WIRED (http://www.wired.com/news/technology/0,1282,65906,00.html?tw=newsletter_topstories_html)
-{ Quote: ""Typically the assumption has been that spyware sneaks onto computers, or users are unaware of what they have agreed to install," said Gregg Mastoras, a senior security analyst at antivirus vendor Sophos. "But some people actually do knowingly install adware because they want to use a particular application that comes bundled with it. Some just aren't particularly concerned by adware's presence on their computers." }-

Ron
they should be concerned i think.When I got my first computer I didnt even know about spyware and I got online and after awhile the computer slowed down to a crawl.I had everything from gator to fast click,(every kind of spyware I had it)then when I did find out about it,it took months to get it all cleaned up.Gator was the very worst to clean--I'll never forget the terrible time I had!I dont know much yet about computers but I learned about spyware the hard way.Never again-if i can help it will I go through it!I have learned so much here-this site was a godsend.

-{ Quote: "they should be concerned i think" }-

Rita,

I agree. :)

LOL ... Ya they don't care ... until ... they're begging someone to review their HJT Log. ;D

Something we've all seen thousands of times.

:lurking: *puppy* :lurking:

If there is spyware on your computer, you better do something about it! If you just ignore the spyware, very soon your computer will surely crash...
Spyware ain't a laughin' matter.

I was talking to a young girl (15/16yrs) today....playing her i-pod.....I think she was on song 432 of 678 (or thereabouts).........anyway I asked where she got all the songs from and she said that she gets them "illegally" from some P2P thing that she's involved with....
I said to her that "other people have access to your computer and vice/versa"......and she replied "yeah, but only certain files"...
When I questioned her about security/virus/spyware stuff.......she told me that she had "Norton and some other thing"......total!......on further questioning the 'other thing' turned out to be Spybot....
Now I have a hell of a lot more security than these two progs....and although I love music......and free music to boot!.....I would never contemplate using any P2P service where someone was u'loading from my machine!!
When I asked her if Spybot ever finds any 'stuff'.....she replied "yeah...heaps".
Now she's only a kid....but I've got lots of adult friends who are similarly lax (or ignorant) of the threats that are out there...
Since I 'gave away' IE in favour of Firefox, I have not had a single 'bug' on this computer.
A good range of security apps...safe surfing habits...and a reluctance to "click" on anything that 'flashes or blinks"...should serve to protect you to a reasonable degree....
I have quite a few "retiree" friends who are taking an interest in computers/internet.....but let's not get into that discussion!
Buck.

-{ Quote: ".......But some people actually do knowingly install adware because they want to use a particular application that comes bundled with it. Some just aren't particularly concerned by adware's presence on their computers." }-

Ronjor, It's because they are not concerned about it. Also, they not knows what exactly is 'spyware' \ 'adware' \ 'malware'. Quite surprisingly, most of surfers are not aware about these things. They are totally un-aware about these terminology. All they knows is virus... ;D They came to know about them only when their machine is out of control...:)

-{ Quote: "Since I 'gave away' IE in favour of Firefox, I have not had a single 'bug' on this computer.A good range of security apps...safe surfing habits...and a reluctance to "click" on anything that 'flashes or blinks"...should serve to protect you to a reasonable degree...." }-

Well, Bigbuck, Let me tell you one of quite intresting fact.. People presume that IE is not safe for surfing because it's more vulnerable..Quite often, one needs to install the patch for the security holes.. But they forget the facts that more then 95% people are using IE. That's about 95 percent of all Net users. Firefox's fan base adds up to 2 or 3 percent at most. It's the sole reason why IE are so vunerable...

OOps.. I guess, am little bit off from the base topic. .. ;)

-{ Quote: "Ronjor, It's because they are not concerned about it. Also, they not knows what exactly is 'spyware' \ 'adware' \ 'malware'. Quite surprisingly, most of surfers are not aware about these things. They are totally un-aware about these terminology. All they knows is virus... They came to know about them only when their machine is out of contro" }-

newkid

I think it leans towards the "it won't happen to me" syndrome.
I have a friend that got Blaster simply because they didn't use the advice that was offered. The advice was use a router, a personal firewall, an antivirus, and keep your operating system updated.

