Criminals Prefer Firefox, Opera Web Browsers

An anonymous reader writes "Security researchers at Purewire have leveraged vulnerabilities in malware infrastructure to track the criminals behind it. In a three-month long project, they used security flaws in exploit kits to get operators to expose themselves (Obnoxious interstitial ad between link and content) when they access the kits' admin control panels. Data collected shows that 50% of those tracked use Firefox, while 25% use Opera."

Public Exposure

[Psychotria]

I am not sure that I would have liked seeing the operators expose themselves.

Re:Public Exposure

[Zero__Kelvin]

I quite enjoyed it, actually. You need to find a better source of pr0n ... ;-)

Re:Public Exposure

[Smooth+and+Shiny]

There's better pr0n than hard-core rat pr0n?

So the story is..

crim.. *cough* technically inclined people tend to use firefox and opera rather than IE.
Shocking!

Re:So the story is..

[Forty+Two+Tenfold]

The more advanced use telnet.

Re:So the story is..

[gmuslera]

A better reading could be "people that exploit vulnerabilities of browsers prefer to not use those vulnerable browsers". Not sure how much technically inclined they are (not sure if there are a black market of plug-and-exploit-for-dummies kits), but they are aware of how much damage can be done to whoever (including them) using those vulnerable browsers.

Re:So the story is..

Where's "LWP", "wget", "curl", "fetch", or even lynx? These are supposed to be technically savvy criminals, right?

Re:So the story is..

[linear+a]

Close. Hackers know better than to use IE for all the obvious reasons nobody else should use it.

Re:So the story is..

[cheftw]

I'd suggest a /.-wide banning of a reply consisting wholly of an xkcd, along with a delicious ban for whoever posted it, but I know Randall makes his living off the site, so spam away.

This posted using firefox (to remain ontopic, otherwise I'd have used uzbl).

Re:So the story is..

[Runaway1956]

Sadly, no

Re:So the story is..

[FireFlie]

Hey, the first link actually uses that exact text...

A better reading could be "people that exploit vulnerabilities of browsers prefer to not use those vulnerable browsers". Not sure how much technically inclined they are (not sure if there are a black market of plug-and-exploit-for-dummies kits), but they are aware of how much damage can be done to whoever (including them) using those vulnerable browsers.

Wow! Deja vu anyone? Let's delve deeper.

A better reading could be "people that exploit vulnerabilities of browsers prefer to not use those vulnerable browsers". Not sure how much technically inclined they are (not sure if there are a black market of plug-and-exploit-for-dummies kits), but they are aware of how much damage can be done to whoever (including them) using those vulnerable browsers.

...

Sadly, no

Wait something's not right. Hey the first link actually uses the quoted text. Someone better mod parent down, sheesh.

A better reading could be "people that exploit vulnerabilities of browsers prefer to not use those vulnerable browsers". Not sure how much technically inclined they are (not sure if there are a black market of plug-and-exploit-for-dummies kits), but they are aware of how much damage can be done to whoever (including them) using those vulnerable browsers.

Wait a minute... What's happening here?...

*downscroll*

Nooooooooooo!

Re:So the story is..

[lastgoodnickname]

mebbe he'll make a cartoon the aptly expresses your attitude and opinion on that and then you could just memorize the link and type that instead of having to type a reply.

Re:So the story is..

[Tybalt_Capulet]

I like Chrome. It has a 'close tabs to the right' function.

Re:So the story is..

[lastgoodnickname]

*wish i could use some alt text on above post*

Re:So the story is..

[Runaway1956]

Oh, don't do that!!! I'm laughing my ass off here, and you KNOW how hard it is to screw the damned thing back on!!

Re:So the story is..

[Migity]

No, we use ssh.

Re:So the story is..

[tuxgeek]

Firefox 3.5 + Adblock + Noscript
Probably has something to do with this?

Re:So the story is..

[papershark]

Ask a bugler where he hides his money... ask a hacker what browser he uses.

Re:So the story is..

[Mozk]

You know, having both Adblock and NoScript is a bit redundant. I've never seen an ad with just NoScript.

Does that make me a criminal?

[MartinSchou]

I prefer Opera myself - does that now incriminate me? Or does it merely show that these criminals are security conscientious and knows that using IE on the type of websites they probably frequent would be like throwing stones at bees nests?

They did neglect to mention the most frequently used operating system. If it's equally divided between Linux, OS X and Windows it'd be hard for Internet Explorer to get beyond 33% to begin with.

Re:Does that make me a criminal?

[Jurily]

The classic difference between correlation and causation.

