Wolven and Oithona attack the funny bone..

http://wolvix.org/article.php?id=24

 

Good one............so as I suspected, Ubuntu is the Widnows of Linux world.

 

I don't understand why so many people, present company excluded, are against Ubuntu. It works, it's easy, it draws the crowd to the Linux world, it's doing good to all of us, so me wonders ...
Mrk

 

I know it's April Fools', but I'd just like to point out how unwise it is to underestimate Microsoft. Jokes aside, I just hope this particular distro doesn't go Mozilla's way, who's still busy crowing about their "superiority" over IE when the fact is their product has devolved into one of the most unsafe browsers today.

 

The same reason people are against MS, security holes aside and barring the stupid registry, MS works and so does Ubuntu. Its the top rated distro in distrowatch.

 

I ought to know better by now than to do this, but I just have to ask how you arrived at the conclusion Firefox is one of the most unsafe browsers.

IE: (version 7)

1. Has its claws so deep within the OS it isn't even funny.

2. Has Active X, one of the most unsafe technologies out there.

3. Has no ability whatsoever to add security functionality to it and its security settings are complicated unless a knowledgeable person is setting them or a trusted security website has been consulted (imho).

FF:

1. Is separated from the browser, so browser holes don't affect the OS and vice versa.

2. Does not support Active X.

3. Is easily configurable to provide greater security via TRUSTED extensions...yes, I know, extensions can add risk, yada yada...stick to Noscript and Adblock Plus then.

 

By the number of security vulnerabilities that have been constantly popping up. It outranks IE, Opera, and Chrome combined. You're asking the obvious.

A popular yet horribly misinformed argument. I could provide a lengthy explanation, but right now it seems hardly worth the time when all you do is throw down a cliched piece of propaganda. Suppose you provide evidence on how IE's "deep claws" are detrimental to security, and then we'll talk.

ActiveX is simply code. You might as well be saying that executable files are unsafe.

That's perhaps because it's fundamentally secure enough that it doesn't need the user to manually whitelist every piece of Javascript out there, as one of its competitors does.

 

Ha good laugh.

 

Fully agreed on that, also there are some inherent issues like slow browsing after a session of heavy browsing as well as well as high memory consumption and slow start up continue to plague Firefox.

 

Eice, the number of vulnerabilities means nothing in itself. It's like counting potatoes on a counter. What does it tell you. Nothing.
Mrk

 

It is good, it does works well....just Wolven having a dig .

LOL: by virtue of it's success in the 1% market share, has Ubuntu become a target. ??

 

On a second re-read, I find it amusing how the writer of the article tries to satire Vista's UAC, when Linux itself forces the user to sudo just about every other command. And in the very next breath the writer talks about forcing all programs to run as root.

 

You're right. I should probably rephrase it as "the quality of the code, security-wise".

 

In which case FF takes hands down... IE is a crapponics of code.
Mrk

 

Yes, because given the public-domain statistics released so far, we all know that more vulnerabilities = better quality. A fine Mozilla tradition since 2006.

 

btw have mozilla fixed the profile manager "bug"
if you use the profile manager for firefox and put it say in my documents" by mistake and then told the profile manager to delete the profile it would empty all the folders and sub folders of where the profile is installed.

i was lucky i had a backup of my data. I did it a few years ago.

the bug in bugzilla had already been first opened for around 2 years at that point. and if you try to create a new ticket it was closed right away.

 

We all know number of vulnerabilities is linearly proportional to the risk, exposure time, severity of vulnerabilities, right? Wrong.

Vulnerabilities are not linear.

Going by your logic, the least healthy person is the one who regular checks at the doctor's office and is occasionally diagnosed with small issues versus one who never goes to doctor and has who knows what illnesses ...

Anyhow, I'm tired and in no mood for these kinds of discussions. IE rules, use it, enjoy.

Mrk

 

Not sure why I bother furthering the discussion with such an attitude, but here goes:

1. How is it that IE being so hooked into the OS (which it is, there's enough proof of that that I hardly need to provide anything) is "safe?

2. Active X may be just code (and I certainly agree), but it's also one of the most abused. So, code or not, it's unsafe without restrictions.

3. At least Noscript can show you malicious scripts before you let them activate. IE shows you, um, well, nothing. I don't recall whitelisting a hell of a lot of javascript, but I guess whatever.

*sigh* I don't know, I don't claim to be a browser expert, I just read what I can and try to learn. So far everything I've learned is that IE may not be an atom bomb waiting to go off as far as security, but it's certainly not Fort Knox. Then again, what is?

 

Charlie Miller, the researcher (at Pwn2Own) who broke into a fully patched MacBook machine using a Safari code execution vulnerability:

"A day after his (Nils) perfect sweep of the breaking into fully patched default configurations of all three main Web browsers — Microsoft Internet Explorer, Mozilla Firefox and Safari for Mac OS X":

 

I don't figure it either, except maybe it's just that success is a target for certain people. I think Ubuntu is great for all the reasons you listed, and more.

 

I agree, to a certain extent. Which was why I decided to rephrase my words into "the quality of the code, security-wise". Yet given the staggering advantage Firefox has in sheer number of vulnerabilities, I think my original words are still somewhat justified.

That would be assuming IE never goes to the doctor.

