Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Firefox or Internet Explorer
Goto page Previous  1, 2, 3
 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> General Software Discussion
View previous topic :: View next topic  
Author Message
mikey
Malware Expert


Joined: 12 Feb 2004
Last Visit: 15 Jul 2014
Posts: 1072
Location: CenTex

PostPosted: Tue Mar 15, 2005 9:43 am    Post subject: Reply with quote

I'm bringing this thread back up because in light of recent events, I'm hearing lots of that old bogus talk about FF being 'safe' and I would again point out that NO ware is safe. All wares are exploitable and the popularity of products govern the degree and abundance of attacks against them. The more popular it becomes, the more we will see vulnerabilities being exploited.

The rise in reported(not all are publically reported) exploits will as depicted in this graph continue to rise. It is inevitable.



Ref; http://secunia.com/product/4227/

Those who know me know that I'm not a fan of MS. However, I use their products as well as others...so I learn how to protect them all. Shouldn't you?
_________________
-

UbuntuStudio...community supported multi-media development optimization.

-
Back to top
View user's profile Send private message Visit poster's website
ld
Warrior


Joined: 01 Mar 2005
Last Visit: 29 Jul 2010
Posts: 185

PostPosted: Tue Mar 15, 2005 3:02 pm    Post subject: Reply with quote

Quote:
The more popular it becomes, the more we will see vulnerabilities being exploited.

The more popular it becomes the greater the number of people who will be interested in finding vulnerabilities in it. Wether these people will be successful or not depends on how well written the code is. Firefox lacks activex which takes away one of Internet Explorers greatest weaknesses when it comes to security. Programs like openssh and apache are extremely popular and bug hunters focus a lot of attention on them yet the vulnerabilities found are extremely few.

With more people using firefox we will get a better idea of how secure the code really is.

http://www.spywarewarrior.com/viewtopic.php?t=11402
This makes it sound like people are getting a false sense of security with firefox. If firefox is secure that can be completely thwarted if YOU specifically allow malicious code to run.
Back to top
View user's profile Send private message
marinesupergeek
Junior Member


Joined: 16 Dec 2004
Last Visit: 21 Oct 2008
Posts: 45
Location: seattle

PostPosted: Tue Mar 15, 2005 4:39 pm    Post subject: Reply with quote

i have been using firefox for about a year, i could never go back to ie.the adblock plugin is amazing http://gauret.free.fr/adshare/adshare.php, i can now web surf virtuly clean of all adds,my pages load in a blink of a eye even though im on a slow dial up.there are lots of skins if your really into all the bling, as for tabbed browsing how did i ever live without it. Twisted Evil keep fighting the good fight
Back to top
View user's profile Send private message
mikey
Malware Expert


Joined: 12 Feb 2004
Last Visit: 15 Jul 2014
Posts: 1072
Location: CenTex

PostPosted: Fri Mar 18, 2005 1:09 pm    Post subject: Reply with quote

An interesting article appeared @ PCMag;
http://www.pcmag.com/article2/0,1759,1775806,00.asp

The author makes some good points..they sound familiar.

Quote:
Firefox lacks activex which takes away one of Internet Explorers greatest weaknesses when it comes to security


ActiveX is like so many other things...it is really a very good thing that was designed to help users and make things simpler and more convenient. It really is so easy to control...there simply is no reason for anyone(other than the greenest user) to get infected via this route.

Quote:
"...i can now web surf virtuly clean of all adds..."


I've been doing that for years in all my browsers...including IE.

Sorry for beating this horse more...but again today I read someone saying that FireFox was safer...it's just hype and simply not true.

Again, NO WARE IS SAFE unless you work to make it so. BTW Expect to see more revisions soon...or as soon as they get around to the fixes. Because all wares are exploitable and FF is no exception.
_________________
-

UbuntuStudio...community supported multi-media development optimization.

