Browser Alternatives Are No Guarantee of Security

Discussion in 'other security issues & news' started by Trooper, Jun 15, 2005.

Thread Status:
Not open for further replies.
  1. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    Small but quick reminder article here.



    Link
     
  2. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    hmm, true but for how long...:D

    Thanx for the link.
     
  3. lynchknot

    lynchknot Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    904
    Location:
    SW WA
    I don't feel "smug" I tend to believe it's not so much the browser's fault, as it's the OS itself.
     
  4. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    Good point Lynchknot...but things could have been safer if IE wasn't that much integrated into the OS. But it's the same lol :)
     
  5. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    Good points you have both made. I often wonder why M$ integrated IE into the OS as they did. Ah well, ce la vie.

    Jag
     
  6. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    oui monsieur :) and a while back I heard somewhere that IE cannot be installed anymore together with xp...something about monopoly stuff :p

    /edit: I believe there were some accusations from other companies regarding their monopoly. just to be complete :rolleyes:
     
  7. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Simple - to remove users' choice in the matter. If people had a choice, then more would have installed Netscape (the main competitor when IE4 was launched), which in turn was making noises about being able to displace Windows itself with web-based applications.

    Another reason is that Microsoft sought to dominate the web-server market with their IIS (Internet Information Server) and made design changes to IE to make it work "better" with IIS (i.e. less well with alternatives like Apache). Such a strategy could only work with IE installed on the majority of Windows systems.

    We are now seeing a repeat of this with media players. Microsoft's own Media Player is bundled with Windows and you have no option to remove it (aside from using third party software like XPLite). This in turn gives Microsoft an edge in competing with other suppliers in offering downloadable music and video - when they launch their music store, guess what new default "favorite" link is going to be added to all subsequent updates of Media Player?

    All this fun and games is of course at the expense of a free market and consumer choice and is the only reason that that bug-ridden, rat-infested, steaming turd-pile of a browser still commands 85-90% market share despite the lack of usability updates and the flood of security problems it has caused.
     
  8. quote
    All this fun and games is of course at the expense of a free market and consumer choice and is the only reason that that bug-ridden, rat-infested, steaming turd-pile of a browser still commands 85-90% market share despite the lack of usability updates and the flood of security problems it has caused.

    he he he

    Now don't hold back now P2K....tell us how you really feel about IE
     
  9. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    That's what I ment :D ;)
     
  10. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    Thanks !! i really feel better now, i need to read this from time to time !
    so i am not alone shouting in the dessert....

    True, that is why we are still using a 16-32 bits system while other
    OS-es are 64 Bits for many years now.

    The main problem with this monopoly is that there is no competition left,
    so the average customer can't switch as easy from one OS to another
    like switching of brand of cars.

    I've been using different OS-es for more then 30 years now,
    like Sun-Os , Solaris, HP-UX, CP/M OS2 OS3 , Mapper, FreeBSD, Slackware Linux, Redhat Linux, Dos, and the diff. Windows versions,
    but it is rather frustrating how slow Windows develops in a stable system.
    This purely marketing driven company is the cause, that we are still
    working with an OS that is built on a DOS system from decades ago.

    If there was real competition, there was a 128 bit OS now.

    but there are postitive sides as well, a large group of people,
    have a new hobby , collecting Security Tools, to stop the enormous amount of holes in their OS.

    And some of them can even earn some money with this ....

    :D
     
  11. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    P2K,

    Well said my friend, I agree with your analysis. I guess I should have threw in a <sarcasm> face when I posted that! :p :D

    Cheers,

    Jag
     
  12. redford72

    redford72 Guest



    But the true question is would Firefox, Opera or Netscape (or any browser) be just as bad as IE if it was used on 85 to 90% of all computers? Most likely they would be as bad or worse than IE.

    I'm not a fan of IE and don't use it often, but I doubt IE's less popular competitors would be nearly as popular if they were used on 85 to 90% of computers. But it would be interesting to see how well they did hold up under that kind of scrutiny.
     
