Slashdot Mirror
Firefox Users Surf Safer
SenseOfHumor writes "According to two University of Washington Professors, Firefox users have a safer browsing experience than users of IE. These researchers sent their crawlers to 45,000 websites and studied the impact on Firefox and IE." From the article: "Levy and Gribble, along with graduate students Alexander Moshchuk and Tanya Bragin, set up IE in two configurations -- one where it behaved as if the user had given permission for all downloads, the other as if the user refused all download permission -- to track the number of successful spyware installations. During Levy's and Gribble's most recent crawl of October 2005, 1.6 percent of the domains infected the first IE configuration, the one mimicking a nave user blithely clicking 'Yes;' about a third as many domains (0.6 percent) did drive-by downloads by planting spyware even when the user rejected the installations."
Everyone knows that... I mean if a user has an idea what spywares are and heard of firefox he probably uses it, if not this study won't change anything.
\u262D = \u5350
Could somebody with power please post results like this somewhere that the general public would see?
Slashdot readers already know this!
This needs to be in USA Today, New York Times, on Fox News, CNN, local newspapers, local news, etc.
Then it would actually mean something.
So we can say that if you don't explicitly accept anything, you're safe with Firefox. Pretty much what I expected.
I wonder what the numbers will be for IE 7.
WTF IS AN EXPERICE?
From TFA:
"We can't say IE is any less safe," explained Levy, "because we choose to use an unpatched version [of each browser.] We were trying to understand the number of [spyware] threats, so if we used unpatched browsers then we would see more threats."
I hope they used a very old version of Firefox. Comparing FF1.5 to an old unpatched version of IE is hardly a fair comparison.
They should have patched both browsers and had them run the same crawl. Then we could see how each browser in its most current state handles spyware, and how much each one has improved via patch releases.
120 characters for a sig? That's bloody useless.
Could it mean the death of IE?
Owning a computer now is a bit like having a pet rabbit. It never just is. You have to feed it the right stuff or it gets sick. If you leave the hutch door open it might run away then you have to search the street for the bloody thing.
People could choose to have computers which just do their job from year to year but they seem to want to believe that the thing is alive, just like the pet. They want it to have issues and risks, to get "infected" and require "cleaning".
They won't be happy with something which just browses the web and shows them pictures. It won't be as entertaining and involving that way.
http://michaelsmith.id.au
installed Firefox for me? Probably scanned my machine and then installed it out of pity.
Seriously though, since I installed Firefox last Summer it's made Ad Aware and HijackThis obsolete.
A better, but longer headline: Firefox browser less likely to automagically download malware that damages the operating system than internet explorer browser.
The misleading headline makes it sound like people who use firefox are less likely to visit a site that would take advantage of an unpatched exploit in their computer. That conclusion, however, would not surprise me if it were true.
In addition, there are very few people who just go the websites of the world in a random fashion. So who cares if around four percent of the websites out there have malicious programs - that is a problem of domain hosts that allow nasties to keep their sites on those servers. In a world where most people (probably around 80% of internet users) visit the top websites (probably around 20% of sites), I think the problem is one of user education (don't go to sites you don't trust, don't randomly click on crap - which probably needs to be applied most to pr0n surfers).
I just had this image of guys in suits yelling at each other about the merits of Firefox and IE; saying things like "Firefox is a liberal plot to undermine American values!", etc...
But you don't have any problems with "nave users"?
n : the central area of a church
Please dear God, let there be no "Hang 10" jokes in this thread...
Well you asked for it....
The reason why Firefox is safer is that you don't have to 'hang 10' seconds while the domain infects the first Internet Explorer configuration.
He who knows best knows how little he knows. - Thomas Jefferson
It may be flamebait, but it's true. About a year ago I was helping set up a friend's computer with a clean install of XP, and a couple of minutes after first booting it was already infected, despite never opening a browser.
Lynx is a very safe browser. Flash ads are rendered impotant. Animated GIFs are defeated on load. Active X; no way! Lynx is the browser of the future! Now let me get back to my 3270 terminal.
One ring to bind them - should probably have more fiber and less rings in their diet.
Then why don't you unplug the ethernet port on your computer until you've changed the "internet options" to be more secure and are ready to download updates? It's really not that hard.
What are they doing?
They're popping up a dialog box that says "To view this site, you must install the "Fuck My Computer Up Beyond Recognition" ActiveX Control". Please click "Yes" to continue."
Sad but true. Most people just blindly click "OK, YES, I AGREE". There's no good way to stop that.