Spyware, adware, didn't become a big problem until the "money makers" decided they could make a profit off unsuspecting users.

-{ Quote: "Well, Bigbuck, Let me tell you one of quite intresting fact.. People presume that IE is not safe for surfing because it's more vulnerable..Quite often, one needs to install the patch for the security holes.. But they forget the facts that more then 95% people are using IE. That's about 95 percent of all Net users. Firefox's fan base adds up to 2 or 3 percent at most. It's the sole reason why IE are so vunerable..." }-
Wow, where do I start? That's just wrong all the way around. IE is not vulnerable just because a lot of people use it. IE is vulnerable because it is an integrated part of the Windows Operating System and there are hundreds of ways an attacker can get into your box through security loopholes that are there because of the integration with Windows. And that's just for starters.

As for 95% of the people using IE, those are old figures. Firefox is one of the most downloaded pieces of software now, and some analysts are giving IE MONTHS, not YEARS before it is on the ash heap of browser history. Firefox's "fan base" as you call it, is way more than 2 or 3 percent. It is growing DAILY. The mainstream tech press has been all over this story. Where ya been? ;)

Take care,
Gerard

---------------

-{ Quote: "Let me tell you one of quite intresting fact.. People presume that IE is not safe for surfing because it's more vulnerable..Quite often, one needs to install the patch for the security holes.. But they forget the facts that more then 95% people are using IE. That's about 95 percent of all Net users. Firefox's fan base adds up to 2 or 3 percent at most. It's the sole reason why IE are so vunerable..." }-I would side with Gerald here - Microsoft integrating IE so deeply within Windows itself means that many IE vulnerabilities become Windows system vulnerabilities too. Also this has led to IE being used for additional functions (e.g. embedded help files via the ms-its protocol) which have had their own problems. Last but not least, Microsoft's past design decisions (e.g. the lack of sandboxing or control over ActiveX applets) have resulted in IE becoming little more than an open door.

A good comparison of browser security can be gained from the Secunia (www.secunia.com) vulnerability lists - at the time of posting Internet Explorer 6 (http://secunia.com/product/11/) had 17 unpatched vulnerabilities out of a total of 70 (15% rated "Extremely Critical"). Firefox 0.x (http://secunia.com/product/3256/) had 2 unpatched vulnerabilities out of 17 with none rated as "Extremely Critical" (and the latest release Firefox 1.x (http://secunia.com/product/4227/) has no unpatched vulns with only 1 previous one, but being a new entry it seemed fairer to give the figures for 0.x). Opera 7.x (http://secunia.com/product/761/) has 1 unpatched vuln out of 30, with only 1 having been "Extremely Critical".

Getting back on-topic I had to chuckle over the complaint by one student about not being able to access the Internet because they had MarketScore installed and their college was blocking access to its website (MarketScore routes all traffic through its server for analysis of online behaviour). A more appropriate response would have been to disable that student's account (since their login password had been disclosed to a third party) and to inform every credit card company that their card numbers had been similarly disclosed.

This guy shouldn't be at a University - he should be sent back to kindergarten.

-{ Quote: "Wow, where do I start? That's just wrong all the way around. IE is not vulnerable just because a lot of people use it. IE is vulnerable because it is an integrated part of the Windows Operating System and there are hundreds of ways an attacker can get into your box through security loopholes that are there because of the integration with Windows. And that's just for starters.

As for 95% of the people using IE, those are old figures. Firefox is one of the most downloaded pieces of software now, and some analysts are giving IE MONTHS, not YEARS before it is on the ash heap of browser history. Firefox's "fan base" as you call it, is way more than 2 or 3 percent. It is growing DAILY. The mainstream tech press has been all over this story. Where ya been? ;)

Take care,
Gerard

---------------" }- And it's pretty clear why people are using FF.....apart from being a bit safer.......it's responsive and FAST.......I can actually BROWSE with it.........I just love tabbed browsing......sure you can open new windows in IE, but it's nothing to have 20-30 pages open in FF.....Try that with IE!........AND it's a 4meg d'load!
I still get to use IE at work (I've installed FF on a couple of machines!!!)....it is cumbersome and SLOW. This little black duck won't be going back to IE!........oh......maybe for a windows update or two!
Cheers,
Buck.