  13. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    "Yawn" -- I see that the usual anti-MS termites have come out of the woodwork to bash MS, as is so common in Security Forums these days; you guys are boring, same old same old .. tired bash parties. I give you my perfunctory "thumbs down" and then I'm outta here; because I know it is futile. Have fun, bash bash bash .. :D :rolleyes: :eek: :D :D
     
  14. Q Section

    Q Section Registered Member

    Joined:
    Feb 5, 2003
    Posts:
    771
    Location:
    Headquarters - London & Field Offices -Worldwide
    What if you were to use a browser that had ActiveX filtering/blocking, customised Popup blocking, BHO filtering/disabling, Floating Ad blocker, web ads blocker etc. etc? Of course the browser has many, many features, bells and whistles too. Why not consider Maxthon?
     
  15. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    No, and for the following reasons:

    No integration with Windows: Several of IE's exploits have been to do with features intended for Windows' internal use only (e.g. the ms-its:// protocol) which would never exist on stand-alone browsers. In addition, integration with Windows greatly increases the chance of an application exploit becoming a far more serious Windows system exploit.

    No ActiveX: ActiveX was a rush-job by Microsoft intended to turn out a competitor to Java and as such, was totally lacking in security mechanisms (the only option being code signing). This has resulted in ActiveX being the favoured spyware installation route.

    Smaller codebase: All other things being equal, smaller programs have fewer bugs and therefore fewer security vulnerabilities. Opera 8's installer is 3.5MB (which includes email and chat clients), Firefox's is 4.7MB. Internet Explorer has no completely separate installer, coming built-in with Windows, but IE6 Service Pack 1 has a download size anywhere from 5KB-80MB (with 12MB given as a "full" install size). You can therefore reasonably expect IE to have at least 3-4 times as many bugs as Opera or Firefox (which is open source, making their identification and fixing faster). Comparing the vulnerability lists of Internet Explorer 6.x, Firefox 1.x and Opera 7.x (Opera 8 has no current vulnerabilities listed) shows a similar pattern.

    Faster fixtimes: Having vulnerabilities fixed fast should come a close second to not having them in the first place. Here again, Firefox (open source) and Opera have fixed major problems quickly (days to a couple of weeks) while Microsoft has lagged on key issues, quoting from PCWorld:

    "eEye Digital Security criticized Microsoft for taking its time on some of the patches, with a patch for the Zip issue taking 71 days from when Microsoft was notified of the problem. A less serious privilege-escalation issue took Microsoft 408 days to patch, eEye said. Both were fixed in the August release of SP2 before being released this week as stand-alone patches."
     
  16. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Rather than "bashing the bashers", how about providing historical, empirical or architectural arguments to show that IE is superior to the other alternatives? ;)
     
  17. diginsight

    diginsight Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    225
    Location:
    Netherlands
    IMHO the 'problem' with IE and in general Windows is legacy and too many (unnecesarry) features. Trying to keep up with security while still maintaining MS-DOS and Lan Manager compatibility doesn't improve security. Why do we need shell extensions (type shell:system in IE) within a browser engine that is so tightly integrated within the OS.

    AFAIK Firefox didn't inherit this legacy and features and is Open Source. This means it could be safer than IE.
     
  18. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    IMO, the speed that they release fixes is the most important part. Every browser is going to have it's vulnerabilities that can leave your system compromised just the same (see http://secunia.com/product/4227/), Firefox is no excption.. the difference is that the Mozilla team tends to fix the problems before they're widely used. Of course if the masses switched over, they would be as bad about updating it as they are about getting Windows updates, and we'd still be in a similar spot. The malware writers would probably just have to try a little harder. With how those things have been going, though, I doubt that would really make all that much difference.