Also, people who think about security much use secure browsers! Think of the children!

Re:Does that make me a criminal?

[buswolley]

I don't think the article implied caustion at all.

Re:Does that make me a criminal?

[Jurily]

What article? I only read the comments.

Re:Does that make me a criminal?

When one is considering the personalities of those who use browsers; I think of the Over Dressed Smiling Show Offs convicted of Lying, Cheating, and Stealing are a special breed apart.

Obvious

[Hatta]

This is obvious. People implementing malware and running botnets are going to be more technically capable than most. The more technically capable you are, the more likely it is you'll use Firefox or Opera. No big deal.

Not surprising...

[nebaz]

This just means that malware writers understand that Internet Explorer has more vulnerabilities to exploit, so they don't use it themselves.

Re:Not surprising...

[supernova_hq]

What do you mean no? You just re-stated the EXACT SAME THING as the parent poster!

If I had mod points, you'd be going down...

Re:Not surprising...

[twidarkling]

The same, but different. No. Really. One was saying "IE has more vulnerabilities." The other was saying "FF and Opera do not have the specific vulnerability they are exploiting." Not the same thing in the long-term.

Bad Numbers in Summary

[joeflies]

Actually the article says 46% Firefox and 26% Opera. Did the submitter really need to round the numbers for the article summary, when more accurate numbers would be more meaningful?

If it was really 50%/25%, I'd suspect a low sample size, i.e. 1 IE user, 2 Firefox users, and 1 Opera user.

Re:Bad Numbers in Summary

[gmuslera]

You should count Safari, browsers with fake identification, IE versions that are still believed to be mostly safe, and suicidal maniacs.

Re:Bad Numbers in Summary

[Barny]

What? All in the same group? Thats a bit harsh on the suicidal maniacs out there don't yathink?

I think a better summery stat would have been that "of the top 3 browsers, over 70% of malware writers steer clear of IE".

Also, anyone wonder if the remaining 28% or so of IE users are using it just to test their exploits?

Re:Bad Numbers in Summary

[Looce]

46% Firefox and 26% Opera could just as well mean 23 Firefox users and 13 Opera users.

And what's this anyway about using percent? Let's all start using parts per million! :)

Re:Bad Numbers in Summary

[dna_(c)(tm)(r)]

Actually the article says 46% Firefox and 26% Opera. Did the submitter really need to round the numbers for the article summary, when more accurate numbers would be more meaningful?

If it was really 50%/25%, I'd suspect a low sample size, i.e. 1 IE user, 2 Firefox users, and 1 Opera user.

Roughly 79.365 % of statistical references contain serious flaws.

If their uncertainty would be +- 5%, they should round their numbers to reflect that (50% and 25%). Alternatively they could say "(46 +- 5)%"

Your heuristic is faulty, it is a human flaw often exploited by marketeers and politicians. If they price an item at 236 instead of 200 or 250, you have the impression that it must be a very competitive price, not something they chose arbitrarily.

Re:Bad Numbers in Summary

[quickOnTheUptake]

Since they are using it to view their server logs, I rather doubt that is a tenable interpretation of the results.

First-hand experience

[peipas]

The guy who took the phone off my lap on the train uses Firefox as well. Right?

What's next, golfers prefer cars that cost more than $100,000?

Give me a break.

Re:First-hand experience

[drinkypoo]

Brilliant comment; car analogy, sports reference, syntactically and logically correct. Extra points for engaging both the downtrodden masses and the wealthy ("Hey, I play golf, and I drive a Bentley! This guy is a genius!")

Missing the Point

[1alpha7]

Most computer skilled people prefer those same browsers. Its what I've got open at this moment, FF and Chrome.

Re:Missing the Point

[peipas]

I have to ask, why are you using Firefox and Chrome at the same time? I could see Firefox and IE if the latter were open for an IE-only site, though those who know use IE Tab with Firefox. But Firefox and Chrome??

Re:Missing the Point

I like using Chrome to watch flash video and I usually use Firefox for web surfing. FF loves to hoard memory watching videos but Chrome doesn't seem to have many problems with it.

Re:Missing the Point

[hodet]

can't have all that porn slowing you down huh....

Re:Missing the Point

[Zero__Kelvin]

If you are watching your pr0n in a web browser, you're doing it wrong (in a related statistic, 98% of people foolish enough to use a browser as a pr0n front end us IE)

Gotta love statistics

[Idimmu+Xul]

What does this article even mean?

Tech savvy IT security enthusiasts prefer alternative browsers to Internet Explorer?
Criminals prefer Firefox?
Firefox users have criminal tendancies?
Firefox encourages exploitation of inferior browsers?