-
Back to top
View user's profile Send private message Visit poster's website
coffee-drinker
Newbie


Joined: 20 Mar 2005
Last Visit: 20 Mar 2005
Posts: 1

PostPosted: Sun Mar 20, 2005 3:15 pm    Post subject: Reply with quote

marinesupergeek wrote:
i have been using firefox for about a year, i could never go back to ie.the adblock plugin is amazing http://gauret.free.fr/adshare/adshare.php, i can now web surf virtuly clean of all adds,my pages load in a blink of a eye even though im on a slow dial up.there are lots of skins if your really into all the bling, as for tabbed browsing how did i ever live without it. Twisted Evil keep fighting the good fight


Many firewalls block all the ads. And if you are not running firefox you will be also happy with all other browsers, except IE. Very Happy
_________________
Coffee!
Back to top
View user's profile Send private message
Forego
Junior Member


Joined: 06 Mar 2005
Last Visit: 23 Jun 2005
Posts: 16

PostPosted: Tue Mar 22, 2005 10:29 am    Post subject: Firefox vs IE Reply with quote

Personally I like having both browsers at my disposal. So I will not argue that one is better than the other. I definitely agree with Mikey "no ware is safe unless you work to make it so" and of course it is as safe as you make it.

To really say it is safe I would do at least the following
(in addition to the firewall, anti virus, etc.)

1. Frequently update the programs (crime is never more than a step behind at any time)

2. Firefox does not allow Active X -- good, but IE can be set to do the same. I also tie down cookies, and Java. You can also set each browser a little different , one allowing for those trusted sites that need Java enabled.

3. Make sure I had the latest patches and other wares that I am aware of (such as tools to block open ports) Run Shields up, etc.

At this point could one say either system is more secure than the other?

I don't consider Microsoft to be an evil empire. They do come up with some good programs. But I wish they would be a little more proactive than reactive when it comes to dealing with security issues.

Perhaps the real issue here is maybe Computers should come with a security page that gives all the newbies some security precautions and tips before surfing. (One that is visible and up front, and not buried in a 76 page manual)

These forums have been valuable to me, but getting the users oblivious to security, to these (or like forums) is a real issue.
_________________
The Web is a crap shoot. Gamble Responsibly. Secure your computer!
Back to top
View user's profile Send private message
Dismas86
Warrior


Joined: 22 Feb 2005
Last Visit: 23 Sep 2007
Posts: 224
Location: Northumberland, England

PostPosted: Tue Mar 22, 2005 5:32 pm    Post subject: Reply with quote

aww thanks! I was just about to switch to firefox and now im just too damn confused! lol Wink
Back to top
View user's profile Send private message MSN Messenger
mikey
Malware Expert


Joined: 12 Feb 2004
Last Visit: 15 Jul 2014
Posts: 1072
Location: CenTex

PostPosted: Wed Mar 23, 2005 5:13 am    Post subject: Reply with quote

Dismas86 wrote:
aww thanks! I was just about to switch to firefox and now im just too damn confused! lol Wink


If you read the entire thread, I don't see where your confusion comes from.

FF is a good browser. As stated many times, if you want to try it to see if you like it, you should. Just be aware that no matter what browser you use, you need to protect it.

Perhaps if you explain what you're confused about...

====
Hey Forego Smile
_________________
-

UbuntuStudio...community supported multi-media development optimization.

-
Back to top
View user's profile Send private message Visit poster's website
Forego
Junior Member


Joined: 06 Mar 2005
Last Visit: 23 Jun 2005
Posts: 16

PostPosted: Wed Mar 23, 2005 12:13 pm    Post subject: Firefox vs IE Reply with quote

Dismas 86:

If you want to add Firefox to your portfolio, you may as well use the new version 1.0.2 just out today (2005/03/23). It adds a security patch.

http://www.mozilla.org/press/mozilla-2005-03-23.html
_________________
The Web is a crap shoot. Gamble Responsibly. Secure your computer!
Back to top
View user's profile Send private message
Dismas86
Warrior


Joined: 22 Feb 2005
Last Visit: 23 Sep 2007
Posts: 224
Location: Northumberland, England

