Insecure Plugins Ding IE, Safari, Chrome, Opera

krebsonsecurity writes "The Web browser wars often focus on which browser is more secure, but the dirty secret is that insecure plugins are a serious threat to all browsers, from the perspectives of both stability and security. Krebsonsecurity.com features an informative look at the administration page for a popular browser exploit kit called Eleonora, which suggests that plugins like Adobe Reader and Java are leading to successful compromises for users surfing not just with Internet Explorer, but also with Google Chrome, Firefox, Safari, and Opera."

Re:The model

[ld+a,b]

Your post advocates a

(x) technical ( ) legislative ( ) market-based ( ) vigilante

approach to fighting malware. Your idea will not work. Here is why it won't work.

(x) The program running on the VM/jail/sandbox still has access to all the data you stream through it.

Specifically, your plan fails to account for

(x) L337 H4X0RZ
(x) The fact that you are already running the malware
(x) Who is responsible for setting the permissions
(x) The fact that the sandbox needs to have some side-effect.

and the following philosophical objections may also apply:

(x) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical

Furthermore, this is what I think about you:

(x) This is a stupid idea, and you're a stupid person for suggesting it.

Criticize Firefox: -1. Criticize IE, +5.

[Futurepower(R)]

You're right about that.

I criticized the management of IE and got an immediate +5 moderation: Confused by Microsoft P.R.?, and no comments.

The same day, I criticized the management of Firefox, and got an immediate -1 Troll, with a lot of hostile comments: Firefox development is poorly managed, apparently.