Or, Internet Explorer sucks.

What.

Re:Gotta love statistics

[Xenographic]

> What does this article even mean?

People who write exploits know how to prevent themselves from getting exploited? (i.e. Don't use IE.)

Of course, it's not as simple as merely choosing a good browser, but that's a starting place.

Re:Gotta love statistics

[swillden]

What does this article even mean?

Easy: This article means that this set of computer criminals primarily uses Firefox and Opera.

The problem with statistics isn't with statistics, it's with people drawing conclusions unsupported by the statistics.

Re:Gotta love statistics

[Nethemas+the+Great]

In other news, it has been reported that 98% of persons on death-row in prison have eaten a tomato at least once in their life where as only 5% report having eaten horse meat...

Re:Gotta love statistics

[WarpCode]

Its a Microsoft marketing gimmick to make law abiding citizens switch back to IE so that they wont turn into criminals.

Criminals use firefox. Firefox turns its users into criminals. Dont want to be a criminal? Switch back to IE and be a good person!

Re:Gotta love statistics

[voodoo+cheesecake]

What is their definition of criminal? Oh no! What if it includes "suspicious activity"; we're doomed! I remember a story where someone having a linux partition on their computer in college was accused of being a hacker.

Re:Gotta love statistics

[skine]

Facts are useless. You can use facts to prove anything that even remotely true.

Re:Gotta love statistics

[fatp]

Microsoft's will tell you that Firefox turns you a criminal

Re:Gotta love statistics

[twidarkling]

Eerrrr... Duh? lol

Seriously, that's what facts are for. Proving things. They don't HAVE a use beyond that. Well, winning on Jeopardy, I suppose.

Re:Gotta love statistics

[skine]

Apparently not a Simpson's fan.

Re:Gotta love statistics

[twidarkling]

Not since about season 9, no. Oh well.

Re:Gotta love statistics

[Mozk]

Now, because of this article, everybody mentioning Firefox in the future will be responded to with "FIREFOX? YOU'RE A CRIMINAL!!", much akin to invoking Godwin's Law.

What do you mean?

[ClosedSource]

Is it the mouse-clicking or the keyboard-typing that requires more technical capability while using Firefox or Opera rather than IE?

Re:What do you mean?

[Hatta]

It's simply being aware of alternatives. If you know what a browser is, and that you have a choice of browser, you're well ahead of the average internet user.

Re:What do you mean?

[MichaelSmith]

Is it the mouse-clicking or the keyboard-typing that requires more technical capability while using Firefox or Opera rather than IE?

Knowing about them.

Re:What do you mean?

[Itninja]

FF or O don't require more technical skill, but people with more technical knowledge with usually opt to use them. For example, only a technically savvy person knows the dangers of allowing scripts to run without direct user permission. With FF one can get NoScript running in less than a minute. With IE, you might be able to cobble together some goofy proxy, but for the most part you are on your own.

No one knows better than a scumbag malware distributor how to protect themselves online.

Re:What do you mean?

[REggert]

Less than a minute? Wow! That's almost as fast as the four seconds it takes in my browser!

I've always been fascinated by the fact that disabling scripting in FireFox requires a plugin. In Opera, all you do is click a checkbox in a drop-down menu (or to do it per-site, a checkbox in a dialog window). The same goes for enabling/disabling plugins, applets, sound, cookies, animated images, popups (actually a set of radio buttons and not a checkbox), proxy servers, and sending referer information. It seems to me to be an excessive amount of work to have to install additional software just to get basic security features.

And yes, I'm an Opera fanboy. ;-)

Re:What do you mean?

[Zontar+The+Mindless]

Disabling scripting in FF does NOT require a plugin.

Re:What do you mean?

[supernova_hq]

Damn, if only I could go "Edit -> Preferences -> Content -> Enable JavaScript" in Firefox :(

Re:What do you mean?

[Eravnrekaree]

Actually you can at least when i used IE years ago, turn off the scripts. In fact, you can tell it to allow just scripts to run on certain pages but not others. On firefox? Cant do it without the plugin! Furthermore, IEs feature is a part of a security profiles feature which included a huge number of site features you could turn off, including many others like cookies. You would create a series of profiles, and then establish certain settings in that profile, then add websites to the profile. You could therefore control multiple things through the profiles. Cant do it with firefox. The noscript only covers js, so if you wanted to block cookies as well, youd have to create a completely seperate database of sites.

Re:What do you mean?

