-{ Quote: " But viruses and worms aren't the only Internet threats. Phishing scams, spyware, and now pharming attacks are becoming more common. By now, most of us know that Microsoft Internet Explorer harbors many security vulnerabilities. So as people move away from IE (now below 90 percent usage), attackers are turning their attention to Mozilla and other Internet browsers, according to Symantec" }-
Article (http://news.zdnet.com/2100-1009_22-5628404.html?tag=zdfd.newsfeed)

Indeed, I have read several articles where vulnerabilities in Firefox are being exploited.
For IE users, a good and free anti-phising software could be the Earthlink toolbar for IE. It is free and is reasonably good for the average net user.

Is firefox 1.1 going to have better protection?

Now malicious things are targeting firefox is firefox preparing itself for the spyware hackers etc....

And the toolbars that are going to be compatible with it will it protect against spyware not only pop ups???

here's a link for Known Vulnerabilities and what's been fixed in mozilla. i had more links, but i don't know where they are now ???
http://www.mozilla.org/projects/security/known-vulnerabilities.html

EDIT this is the article i got the link from, Ron has probably posted the link somewhere already :o
http://www.pcmag.com/article2/0,1759,1775806,00.asp

Thanx Ron!!

As long as M$ doesn't do anything regarding their Active-x policy, things will not change... :'(

they are saying that firefox is not that good??

That now it wont be so secure???

Could be...But they are at least faster then Microsoft for fixing their holes :)

Well, the shape of things to come depends a lot also on the popularity of Firefox. If the popularity factor soars, several compatible privacy protection software will come in the market. Yahoo! is already working on introducing the Anti-Spy Yahoo toolbar for firefox. Now, Anti-spy is powered by CA's Pest-Patrol.

After all, a buzzing market is a must for a product to allow complementary products to crop up.
Just look at IE...a plethora of tools are available to plug in the holes left by RICH Bill's guys.

So, its essential that this beautiful piece of browser called Firefox flourishes even more. With growing popularity will come discovery of vulnerabilities and tools to plug these as well.

Abhishek

Hopefully more companies support firefox not only yahoo.

I have Microsoft antispyware, Spybot-search & destroy and adaware se.
And when i get the yahoo toolbar with antispyware protection it will be like having pestpatrol as well??

You know the free browser Avant Browser it free like mozilla can't it fuse together to make a better product????

-{ Quote: "You know the free browser Avant Browser it free like mozilla can't it fuse together to make a better product?" }-

I think Bill Gates said that once when he thought about how Windows should be ;D purchasing everything and everyone...and imho I think they will have or all ready had contact with Firefox for whatever reason ;)

I think it's the nature of the beast if I may say this?

Inf.

Avant uses the rendering engine of IE. Firefox is based on the Gecko engine.

If you want a browser that is a marriage of Firefox and IE, then you can check out the Netscape 8 (Beta). It is a healthy mixture of both these browsers and provides a good secure browsing environment alongwith maximum compatibility with different websites. You can actually CHOOSE which engine you prefer to view A particular webpage in realtime. I have tested it and its stable.

If you try it, do let me know how it worked for you.

Take Care
Abhishek

wats the advantage of firefox and wats the advantage of netscape 8???

You want a mixture of Avant and Firefox. Since Avant is based on IE technology, a mixture of IE and Firefox will do good.
The main advantage of firefox is that it doesnt allow Active-X controls which install spyware on your PC. It can also be customized as per your prefernces with various free extensions. On the whole, its much more secure than IE as of now. But, the only problem is that some websites are not compatible with Firefox, so you have to use IE.

So why not use a product that has both the engines and you can choose which engine you want for a particular website.

Hope you found this useful.

Abhishek

yep thnx alot

but i hope firefox improves with its protection and stability.

hopefully it stays ahead of threats.(firefox)

-{ Quote: "
So why not use a product that has both the engines and you can choose which engine you want for a particular website.


Abhishek" }-

I think you meant to mention this. But to clarify this is Netscape 8.

As for all the nay saying about firefox, let me be frank, this is not the first article to came out talking about how firefox will be exploited, how there will be spyware for firefox etc etc.

Are there exploits listed in Secunia? Sure. But are they serious? When was the last time you heard a firefox user getting hit, and I mean not that he tried on purpose (eg most of those idiots who wanted to see Java in action "bypass" firefox and so clicked Yes for fun ).

Remember even if exploits do exist for firefox, Opera, etc, does that mean you will run back to IE like a scared rabbit? Of course not, nothing is perfect, but some browsers will still be more secure than others.

To lose sight of that, merely because there is some minor exploit that requires user intereaction is to fall into the trap of those spreading FUD.

Personally, I use the PrefBar extension and that works for both mozilla and firefox, it can be found at http://prefbar.mozdev.org/

You can have tick boxes visible in your browser that allows you to easily turn off javascript, java, images, flash, popups, animation and warn about all cookies (and optionally just allow them as session cookies so that the site still works...)

Its a very good idea to leave most functionality off until you need it... and this makes it easy to do so

Hi,

*The Ronjor's link is interesting, especially because web applications attacks will be more frequent for home users.
And browsers can be infection vectors of many threats:

http://www.securityfocus.com/columnists/306

*Here some tools available against phishing and idn/url spoofing:

-Phishguard: http://www.phishguard.com/

-spoofstick: http://www.corestreet.com/spoofstick

-Spoofguard; http://crypto.stanford.edu/SpoofGuard/

-Spoofchecker: http://www.jroller.com/page/hatano/20050209

*Against phishing for instance, Microsoft will try to prevent the problem by using authentication solutions: http://www.compliancepipeline.com/159900427

Even if Bruce Schneier thinks it could not be a panacea:
http://www.schneier.com/blog/archives/2005/03/the_failure_of.html

*About the IDN vulnerability, the new versions of Mozilla and Firefox (1.0.1) are not totally convincing for many people:
http://www.jroller.com/page/hatano/20050228

Anyone can test his browser on the next link.
If Spoofstick is installed, there will be an alert by clicking on the fake sites:
"Warning:Homograph detected": http://www.retrosynth.com/misc/phishing.html

A recent vulnerability has been found for firefox:
http://www.securitytrap.org/mail/full-disclosure/2005/Mar/0371.html

In all case, the best prevention is the Prudence.

Regards