Hi all!

I'm running Vista 32 bit with KIS presently, and I've been doing some browsing of Secunia lately. It seems Firefox has a lot more open vulnerabilities than IE at the moment. On the plus side though, Firefox never has to deal with ActiveX.

I really haven't had a chance to look at Protected Mode IE. Does anyone have any experience with it, and would running IE in Protected Mode give it a security edge over Firefox?

Thanks in advance!

Hello,

Without going into details, it is very simple:

You cannot get infected while browsing with Firefox - this is called a drive-by or whatever.

You can get infected while browsing with IE in whichever mode.

Answer: Firefox.

A bit more about this issue. This does NOT apply to manual downloads and installations. As to Firefox, nothing executed inside the browser can cause system damage. No such thing with Firefox. Only a few weak proofs of concept.

Mrk

-{ Quote: "You cannot get infected while browsing with Firefox " }-

This is your opion or fact?
Do you have any proof?
Or is this just speculation?
No security holes ever in firefox?
Ever?
Hmmmmmmm.

Hello,

First, it's innocent till proven otherwise.

Second, I've got all the proofs you want.

Third, security hole does NOT mean a living, breathing exploit that can knock down the browser and take over.

Fourth, I'm one man, there are billions out there. I'm challenging everyone to provide one real example where you get owned browsing the net with Firefox.

Mrk

-{ Quote: "You cannot get infected while browsing with Firefox - this is called a drive-by or whatever" }-

You sure? ;) ;D

@Hangetsu

There is nothing wrong with the ActiveX technology when you can have complete control of what ActiveX is being installed . IE7 will always ask for permission . This resembles the add-ons in Firefox .

Well , Protected Mode is a little bit ~difficult and long to explain but I woud try by saying that it makes IE7 run with less privilages than any other application in Vista and thus IE7 is IE7 only. No change can affect any other program or the Opearating System . Full detailed description of Protected Mode in Microsoft Windows Internet Explorer browser 7 can be found here:
http://blogs.msdn.com/ie/archive/2006/02/09/528963.aspx

Example of how Protected mode can help :
http://www.determina.com/security.research/flash/ani.swf

on this pc i have never been infected with malware.
sure ive been close but back in the day when i used IE 6 f-secure blocked all the trojans from the google search "paid music"
but ive had no alerts when ive been using the pc since i switched to firefox then later on opera.
lodore

I have never had any problems with IE7 either, I think most of the fears come from the older IE 6 vulnerabilities and so on. IE7 is fine now, and Firefox isn't the great thing it's cracked up to be either...

Simple put, Protected mode is a sandbox and sandboxed browser vs nonsanboxed is definitelly safer, but you can get a free and a real sandbox for FF as well. ;)
-{ Quote: "You can get infected while browsing with IE in whichever mode." }-
An interesting assumption, can you prove it, seriously? ;)

Hello,
Tom, you know very well what I meant.
No need to tease for the sake of teasing. You will not get infected, but someone else might.
Mrk

That is what I meant too, "someone" can get infected via Firefox as well, not you of course. I sometimes look on HT forums and there are people, who use only Firefox and they got infected. The most funny question, for me, sounds like: "How could I get infected, when I use Firefox?" Sure, there is malware, which eg download to FF' temp folder and then it will run IE to get the rest code, because it is simpler, but the point is, it is possible and it is used for sure, but in comparision to IE, it is uncomparable, that is why I recommend Firefox to my friends, because I know, that they "can not get infected" via it, like they could via IE. I just do not like the way, you said it, that is all, but we can never agree on that, you are MS-hater and I am MS-lover. No offense meant of course. ;)

Hello,
You get can infected if you use Firefox, but not THROUGH Firefox only by browsing. That's the difference. Drive-by downloads don't work in Firefox. You have to actively download and execute. That's the one huge difference.
Cheers,
Mrk

Drive-by downloads are a non-issue in IE7 also..

-{ Quote: "Drive-by downloads are a non-issue in IE7 also.." }-
If IE7 is always fully patched.

The Miami Dolphins website hack (http://www.infoworld.com/article/07/02/02/HNdolphinssiteshacked_1.html) earlier this year proved that being 2 or 3 months late with the most recent XP/IE7 updates was enough for malicious javascript to install a trojan downloader and a password stealing program, just by browsing a 'safe' website with IE7 not fully patched.

Alternative browsers have vulnerabilities, of course. But they are still targeted far less often than IE6 or even IE7.

Javascripts were, are and most likely ever will be the most dangerous thing in all browsers. Drive by downloads does not affect any browser, that I would know about, because an user would have to execute the file willingly. At first IE will ask if an user wants to run or download a file, after downloading it, it will let the user know, that it can be dangerous, then UAC will ask and then it will run. If the user will try to run the file directly, it will ask to launch a software or UAC.

-{ Quote: "If IE7 is always fully patched.

The Miami Dolphins website hack (http://www.infoworld.com/article/07/02/02/HNdolphinssiteshacked_1.html) earlier this year proved that being 2 or 3 months late with the most recent XP/IE7 updates was enough for malicious javascript to install a trojan downloader and a password stealing program, just by browsing a 'safe' website with IE7 not fully patched.

Alternative browsers have vulnerabilities, of course. But they are still targeted far less often than IE6 or even IE7." }-
Yes, you have a point, and perhaps a majority of users are not fully updated and patched at any given time.

Well there is a major difference between XP IE7 and Vista IE7 (in Protected Mode). Vista IE7 version is far more secure just because of Protected Mode.

-{ Quote: "Vista IE7 version is far more secure just because of Protected Mode" }-
and also because of the whole Vista conseption - User Account Control , Mandatory Integrity Control and User Interface Privilege Isolation

-{ Quote: "Hi all!

I'm running Vista 32 bit with KIS presently, and I've been doing some browsing of Secunia lately. It seems Firefox has a lot more open vulnerabilities than IE at the moment. On the plus side though, Firefox never has to deal with ActiveX.

I really haven't had a chance to look at Protected Mode IE. Does anyone have any experience with it, and would running IE in Protected Mode give it a security edge over Firefox?

Thanks in advance!" }- You can enable Protected Mode for Firefox with these steps:

Execute "icacls firefox.exe /setintegritylevel low" in order to change the Integrity Level for Firefox.
You also have to change this for some folders in order to make them writable for Firefox by executing

icacls foldername /setintegritylevel (oi) (ci) low

Do this for the following folders
C:\Users\Name\AppData\Local\Mozilla\Firefox
C:\Users\Name\AppData\Roaming\Mozilla\Firefox
C:\Users\Name\AppData\Local\Temp
Create a special download folder and apply step 2 for this folder.

-{ Quote: "Well there is a major difference between XP IE7 and Vista IE7 (in Protected Mode). Vista IE7 version is far more secure just because of Protected Mode." }-
Good point, hadn't even considered that....

-{ Quote: "Good point, hadn't even considered that...." }-


Not to mention the "Enable Memory Protection to Help Mitigate Online Attacks" feature in IE7 (Vista).

Just discovered that this DEP feature is not on by default so I turned it on through Advanced tab in IE7. So far things are smooth. ;D