[Zancarius]

On firefox? Cant do it without the plugin! Furthermore, IEs feature is a part of a security profiles feature which included a huge number of site features you could turn off, including many others like cookies. You would create a series of profiles, and then establish certain settings in that profile, then add websites to the profile. You could therefore control multiple things through the profiles. Cant do it with firefox.

While NoScript may only work with scripts, they're the most fundamental cause of malicious code running in the browser. Frankly, I think NoScript is a lot easier to use than setting up numerous profiles for a bunch of sites. Don't want scripts running? Click the button, click block.

Ironically, there's a point when mucking about with so many things oblivious users wouldn't understand that it's easier to say "Here, install this browser. Now, install this plugin. You're set." Don't believe me? Try to picture the process of explaining what you stated to someone who's 100% clueless about what a browser even does.

Re:What do you mean?

[Philip_the_physicist]

This was by design. Everything which could be moved to a plugin was. Of course, some things have slipped back into the browser, but the idea was to cut down the bloat.

Re:What do you mean?

[twidarkling]

Okay, then since I don't use FF, I'm honestly confused as to the utility of NoScript, if it's possible to disable scripting without it. Elucidate?

Re:What do you mean?

[REggert]

Me too.

Re:What do you mean?

[Eravnrekaree]

Turning off scripts, plugins, and cookies is NON OPTIONAL. That its not including by default in firefox really shows a lack of concern for encouraging people to follow good security practices. Plus as I said, you need to block not only scripts, but plugins and cookies too! Its better to do this with a security profiles feature, and to allow websites to be added to one of many security profiles. i mean, IE of all things had these features. 10 years ago. And firefox doesnt. Thats defective by design. Its really appalling that IE manages to outdo firefox on this.

Re:What do you mean?

[Eravnrekaree]

Plugins and cookies are a huge problem. Cookies are a major privacy concern, and plugins well just depends on how much you trust the external plugin. Given that the js engine is loaded with security problems, its likely that java and flash are too. You really just want to block all of this out by default and allow certain websites to run them as needed. My policy would be to havea default security profile that allows no cookies, no plugins and no js, and then allow only certain websites to run the js. Javascript itself really should not be a problem if it were not for security problems in javascript itself. The best way is to fix those bugs in javascript to make it more secure. privacy violation however is what cookies are specifically intended for.

Re:What do you mean?

[Itninja]

As long as you want to disable it GLOBALLY, them yeah that's great. Even IE can do that. But that makes many legitimate and useful sites useless. I don't want to have globally enable and disable scripts every time. With NoScript I can 'whitelist' specific sites or just temporarily allow scripts for a single page if I want.

Re:What do you mean?

[Itninja]

Who said anything about 'turning off' scripts? I want to be able to whitelist sites I trust and reject all other scripts from being run. Since many legit sites use scripts, people have to leave script-execution enabled all the time in IE.

Re:What do you mean?

[swillden]

Okay, then since I don't use FF, I'm honestly confused as to the utility of NoScript, if it's possible to disable scripting without it. Elucidate?

NoScript allows you to turn off scripting in general, but to allow it for specific sites. By default, with NoScript turned on, no Javascript is executed, but there's an icon in the status bar that will allow you to allow this site, or a portion of this site, to execute scripts, either temporarily or permanently, and when you change the permissions it automatically reloads the affected page elements.

It also does things like blocking cross-site scripting attacks, even when you are allowing a site to execute Javascript, and setting different rules for HTTPS sites, allowing sites to execute JS only if using a secure connection. Further, it goes beyond just blocking Javascript, it can block Java, Flash, Silverlight, XSLT, other plugins, web bugs, bookmarklets, certain meta redirections, frames and ifames, etc. and for many of those things it replaces the page element with an icon which you can click on to unblock it, either temporarily or permanently.

There's a huge difference between what NoScript does and just turning off Javascript.

Re:What do you mean?

[swillden]

Plugins and cookies are a huge problem. Cookies are a major privacy concern, and plugins well just depends on how much you trust the external plugin.

NoScript blocks plugins as well, including Java, Flash, Silverlight, etc. And it blocks XSS attacks, even for pages you are allowing to run JS.

It doesn't block cookies, but there are other tools for that. And cookies aren't really that significant anyway, especially if you disable third-party cookies and configure FF to lose them every time the browser is closed.

Re:What do you mean?

[REggert]

Well then, as I said before, that's a standard feature in Opera.

Re:What do you mean?

[twidarkling]

Ah, right then, it's like a multi-tool verus a claw hammer.

Re:What do you mean?

[Zancarius]

and plugins well just depends on how much you trust the external plugin.