-{ Quote: "This little black duck won't be going back to IE!........oh......maybe for a windows update or two!" }-Critical Windows patches can be downloaded from the Microsoft Security Bulletins page (http://www.microsoft.com/technet/security/CurrentDL.aspx) without having to use Windows Update. The only thing you will be missing out on are non-critical program updates, and if you eschew Microsoft products completely (there are enough non-MS alternatives out there ;)) then this should not be an issue.

Since Windows Update does pose privacy concerns (Microsoft maintain a record of your registration codes and IP address) being able to dispense with it is a good thing in my view.

-{ Quote: "If there is spyware on your computer, you better do something about it! If you just ignore the spyware, very soon your computer will surely crash...
Spyware ain't a laughin' matter." }-

Maybe. But the kernel rootkit running on my computer is extremely stable :)

Hi there !

There is one very famous saying : " Grass is always greener on the other side of the fence".. I guess, we are leaning towards it... ;D

I MUST say you all did read my views in other way. My intentions was there to let other knows that it(IE) is using by 86.2% and since it's a big number and gives huge target space as compare to other browsers that is why it constantly comes under fire and MS is paying price of success.. ;D

Every single browser is vulnerable. No matter it's a Mozilla, Firefox, Netscape, Opera, Internet Explorer. The only thing which is missing in other browser as compare to IE is popularity. Thousands of 'smart' people are burning their nights to exploits IE features not in the case of Firefox, Mozilla and other browser.

As Mozilla and Firefox slowly gain popularity because of Internet Explorer's security flaws, I expect them to be increasingly targeted. Expect more attacks, more flaws uncovered, and hence less security...:) That is a thumb rule..

I have used Firefox and found it quite good except when I wanted to alter a file on my web site clicked view source and wasn't able to do anything, so had to keep going back to I/E so eventually got fed up with it. I have used I/E since having a computer and haven't found it getting me a virus yet, and even if it did I would know how to deal with it. I have all cookies blocked on my computer apart from session cookies and find I can view any site I want. I only allow cookies on essential programs I have to visit. I think people become paranoid about I/E. Lets face it we all wouldn't be posting here if it wasn't for Windows in the first place.

-{ Quote: "I have used Firefox and found it quite good except when I wanted to alter a file on my web site clicked view source and wasn't able to do anything, so had to keep going back to I/E so eventually got fed up with it. I have used I/E since having a computer and haven't found it getting me a virus yet, and even if it did I would know how to deal with it. I have all cookies blocked on my computer apart from session cookies and find I can view any site I want. I only allow cookies on essential programs I have to visit. I think people become paranoid about I/E. Lets face it we all wouldn't be posting here if it wasn't for Windows in the first place." }- Have you tried the IEview extension for FF?......alows you to open a link in IE from right click menu...

Thanks for the information bigbuck perhaps I will have another look at it. I did think it was quite fast. Have made a note in notepad and will try again.

-{ Quote: "Thanks for the information bigbuck perhaps I will have another look at it. I did think it was quite fast. Have made a note in notepad and will try again." }- Cheers.

-{ Quote: "

Every single browser is vulnerable. No matter it's a Mozilla, Firefox, Netscape, Opera, Internet Explorer. The only thing which is missing in other browser as compare to IE is popularity. Thousands of 'smart' people are burning their nights to exploits IE features not in the case of Firefox, Mozilla and other browser.

As Mozilla and Firefox slowly gain popularity because of Internet Explorer's security flaws, I expect them to be increasingly targeted. Expect more attacks, more flaws uncovered, and hence less security...:) That is a thumb rule.." }-
Newkid, The bolded comment above is wrong. The biggest thing missing in other browsers as compared to IE is integration with the insecure Windows operating system. Your sig line says you are a member of the "Alliance of Security Analysis Professionals." Nothing personal, newkid, but I am shocked to see someone that is a member of such a group to use a browser that security professionals practically universally agree is insecure. BTW, I tried to look up info for this group and found nothing. There's not even a website that shows required credentials for membership to said organization. Could you point me to info on what is required of an individual to belong to the "Alliance of Security Analysis Professionals"? Defense of IE, and excuses for its insecurity, by someone who cares about computer security is just incomprehensible to me. I truly don't mean to sound harsh, but, WOW!