PostPosted: Wed Mar 30, 2005 1:03 pm    Post subject: Reply with quote

i suppose you're right. Might as well use them all since i suppose each has disadvantages as well as advantages Smile
Back to top
View user's profile Send private message MSN Messenger
edgein
Junior Member


Joined: 16 Apr 2005
Last Visit: 07 Jan 2006
Posts: 15

PostPosted: Sun Apr 17, 2005 6:56 am    Post subject: Reply with quote

sorry to revive a dead thread in a way...

firefox all the way! ive been running it since the 0.8 release and havent had a problem with virus's or malware as was once stated in previous threads.
tabbed browsing, while a preference, is IMO a godsend.
extentions:
cookieculler
DOM inspector
adblock (in conjunction with adsbgone which works soley with ie)
spoofstick (displays the actual url you are connecting to in top of browser window...no guessing if the page is spoofed or not
disable targets for downloads (no blank pages when downloading from a site).
no active x (!)
simple configurations regarding security, updates, cache and cookie cleaning, etc.
frequent updates

only reason to break out ie, update windows, update gaming servers, and log into remote admin sites for gaming servers.

just thought id get my 2 cents in. heh
Back to top
View user's profile Send private message MSN Messenger
Nightmaretony
Warrior


Joined: 15 Mar 2005
Last Visit: 30 Jun 2011
Posts: 256
Location: Meadowbrook

PostPosted: Sun Apr 17, 2005 10:15 am    Post subject: Reply with quote

1. Spoofstick is fantastic, at leats until ti gets hacked.

2. Mikey: can you please show a comparison of IE advisories and Windows advisories compared to Firefox advisories? The only thing you showed is that hackers are only recently sitting up and paying attention to FF, nothing more.

3. One giant advantage is the quick respoinsiveness of the Firefox team in the patching. Microsoft is catching up, but is still a ponderous method for them.
_________________
For this is the place
where dreams
and nightmares
are birthed
and bred

Nightmare Park
Back to top
View user's profile Send private message Visit poster's website AIM Address
Munch
Warrior


Joined: 07 Mar 2005
Last Visit: 23 Mar 2007
Posts: 68

PostPosted: Sun Apr 17, 2005 4:23 pm    Post subject: Reply with quote

The newest threat I have seen with Firefox is that instead of a "pop-up" or Pop-Under" it is actually a new tab. If your not paying attention and happen to click on the new tab, then there is a good chance you will be infected.
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger
farmer6re9
Junior Member


Joined: 14 Apr 2005
Last Visit: 28 May 2005
Posts: 16
Location: Ontario, Canada

PostPosted: Tue Apr 19, 2005 4:49 am    Post subject: Reply with quote

Actually there is a JavaScript vulnerablity that has been corrected recently (though I haven't updated yet) that may have been mentioned earlier in this thread. For those who wish to check their version of Firefox, see this article http://secunia.com/advisories/14820/ for good information on this browser and a proof-of-concept link to test what your browser reveals from memory through a JavaScript Error.

It would be prudent for me to not enter into this melee of browser preferences.
_________________
Eating Crow is better with MyCrowSauce
Back to top
View user's profile Send private message
The Flying Dutchman
Junior Member


Joined: 16 Jul 2005
Last Visit: 28 Oct 2005
Posts: 15

PostPosted: Tue Aug 16, 2005 11:52 am    Post subject: Why I favour Firefox Reply with quote

Hi folks,

Firefox or Opera is the safer browser at the moment. FF with Adblock and NoScript it is even safer. It is tweakable, you can build your own filters for instance (XML-filter). A browser plug-in like the link pre-scanner from Dr. Web is a great add-on for security, you can pre-scan all your links for malware, script, safe HTML etc. at the global update server of this St. Petersburg AV vendor. Download frequency bi-hourly, just behind Kaspersky's. You do not download it onto your computer, all scanning is done there, no risk and you can click the pre-scanned links scarefree. To keep script further at bay I got AVX Script Wall from the Romanian vendor Bitdefender to check MS Scripting Host and its scripting-actions. You can analyze the script, before blocking or allowing it to run.