You eventually have to trust someone, somewhere. Be it MS or the individual responsible for NoScript. Schneier wrote an interesting piece on countering "trusting trust."

Given that the js engine is loaded with security problems, its likely that java and flash are too

Likely that Flash is to? There have been far more zero day exploits in Flash than have been present in Mozilla's JS engine that were widely and actively exploited. Worse, Adobe sits on these exploits for weeks before doing anything about it.

You really just want to block all of this out by default and allow certain websites to run them as needed.

Guess what NoScript does? You don't need to muck with profile settings, either.

Javascript itself really should not be a problem if it were not for security problems in javascript itself.

I think you mean the issues with JS implementations?

privacy violation however is what cookies are specifically intended for.

No they're not:

Cookies are a way for a server to sustain a stateful session by passing information back to a user agent; the user agent returns the information back to the server on its next visit.

Just because something can be used to violate your privacy doesn't mean it is expressly intended to do so.

Fireofx is that good

[Dayofswords]

computer people use Firefox because they know its good, others use IE because its all they know that exists

Obvious

[IthnkImParanoid]

Of course they use non-IE browsers; they probably either spend considerable time exploiting IE, or at least are aware that IE is often exploited. I'm sure criminals who break into houses through open or poorly secured windows have wrought iron bars on all of their own.

Dubious logic?

[Johnny+Loves+Linux]

Interestingly, Opera, which by some measures has only a 2 per cent market share, ranked second among the kit operators, with 26 per cent. "I think that's probably because operators have a familiarity with the web threat landscape," Royal told The Register, suggesting that many black-hat hackers take a security-through-obscurity approach to making sure they themselves don't get hit. "It makes them wary of using mainstream browsers."

Huh, and here I was thinking that maybe, just maybe, these hackers knew the security history of the various browsers and knew that Opera had a better security history than Internet Explorer?

Re:Dubious logic?

[Runaway1956]

An alternative conclusion could be, since Opera rules the market share in countries that use the cyrillic alphabet, most criminals are from Eastern Europe and Russia.

Still dubious logic, but hey, it's as good as the author's dubious logic!

Firefox is safe

[DigiShaman]

One out of two criminals agree. Certifiably badass!

Obnoxious intersitial ad?

Wow! No wonder it is so difficult to make money publishing on the Internet. Even an ad that goes away after a timeout, or can be skipped with a single click, creates angst amongst those who hold that information wants to be free. /. editors don't accept stories that include links to content behind paywalls, even if the information is really relevant to the /. community. Post a link to an article requiring registration and someone will copy the article and paste it as a comment (which seems like a pretty clear copyright violation). And now warnings are being given because someone out there is actually paying for the content that /. readers want to look at. Go ahead and mod this down troll/flamebait/overrated...but dang this obsession with not having to pay for any content, either in terms of dollars, registration, some time, or an extra mouse click, seems to be, well, obsessive!

Re:Obnoxious intersitial ad?

[falckon]

That may be so, but do you really think the value of that extra click is worth anything from a /. reader with this mindset. Next thing you know you'll be suggesting they should follow some of the ad links on the site, or buy some of the site's affiliate's products. This may even be enforced by having your affiliates track when each user visits their site or fills out some survey. Nevertheless, no matter what you do, people who believe that the web should be free will continue to believe so.

There's also a greater cause being supported. Paywalls are not conducive to an enjoyable internet. It's similar to the radio where I used to be able to enjoy music throughout the day. Over time radio air-time has been increasingly filled with ads to the point that it's no longer enjoyable to listen to. If websites require more forced advertising it will get to the point that you are forced to see more advertisement content than what you actually wanted to read in a day.

Re:Obnoxious intersitial ad?

[cffrost]

[blah blah] ... (which seems like a pretty clear copyright violation).

Seems like an IE luser clearly has his panties in a twist.

Maybe so

[mysidia]

I'm reminded of an old observation: whenever ice cream sales rise, so do shark attacks. So does eating ice cream cause sharks to attack you? No.

The observation that more Criminals prefer Firefox over IE, doesn't associate Firefox use with criminal behavior.

It most likely just means that there is a common occurence that causes technically savvy computer users to prefer Firefox.

People who build malware infrastructure are technically savvy, otherwise, they would not be able to understand and defeat technical security measures.

Non-technically savvy users often use IE because they don't understand the alternatives.

Also, they don't understand the weaknesses in IE's security defenses, the technical advantages of using Firefox (or Chrome) over IE, or the basic security principle that installing and using less-popular software (alternatives to the most popular option) means there are fewer people interested in devising a way to attack your software.