-------

You might find a little bit about ASAP here (http://www.wilderssecurity.com/showthread.php?t=42148) at the link provided in LWM's announcement.

-{ Quote: "Every single browser is vulnerable. No matter it's a Mozilla, Firefox, Netscape, Opera, Internet Explorer. The only thing which is missing in other browser as compare to IE is popularity. Thousands of 'smart' people are burning their nights to exploits IE features not in the case of Firefox, Mozilla and other browser." }-A quick perusal of the Secunia lists linked to above for each browser should demonstrate that popularity is not the sole cause by any means. Design and coding are the key differences here. All other things being equal, the number of bugs (which can lead to vulnerabilities) will be related to a program's size. Now compare the download sizes of Internet Explorer 6 SP1 (11 to 75MB and this is just for a service pack!), Opera 7.54 (3.5MB without Java, which includes email, Usenet and IM clients) and Firefox 1.0 (4.7MB). Guess which one is likely to contain the most bugs?-{ Quote: "As Mozilla and Firefox slowly gain popularity because of Internet Explorer's security flaws, I expect them to be increasingly targeted. Expect more attacks, more flaws uncovered, and hence less security...:) That is a thumb rule.." }-Yes, they will be targetted more - but their smaller footprint means that there will be fewer bugs to exploit, their lack of Windows integration means that those found will be less critical - and, based on past issues, fixes are supplied far more quickly. And with open source software like Firefox, any programmer can proactively check for vulnerabilities and offer fixes.

Once a cracker is determined to compromise your browser, it won't matter what browser you are using. I agree that IE being tied into the OS is a big problem, but it's only one of many problems.. and everyone is going to have different ideas as to which one is the "biggest" (people are always going to have different opinions anyway.) Newkid's right, though, that if IE users comprised only 2-3% of the entire internet userbase, they probably wouldn't waste their time with it, no matter how easy it is.

One of the biggest differences that I see is the reaction time to found vulnerabilities. Like Newkid said, there will always be vulnerabilities, but how quick the developers are to respond to those can make all the difference in the world.. the Mozilla group does a good job of responding quickly.

IMO MS just needs to stop putting the kitchen sink in with everything.. let the advanced users install those components as needed. That would save everyone a lot of grief.

Gerard; lighten up, man.

-{ Quote: ""But some people actually do knowingly install adware because they want to use a particular application that comes bundled with it. Some just aren't particularly concerned by adware's presence on their computers." }-
recently i installed a very good HTML tutorial which opens up in my browser offline. at the time i installed it, i wasnt aware that over the course of the many tutorial pages at the very top of 2/3 pages there were some GIF ads. so i didnt knowingly install it with the knowledge of there being ads

this would be classed as adware, however, the ads are so unintrusive that, to me its not a problem, as he stated that he may not have been able to give his tutorial away as donation/adware if he hadnt done this to help with his bandwidth. theres also a shareware book which he made after receiving many emails for it, which i can only guess has no ads

so the majority of the pages hold no ads, plus the pages are very long, so wants you start to scholl down them the ads are no longer visable.

the tutorial has no malware, so to me the ads are similar to what you might find with Opera; and, thus i have no problem with them.

what are your thoughts on this? thanks :)

just a little firefox info

-{ Quote: "Gerard; lighten up, man." }-
Lighten up? A member of a computer "security analyst's" association posting a defense of the indefensible at a security forum and I don't have a right to state MY opinion? I take things like this seriously and you should too. It seems some of you have trouble with people who consider computer security more than a fun hobby.

