Spoofing flaw resurfaces in Mozilla browsers

Reply #1 June 10, 2005 5:12 PM from WinCustomize Forums Top

Hmm, you'd think that software designers would've made browsers more secure by now. These guys (including Microsoft, I use IE) need to start testing browser security better before they release anything.

Reply #2 June 10, 2005 5:49 PM from WinCustomize Forums Top

Ummm browse security aint clear cut like that.
There will always be firefox flaws being reported. Mozilla is by far handling it the best by actively seeking the problem reporting it, and fixing it promptly. Look at how fast 1.4 came after getting their first critical flaw.
Mozilla works very closely with secunia to actively find these flaws. You have noticed how the flaw is actually reported first.....rather than in the IE world where a couple of people have to be hacked.......and then microsoft might issue some warning at the most.

People can dog open source all they want, but if there is one thing where it will reign supreme, its browsers, cause that is what people use the most, and its the hackers gateway to personal information. Having a dedicated community working at it goes much farther then having some large corporation that is worrying about their OS and lawsuits and tons of other applications.
Of course with the firefox adoption, flaws will start to appear, but as you can see with 1.04, the mozilla team is up to the task.

If microsoft disclosed all of the flaws like mozilla is doing people would be like

Reply #3 June 10, 2005 7:08 PM from WinCustomize Forums Top

Ummm browse security aint clear cut like that. There will always be firefox flaws being reported. Mozilla is by far handling it the best by actively seeking the problem reporting it, and fixing it promptly. Look at how fast 1.4 came after getting their first critical flaw. Mozilla works very closely with secunia to actively find these flaws. You have noticed how the flaw is actually reported first.....rather than in the IE world where a couple of people have to be hacked.......and then microsoft might issue some warning at the most.

Good points. I guess it ain't that simple. And Mozilla probly does do a better job at notification. But they (and M$) should do more extensive testing with how browsers handle scripts and code... but of course part of the prob is the way web design keeps changing all time, and just how many things you can actually do with code.

I'm already like with Microsoft cuz they just got too many bugs with thier OS's.

Reply #4 June 10, 2005 8:46 PM from WinCustomize Forums Top

And there are those that say Firefox is secure...

Reply #5 June 10, 2005 8:59 PM from WinCustomize Forums Top

And there are those that say Firefox is secure...

It's better than IE. For more detail, read the second comment.

Reply #6 June 10, 2005 9:38 PM from WinCustomize Forums Top

I don't think Firefox is better than IE but thats my opinion. While employing the proper virus and anti-spyware programs I've had no troubles with IE.

Reply #7 June 11, 2005 12:18 AM from WinCustomize Forums Top

While employing the proper virus and anti-spyware programs no browser will have troubles (i no that will start an argument but hey). If you want virus and hacker protection, look for other programs - not browsers for that protection. I beleive Firefox is better simply because it block popups much more effectivly, it is fully customizable and (when tweaked properly) it is much faster than IE

Reply #8 June 11, 2005 12:47 AM from WinCustomize Forums Top

Actually it has been proven that IE is faster then Firefox both from a cold start and display times. I had a test a while back that showed you that IE was faster. As far as pop-ups well my google toolbar takes care of that and I think MS included a pop-up blocker in SP2. (I don't use SP2)

I don't remember saying that a browser is good for virus and hacker protection...

Reply #9 June 11, 2005 1:45 AM from WinCustomize Forums Top

Actually it has been proven that IE is faster then Firefox both from a cold start and display times. I had a test a while back that showed you that IE was faster. As far as pop-ups well my google toolbar takes care of that and I think MS included a pop-up blocker in SP2. (I don't use SP2)

yes firefox doesnt load as fast as IE....cause its not integrated into the OS. Thats the same reason that IT professionals dubbed IE beyond repair. And with display times your just plain wrong, because you can turn on broadband optimizations which make it blaze right by IE.

and the google toolbar compares in no way to the ease of use with and functionality of firefox's built in popup blocker. And dont even mention MS pop-upblocker, that is just pathetic.

Browsers arent there for virus and hacker protection. But they are THE first line of defense and IE is like a piece of raggity cloth, while firefox is a diamond sheild. And security IS NOT one of the things that you want to bet on with IE. Browsers need to think with virus and hacker prevention in mind. And just mentioning something like ActiveX goes against that mindset.

Yeah you can stick with IE and all that. Many people do (cause they think it follows website standards more .....which is one of the biggest lies in the IT world). I dont care though Ill just enjoy my tabbed browsing, wealth of plugins, loads of themes, and rock hard security.

Im sorry if the fact that a company working very closely with mozilla to make firefox more secure found a security flaw.....which will probably fixed before its even exploited, like the .jar bug. If that discreadits the fact that firefox is secure then thats unfortunate

Reply #10 June 11, 2005 1:46 AM from WinCustomize Forums Top

perhaps it's horses for courses. ofcourse IE doesn't offer multi-tabs which would be nice. or a function that enables mouse gestures. or the ability to remove frames and annoying ads. or a scrapbook facility for saving pages without having to invest in third party software. or an online community of developers that don't wish to charge at every turn. but then that's the way open source operates, non?