What about comparing the mindset of people using Firefox to the mindset of those who use MSIE? I know people who are seriously under MS't thumb, in that they simply do not care if there is any alternative and quality is completely irrelevant. They also don't care enough about the world to be careful on the web. One friend of mine (who's nearly 31 years old now) I won't let use my computer without supervision because he doesn't want to "learn how" to use Firefox, and he's often impulsively copying crap from god knows where on to my machine or other people's machines to show off the latest stupid gimmick he's found out there someplace. I don't like gimmicks off some random web page running on my PC as I'm afraid of what computer illnesses may come along for the ride...
I think that a lot of people using Firefox go beyond just having a different browser to be safer doing the exact same things. I think that the average firefox user probably has a somewhat different web surfing habit than IE users. Many are using Firefox because they sought out something "safer" than MSIE in general, and are probably actively trying to be safer in their usage as well by not doing some of the things or going to the sorts of sites that those less interested or less knowledgable are doing or going to.
Regardless of the browser in use, who is more likely to click through the bank account phishers, the average MSIE user or the average Firefox user? Things like that...
Heh heh. Here's how you avoid that: On XPSP1 installs, turn on the firewall before connecting. On XP without SP, you use the IP Filtering option, which has been there at least since NT4, and probably 3.51. Filter all incoming connections of all three filterable types (ICMP, TCP, UDP.)
I know you were just making a funny but maybe this will help someone clueless... or, if you were serious, someone more clueless.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
While I use Firefox myself and believe it is marginally more immune to exploit, I suspect that the most likely reason for the results in the FA is that Web users who know how to use Firefox in the first place are more likely to be cognisant of such threats to begin with, and are also more likely to protect their computers from spyware/adware/etc.
I'm really sick to death of all the "Firefox kicks everyones' ass" pieces all over the place. I really can't stand being in the mindset to defend MS, but yet...
/. post even more stupid). The conclusion is if you take two unpatched browsers, you'll get spyware a lot, and moreso for IE.
.00000001% of malware that got through I guess!)
This whole "study" was stupid in terms of proving one browser more secure from malware than the other (which wasn't their point apparently, which makes the
Ok, as others have said, that's not exactly like finding out the Sun orbits the Earth or anything.
It is much like saying "hey, you know, if you go into a burning building without firefighting gear, your gonna get burnt".
REALLY?!? WOAH! HEADLINE NEWS!
"If you have sex with a number of HIV-positive people you may well contract the virus".
SERIOUSLY?!?
"If you vote republican, you will slowly lose your personal rights".
THE HELL YOU SAY?!?
"If you vote democrat, you will pay a bunch more in taxes".
YEAH, I GET IT, IT'S OBVIOUS!
Let's see what happens with two FULLY-PATCHED browsers. Will FF still come out on top? Yes, I would imagine so. I'm not about to say IE isn't inherently more dangeruos than FF, because I think it is. But it's a question of degrees... are two completely up-to-date installs of FF and IE going to be *that* much different? I would seriously doubt it. I'd be willing to bet they are close enough that you could effectively ignore the difference (until your machine gets wiped out by the
It's interesting to me... I've been using IE all along... there are some things that annoy me about FF that keeps me from using it full-time. In all that time, I can count on one hand how many times I've been infected with anything. And, once I moved to Maxthon a year or so ago, I haven't been infected with anything even once. The difference between IE and FF is not THAT big, when you are fully-patched.
Talking about anything less is pointless... and yeah, I know the argument... "But grandma doesn't know she should be patching her browser and doesn't know how". Well, get grandma off the computer! We don't let kids drive cars because THEY DON'T KNOW HOW TO (neither do many adults of course, but I digress). Using a computer is no different than using any other tool: you can hurt yourself, and sometimes others, if you don't know how to use it. Can't you smash your hand with a hammer? Can't you cut a finger off with a can opener? Can't you badly burn yourself using your oven? There is a certain amount of risk to using any tool, and you accept that risk, but more importantly, you learn about the tool to some minimal degree that allows you to mitigate the risk as much as possible. People need to start doing the same with computers. Not everyone has to know how to hook a system call or spawn daemon threads in a VM or whatever else, but keeping a browser up to date, especially as relatively easy as it is today? Yeah, I'd say that's the MINIMUM level of knowledge one should have, and if you don't have it, git knit a sweater, you shouldn't be touching a computer.
Enough with all the "FF rules and IE sux0rs" crap... if you like one or the other, great, no problem, choice is good, use what you like. But enough with constantly telling me how unsafe I am using IE (or an IE derivative). My experience does not bear it out, and even if it did, the answer would still be what it's been all along: the USER is more at fault than the browser.
