MYIE Browser

Discussion in 'other anti-malware software' started by ellison64, Oct 20, 2003.

Thread Status:
Not open for further replies.
  1. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    Not sure if this is the right forum to discuss this problem , but here goes anyway.Im using MYIE rather than IE because of the tabbed browsing and faster speed.Although MYIE uses the IE engine, its getting frustrating that many security programmes wont function with these "shell" browsers.For example spybots option of "browser helper to block bad downloads" in immunise section , works great with IE but if you use a shell browser like MYIE then it doesnt.Also programmes like bugnosis and many others dont function when using these shell browsers.Im not a programmer , but i always wonder how hard it actually is to get these functions to work with the common tabbed shell browsers , that use the IE engine.Many of the common shell browsers that use IEengine are better security wise than IE due to added functions and its frustrating that you have to use IE "pure" to run securtity programmes.
    Anyone have any views on this?
    tia
    ellisonwales
     
  2. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    I suppose it depends on what tools you use in conjunction with these browsers. I use Proxomitron with IE, MyIE2, Firebird, Opera, etc., to filter the web while surfing and SpywareGuard and SoywareBlaster to prevent spyware downloads. These products work regardless if one's using IE or an IE shell. (Although just browsing without ActiveX eliminates a good many potential problems/threats.)

    This doesn't answer your question but you might want to reconsider what tools you use. You mention Bugnosis and unless it's radically changed, I found it of no particular value in dealing with web bugs (or "beacons"). For example, Bugnosis misidentifies graphic spacers as web bugs and at least last I looked doesn't block web bugs. In contrast, Proxo with JD5000's configuration file combines filters and block lists to effectively deal with a goodly number of pests (tracking cookies, web bugs, scripts, ads, pop ups, etc).

    I've also seen some people use Spybot's S&D's immunize function without understanding what it does and what it targets and then claimed all sorts of things about sites that had nothing at all nefarious on them. Not really the fault of the product but the user didn't understand how the product functioned and what it was doing. I'm not sure of the value of this Spybot feature compared to other tools. But each to their own.

    Anyway, this doesn't answer your question but IMO as least for me there are better tools to use that don't result in any browser issues. But YMMV. ;)
     
  3. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    Thanks for reply.I use naviscope and outpost to block most things , but i still wish IE programmes would also work with the IE shell browsers.
    me
     
  4. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    I would highly recommend moving over from IE and related shells. But if you do use IE , proxomitron, maybe your naviscope et al is a must

    I would agree Bugnosis is pointless.
     
  5. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    Thanks for reply
    ive tried mozilla and opera and dont think they are as good or fast as IE or IE shell browsers.Many site s wont work unless you get java plugins etc which rather defeats the object of "safe" browsers anyway.IE in my opinion is safe enough if auto downloads, active x ,scripting etc is set to prompt.While there are certain security issues,i think that you have more chance of winning the lottery , than ever being exploited by one of them anyway.
    me
     
  6. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    I fully disagree. Java is a lot safer then activex, though there are risks for both of course.


    See http://www.cs.princeton.edu/sip/faq/java-vs-activex.html

    It tries to be objective, but it's clear that activex is more dangerous by large for most users. There's a reason why most of the malware use activex to install...


    "Java security relies entirely on software technology. Java accepts all downloaded programs and runs them within a security "sandbox". Think of the sandbox as a security fence that surrounds the program and keeps it away from your private data. As long as there are no holes in the fence, you are safe."

    "ActiveX security relies entirely on human judgement. ActiveX programs come with digital signatures from the author of the program and anybody else who chooses to endorse the program.ActiveX security relies on you to make correct decisions about which programs to accept. If you accept a malicious program, you are in big trouble."

    Of course there have being exploits found in Java but activex can basically do anything, no safeguards at all, except for "trust" based on the digital signing.

    Activex is more dangerous by far to the average user.


    "How can ActiveX security break down?
    The main danger in ActiveX is that you will make the wrong decision about whether to accept a program. One way this can happen is that some person you trust turns out not to deserve that trust.

    The most dangerous situation, though, is when the program is signed by someone you don't know anything about. You'd really like to see what this program does, but if you reject it you won't be able to see anything. So you rationalize: the odds that this particular program is hostile are very small, so why not go ahead and accept it? After all, you accepted three programs yesterday and nothing went wrong. It's just human nature to accept the program.

    Even if the risk of accepting one program is low, the risk adds up when you repeatedly accept programs. And when you do get the one bad program, there is no limit on how much damage it can do.

    The only way to avoid this scenario is to refuse all programs, no matter how fun or interesting they sound, except programs that come from a few people you know well. Who has the self-discipline to do that? "

    That's right, digital signed activex are useless, most people have no idea what it is, or even if they do, have no idea who to trust.

    "How can Java security break down?
    The main danger in Java comes from the complexity of the software that implements the sandbox. Common sense says that complicated technology is more likely to break down than simple technology. Java is pretty complicated, and several breakdowns have happened in the past.

