Wolven and Oithona attack the funny bone..

I intend to give IE8 a run today actually. As far as Opera, until I learned what I did, I was reluctant to use it because of the lack of Noscript and Adblock Plus. I think that's the only thing that held me back other than a few Opera 9.2 (I believe) crash issues and such. Adblock Plus, well, I DO love it, oh so much, lol. I wish there was some free way on IE to have the same ability (IS there a list pre-made that can be used?) I know Opera also has an adblock-like script that has been mentioned.

Heck, maybe I'll just give Opera AND IE8 a chance. I can't knock Firefox too much, it's been good to me and I don't see a reason YET to dump it. Though I will say, all the statements about memory issues are so true. Memory has been an issue with FF for as long as I can remember.

 

Opera also has a no script equivalent user js which works as well, Opera has never needed one as it has been the browser with least amount of holes and they are also the fastest to patch holes. Just one look at Secunia advisories will show that.

http://my.opera.com/community/forums/topic.dml?id=241208

No script for Opera.

 

There are numerous options for blocking ads in IE, but the best two I've found are Privoxy and IE7Pro (google for them). Privoxy acts as a local proxy, and hence is a powerful program that allows you to manipulate incoming/outgoing network data in a variety of interesting ways. It includes some ad-blocking filters by default, though if you need to modify the settings they're not very newbie-friendly.

IE7Pro, on the other hand, is very interesting. It integrates adblock, mouse gestures, prefetching, and a whole slew of other features into IE. Officially, it's not specifically compatible with IE8, but I've tried it for 2-3 days without noticeable ill effects.

 

I used to use IE7Pro actually, it had caused some sort of stalling issue (which now I can't remember exactly what that was), and, at least to me, it didn't seem quite as effective as AdBlock Plus. As for now, I am running both IE8 and Opera, and I have to say I am pleased. IE8 is a really nice browser. It is a slight (very slight) bit slow, but I believe that is because I am using the MVPS Host file to block ads for IE, and, having many websites in the Restricted Zone is known to slow IE8 (at least was known). So that I blame on me and not IE.

Opera on the other hand, seems like it wants to render pages before the pages even have a chance to say hello to me, lol. It's lean, and it's lightning fast. I run Avast with its web shield, so I may not even bother with the user scripts. If I run across a nasty the web shield should pick it up. As far as ads, again, the host file seems to have that covered.

 

Do you think he's wrong?

 

What makes you think that?

As I've indicated, I'm quite inclined to agree with him that Vista's inbuilt security features are indeed impressive.

 

The question was if you thought his statement about Firefox on Windows being the hardest target was wrong. That's all.

 

Apart from Linux, I would say MS has made great strides in field of security, they have to as they charge a hefty sum for their OS and security holes would do no good to their sales. Whats surprising to see is how complacent Apple has been and its not surprising to see it being caught with its pants down.

 

Could it be that Apples situation is due to arrogance on the part of Jobs and also on, what seems to me, a near obsession with Ipod and IPhone development ( I understand these are separate departments with separate of course)? For quite some time Apple has enjoyed stratospheric popularity (among professionals at least), due in part I'm sure of what Eice was saying, propaganda that the Mac was just as "bulletproof" as the actual Linux OS. I guess they were brought back to ground level.

I guess it shows that there is always safer, but never safe.

 

From what I see, all Linux OS continuously update the discovered security holes in a rapid pace, MS too has now become serious about this issue. Apple created a myth about their OS and RISC based hardware, when they switched to Intel, part of that went away but they still persisted with their OS is superior mantra which was bought by many gullible Apple owners. Also Apple has an aggressive almost mafia like attitude against security researchers who have bought out apple holes in the past threatening them with litigation if they didn't withdraw their findings. Now with the latest report out, the cat is finally out of the bag.

 

@Eice:

I don't know why you started a IE vs. Firefox comparison in this thread. But anyway, here is my answer.

 

Whether his claim was correct or otherwise, I just felt it worthwhile to take note that the underlying basis behind his claim was attributed to Vista's security, not Firefox's.

 

Not entirely, otherwise he wouldn't have ranked Firefox on Windows as a harder target than IE or the others.

 

Whether Firefox is a harder target than IE or not appears to depend on who you ask.

What we do know is that his claim was made based on Vista's security instead of Firefox's, and that he was hacking the release candidate of IE8 instead of the final version. It's tempting to resort to blind subscription of "authority" and take words out of context, but unfortunately that doesn't always result in facts.

 

Not entirely, and you know he considered Firefox a harder target than IE (on Windows 7, not Vista). Both browsers were installed in their default configurations, which means Firefox was probably not running in Protected Mode. IE certainly was.

Please stick to the issues, if you insist on attacking. Why make this personal and accuse me of all kinds of things?

Charlie Miller's and Nils opinions about browser security (at Pwn2Own) are based on actually having searched for and found bugs in the browser code. So I personally tend to give those guy's opinions a little more weight than people (myself included) who don't search for browser bugs.

And their opinions could be mistaken, but I think they were worth discussing.

 

Just a quick correction: Firefox has no Protected Mode. While it would benefit from DEP + ASLR if globally enabled, IE enjoys from some extra virtualization and integrity control features, especially when run in an admin account - which is an extra barrier to get past, even if you manage to get your exploit code up and running in the browser process space. As far as IE7/8 (with Protected Mode) and Google Chrome are concerned, a successful exploit of the browser is often limited to just that. To compromise the OS is another step.

Seeing as how almost everything discovered in the contest is being kept tightly under wraps, I guess I just like to focus on things that we do know. Before taking that one sentence at face value and turning it into a ringing endorsement of how secure Firefox is, I think it's worthwhile to inspect the "fine print", so to speak.

And of course, let's not forget that the technique used to crack non-final releases of IE had been demonstrated months ago by two other researchers. Given that, it's entirely probable that it's easier to build on someone else's work, rather than start from scratch yourself.

 

I didn't know that.

FWIW, Firefox (and other browsers) can be configured to run under Vista/Window 7's Protected Mode, hence the reference to Firefox probably not running in Protected Mode.

Is it possible to take exception with something, without continually being nasty and disagreeable?

Life's too short to drink cheap wine.

I'm through discussing this with you.

 

Well, if you would be so kind as to show us how to extend IE's Protected Mode features to other browsers, I'm sure I'll be among the first to thank you for it.

But it looks like it's certainly long enough to take cheap shots, eh?

 

Very few people have gotten onto my ignore list ... But some have.
Mrk

 

I hope that will never include yours truly here.

 

I truly doubt it ...
Mrk

 

Here is a post explaining how to enable Protected Mode for Firefox. See also here.

 

Thanks for the links.

My weekend's just over, though, so it may be a few days before I get to try them. Before I do, however, is there any way to undo these if I ever change my mind?