There were two things that made IE basically unsafe, and there is no easy way back. That was the decision to build IE deep into the OS of a good NT4 design OS. Better to keep browser code and system code apart. But IE was not designed with security at heart, but to please easy functionality for every Jack and Jill, and to please every Webmaster around, also those who did not stick to WWW standards (50%), as IE does not follow up full standards by design.
FF does not comply fully, but tries to anyway, as Opera does.

The second reason wasunsafe Active X, a technology that does not always stay in the sandbox as forseen. As long as this basic concept is not changed, a nice anti phishing utility or an anti-spoof bar cannot get me to use IE 7.0 beta. Since I have loaded and updated Firefox malware has been rare, next to that I have made my own host file with hoster, so my browser does not connect to the nasties anyway. I hope together we can keep FF safe and make safer builds.

greets,

The Flying Dutchman
_________________
We sail the FreedomFlag atop
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 24 Jul 2014
Posts: 9979
Location: Yorkshire

PostPosted: Tue Aug 16, 2005 11:15 pm    Post subject: Reply with quote

Like so many here, I'm a confirmed Firefox fan.

Nothing really to add (Herbalist pretty much said it all) but to add my endorsement for tabbed browsing.

Could'nt get by without it when analysing HJT logs.

As Mikey says no browser is bulletproof, so don't use it thinking you're invulnerable to attack, however it's still "safer" than IE, and best of all it's not by M$.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 24 Jul 2014
Posts: 10320
Location: sunny California

PostPosted: Wed Aug 17, 2005 8:12 am    Post subject: Reply with quote

People should keep in mind that even if you are using an alternative browser, you still need to lockdown Internet Explorer with tight security settings and protection like IE-SPYAD, SpywareBlaster, SpywareGuard, etc.

Case in point:

http://www.vitalsecurity.org/2005/03/firefox-spyware-infects-ie.html
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
Nick
Site Admin


Joined: 27 Feb 2004
Last Visit: 15 Jul 2014
Posts: 3913
Location: California

PostPosted: Wed Aug 17, 2005 8:28 pm    Post subject: Reply with quote

That was more of a Java thing than a browser problem, but I'm not going to open that can of worms again.

Never the less, plenty of programs open IE even if it's not the default browser. Most weather programs utilize IE when they show weather maps for example.
Back to top
View user's profile Send private message
TNT-6
Junior Member


Joined: 30 Apr 2005
Last Visit: 02 Sep 2005
Posts: 15

PostPosted: Fri Aug 26, 2005 5:23 pm    Post subject: Reply with quote

[quote]Again, NO WARE IS SAFE unless you work to make it so. BTW Expect to see more revisions soon...or as soon as they get around to the fixes. Because all wares are exploitable and FF is no exception.[/quote]

Sorry, but that's EASILY THE MOST RIDICULOUS CONCEPT I've heard in a while. There are softwares inherently more secure by default than others without much tweaking to make them "secure", and there are softwares with security bugs in them that stay inherently insecure unless you re-write them almost from scratch. It all depends on (a) the quality of the programmers writing the code, (b) the priorities of the company or the individuals who work on the code.

Are you trying to make us believe that say, every operating system is equal to another out of the box in term of security? Is this supposed to be funny? OpenBSD had one remote "root" exploit in 8 years, do you think that's just because it's "not very popular"? I'd like to see Theo de Raadt have a good laugh at that.
Back to top
View user's profile Send private message
aquias
Warrior


Joined: 26 Jul 2005
Last Visit: 15 Oct 2007
Posts: 84

PostPosted: Mon Aug 29, 2005 7:01 am    Post subject: Reply with quote

Personally, I can't understand all the passion and fire a browser/OS can stir up among us geeks...