Eg Opera is not a very ripe target that hackers are highly interested in attacking, because it has so few users, it's a low value target.

Re:Maybe so

[Sulphur]

Seakittens? -- If it gets hot and 800 years later CO2 rises, then CO2 causes the heat.

Re:Maybe so

[SteelRealm]

Or... maybe it's because Opera is actually *gasp* a secure browser?

Re:Maybe so

[mysidia]

Who said anything about shark attacks in Nashville, TN specifically? That's just like saying there isn't increased Firefox usage among Criminals who don't own or have access to a computer.

The correlations Ice Cream VS Shark attacks are not specific to TN. Just like the Firefox/Criminals observations, the observations about Ice cream sales and reported shark attacks both being lower in December, and both higher in July (whenever larger volumes of ice cream sales were observed, there were larger numbers of reported shark attacks), with strong correlation, pertains to observations during the specific study.

It's been said by so many people, that a "BS" claim is not compelling.

The BBC is more believable than an unsourced claim it's BS.

Re:Maybe so

[nedlohs]

So what do you mean? World wide ice cream sales correlate to world wide shark attacks? Country level? State level? Not city level obviously.

And what time frame?

It's obviously not true for arbitrary geographic areas. And it's obviously not true for long term time frames - sharks attacks have gone down since 2000, I doubt world wide ice cream sales have.

Yes they are very likely correlated, but that is completely different than claiming that "whenever" ice cream sales increase so do shark attacks. 2000 compared with 2006 is one world wide counter example. Nashville winter versus summer is one local seasonal counter example.

So what is you actual claim for the definition of "whenever" - what area size and what time frame?

"Whenever shark attacks increase so do ice cream sales" would be a much safer statement that I wouldn't argue with.

But the one you parroted is ridiculous.

So give me the definition to which is applies which ice cream sales and which shark attacks?

Florida seems an easy example do are ice cream sales really higher in April than they are in June? (I assume you have ice cream sales stats handy to backup your claim)

Re:Maybe so

[mysidia]

Somehow, I think you have completely missed the point. The data used for these types of broad generalizations is not specific to an area, it is aggregated. Your strawman argument isn't very interesting -- do you actually believe that preferring Firefox means you are probably a criminal? The shark attack VS ice cream example is not a premise of the argument.

It's obviously not true for arbitrary geographic areas. And it's obviously not true for long term time frames - sharks attacks have gone down since 2000, I doubt world wide ice cream sales have.

The data does not suggest reported shark attacks have significantly gone down since 2000.

Reported shark attacks have been in an up trend since the 1980s.

And actually, Ice Cream sales have been going down a bit, since 2000, the product has been losing some some market share to other frozen desert items. And bad years.

I expect both reported shark attacks and ice cream sales have bad years, where they may randomly deviate from the trend. Not all correlations are the strongest type possible.

Re:Maybe so

[nedlohs]

2000 has the highest number of shark attacks in the data set you gave. Hence every year since 2000 had had a lower number of shark attacks that 2000.

That obviously does not mean the trend is down, it just means there's an outlier data point.

It does mean if we compare 2000 to any year afterwards for ice cream sales and find that ice cream sales are higher than we have a case in which ice cream sales have increased but shark attacks have not.

That ice cream sales fell in 2009, during a major recession, does not mean they were lower than the 2000 numbers. And does not mean they were lower than 2000 in all 9 years following it. Ice cream sales have increased in China and India in that timeframe, which could drown out a decrease in the US anyway.

And you didn't claim a correlation, that allows for noise and so on. You claimed "whenever ice cream sales increase shark attacks also increase". "Whenever" means in *every* case, not in most cases.

What will come of this "news"?

[EkriirkE]

Are we now to be harassed if badged-mongoloids see us on the internet and its not a blue "e" icon?
Akin to this previous /. story where one of them saw a student using a CLI

Re:What will come of this "news"?

[roguetrick]

Hilariously, that story was just as hyperbolic as the idea cops would harass people for using firefox. That kid was a accused of trafficking in stolen goods among many other things, I believe the fact that he used a CLI just was an example of his technical competence.

I love the comments on...

[vistapwns]

IE's lack of security being a reason for this. This is not true of recent versions of IE, and in fact, IE is sandboxed in recent versions of Windows, unlike FF and Opera. The Pwn2Own hacker winner rated it at 9/10 in security, and so on. I highly doubt this has anything to do with real security, more like hackers are faddish gullable kids who believe the "IE is teh insecure!" hype that the typical slashdotter believes. Ya mod me down, I don't care.

