Firefox Question

[The Six Million Dollar Man]

I have been happily using Firefox on my Windows XP Home SP2 system since
last December. I am concerned by an article that I read on page 14 of PC
Utilities Magazine, Issue #67 (the newest issue here in Canada)

-----------------------------
MAC ATTACK

Users of Firefox and Macintosh computers may be living under a false
sense of security, according to a recent report. Symantec's latest
half-yearly Internet Security Threat report reveals that 25
vulnerabilities were disclosed for Mozilla browsers and only 13 for
Microsoft's Internet Explorer during the first half of 2005. "Cross-site
scripting attacks have been used to attack more vulnerabilities in
Mozilla browsers over the last six months than Internet Explorer",Graham
Pinkney, Symantec Head of Threat Intelligence told an IDC security
confrence prior to the release of the report.

(The article contains one more paragraph about Apple OS X)
------------------------------

My concerns :

Are Windows users at the same risk level as the Mac users? The article
is unclear about whether this is a Mac only problem or not.

Have all these Firefox vulnerabilities been addressed (I am using
version 1.0.7)? Were they addressed as quickly or quicker than Internet
Explorer? How many of Internet Explorer's vulnerabilities remain?

Why is Firefox being subjected to so many more attacks than Internet
Explorer? I was under the impression (from Firefox users in this group)
that Internet Explorer was far more vulnerable and hence under more
frequent attack than Firefox?

How reliable are the comments of a Symantec (or other Anti-Virus
company)executive? Is it fair to be sceptical because his company has a
financial interest in perpetuating fear of on-line viruses and malware?

 

[Archangel]

[snip]

How reliable are the comments of a Symantec (or other Anti-Virus
company)executive? Is it fair to be sceptical because his company has a
financial interest in perpetuating fear of on-line viruses and malware?

My first inclination is to be suspect of Symantec. You did not specify
whether or not that Symantec enumerated (at least some of) the
vulnerabilities they tested for. Nor, do we know if vulnerabilities
they tested for were generated by Symantec itself. Finally, what I do
know about Symantec is (like Norton also), their registry entries are
legion, and are difficult to delete when one chooses to uninstall
their products.

 

[badgolferman]

The Six Million Dollar Man, 11/14/2005, 10:34:32 AM,

Why is Firefox being subjected to so many more attacks than Internet
Explorer? I was under the impression (from Firefox users in this
group) that Internet Explorer was far more vulnerable and hence under
more frequent attack than Firefox?

This may be because Firefox has become more popular and hackers are
starting to direct their attention to it more.

 

[Adam Piggott]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have been happily using Firefox on my Windows XP Home SP2 system since
last December. I am concerned by an article that I read on page 14 of PC
Utilities Magazine, Issue #67 (the newest issue here in Canada)

-----------------------------
MAC ATTACK

Users of Firefox and Macintosh computers may be living under a false
sense of security, according to a recent report. Symantec's latest
half-yearly Internet Security Threat report reveals that 25
vulnerabilities were disclosed for Mozilla browsers and only 13 for
Microsoft's Internet Explorer during the first half of 2005. "Cross-site
scripting attacks have been used to attack more vulnerabilities in
Mozilla browsers over the last six months than Internet Explorer",Graham
Pinkney, Symantec Head of Threat Intelligence told an IDC security
confrence prior to the release of the report.

(The article contains one more paragraph about Apple OS X)
------------------------------

My concerns :

Are Windows users at the same risk level as the Mac users? The article
is unclear about whether this is a Mac only problem or not.

There are more viruses and vulnerabilities for Windows than there are for
Mac OS. One could say that Windows has more a higher threat of being hit
but they are both at risk similarly if they are hit.

Have all these Firefox vulnerabilities been addressed (I am using
version 1.0.7)? Were they addressed as quickly or quicker than Internet
Explorer? How many of Internet Explorer's vulnerabilities remain?

http://www.mozilla.org/projects/security/known-vulnerabilities.html
mozilla - Known Vulnerabilities in Mozilla Products

There are no known vulnerabilities listed on this page for 1.0.7.

Symantec's report is FUD. (Fear, Uncertainty, Doubt) One cannot take all of
the security problems of an OS or program and say "Oh but program X has had
50 problems and program Y only 2". A security problem will usually have a
different scope for damage, mitigating factors (i.e. you have to have xyz
switched on) and number of people/web sites actually trying to exploit it.

Why is Firefox being subjected to so many more attacks than Internet
Explorer? I was under the impression (from Firefox users in this group)
that Internet Explorer was far more vulnerable and hence under more
frequent attack than Firefox?