True. Perhaps the example I used in my intial post was less than appropriate for this forum...

This is the second time you've mentioned something to this effect, so I feel obliged to address it. If you feel that you should know better than to do something, please don't, by all means. If you still do it anyway, then perhaps you know less than you think, or are lacking in wisdom.

Given that there's "enough proof", surely it's trivial to provide one or two pieces of evidence out of the many. Let's have something more substantial than populist propaganda to discuss.

But since you do admit that your knowledge in this area may not be complete: Windows calls upon mshtml.dll (IE's Trident rendering engine) when it needs to render parts of the OS. That's your "so hooked into the OS". A far cry from the cliche that IE has its "deep claws" over your OS kernel, isn't it? Like hacking movies, facts are often much tamer and less sensationalist than wild fiction.

No restrictions?

ActiveX is one of the most tightly controlled technology in IE today. It's segregated into multiple security zones, checked for digital signatures, and even after that you are still prompted at least twice if you want to run one (just try installing, say, the Adobe Flash plugin for IE). It's probably even more controlled than downloading and running EXE files, which are more likely to infect you than ActiveX.

IE shows you nothing for the same reason Linux doesn't need an antivirus: it's immune to a lot of the so-called bad stuff. But if you like NoScript's philosophy, you can replicate that effect quite easily using IE's security zones. I think NoScript is a poor implementation of security, if it can be called security at all, but if it appeals to you, IE happens to be able to do the same.

I'm not saying IE is Fort Knox. I'm just saying that Mozilla is so busy basking in their glory from 2006 and 2007 that they perhaps still don't understand the state of their product as it is now. A fate that I hope Wolvix won't come to.

Firefox is as insecure as ever. Vista's security features just helped compensate for it. Is it just me, or is it just ironic that a product, whose developers once promised "would never be as buggy as IE", is now dependent on Microsoft's code to shore it up?

 

1. Regarding my knowing better, lol, actually, point taken.

2. With regards to Windows using IE's rendering engine, it doesn't sound like the smartest idea in the world, but I'm not Microsoft This must be the area in which all the "IE problems are Windows problems/Windows problems are IE problems" comes into play.

3. I think restrictions was a poor word to use on my part. But if Active X is so controlled, and IE is immune to the so called bad stuff and doesn't need scripting protection, where are all the drive by downloads and malicious activity coming from that's turning IE into "swiss cheese". I've read about these "drive bys" and other things (obviously not enough), and it all seems to point to executable code (how else?).

So is IE's troubles caused by vulnerabilities that only get exploited when a user gets the temptation to "click here!", or are there real issues that allow the bad guys to "unlock the door" to your system regardless of what you do? Have all the "tests" magazine articles, media reports, and security blogs been making all these suggestions and leaving out the part where "if Joe doesn't click the banner ad, Joe doesn't get touched"?

Perhaps instead of trying to give advice to others, I should sit back down in my chair and wait for a few more lessons, because if all of the above is true, I'm truly a newbie who thought he knew more than he did.

 

IE is not unique in this regard. Konqueror, for example, is both the default browser AND file explorer on KDE-based Linux systems (yet you don't hear people cry that Konqueror has its claws deep in Linux...). Like all good myths, the story of Windows/IE integration is based partially on facts. Windows needs IE's Trident engine to render some stuff, but it's more of a relationship of Windows taking control of an IE component, than IE somehow being more capable than any other compromised program at digging into and manipulating the OS kernel.

IE problems are Windows problems? Only if you believe in propaganda. IE is perfectly capable of running with reduced privileges and isolated from the system kernel, and carry on with its business without even noticing - because it has absolutely no links whatsoever with the system kernel. In fact this is what Protected Mode in IE7/8 does. In this sense it's just about as "embedded" into Windows as Notepad is.

You're thinking about IE6, which was indeed a piece of poop. Microsoft was complacent, they wrote poor code with gaping holes, and they patched those holes slowly. Avoiding IE was VERY sound and justified advice back then, and Mozilla rode to fame on the coattails of IE's misfortune. But things in the computer world can and often change rather quickly.

 

So basically you're saying MS is still being punished for IE6, long after they finished "serving their time"? Sounds a bit like another company that's been blasted for being included in something else, but I dare not start that, lol. I guess what I take from this is:

1. IE in its current form is fine, the problem is the user.

2. Security itself is basically judged by user action, not the browser/PDF reader/Media Player/OS (in normal cases, excluding legitimately malicious or poorly written programs).

I've learned quite a bit here, I'm sure I have far to go. It's nice to take the tinfoil hat off though. I'll now approach the internet, still with caution, but a little more peace of mind.....but Sandboxie and Avast stay dangit.

 

I am a avid Opera user and have been using it since its launch, paid for every version till they went free. I have to admit that that IE initinally was pretty bad speially on dial up noisy lines. Most of my requests would time out so I stopped using IE and only used it for MS update or sites which wouldn't load with Opera. Even IE7 didn't impress me at all, however the new IE8 is quite a change, not only can I browse fast with it, it gives me far and fewer errors and has a nice feel and interface. I wouldn't be changing my Opera browser anytime soon but I would be giving IE8 a chance from now on. I seriously think MS has done some work in the right direction regarding the browser.