Reply #11 June 11, 2005 1:51 AM from WinCustomize Forums Top

perhaps it's horses for courses. ofcourse IE doesn't offer multi-tabs which would be nice. or a function that enables mouse gestures. or the ability to remove frames and annoying ads. or a scrapbook facility for saving pages without having to invest in third party software. or an online community of developers that don't wish to charge at every turn. but then that's the way open source operates, non?

Ill tell my boss not to test the software we produce. Cause we might find bugs in and it will be less secure. Ill get a raise for sure

Reply #12 June 11, 2005 3:56 AM from WinCustomize Forums Top

Ka806 - Explain to me why I have never gotten a virus using IE (while employing a virus scanner) and why I don't get more than 10 to 15 spyware entries in ad-aware or the fact that I have never been hacked.

I'll stick to IE and will be even happier when IE7 comes out in a few months.

Reply #13 June 11, 2005 4:58 AM from WinCustomize Forums Top

Ka806 - Explain to me why I have never gotten a virus using IE (while employing a virus scanner) and why I don't get more than 10 to 15 spyware entries in ad-aware or the fact that I have never been hacked. I'll stick to IE and will be even happier when IE7 comes out in a few months

I mean to put you on ice. I never got one, one piece of ad-aware entry since i have use mozilla. Not even mentioning viruses. And I use plenty of spyware/adware checkers including adaware professional.....

And I think you grossly misunderstand the idea of security. Just because you havent gotten hacked/gotten a virus/gotten loads of spyware, that doesnt mean your safe. Chances are you probably do have a ENORMOUS amount of data mining software that is undetectable by adaware. But moving aside from that you cant just sit there and ignore things like:

http://www.nytimes.com/2004/08/12/technology/circuits/12brow.html?ex=1250049600&en=2e6b25eafd7f2db7&ei=5090&partner=rssuserland
http://www.usatoday.com/tech/news/2004-07-01-cyber-threat_x.htm
http://www.theinquirer.net/?article=16922
http://www.eweek.com/article2/0,1759,1637596,00.asp
http://slate.msn.com/id/2103152/
http://channels.lockergnome.com/news/archives/20050325_internet_explorer_unsafe_98_percent_of_the_time.phtml
http://www.dnzone.com/ShowDetail.asp?NewsId=1258
http://wired-vig.wired.com/news/infostructure/0,1377,64065,00.html

Things like IE unsafe 98% !!! of the time. The government even explicitly warns the public against it.
You can say junk like what you said. But look at where your at. Your walking blind in the middle of highway thinking your invincible because you didnt get hit. LOTS of harddrives have been reformated thanks to internet explorer

oh and if your gonna think that adaware spots everything... your really wrong. If I could Id bet 20$ I could use my linux drive to do a slocate on your nfts part and find so many discrepencies between a clean system and your system. In other words its most likely messed up. Security = prevention, not sitting there being happy that nothing happen to you, especially when things are happeing to everyone around you.

I mean fine you can stick to your IE and get things you most likely dont know about (oh and ms doesnt report their flaws!!!). But there is not one advantage I can think of. After Broadband optimizations firefox indeed displays info much faster than IE and if you even mention the startup time then the resource consumption of running multiple IE versions compared to 1 tabbed firefox version easily puts firefox ahead. I mean I dont even want to mention ActiveX

oh did I mention I have not gotten 1 piece of adware on my nfts after using firefox. And thats with doing a manual slocate check on my nfts. lol when was the last time I ran adaware. I think ill run it now cause the application gets no love

It might offend yout but this point in the game, I can honestly honestly say that If you like IE better than............u know forget firefox, to say IE is better than any gecko based brower (safari, ephiphany, mozilla) is just pure blindness and an insult to the people that developed those applications. Its just my opinion dont take it to heart. (Alot of people I know would just straight up yell at and post some 100 links as to why IE is unsafe, then hack you through ActiveX, and run some sort of hash script to show you all the "presents" IE left you =P.

But hey open source is about choice... so you can choose IE. Moderate use shouldn't put you in any real danger. Just some processes to take up a little bit of resources.


Well finally adaware is finished and still nothing . Screw that Im uninstalling it

Reply #14 June 11, 2005 5:06 AM from WinCustomize Forums Top

public class rant
{
Oh and saying this might also offend you but its just my opinion so dont take it to heart.
But I think this does in fact show the damaging effects of microsoft's monopoly in the IT industry. People dont even know what security means, and they are content with not knowing what their computer is doing.
I almost find it disgusting
}

Reply #15 June 11, 2005 5:10 AM from WinCustomize Forums Top

Oh and one more thing. I would HIGHLY HIGHLY HIGHLY HIGHLY suggest you get SP2 on your machine if its running XP.