Re:I love the comments on...

[psycho12345]

I agree that the latest versions of IE are vastly more secure, however you must take into account many, many people still are running IE6 (ignorance for home users usually, or compatibility reasons on the business side), and thus are still easily exploited. With that foreknowledge I'd imagine the malware writers who do use IE have IE8 for the same reason that other use FF and Opera, generally more secure.

Keep it in perspective...

[Junior+J.+Junior+III]

How many firefox/opera users are criminals? Probably a tiny, tiny percentage. Unless you count copyright violation, in which case everyone is guilty.

Re:Keep it in perspective...

[John+Hasler]

> Unless you count copyright violation, in which case everyone is guilty.

Not true. In any case, copyright infringement is rarely a crime, at least in the USA.

So what is the IE %?

[neonprimetime]

If FireFox 46, Opera 26, that is 72. does that mean IE is close to 28? or are there other browsers that take up the rest ... the story seemed to lack that info?

Re:frist psot

[telchine]

Data collected shows that 50% of those tracked use Firefox, while 25% use Opera

Let me guess, they tracked 4 operators?

Thank you for that report Captain Obvious

[Orion+Blastar]

like any 733t H@ck3r would use Internet Explorer, and risk being kicked out of their group.

Did you check to see if they were even using Windows? Chances are if not then IE isn't even available to them, but Firefox and Opera are. Maybe that is because Firefox and Opera are cross platform and IE isn't (except for a Mac OSX port that is fugly, but then why install IE for OSX when Safari is way better?) available on Linux, BSD Unix, etc.

opera in russia

[shird]

I'm surprised Opera isn't more represented, given the number of Russian cyber-crimminals. Opera is quite widely used in Russia. Opera once did a random street sampling in the eastern bloc after Google's video of asking people "What is a browser" in New York Square (to which people replied "Google" or "Yahoo" etc). They found most people knew what it was and majority used Opera:
http://my.opera.com/haavard/blog/2009/06/25/what-is-a-browser-russian-edition

Which goes to show, those technically minded use Opera, which helps support my claims it is the better browser (for IT guys at least)

Re:opera in russia

[John+Hasler]

> Google's video of asking people "What is a browser" in New York Square (to
> which people replied "Google" or "Yahoo" etc).

When the correct answer, of course, is "An animal that browses, such as a goat or deer."

Re:opera in russia

[shird]

Also from that link is these stats:
http://gs.statcounter.com/#browser-RU-monthly-200901-200906

as you can see, in Soviet Russia, Opera browses you.

Re:opera in russia

[mqduck]

I'm a big fan of Firefox and prefer it to Opera, but I'm glad it's around. I once saw a forum thread somewhere about why the world needs Opera - to which someone replied: "so Firefox has somewhere to steal features from".

Re:opera in russia

[hajma]

Russian criminals are 1337er than others, obviously they were not trapped by the lame researchers. So their Opera browsers did not actually make it into the statistics.

Many peope in Russia use Opera...

[at_slashdot]

Not saying that all Russians are criminals, but there's a big population there, and yes there are many cybercriminals.... this might explain somewhat the Opera numbers.

Duh

[Opportunist]

No really? Probably they don't want their precious botnets be taken over and used "by proxy" (in both senses, actually...).

I call BS

[Culture20]

How do they test their activex exploits without using IE?

In other news...

[bytethese]

Water is wet, the sky is blue and we're all getting older.

Think about it a moment.

[Ungrounded+Lightning]

A better reading could be "people that exploit vulnerabilities of browsers prefer to not use those vulnerable browsers".

In particular:

"People who create websites containing malware that takes over the browsing computer NEED to use a browser that is immune to their own takeover tools for their command-and-control console."

Jeez. Think about it a moment. How the heck are they going to work on the thing if it eats their machine when they touch it?

Re:Think about it a moment.

[fatp]

But their takeover tools for their command-and-control console has vulnerability that exposed themselves.

In conclusion, they are not much smarter than those people using browser they take over.

The share of Firefox should be much greater

From the original article:
Royal was able to monitor the browser, IP address, and in some cases operating system of many of the operators of these sites by sneaking a line of JavaScript into the referrer fields of browsers he had visit the site. When the webmasters viewed the logs, their browsers secretly visited a website under his control.
Many, if not most of these crim... technically savy people probably deactivate JavaScript, and the most convenient way to do it is NoScript on Firefox. Which means that these statistics only take into account browsers with JavaScript enabled, which, in turn, means that the share of Firefox is probably much greater than 46%. Those who used Firefox with NoScript simply weren't taken into account.