Hey, when something gets through FF by the way, do we start screaming that it is insecure and no good? Of course not! We first ask "well, what did the USER do to let the garbage in"? Because OF COURSE it could never be FF's fault. And you know what? 9 times out of ten, it isn't! Just like 9 times out of 10, it isn't IE's fault... ok, to be fair, 8.5 times out of 10 for IE... like I said, I don't doubt FF is a bit better.
Ok, I'm done, rant over.
If a pion (n-) collides with a proton in the woods & noone is there to hear it, does lamdba decay into the source pa
big deal...last year, you could install a fresh linux server install while connected to the internet, and within 5 minutes 2 scripts running out of the west coast would have your root password changed...we tested it first hand several times with red hat...intall it while connected to the ethernet through a router/firewall ot the internet...and boom...root password changed within 5 minutes. The sources of these scripts were california and alaska..and there are/were many more like it that we researched and found.....so by the logic on this board, linux is now crappy insecure bloatware constructed by an evil corporation.....
I'm not quite sure what to say to that...
I don't think you could have a telnet server running on a system with a blank root/admin password behind a router and get hacked in 5 minutes, that's Windows, Linux, FreeBSD, Solaris... ANYTHING.
Even if your router is extremely old and unsupported, people probably won't have worms/malware/viruses/whatever searching for routers like that constantly, that's absurd. New-ish and Newer routers are usually supported by their company, so I'm not quite sure what you are talking about.
I've had a fresh install of Windows XP installed on my network (behind a router), no SP1, no SP2, no patches, no firewall, nothing, and it has never been infected by viruses (I periodically run HouseCall and NAV, which has auto-protect disabled), spyware (at that time I also run spybot (no teatimer), adaware and a couple other spyware removal things on it), or any type of malware on it.
It's been up for years, and it's never had any problems. Considering the proliferation of Windows attacks out there, the router seems to be more than enough to protect that PC. How in the world did Linux of all things (small marketshare, I'm not going to get into a security discussion) get rooted in 5 minutes?
Mods, your Insightful rating for this post was way off. I call -1, Bullshit.
Why are you installing XP (or any other OS) with it directly connected to the internet?
Get a router with NAT to block most of the bad stuff - and heck, disconnect IT from the internet. Get the computer working and as much security in place before going online with it.
A simple netgear or linksys router provides tons of protection and costs about $50... definitely worth the time saved from reinstalling windows once or twice.
If you're really paranoid, download the security patches and burn them to CD so you can install them without going online.
According to the article, "We can't say IE is any less safe," explained Levy, "because we choose to use an unpatched version [of each browser.] We were trying to understand the number of [spyware] threats, so if we used unpatched browsers then we would see more threats."
So reporting this on CNN and the like wouldn't have the impact that you hope it would. In fact, this study might be useful in studying malware but is meaningless in comparing FF with IE regarding security (as they rightfully admit).
-- "I never gave these stories much credence." - HAL 9000
Really? Care to give us an example? Or are you just playing the "Opera Fanboy" again?
Someone needs a router, methinks. Just because your software firewall isn't running doesn't mean the hardware firewall isn't.
How are sites slashdotted when nobody reads TFAs?
I don't remember the particular release of Red Hat.
Yay, nationalism! Let's just treat people in one country different for people from another!
Of course IE is unsafe, because it is the primary target.
IE is the primary target because it is unsafe.
Even back when IE was the minority browser, in 1997, when MS introduced "Active Desktop" it opened up a MASSIVE flood of malware targeting the gaping hole they created. There was no similar attack on netscape or Mosaic.
No, IE is the primary target because it is unsafe, and it (or more properly the HTML control) is unsafe because it is inherently unsafe to give one component that kind of responsibility over rights when it has no mechanism to unambiguusly determine whether a document can be trusted.
The security zones model is unfixable without changing the API. ALL existing applications that use the HTML control will have to be modified to control the execution of active content if Microsoft is to have a hope in hell of solving the problem.
This was true last century, it's true this century. That is is the most common browser makes things worse, but it's an unacceptably insecure one regardless.
Speaking of being clueless, ICMP and UDP are connectionless. TCP is the only one of the three protocols you mentioned which *does* maintain a bidirectional state on the protocol layer. So while it's nice that you think you've got it all worked out by using the pitiful filtering capacity you get out of the box... you still fail at the internet.
Sam ty sig.
In a move of utter brilliance, I forgot to unplug the network cable when doing a Win2K reinstall one time (and the network cable was hooked to DSL).
;)
Before it was done installing I'd been rooted and someone had already started making ISO'd warez available.
Needless to say, I don't forget that part anymore (hey, it was 3 AM or something).
SYS 64738