what are the benefits of firefox?

Discussion in 'other security issues & news' started by jmonge, Jan 23, 2009.

Thread Status:
Not open for further replies.
  1. tlu

    tlu Guest

    Where does that article claim that?

    Yes, security flaws are possible also in Javascript - but FileSystemObject is a built-in feature of Jscript. That makes a huge difference.

    Of course it can be done by blocking everything in the Internet Zone and adding any trusted website to the Trusted Zone. But this is very circuitous and thus unusable for most IE users (and besides, it automatically allows ActiveX for all of these sites as at least the windowsupdate site has to be added to that zone, too, and this site needs ActiveX) while in Opera and Firefox (with Noscript) it's only a matter of some mouseclicks. So again, if security measures aren't user-friendly, they won't be used.

    We will say how effective and user-friendly that will be. Noscript offers anti-XSS even for whitelisted sites, and it offers protection against, e.g, clickjacking - see this site. A long way to go for IE.
     
  2. Eice

    Eice Registered Member

    Joined:
    Jan 22, 2009
    Posts:
    1,413
    You can check Firefox release dates. Firefox 3 was released 12th June, the flaw discovered 5 hours later, and the fix for it (Firefox 3.0.1) delivered on 16th July.

    Is it really useful to quibble over which feature of the browser was it that a security flaw exploited?

    JScript, Javascript, ActiveX, BHO plugins, extensions... at the end of the day, a critical remote code execution security flaw is a critical remote code execution security flaw. No more, no less.



    Isn't that exactly what NoScript does? Block all, and allow by exception?

    The thing is, I rather dislike discussions about NoScript (no offense intended). It introduces a paranoid level of security that doesn't make any difference in 98% of day-to-day usage cases, but that doesn't stop its proponents from making a big deal out of it.

    If whitelisting is what you need, most modern browsers offer it. I say most, because I'm not sure about Safari and Chrome, but IE and Opera certainly do.

    ActiveX can be set to "prompt" instead of allow. XP users won't have to visit the WU website much, if at all, since the OS can handle WU in the background without being invoked by the user. In Vista, WU is handled by a Control Panel applet - no more IE.

    True. But if Microsoft does it right, that's one less reason for users to have to look for another browser.
     
  3. demonon

    demonon Guest

    Don't look at this sentence...
     
  4. tlu

    tlu Guest

  5. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,215
    These arguments are simply pointless. Almost like political or religious ones, except more fun ... :)

    The simplest thing one can do is point the casual reader to some 7-12 malware-cleaning forums and then let them read the posts for themselves, as to how and why and when people get infected and exactly which browser they used to do that. That's all.

    Mrk
     
  6. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I'm not going to say that any argument is pointless, but it has got to be drilled into the heads of people that as far as safety goes, it's not what you use, it's what you do. This whole thing of one browser being safer than another is tired out. Browsers are only safer until enough people start using it, once that happens, the bad guys think "Hey, we got a much bigger target audience now, let's go looking for the holes in this browser"...and there are ALWAYS holes.

    The same thing goes for operating systems, if enough people start using Linux, guess what happens? They start going after it. Linux now has one big advantage, and it is NOT the signing in/out of root deal, it's that Linux software is GENERALLY downloaded through repositories. If it were not for that, Linux would not be bulletproof at all (still isn't because there is always a possibility that a repository gets hit). Mac users are already learning their lesson.

    Back on topic though, Firefox has the advantage of addons that CAN increase security, however, you can flip that right around and say that addons create a DISADVANTAGE as well, regarding security.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.