, each a potential entry point, and millions of users with delusions of invulnerability? How exactly is 0.9% (Firefox) better than 1.6% (IE) anyway? Both mean spyware has been installed. Is it okay to have less spyware now?
When I went to a Sans conference years ago (think it was maybe 02??) for their forensic track they had the guys from the honeynet project present. They had a Redhat box found and rooted not in 5 min, but around 15-20 (that was the fastest time for Linux). Really all that is required is finding an older one, rooting is really easy with all the point and drool rootkit out there.
I think you'd be really amazed at the sweep scans going toward your box all the time; majority of them are targetted towards greatest probability (i.e. Windows) but I've seen it personally happen where a guy (who should have known better) started a Linux install in the DMZ went for a long vendor lunch and when he was back someone had found it and gotten into it.
Speaking of being clueless, ICMP and UDP are connectionless. TCP is the only one of the three protocols you mentioned which *does* maintain a bidirectional state on the protocol layer. So while it's nice that you think you've got it all worked out by using the pitiful filtering capacity you get out of the box... you still fail at the internet.
Sam ty sig.
I got a virus on windows and I don't see any slashdot headline saying windows xp vunerable to virus attacks...
i agree
Get patches here & burn them to cd. May seem a bit obvious, but lots of folks don't know where to get patches for Windows except from microsoft.com, which (unless it's changed recently) you can't make backups of.
I dream of a better world... one in which chickens can cross roads without their motives being questioned.
Actually the weatherman and the traffic guy of our local radio station discussed FireFox a lot, I have never heard them talked anything about "mozilla suit" or Linux.
There is a spark in every single flame bait point.
As a tech in a whitebox store I try to educate my customers:
Do not use IE, we will install Firefox on all machines with a broadband ISP or dialup that isn't AOL.
Do not install any toolbars if you have to use IE. (I know that google & yahoo are supposedly safe, so what)
All pop ups are evil, do not click on any.
All ads for anything to stop spyware, are spyware. We install Ad-Aware and Spybot, update and run at least weekly.
Since starting this we have fewer comebacks for infected machines and much happier customers.
Professional Politicians are not the solution, they ARE the problem.
Well, for some reason the link turn out right right, crap. Sorry about that. Trying again: Windows patches
I dream of a better world... one in which chickens can cross roads without their motives being questioned.
Pudding is tasty.
Yeah sure Firefox is good. I used it everyday but don't you all realise how much it consumes your pc memory? and IE? wth is that? I'm sure i've heard it before... Now I'm using the netscape 8...
If dreams are like movies then memories are films about ghost..
In a move of utter brilliance, I forgot to unplug the network cable when doing a Win2K reinstall one time (and the network cable was hooked to DSL).
;)
Before it was done installing I'd been rooted and someone had already started making ISO'd warez available.
Needless to say, I don't forget that part anymore (hey, it was 3 AM or something).
SYS 64738
No kidding, with the ActiveX/Popup blocking capabilities of IE and SP2, that number would have fallen right to 0.00% or so. What a delightly FUDdy article.
Yeah, I'd agree... The right word is "naive", or more correctly, "naïve".
Microsoft-free since March 28, 2004
You know, I never thought I'd say this but Netscape really sucks. I still have my Netscape 1.0 CD. Times have changed though. If you're using Netscape anything, it's being released by AOL. You can rest assured it is no longer the superior product it once was. It's been hashed up and recoded by the same team that brough you the AOL ISP client software, which has been the death of many a Windows-based PC. You have to wonder what all it's phoning home to AOL, too.
2 cents,
Queen B
HDGary secures my bank
Mod parent up. Everytime I see that stat saying, "WinXX will be infected x minutes after installation!" it just makes me want to beat my head. Sweet zombie Jesus, is it so hard to exercise proper protocol when you set these things up? Yes, windows sucks hard and fast, but as technologists, we've got to work around it.
Yeah, by installing Linux. When an operating system can't even install and update itself in a networked environment without become an infected cesspool, then it's the fault of the operating system, not the user.
"Proper protocol" should not have to be to have a spare computer around to download patches, or for all users to keep an external hardware firewall in stock for installations. This would be like having to get a tow truck to tow a new car home before starting it for the first time, rather than driving it off the lot.
As opposed to run towards it?
=)
It's not offtopic, dumbass. It's orthogonal.
You can certainly download Service Pack 2 from their web site. I have it burned on a CD. Installing it is usually the first thing I do when working on an XP machine that doesn't already have it.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Well i for one dont live in soviet russia...
