Locked down IE still not as good as Firefox?

Discussion in 'other security issues & news' started by prr, Jun 19, 2005.

Thread Status:
Not open for further replies.
  1. prr

    prr Registered Member

    Joined:
    Jun 19, 2005
    Posts:
    5
    I have been using the Mozilla suite and Firefox browsers for a good 2 years or so now, and the amount of spyware/adware on my computer has fallen drastically, to pretty much nil. I do have one question. I keep hearing on forums that if you properly lock down IE (use an AV, MS antispyware, and perhaps even Spyware Blaster), that IE will be as secure as Firefox. Is this true? Will these programs (as well as SP2) eliminate the great majority of spyware that would otehrwise come onto your computer?

    Thanks.
     
  2. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    IE can not be penetrated by any publically known vulnerability if by properly locked down one means the Internet Zone is set to High.

    Having said that....where that falls apart IMHO is in the fact that many less knowledgeable users should not have to then learn as much as one needs to learn in order to keep that setting on High. Of course....if those same users choose to remain less knowledgeable and follow advice that browser ABC is safer than IE....does that now mean they are still safe :doubt:
     
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,041
    I've been running IE on this computer for over 2 years, and I don't have IE set as tightly as some, and I have had absolutely no problems. Of course I do run a whole layered suite of security stuff.

    Pete
     
  4. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    The same here. I haven't had problems for ages...knock on wood. :rolleyes:
     
  5. prr

    prr Registered Member

    Joined:
    Jun 19, 2005
    Posts:
    5
    That's interesting. I've never run IE on High before. What would that involve--a lot of windows requesting permission to run program x ?

    As far as choosing other browsers, by your last 8 words are you doubting that these users are safer with Firefox/Opera/Netscape?
     
  6. diginsight

    diginsight Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    225
    Location:
    Netherlands
    I don't want to start yet another IE's security is worse than other browser thread.

    What's your definition of locking down? In my definition it's doesn't require third party add-ons like Spyware Blaster, IE-SPYAD, Spyware Guard, Spybot Search & Destroy etc. Following this definition you can lock down IE, but how user friendly is the result if you no longer can view content without being prompted or placing sites into trusted zones.
     
  7. prr

    prr Registered Member

    Joined:
    Jun 19, 2005
    Posts:
    5
    Using 3rd party apps is exactly what I was talking about--specifically, SPyware Blaster and MS Antispyware. I wasn't aware that doing any of this would require all those window prompts. At any rate, apart from using these programs, what would you recommend to make IE more secure against spyware, adware, and the like?
     
  8. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    you might start reading here
     
  9. Jaws

    Jaws Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    210
    Hi prr,

    While we wait for all the anti-IE crowd to post, let me say I also use IE exclusively for years and never had a problem. I guess most of the problems are the fault of activeX and Java being enabled in IE.

    There's a thread https://www.wilderssecurity.com/showthread.php?t=78734 about locking down IE.

    I agree with Peter that you need security programs too. An AV,AT, firewall and anti spy/adware are a must have regardless of your browser.

    For what its worth I use resident Nod32 and on demand Ewido, KAV web scanner, Spywareblaster, Adaware, Spybot S&D and the new version of Winpatrol which is now a real time IDS and my router.

    Just my opinions.

    Regard,

    Jaws

    Oops, guess it took me too long to type my post.
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Opera and Firefox are more secure than IE, and I probably would have switched if it wasn´t for Maxthon. Compared to this IE shell, they suck IMO. I also never had any problems with IE, no spyware or other malware, no problems at all.

    I believe that if you take certain measures, you won´t have any trouble surfing the web with IE or an IE shell. You can read my opinion about this subject, and what I´ve done to make IE safer in the following posts. ;)

    https://www.wilderssecurity.com/showpost.php?p=488811&postcount=31
    https://www.wilderssecurity.com/showpost.php?p=488814&postcount=32
     
  11. diginsight

    diginsight Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    225
    Location:
    Netherlands
    I meant that you can lock down IE without 3rd party apps and depending on how strict you lock it down, it can result in being prompted and having to place sites in you secure zone.