-------

-{ Quote: " Your sig line says you are a member of the "Alliance of Security Analysis Professionals." Nothing personal, newkid, but I am shocked to see someone that is a member of such a group to use a browser that security professionals practically universally agree is insecure. BTW, I tried to look up info for this group and found nothing. There's not even a website that shows required credentials for membership to said organization. Could you point me to info on what is required of an individual to belong to the "Alliance of Security Analysis Professionals"? Defense of IE, and excuses for its insecurity, by someone who cares about computer security is just incomprehensible to me. I truly don't mean to sound harsh, but, WOW!
" }-

Gerald, You took me personally dude...:) Anyway, Let me ask you one thing, why Google is the juciest target for hacker ?

I guess, it's time to clear few things very straight forward... First and foremost, am not defending Internet Explorer and neither am a great fan of Bill Gates. Seconldy, I don't have any trouble with people like you.

I am very much aware about IE and its vulnerability and also know why it's so much vulnerable?

-{ Quote: "A quick perusal of the Secunia lists linked to above for each browser should demonstrate that popularity is not the sole cause by any means. Design and coding are the key differences here. All other things being equal, the number of bugs (which can lead to vulnerabilities) will be related to a program's size. Now compare the download sizes of Internet Explorer 6 SP1 (11 to 75MB and this is just for a service pack!), Opera 7.54 (3.5MB without Java, which includes email, Usenet and IM clients) and Firefox 1.0 (4.7MB). Guess which one is likely to contain the most bugs?" }-

Agreed Paranoid ! :). Popularity is neither a sole cause but it's nor a micro cause. IE is vulnerable because of so many reasons and its universal approved. But what am trying to say is one of reason of vulnerability is it's popularity. On the other hand, Paranoid, there is no economic incentive to create worms and trojans for something that's used by a small number of people.

-{ Quote: "Yes, they will be targeted more - but their smaller footprint means that there will be fewer bugs to exploit, their lack of Windows integration means that those found will be less critical - and, based on past issues, fixes are supplied far more quickly. And with open source software like Firefox, any programmer can proactively check for vulnerabilities and offer fixes." }-

It's true that Mozilla and Firefox are inherently more secure than IE fundamentally, in large part because they're more isolated from the operating system. But, it doesn't mean that they are not vulnerable. They are still vulnerable only 'intensions' required..

Being Open source and the company has been more willing than Microsoft to confront the problem head-on is helping them to gain the popularity.

-{ Quote: " Lighten up? A member of a computer "security analyst's" association posting a defense of the indefensible at a security forum and I don't have a right to state MY opinion? I take things like this seriously and you should too. It seems some of you have trouble with people who consider computer security more than a fun hobby." }-

You have full right to share your views and opinion. If you really want to know the new vulnerability of firefox / mozilla / Netscape/IE then all you need to do is just PM me time to time. I'll let you know the junks of vulnerabilities of these browsers..

-{ Quote: "Just a little firefox info.." }-

True Bigc72542.. They are targeting to capture 10% of stake in the browser indrustries by the end of April 2005.

-{ Quote: "Gerald, You took me personally dude...:) Anyway, Let me ask you one thing, why Google is the juciest target for hacker ?

I guess, it's time to clear few things very straight forward... First and foremost, am not defending Internet Explorer and neither am a great fan of Bill Gates. Seconldy, I don't have any trouble with people like you.

I am very much aware about IE and its vulnerability and also know why it's so much vulnerable?



Agreed Paranoid ! :). Popularity is neither a sole cause but it's nor a micro cause. IE is vulnerable because of so many reasons and its universal approved. But what am trying to say is one of reason of vulnerability is it's popularity. On the other hand, Paranoid, there is no economic incentive to create worms and trojans for something that's used by a small number of people.



It's true that Mozilla and Firefox are inherently more secure than IE fundamentally, in large part because they're more isolated from the operating system. But, it doesn't mean that they are not vulnerable. They are still vulnerable only 'intensions' required..

Being Open source and the company has been more willing than Microsoft to confront the problem head-on is helping them to gain the popularity.



You have full right to share your views and opinion. If you really want to know the new vulnerability of firefox / mozilla / Netscape/IE then all you need to do is just PM me time to time. I'll let you know the junks of vulnerabilities of these browsers..