To the point. TNT, you're completely missing Mikey's point. At least I'm going to assume this is the point being made... Wink

Everything is exploitable, nothing is safe. Paranoid? Yes! True, yes. No matter how secure a software claims to be or how strong you believe it to be. Someone, can find a way to exploit you and the software, if you don't take the correct steps to protect yourself.
Back to top
View user's profile Send private message
TNT-6
Junior Member


Joined: 30 Apr 2005
Last Visit: 02 Sep 2005
Posts: 15

PostPosted: Mon Aug 29, 2005 4:35 pm    Post subject: Reply with quote

aquias wrote:
To the point. TNT, you're completely missing Mikey's point. At least I'm going to assume this is the point being made... Wink

Everything is exploitable, nothing is safe. Paranoid? Yes! True, yes. No matter how secure a software claims to be or how strong you believe it to be.


Well, sorry, but I really don't get the point of this. "Pretty much every software is exploitable, there is no absolute security". Ok, this is all nice and true... except I don't see where we're going here.

There is software with good security design that is bound to fail after careful scrutiny, and there is software developed with poor security design. From a practical standpoint there is a BIG difference.

Case in point, Internet Explorer HAS poor security design. It's evident. It's absurd to think otherwise, and tools like SpywareBlaster or IE-SpyAD are very, very far from resolving IE's inherent design problems.
Back to top
View user's profile Send private message
mikey
Malware Expert


Joined: 12 Feb 2004
Last Visit: 15 Jul 2014
Posts: 1072
Location: CenTex

PostPosted: Tue Aug 30, 2005 3:18 am    Post subject: Reply with quote

aquias wrote:
Personally, I can't understand all the passion and fire a browser/OS can stir up among us geeks...


You know, I've been publically reviewing products while working in IT/sec for quite some time. One thing I've seen repeatedly is that passion can and will blind an eye. I've experienced it myself on several occassions. A few years ago, I thought AA was the answer to the net's probs. How shallow was that?

Time and circumstance have a way of eventually bringing truth and realization home tho. For those who can't yet grasp the situation, necessity will eventually do it for them.

In the next year or so when there have been umpteen more complete revisions, some will start to realize; 'Well, maybe it wasn't quite the perfect product after all.' Smile

Again, your wares are only as safe as you strive to make them.

Not too long ago, I actually saw a user decide to drop the use of FWing and AV because he got so wrapped up in the FF hype. Folks, plese don't be foolish. All wares are exploitable including FF.
_________________
-

UbuntuStudio...community supported multi-media development optimization.

-
Back to top
View user's profile Send private message Visit poster's website
sivran
Junior Member


Joined: 30 Aug 2005
Last Visit: 06 Nov 2005
Posts: 15
Location: Telvista

PostPosted: Tue Aug 30, 2005 6:21 am    Post subject: Reply with quote

Use what you feel is best for you, but be aware that no browser--no, not even Firefox, Mozilla, or Opera--is completely immune to exploitation.

As for me, I can't stand IE. I can run it safely, but I just can't stand it. I also prefer Mozilla or Opera over Firefox, which I find annoying.
_________________
Because I can't surf DSLR at work.
Back to top
View user's profile Send private message
thejynxed
Warrior


Joined: 09 Nov 2004
Last Visit: 14 Oct 2007
Posts: 89
Location: Pennsylvania

PostPosted: Tue Aug 30, 2005 10:47 pm    Post subject: Reply with quote

As for getting infected by going to websites in Firefox... anyone ever bother to do a little thing such as Tools>Options>Web Features>Allow Websites to Install Software (uncheck the box)...? Wink Along with disabling Javascript and Java, it works miracles. Very Happy

There is also a nifty little extension I love by Jan Dittmer called ShowIP.

Quote:
ShowIP

By Jan Dittmer

Show the IP address of the current page in the status bar. It also allows querying custom services by IP (right mouse button) and Hostname (left mouse button), like whois, netcraft. Additionally you can copy the IP address to the clipboard. This extension was formerly known as ipv6ident.


Prevent lookup of file:// and chrome:// urls


Very useful tool when tracking down baddies.

I haven't used IE for anything personally since Firefox was in it's infancy (alpha stages). I am addicted to tabbed browsing and the total control I have over my browser. When I fire up IE to do Office updates I just want to cry (you other Firefox users know what I mean).