    Or you can be less restrictive about security settings and avoid being prompted or having to place sites in your secure zone by using 3rd party apps. This is the option you where looking for.

    I'm currently using Windows 2000 with IE6 SP1 using my own IE hardening script. This has protected me against most exploits. I'm currently working on porting my Windows 2000 Professional material to Windows XP Professional SP2.

    I can give you some ideas on how to secure IE using some script examples:

    # Internet Options: Advanced/Browsing

    # Automatically check for Internet Explorer updates = disabled
    # Enable folder view for FTP sites = disabled
    # Enable Install On Demand (Internet Explorer) = disabled
    # Enable Install On Demand (Other) = disabled
    # Enable offline items to be synchronized on a schedule = disabled
    # Reuse windows for launching shortcuts = disabled
    # Show friendly HTTP error messages = disabled
    # Use passive FTP = enabled

    # Internet Options: Advanced/Security

    # Check for server certificate revocation = enabled
    # Do not save encrypted pages to disk = enabled
    # Empty Temporary Internet Files when browser is closed = enabled
    # Profile Assistant = disabled
    # Use SSL 2.0 = disabled
    # Warn if changing between secure and not secure mode = enabled
    # Warn about invalid site certificates = enabled
    # Warn if forms submittal is being redirected = enabled

    After this you have to set the zones. I can't translate my scripts to human readable format. This will have to wait until I've finished my project.

    My bookmarks are complete mess, so I can't provide you with some additional links on how to secure IE :rolleyes:
     
  12. prr

    prr Registered Member

    Joined:
    Jun 19, 2005
    Posts:
    5
    Thanks to posters above. You have given me a wealth of links and reading. Much appreciated.
     
  13. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    If you visit the Secunia IE page, you can check the security status of IE.

    In short: there are still several (old) unpatched vulnerabilities and few of those are relatively critical.
    Most vulnerabilities are mitigated by: using XP SP2 and not allowing Active Scripting.

    So, a locked down IE on a recent XP system can be quite secure.
    But, not using XPSP2 must be considerd a hazard.

    If you lock down IE, I suspect that the functionality for Internet Zone sits will be greatly reduced, other browser offer far more comfort than IE...
     
  14. prr

    prr Registered Member

    Joined:
    Jun 19, 2005
    Posts:
    5
    At this point, I'm beginning to think that it would be less trouble for me to have my students use Firefox on thier computers, than have to figure out how to tweak IE just right, and then still clean up all the spyware that gets put on.
     
  15. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I use Firefox until it has more security holes than MSIE and then I switch back to MSIE.

    Firefox is also a very practical internet browser, much more than MSIE.
    I still use MSIE as default browser to visit safe websites, but when I surf or search on the internet I always use Firefox.

    I also have read in previous posts in this topic, how to secure MSIE.
    MS has to provide these settings as DEFAULT settings, so that typical users don't have to learn all that stuff.
    Most users don't even understand the meaning of these settings.

    No wonder that Firefox and similar browsers are so popular and its use grows every year significantly.
    Making it difficult for typical users is always a BAD policy and MS will pay for it sooner or later.

    According these statistics you can see that MS is paying already.
    http://www.w3schools.com/browsers/browsers_stats.asp
    Even when these statistics are not exactly, they show at least a trend.

    MS can learn alot from Firefox and many other softwares as well.
     
  16. busyantz

    busyantz Guest

    The people working in the MSIE department at Redmond, hand in your resignation letters to Bill G. at the building exit, thank you!
     
  17. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    The only good arguments of using Internet Explorer instead of any other browser can be:
    -> Like to living on the edge (and be unsafe)
    -> Like to support the riches person/company in the world.
    -> Like a monopoly because i can't decide what to choose
    -> it is my hobby to get the most unsafe browser in the world
    to work without getting my pc hacked/cracked or infected.
    -> i am a fan of the company, and raise the MS flag every morning
    and like to sing the companies song every day.
    -> I don't want to look at other products it is too difficult/too much work.
    -> I want to believe the opposite of what all the experts are saying.