    Of course I agree that too many features in Windows doesn't help. The problem is that too many companies still use that stuff, some are still using the old AS/400s (doing work for a company that just upgraded a few months ago; the fastest computer in the place was 333mhz, but they were still even running 286's.) MS is also going to want to channel their money into other places besides just support, so they just max everything out.. I can understand the premise, I just wish they'd offer a way for advanced users / admins to turn all that crap off or remove it completely and safely (imagine that, cheap hardening tools, with easy UIs, that didn't break anything.) Then offer a home version that doesn't have all the enterprise features, just with controls removed. I don't need the ability to telnet into my box, and if I'm going to be doing that stuff at home I could live with the upgrade requirement. Standard networking restrictions, on the other hand, I wouldn't do without.
     
  19. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    Would it change anything? Even if IE is equal to the alternative browsers (I don't know or even care if it is) all the MS haters would still find a reason to bash it (while ignoring the defects of their particular favorite). People who want to bash something bad enough will always find a perfectly logical reaon (in their heads, anyway) to bash it; an alcoholic will always find a perfectly logical reason (in their head, anyway) to have their next drink.

    Acadia
     
  20. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    Firefox for instance was completely rebuilt with the Mozilla Knowledge
    there was.

    This is something that Microsoft just can't do, all that is released the last decade is built on , on what there was already,
    or taken from the Unix open source comm.

    That is why there are problems in the OS-es , Browsers etc. that
    there were since version 0.0 Beta.

    Example: In the first Outlook version, it became clear that
    hostile mail would made it possible to use the contacts to spread their viruses.
    Microsoft outlook(s) are the only mailclients that SUPPORT that.

    This was in version 0.x and now 15 or 20 years later this problem is
    not fixed yet.

    Work-around: Patches for every virus that comes out and exploits this.

    All the applications are having security problems, because Microsoft
    has no knowledge about that.

    That is the reason, why ISP's decided to use Apache instead of
    the buggy unsafe IIS.

    Microsoft is always lacked to look at security, but now it is interresting from a marketing point of view, they are going to provide
    Firewalls,AntiVirus and AntiSpyware software.

    Which they have to get from companies they assim.. eh.. take over.

    Like Giant etc. Only History proofs that after a company is taken over,
    the product is only getting worse , instead of better.

    Of course there are persons that are very happy with Microsoft,
    and the fact that they just can't buy anything else
    and pay a lot of money for licenses, because there is no competetion.

    But please work with another OS for a while, try other software as well,
    and see for your self.

    And i am curious if your still happy with an OS that needs:
    3th party :
    Anti virus
    Anti Spyware
    Anti Scripts
    Anti hijackers
    Anti Spam
    Anti Trojan
    Registry Protection
    Uninstall SOftware
    Process Guards
    Worm Guards
    Port Explorers.
    XP anti Spy sofwtare (for the OS) it self.
    etc. etc. etc.

    :D
     
  21. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Oh yeah....let's certainly not place the individual clicking the mouse or pecking on the keyboard as part of the loop :cool:
     
  22. lynchknot

    lynchknot Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    904
    Location:
    SW WA
    Ok, let's not - let's not drive around in a car with bald tires, faulty brakes, no seatbelts (windows), and no windshield (browser). If you do, Speeding (mouse clicking) is at your own risk. :eek:

    I wish there were a better race car (and specifically built to race in that environment) that includes all the tracks so I can participate in all the reindeer games. :D *puppy*

    Don't get me wrong Bubba. I like XP because of the multitude of apps/games available and besides, however limited my knowledge is, it's all I know.
     
    Last edited: Jun 16, 2005
  23. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    those are funny reindeers...hmmmm :D
     
  24. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    I have very much considered downgrading to that version....but at my age....new tricks are hard to teach :eek: :p
     
  25. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    An Old Fox can loose his hair...

    I hope you got some hair left Bubba...At your age people are bold...

    a bold man on xp machine does kinda look suspicious :D
     
Loading...
Thread Status:
Not open for further replies.