Re:frist psot

[Runaway1956]

Let's make asses of ourselves, and assume that the percentages would hold in larger samples. What would that tell us? Hmmmmmm. Maybe hackers know that FF and Opera are safer browsers than IE? Well, one has to ask, "Who would know better than a hacker?"

Alright, we've been asses long enough. Shitcan the silly assumption....

Sample Size Fail?

"Of the 15 sites tracked, only two were hosted in the same country where their operator resided"

15 sites? That means that these amazing numbers are from a 15 point data sample? Are you kidding?

Also FF and O are also the most easily extensible. Meaning you can write your own scripts/software/addons/etc to help you screw up pages you visit.

So malware authors use these two browsers more than internet exploder? Fascinating.

Not representative

[rbb]

Just for the record: "1 in 4 hackers use Opera" story is based on total global sample of 15 hackers... :-)

Re:Not representative

[sznupi]

And you think it's not representative only for Opera...why exactly?

Re:Not representative

[rbb]

I don't think any conclusions based on such a small sample group can be called representative, it's not specifically something either in favour or against Opera.

The fact that people who run drive-by exploit sites use Opera or Firefox didn't surprise me much, I just wish they'd picked a larger sample group :)

Re:Not representative

[sznupi]

OK, that's better - it's just that your first post named the story like it's presenting, on flawed method, supposedly huge popularity of Opera (accidentally, that might be somewhat correct - Opera has 40% in Russia, not much less in Ukraine; still, methodology is bogus)

Re:Not representative

[rbb]

I think drawing any conclusions based 51 exploit-kit using hackers, from which only 15 IP addresses and browsers could be determined using a forged referer field, is a prime example of bogus methodology ;)

Culprit != Causality

[skander]

Those who know how to use the net use Firefox or Opera.

remember folks

[quakemeister]

browsers don't kill people, criminals kill people.

if we outlaw browsers.. hows that go?

Uber Crimininals prefer IE ...

[ub3r+n3u7r4l1st]

running under a VM.

Same with Opera

[sznupi]

You think that only FF can turn of js...why exactly?

I've always wondered this

[ILuvRamen]

I've always wondered if someone could make a browser just for hacking. Like display POST data in plain text and let you modify javascript commands and change true to false and send invalid form data anyway, etc. That would be so unbelievably valuable but as far as I know, it doesn't exist. Is that isn't feasible and why has nobody ever done it?! Are rendering engines and javascript engines that hard to write from scratch? Wouldn't hackers just copy and modify existing engines?

i guess

[shnull]

this research was somehow funded by microsoft ?

Iceweasel

[jbatista]

Firefox user = criminal

Iceweasel user = poser?

Difference between preference and need.

[Ungrounded+Lightning]

I read the partent posting as "They're using these browsers because they understand the risks and prefer a less vulnerable browser."

My reply was intended to be "Actually, it's they have a specific NEED to be immune to the attacks as part of their operation: Their own malware would break them if they don't use a browser that's immune to it."

That's a very significant difference: Between preference and inherent requirement. TFA and many of the comments here are talking about preference, as if the malware authors were just using FF and Opera because, in their expert opinion they were cooler. I took the parent to be doing so as well. If I was mistaken than the post was indeed redundant.

Re:frist psot

[shentino]

Maybe they're the same 4 guys that China just busted for pirating...

In Other News...

[freakmn]

In other news, car thieves prefer exotic sports cars.

Re:frist psot

[Mozk]

Well, TFA itself had 46% and 26%.

What was the point of the rounding those to 50% and 25%? FFS, that's rounding two different ways on similar numbers.

It reminds me of a bash.org quote:

<kyourek> There was a 23% drop in temperature.
<nappyjallapy> That's almost 25%!
<kyourek> ... That was one of the most worthless comments I've ever heard.

Re:ANYONE can secure a Windows NT-based PC well

[Itninja]

Wow...you're right. That's WAY better than just using FF. And the best part is your links try to load scripts on my machine. Good work!

Years ago...

[Hasai]

...a guy by the name of Massad Ayoob wrote a book called "The Truth About Self-Protection." (http://www.amazon.com/Truth-About-Self-Protection/dp/0553195190) I recommend it highly, as one of the things he did was go over to the local prison and ask career criminals how they would go about protecting themselves from the same sort of people.
It's quite instructive.

And In Other News

[HermMunster]

Criminals prefer cars to bicycles. Some even prefer the internet to the telephone. Most importantly they prefer the night to the day, as they are seedy folk after all.