    :D
     
  18. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    There's always the option to tweak your students, so that they only visit secure sites...
     
  19. You talk out of both sides of your mouth. One shouldn't believe the numbers, but it's ok to believe the trend.

    Mmm, maybe you should do some reading: http://news.zdnet.co.uk/0,39020330,39204643,00.htm

    Quite interesting view in this article. I don't say that we should believe it, but at least it should be a reminder that we shouldn't take any numbers for granted.

    Heck, htmlfixit.com even has IE on 45% and FF on 42% LOL

    http://www.netapplications.com/news.asp has IE on 87% and Firefox on 8%! LOL

    I own a web site with close to half a million visitors a year and unlike some others I don't see a big trend, I see IE slowly getting steady between 65-70% and Firefox around 25%. I rather believe my own numbers than those statistics of others.

    Anyway, this year MS releases IE7 and the fact that it has tabs (the reason why most A-technical people use IE) is enough reason for IE to climb up another 20%, the same 20% that Firefox needs to get back the years after, but this time with a handicap; the fact that they're not the only ones with tabs. Trust me, most people are dumb. They hear others saying that Firefox is more secure, so they switch to IE. Then one day they yell; my system is so secure, I never see cookies. You know, that's what I hate about this Firefox show; a false sense of security. Read the forums... more people complain about this. Let me make it clear to some of the people who didn't know this; a system is as secure as its user.

    Security? Pfff... I think IE7 is going to be more secure than Firefox, trust me, MS is taking security very serious lately and although it's not perfect, at least they're showing the effort. I think some of you are just anal when it comes to security. A good hacker (I didn't say TOP hacker) can break into almost every system on the planet, it's just a matter of going to these sites where the collect the vulnerabilities of each and every OS or application. It took some hackers according to PHPBB only a leak in AWstats to bring their site down for days.

    I feel sorry about those people who look at things through colored glasses :D
     
  20. Starrob

    Starrob Registered Member

    Joined:
    Apr 14, 2004
    Posts:
    493
    I don't think anyone knows whether IE 7.0 will be more secure or less secure than alternative browsers. No one will know until IE 7.0 actually comes out and gets put to the test.

    IE 7.0 maybe the very best in security or it may be filled with holes that no one in Redmond ever thought about. We won't know until it gets here. I am interested in what IE 7.0 will bring but I started to realize it must be brought into reality in order for me to make a judgement on it.


    Starrob
     
  21. Pollmaster

    Pollmaster Guest

    Maybe Bill Gates might have some ideas :-*
     
  22. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    if it has no security problems, it will take a decade before,
    the bad reputation of MS IE will change.

    But i am very curious, and like to try this new version.

    The one positive thing about MS is, that after all those years,
    they have decided to have a look at security.

    See XP SP2

    See the asimu.. eh the buying and taking over of all kind of security software companies/programs

    you see i am not all negative about M.

    ;)
     
  23. Starrob

    Starrob Registered Member

    Joined:
    Apr 14, 2004
    Posts:
    493

    Bill Gates may have ideas but like the rest of us I have severe doubts that he is 100% perfect. I always leave room for the possibility that he & the rest of the MS team might make mistakes that might only get put to test when the product is put out to market.

    There are many that believe that God has 100% predictive capabilities which may or may not be true, however, I believe the chance of a human having 100% predictive capabilities is near zero unless one thinks that they maight possibly be God. Can that be true? Your GUESS is as GOD (or is it GOOD) as mine.

    Now that being said....I am hoping MS puts out a highly secure product. I would like to be safer on the internet without thinking as much about it.



    Starrob
     
  24. Rui Titos

    Rui Titos Guest

    IE or any web browser will never be secure running on Windows.

    Unless you run... 'ten' different security apps .. you may be OK ;) .. (from "yourself")
     
  25. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Or because you use an IE shell that kicks Mozilla´s but. :D
     
Loading...
Thread Status:
Not open for further replies.