I tried Opera once and found it to be a bit klunky and slow. It also didn't help that it crashed alot.

I tried Maxthon and Green Browser, and didn't like them much either. Maxthon mainly due to it's inheriting all of the underlying flaws of IE.

I used Netscape and Mosaic back in the day, and still prefer the classic Communicator 4 suite to some of the more modern browsers.

Anyone remember the fond days of Gopher?
_________________
"I stab thee with a rusty spork."

Back to top
View user's profile Send private message AIM Address
aquias
Warrior


Joined: 26 Jul 2005
Last Visit: 15 Oct 2007
Posts: 84

PostPosted: Wed Aug 31, 2005 6:27 am    Post subject: Reply with quote

Mikey,

I think we've all had those moments with software..."Why don't they GET it!"

But OS/Browser seems to be of a different kind of fanatic. Go visit BBR when anyone states that they've got a problem with a Mac/MS/IE/FF/Opera...etc...

TNT,

The point is, preaching that (insert software here) is safe, is a fallacy and a dangerous one. You are correct, some software is written, for lack of better term, better. It is more secure out of the box. But it is a dangerous mentality that lends people to say..."Get (insert software here) it's more secure than (insert software here)" and leave the conversation at that.

I can make IE as secure as FF. The point that is being made is for people to start explaining why to use a software package over the other and to understand that they are still vulnerable.
Back to top
View user's profile Send private message
thejynxed
Warrior


Joined: 09 Nov 2004
Last Visit: 14 Oct 2007
Posts: 89
Location: Pennsylvania

PostPosted: Sun Sep 04, 2005 9:55 am    Post subject: Reply with quote

That is all true, and once marketing companies and dubious affiliates of said marketing companies and their subcontractors find it monetarily worthwhile to search out exploits for Firefox and Opera, we'll see alot more of what has happened to Internet Exploder.

For right now though, I'd rather deal with the better design (yes, holes exist, but they get fixed quickly) of a Firefox or an Opera than with the broken from the get-go (needs ten patches to fix the holes opened by the last patch) Internet Explorer.

I've always viewed IE as the one step forward, two steps back kind of thing. Microsoft seriously either needs to fire their entire Q/A department or get them some proper training, because those guys don't seem to be doing their jobs very well.

I've read alot of the Secunia reports and some of these holes that are found are just from really poor programming practices. The kind you are taught in first-year CS to avoid (.I.E. taking too many shortcuts that deviate from the flow-charts).
_________________
"I stab thee with a rusty spork."

Back to top
View user's profile Send private message AIM Address
Ƕå
Junior Member


Joined: 17 Jul 2005
Last Visit: 10 Oct 2005
Posts: 35

PostPosted: Mon Sep 05, 2005 5:51 pm    Post subject: Reply with quote

I perfer IE,specially that the new MonkeyHoneyPots that M$ has probing the internet for spyware threats and other exploits,will only be applied to their browser.Microsoft said they will not share these exploits (wich are also pointed at Firefox) with Mozzila.

Firefox and Opera,and other browser may make one feel safer,but that doesnt mean you are,expesially if you practice in surfing PORN sites,were most of the baddies originate from,though there are other sites that know of exploits that MS and Mozilla have not shared with the public.It all comes down to what a user feels safe behind,just do not throw IE out the window,as IE7 will be a decent browser. Twisted Evil
Back to top
View user's profile Send private message
mikey
Malware Expert


Joined: 12 Feb 2004
Last Visit: 15 Jul 2014
Posts: 1072
Location: CenTex

PostPosted: Sun Aug 28, 2011 7:14 am    Post subject: Reply with quote

Sorry to bump this old thread but considering that I've linked to it recently, I want it easier to find.

Ref; http://www.spywareinfoforum.com/index.php?/topic/132442-ie-alternative-to-firefox/
_________________
-

UbuntuStudio...community supported multi-media development optimization.

-
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> General Software Discussion All times are GMT - 8 Hours
Goto page Previous  1, 2, 3
Page 3 of 3

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group