    If you're the average person, you don't have the time or the desire to examine Java and look for implementation errors. So you have to hope the implementers did everything right. They're smart and experienced and motivated, but that doesn't make them infallible. "

    There is a whole lot more, pointing out that you can be hurt by a good "plugin or activex control".
     
  7. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    IE is faster to load up initally for obvious reasons ( but that's like split seconds) , but in terms of rendering speed , IE is not faster. I've done some tests, sometimes Gecko based browsers are faster ,sometimes IE.

    Want to bet?

    Anyway given that you post on a security forum, this seems to be a rather strange statement to make.
     
  8. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    Thanks for reply and info.With respect though i personally like some sites that use active x ,flash etc and have no problem at all allowing or disallowing when prompted (i agree prompt is not the default setting though).Until mozilla or opera can access and render the sites that IE can i believe they will always be second best in that respect , and unfortunatley active x is very common.As for speed i can only go by how my machine behaves.Fairly low spec 733 p3, 56 k dial up , and myie renders significantly faster thaN IE or mozilla or opera.MYIE2 i supposed to be even faster than the very early version which ive decided to use (myie beta version).Sorry if you think my statement seems rather strange for a security forum.I like to think im very security conscious,and for that reason i prompt for most things.In fact with IE at least you can say no or block everything ;then ,in certain respects doesnt it become rather like opera? only with added choice that you can say yes too.
    me
     
  9. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    Just curious, what makes you decide to trust one signature over another? What is your citeria?

    Yes it's sad, but there are 2 types of sites that can be accessed by IE alone

    1) Novices who don't know how to do html properly, they use Frontpage etc, which uses propertery IE tags instead of standard html as per W3C standards

    2) The more "advanced" websites who for some reason try to prohibit you from using any other browser then IE.

    3) Sites that use VB for scripting.




    Did a proper test? or just by feeling?

    Well clearly not security conscious enough,cos the browser is the no 1 source of vulnerability and many of the unpatched vulernabilities in the browser won't prompt you.


    But okay, clearly you are not ready to make this step yet and I won't press you.



     
  10. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    hi... thanks for reply.My criteria for allowing active x for a site is whether i wish to view something that runs active x or not.Obviously i dont run active x at warez or dubious sites. For sites like bbc .co .uk i would. I havent used any scientific equipment to test the speed of each browser but it is visually obvious that myie renders webpages seconds earlier than other browsers that ive tried on my system.Whether i am as security consious as others is debatable i suppose.Ive never had any exploit using myie with ie engine in 4 years of surfing, and am very confident that i wont in future.I only use AVG which doesnt detect all the viruses trojans that other better ones would.But then again im also quite confident that out of the 72000 plus viruses /trojan variants that the better ones detect , im highly unlikely ever to come into contact with them ..only perhaps a dozen or so viruses.In fact ive encountered 2 in 4 years..both very common ones, and both sorted by AVG.I do respect your opinion though and many friends use opera, but as you say am not ready to change to another browser until they are as fast or will render /show all sites like ie on my system.
    me
     
  11. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    No, it's clear you need to change your mindset. You say IE is faster for rendering but you havent tested it. You deny the security problems of IE. You are sure you will never get any security problems, altough no one can be sure of that.

    Someday you will be ready, just not now. That's okay.
     
  12. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    Hi jayk..
    To clarify some points i said myie (not ie) was faster than opera at rendering pages.I also dont need any scientific eqipment (other than a stopwatch) to measure the speed .It is rather obvious to me that myie renders pages seconds faster than opera can.I actually tried opera again 3 days ago to confirm it and yes myie is still much faster than opera on my system opening web pages.I obviously cant speak for other peoples systems setups etc as to which is faster.Although opera was impressive (better than last time i tried it ) it would not accept my mail programme as default (pimmy) even though it showed it as my default.I tried using Outlook express as default to and although that also showed as default only opera mail would open (when clicking the mail toolbar icon),so i wasnt to happy about that either.
    As for security i believe that if set properly and updated properly its as safe as i need it to be with out compromising my web viewing, and at least myie /ie has the ability to view sites that use active x whereas opera doesnt it.Id rather make that choice by design rather than a browser making the choice for me by not having the ability to view sites that run active x
    me
     
  13. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    Yes I agree, you prefer to have the choice to install mailware. :)
     
  14. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    Well i dont consider this site malware
    http://www.makeoversolutions.com/
    ,look for your self...ohh i forgot you cant can you :)
    me
     
  15. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    You don't consider it, but it might be.

    Oh yes, and I can see it fine. :) .
     
  16. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    Im glad you can see the site (my 7 yr old daughter loves it ).Only problem is you cant use the site .Click the " start" a few times till nothing happens.It wouldnt be so bad if opera used a pop up message box that said "this site uses active x and opera doesnt" to give the user an idea as to why the site wont work.Instead a novice might get extremly frustrated at why the site wont work,when he tries his newly installed opera.
    All joking aside i respect your view but i personally like the choice of using it or not.Maybe opera should have an active x plug in for power users?.. :p
    me
     
  17. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    Actually there was an activex plugin for Mozilla.

    http://www.iol.ie/~locka/mozilla/plugin.htm
     
Thread Status:
Not open for further replies.