You've gotten the wrong conclusions. (I believe) the report does not say
Firefox has been attacked more, it has had more *reported* problems than IE
in a six month period. That statement doesn't really mean a thing unless
one takes into account *all* of the details of *all* problems.

How reliable are the comments of a Symantec (or other Anti-Virus
company)executive? Is it fair to be sceptical because his company has a
financial interest in perpetuating fear of on-line viruses and malware?

It's tosh; statistically correct but there are lies, damn lies and statistics.

Symantec should be using their time and effort to promote safe Internet
usage, such as using a non-administrator computer account, using
anti-spyware programs and being careful what you download (and your kids if
they use the computer).

No browser, operating system or program can protect you if you don't try to
protect yourself
- --
Adam Piggott, Proprietor, Proactive Services (Computing).
http://www.proactiveservices.co.uk/

Please replace dot invalid with dot uk to email me.
Apply personally for PGP public key.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iD8DBQFDeLex7uRVdtPsXDkRAhObAJ9ocAeGmYh+eoGYIOf+a8jfJ7qDfQCdEzxj
xr2pVwE8LMmh6BDqABt6t00=
=mMan
-----END PGP SIGNATURE-----

 

[George]

As previously mentioned, Firefox has become more popular and hackers
are starting to direct their attention to it more. Firefox does not
support Active X where Internet Explorer does. Active X is often used
by hackers. For this reason, I would say that Firefox is safer than
Internet Explorer.

 

[Vrodok the Troll]

As previously mentioned, Firefox has become more popular and hackers
are starting to direct their attention to it more. Firefox does not
support Active X where Internet Explorer does. Active X is often used
by hackers. For this reason, I would say that Firefox is safer than
Internet Explorer.

Well said.

 

[s|b]

On Mon, 14 Nov 2005 10:34:32 -0500, The Six Million Dollar Man wrote:

Have all these Firefox vulnerabilities been addressed (I am using
version 1.0.7)? Were they addressed as quickly or quicker than Internet
Explorer? How many of Internet Explorer's vulnerabilities remain?

Vulnerability report:

- Mozilla Firefox 1.x
<http://secunia.com/product/4227/>

"Currently, 3 out of 25 Secunia advisories, is marked as "Unpatched"
in the Secunia database."

(Keep in mind that Fx 1.5 RC2 is available at the moment.)

- Microsoft Internet Explorer 6.x
<http://secunia.com/product/11/>

"Currently, 20 out of 87 Secunia advisories, is marked as "Unpatched"
in the Secunia database."

 

[elaich]

Have all these Firefox vulnerabilities been addressed (I am using
version 1.0.7)? Were they addressed as quickly or quicker than Internet
Explorer? How many of Internet Explorer's vulnerabilities remain?

Firefox tends to address and fix vulnerabilities immediately. In
contrast, IE has one that is over 2 years old. Microsoft tends to let
vulnerabilities pile up before addressing them.

Why is Firefox being subjected to so many more attacks than Internet
Explorer? I was under the impression (from Firefox users in this group)
that Internet Explorer was far more vulnerable and hence under more
frequent attack than Firefox?

Firefox is not subjected to more attacks. Being a fairly new piece of
software, it will naturally have more bugs that need to be worked out.

Firefox does not use ActiveX, nor does it install software automatically
like IE does by default. Those two things alone make it safer.

Also, most of the recent vulnerabilities in Firefox have been of the
"user must be led to a hostile website and enticed into doing something
really stupid" type.

Here's an example. Go to this website with Firefox or Opera, and you will
be asked if you want to install gdnUS2161.exe. Don't do it - the file is
a Trojan.

gracelutheranok.org

I downloaded the file to my disk. Neither AVG nor Avast recognized it,
but BitDefender identified it as a Trojan dialer.

The point is - go there with IE and you will have a Trojan installed
without your knowledge. BTW, this website is supposed to be a medical
helpsite. Why they are trying to install Trojans is anybody's guess.

 

[Fuzzy Logic]

As previously mentioned, Firefox has become more popular and hackers
are starting to direct their attention to it more. Firefox does not
support Active X where Internet Explorer does. Active X is often used
by hackers. For this reason, I would say that Firefox is safer than
Internet Explorer.

Total crap.

If you are concerned about ActiveX it takes about 1 second to disable it in
IE. It is very difficult to determine which browser is 'safer' as new
vulnerabilities and patches are being released on a regular basis. What's
'safer' today could be totally vulnerable the next when a critical flaw is
discovered.