True Bigc72542.. They are targeting to capture 10% of stake in the browser indrustries by the end of April 2005." }-

Hello NewKid: I was waiting for your answer about what the security association is all about. I went to their website but there is very little info on what it takes to become a member. Even though Gerald was peeved about what he thought was your pro-IE stand when he asked, I also would like to read the bylaws and see what it takes in the way of prerequisites to become a member. Could you help?

Thanks!

-{ Quote: "Hello NewKid: I was waiting for your answer about what the security association is all about. I went to their website but there is very little info on what it takes to become a member. Even though Gerald was peeved about what he thought was your pro-IE stand when he asked, I also would like to read the bylaws and see what it takes in the way of prerequisites to become a member. Could you help?

Thanks!" }-

As far as I can tell, it's nothing more than a group of helpers from certain web forums that provide support for analysis of HJT logs. The name ASAP is somewhat misleading, since it takes far more than being able to read HJT logs to be a real security professional.

If I signed up as a helper for say spywareinfo, I suppose I would be qualified to list the logo.

Some of the people who are helping in this area are pretty good, but most are just ameteurs about the level of the average member here maybe.

Another thought given that this group works mostly to help besieged IE users, perhaps they have a vested interest in discouraging people from switching since if that happened the reason for their existence would be threatened?

Nah.. Just kidding.

-{ Quote: "

It's true that Mozilla and Firefox are inherently more secure than IE fundamentally, in large part because they're more isolated from the operating system. But, it doesn't mean that they are not vulnerable.
" }-


If your argument is that no software is invulnerable, no one would argue against that. But to state as you did upfront in your inital post that the sole reason that firefox etc is more secure is because it is less used was the reason why everyone beat up on you.

I'm not even say that doesn't make a grain of truth, but your failure to mention even in passing the other advantages of firefox makes me wonder at your intention ,assuming you are not just ignorant of course.

-{ Quote: "
You have full right to share your views and opinion. If you really want to know the new vulnerability of firefox / mozilla / Netscape/IE then all you need to do is just PM me time to time. I'll let you know the junks of vulnerabilities of these browsers..
" }-

If you really know of a zero day exploit for firefox that is not known to the public you can easily cash in. Of course for every one you know, I know probably 3 for IE :)

Thank you firefoxguy. I did a little deeper research and discovered it is just as you say. It's not a true "professional" association with security training, prerequisites and credentials. It is just a group of people who analyze HJT logs and interpret them for people having problems with spyware. The name of the group is extremely misleading. It would be a little like starting a group called the "Alliance of Journalistic Analysis Professionals" and all we do is read the paper and give our opinions on its journalistic integrity, regardless of our credentials to do so. So, that explains a lot and clears that up. Thanks! :)

You can get some good security out of IE by turning off Active X in options, which tunrs it off for your system too. After turning off most java option, running spybot, a TSR virus program and a firewall, I've never been infected using IE. However, i too now use firefox, and it is more secure becsaue there is no native connection between your computer and the browser, as there is in IE. I'll never go back to IE. Firefox Rocks!


-{ Quote: "
Since I 'gave away' IE in favour of Firefox, I have not had a single 'bug' on this computer.
A good range of security apps...safe surfing habits...and a reluctance to "click" on anything that 'flashes or blinks"...should serve to protect you to a reasonable degree....
I have quite a few "retiree" friends who are taking an interest in computers/internet.....but let's not get into that discussion!
Buck." }-

-{ Quote: "You can get some good security out of IE by turning off Active X in options, which tunrs it off for your system too. After turning off most java option, running spybot, a TSR virus program and a firewall, I've never been infected using IE. However, i too now use firefox, and it is more secure becsaue there is no native connection between your computer and the browser, as there is in IE. I'll never go back to IE. Firefox Rocks!" }-
Read an interesting article in a mag on a flight yesterday.....about installing a version of firefox on your usb thumb drive! I didn't know this!
http://johnhaller.com/jh/mozilla/portable_firefox/
It runs directly from your usb drive...so you can carry it around in your pocket and use it on any machine!
-{ Quote: "there is no native connection between your computer and the browser" }- !!!