:P
Such a wierd place It would be to live... So opposite
really ---- can't handle big lists of bookmarks (can't arrange them --- and i submitted this bug years ago), can't ^n to clone a new window, have to search through tons of stupid extentions, can't import IE bookmarks with correct positions. And, it doesn't work on a lot of sites. Oh ---- and it takes fricken forever to start up.
If the researcher was worth his salt, he would know what mechanism was used to install the spyware and adjust settings to avoid it. Now, that information would be useful! Or at least publish the site so other could determine the real issues. What a STUPID article.
Could be 1 difference in vulnerabilities was the whole issue. Statistically meaningless.
The only thing firefox is good for is comics.com with adblock. Otherwise, forget it.
Yes - my sister and brother-in-law. They won't read this article here of course, but I've read it and use such things when asked my opinion. They've moved over to Firefox, and they're about 80% convinced to move to OS X too.
Now to the rest of the post:
I challenge anyone to disagree; but with an intelligent argument, not just emotion and flame. (BTW, I don't mean a clever 'flame' argument, a real intellectual one. One with real facts and figures. Tests with defined tests-beds. That sort of thing.)
A good sentiment, but is it one that sits particularly well with phrases such as:
I see no facts or figures there. Just opinion and rabble-rousing. Personally, Firefox is my primary browser at work and at home I use Safari. I also gave Opera a try - I'm not religiously wed to a browser. There are useful facts and figures to be found I'll bet. I suggest, however, that your post does not contribute to that.
Cheers,
Ian
"Levy and Gribble didn't set out to verify that, but they did note that the few successful spyware attacks on Firefox were made by Java applets ", but they can be easily blocked and allowed on trusted domains only using the NoScript Firefox extension, which takes care the same way of JavaScript, Flash and other plugins for a paranoid yet usable security level :)
There's a browser safer than Firefox, it is Firefox, with NoScript
The worst part of this seemingly simple precaution is that broadband providers don't force the manufacturers of their hardware to provide DHCP/NAT right inside the "modems" they send out to their customers. Installation in such a situation would be no harder than a direct connection (just a matter of putting different numbers into the Windows network settings) and it would seem likely to save these ISPs a lot of money in terms of support. As far as I know, there's no reason this couldn't be done except that those hardware manufacturers want to be able to sell their router hardware separately.
This of course wouldn't be a replacement for a good firewall but according to everything I've read on the subject, NAT protection is more than enough to get a user through a Windows installation without getting "owned," allowing their first infection to occur when they open that e-mail attachment calling itself a free screensaver...
If Firefox were being used by two hundred million people around the world and was therefore the target of thousands of hackers I submit it would have just as many holes if not more.
Why is it surprising that the exploits, deliberately targetted at IE, shouldn't affect Firefox all that much? The same argument applies to the "awesome security" of Linux vs. Windows. Were Linux to be on hundreds of millions of PCs around the world, and it were under assault from thousands of hackers, to quote Yoda, "When 800 hackers per component you reach, hold up so well you will not."
I now await flamebait or troll moderation. (Seriously, about 1/2 the time I bring this up, that's what happens around here.)
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
The principle (it's _not_ just a theory) of Conservation of Leverage says that the middle example should have been transformed into:
World Wind uses satellite imagery and elevation data to allow leveragers to experience Earth terrain in visually rich 3D...
HTH.
FP.
Also FatPhil on SoylentNews, id 863
Won't affect your outgoing connections to download updates at all.
"City hall" in German is "Rathaus" Kinda explains a few things......
I love unix (it's all I use) but we're not quite at the "offer to everyone" level. We really just need to iron out the kinks. Ubuntu and a couple of others are really close, but I'd really like to see them ready for when Vista is released (and it looks like its gonna happen).
Hmmm. Alot of these mistakes come from starting things like your httpd or sshd before you're actually secure. It sounds like someone at Red Hat made a mistake.
well with udp you can just reject if the ip/port combinations don't match a packet you've sent recently.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
Would this VMWare browser appliance be overkill?
http://www.vmware.com/vmtn/vm/browserapp.html
It claims to be free.
Discuss, discuss.
http://www.firefoxmyths.com/ Dont blame IE for your bad browsing habbits
Do NOT goto this URL http://www.forthesims.com
Well, creating such a disc is a piece of cake with nLite...
np: Maurizio - M04A (Full 12" Length) (M Series)
"I'm not anti-anything, I'm anti-everything, it fits better." - Sole
Stupid moderators: it wasn't redundant when it was posted :-p
I might know what I'm talkin' about, but then again, this is Slashdot...
Oddly enough, I am aware of the difference between TCP and UDP. Fuck, I even know what they stand for, and what the other three protocols in the TCP/IP protocol suite are. Where's my cookie?
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"