I support 600+ IE users and invariably they get malware because they clicked
on, or said yes to, something on a web page/popup that they shouldn't have.
Using Firefox will not prevent this type of activity. Firefox users tend to
be more computer savvy and thus less likely to get malware.

Find a well supported browser YOU like, keep it and your other software
patched and up to date, practice safe surfing and you will likely be as safe
as you can be.

 

[Margrave of Brandenburg]

Total crap.

If you are concerned about ActiveX it takes about 1 second to disable it in
IE.

That's just what I did. Simple.

I wanted to use FF, but it's just too damned slow.

 

[jimpgh2002]

That's just what I did. Simple.

I wanted to use FF, but it's just too damned slow.

Slow? It's not slow for me...must be a personal problem.

 

[Steve H]

Slow? It's not slow for me...must be a personal problem.

Probably means slow to load - which it is, in comparison to IE..but
then IE loads a lot of stuff before you even run the thing.
You can download a plugin if you want FF to do the same thing.

Once running, I find FF about 30% faster than IE.

Regards,

 

[Ron Lopshire]

Probably means slow to load - which it is, in comparison to IE..but
then IE loads a lot of stuff before you even run the thing.
You can download a plugin if you want FF to do the same thing.

Once running, I find FF about 30% faster than IE.

Regards,

Speed? Did someone mention speed?
(http://www.howtocreate.co.uk/browserSpeed.html#testresults)

Ron

 

[elaich]

I wanted to use FF, but it's just too damned slow.

I find Firefox to be way faster than IE.

 

[jimpgh2002]

Speed? Did someone mention speed?
(http://www.howtocreate.co.uk/browserSpeed.html#testresults)

Ron

I don't dispute the tests shown at that link.
Actually, with my broadband connection, all of the browsers
are pretty fast, but FF gives me the best flexibility to configure the
browser the way I like, so even if it's a tiny bit slower(probably not
noticeable), I use it most of the time.
BTW, if you want to stick with I.E., at least use Avant or
Maxthon and take advantage of tabs!

 

[Clif Notes]

I use Opera as default. I've always noticed it was faster once I was up
and running.

Clif
http://clifnotes.net & http://clifnotes.tk
Devoted to promoting Freeware and Free Information

 

[Ron Lopshire]

I don't dispute the tests shown at that link.
Actually, with my broadband connection, all of the browsers
are pretty fast, but FF gives me the best flexibility to configure the
browser the way I like, so even if it's a tiny bit slower(probably not
noticeable), I use it most of the time.
BTW, if you want to stick with I.E., at least use Avant or
Maxthon and take advantage of tabs!

That would be like putting a dress on pig. <g> I personally only use IE for dealing with MS, and then I lock it down. I use Opera, Netscape (will switch to SeaMonkey soon), Firefox and K-Meleon. The more I use K-Meleon, the more I like it. I hope that its development continues.

Ron

 

[Chakolate]

That would be like putting a dress on pig. <g> I personally only use
IE for dealing with MS, and then I lock it down.

Could you explain that, please? Lock it down?

I never use IE, not even if I quite want to visit a site that requires
it, because every time I do, settings are changed and my whole setup is
off-kilter.

Chak

--
alt.support.menopause has a Frappr group! Go see what we look like:

http://www.frappr.com/altsupportmenopause

I learned in business that you had to be very careful when you told
somebody that's working for you to do something, because the chances were
very high he'd do it. In government, you don't have to worry about that.
George P. Shultz

 

[Hootowl]

Could you explain that, please? Lock it down?

I never use IE, not even if I quite want to visit a site that requires
it, because every time I do, settings are changed and my whole setup is
off-kilter.

The "User Agent Switcher" plug-in for Firefox makes it look like IE
(and some other browsers) to sites that require it. It is highly
successful, and nothing gets messed up.

Dan

 

[Chakolate]

The "User Agent Switcher" plug-in for Firefox makes it look like IE
(and some other browsers) to sites that require it. It is highly
successful, and nothing gets messed up.

Thanks, I'll give it a try. It doesn't seem to mimic ActiveX, though,
which so far is the main reason some sites require IE. I'm thinking in
particular of online virus scans - it seems most of them require ActiveX,
which I do *not* want to enable.

Chak

--
alt.support.menopause has a Frappr group! Go see what we look like:

http://www.frappr.com/altsupportmenopause

I learned in business that you had to be very careful when you told
somebody that's working for you to do something, because the chances were
very high he'd do it. In government, you don't have to worry about that.
George P. Shultz