Reply #16 June 11, 2005 7:03 AM from WinCustomize Forums Top

Uh... well, most of you guys make some good points here I think. Guess things depend on various factors. The prob is the way HTML content is generated and interpreted by browsers, and how secure a particular website is with its code. Then, just throw in the Java factor and there's even more probs. The more people that use Firefox, the more we'll see probs with vulnerabilities. But some of this security stuff is probly a little overstated by 'security' groups sometimes. I mean, they gotta make $'s too.

Oh and one more thing. I would HIGHLY HIGHLY HIGHLY HIGHLY suggest you get SP2 on your machine if its running XP.

That's a good idea cuz way too many people don't want to get SP2. It's more secure than SP1 is for sure. I got it. BUT, I have been able to get past SP2 Heap protection and bypass DEP... but with a lot more work than it would have taken to break SP1 though.

Reply #17 June 11, 2005 1:13 PM from WinCustomize Forums Top

Ka806 - I have no data miners on my system thank you. Not only do I use ad-aware but I also use MS Anti-Spyware, Spybot, Spywareblaster, Spywareguard, and sometimes Hijack this.

I've been using and fixing PC's for awhile now - years - I'm no noob.

I will not install SP2 due to the fact that SP2 has a weird affect on my system. It slows down boot time to 4 minutes. It slows down the whole system to the point that it takes 2 minutes to launch any application. I have an Nvidia Nforce chipset and I have read there is problems between SP2 and Nforce chipsets.

NO I will not install SP2 any time soon.

Long live IE.

Reply #18 June 11, 2005 1:46 PM from WinCustomize Forums Top

My browser's better than your browser, my browser's better than yours. My browser's better 'cause he eats .... er, wait a minute .. thats the dog food jingle ...

Nevermind.

Reply #19 June 11, 2005 3:39 PM from WinCustomize Forums Top

Got some news for you Vasgo, Internet Explorer can have tabs now with a toolbar from MSN. Also, you can have mouse gestures for your whole computer with a program called StrokeIt. You can have simple mouse gestures for your computer and can actually control Internet Explorer with it (although not exactly 100%). They may be third-party programs, but they still do the job.

Reply #20 June 11, 2005 4:33 PM from WinCustomize Forums Top

merci citizen rmccabe916. apparently IE 7 will also have tabs as well (albeit with a basic functionality). perhaps it is the fact that the option for such a wide variety of extensions is possible all within the one software program that is so attractive about firefox - particularly so when some of those same features are charged for elsewhere.

perhaps the real question here is not whether firefox has a security flaw or not but whether it is addressing that flaw. afterall cannot the same not be said of IE as well?:
Link

Reply #21 June 11, 2005 6:17 PM from WinCustomize Forums Top

Ka806 - I have no data miners on my system thank you. Not only do I use ad-aware but I also use MS Anti-Spyware, Spybot, Spywareblaster, Spywareguard, and sometimes Hijack this. I've been using and fixing PC's for awhile now - years - I'm no noob. I will not install SP2 due to the fact that SP2 has a weird affect on my system. It slows down boot time to 4 minutes. It slows down the whole system to the point that it takes 2 minutes to launch any application. I have an Nvidia Nforce chipset and I have read there is problems between SP2 and Nforce chipsets. NO I will not install SP2 any time soon. Long live IE.

I think you missed that point entirely. Ill tell you right now that you probably do have adware, data-miners, spyware, malware and probably other nasty things on your system. And no all those applications will not find whats on your system. If you think that is the case then your naive at best. When I say slocate... i say a straight up manual search that I do myself to find any unrecordable discrepencies between a clean system and your current system. Yes I do it straight up by hand and go through the folders. I bet you right now I would find something. You act like data miners are illegal and is done to a minimal extent by few sites, and that they cheerfully report to all of these anti-spyware applications what they upload.

I use nvidia nforce chipset myself and I use SP2 for windows and its perfectly fine. Mabey IE messed it up .Try updating your BIOS. I really dont feel like arguing over you about security issues, because I know your philosophy behind it is just wacko. You use outdated software for your OS, and yet your entirely dependent on lots of (mostly substandard) anti spyware applications. Just cause you sit there and twiddle your thumbs while programs tell you they find spyware etc. doesnt mean your secure. You might sit there and claim your no noob at fixing computers. But that just means your a noob at making sure your computer doesnt break in the first place. Your touting that you don't get more than 10 to 15 spyware in adaware. Meanwhile I have not gotten 1 in 8 months.

So you can go say Long live IE for who knows what reason. But Im done on this issue with you. It be best if you dont go popping off on how firefox is not secure. Cause you are seriously putting your foot in your mouth because you dont even know what computer security is.

Reply #22 June 11, 2005 6:22 PM from WinCustomize Forums Top

Got some news for you Vasgo, Internet Explorer can have tabs now with a toolbar from MSN. Also, you can have mouse gestures for your whole computer with a program called StrokeIt. You can have simple mouse gestures for your computer and can actually control Internet Explorer with it (although not exactly 100%). They may be third-party programs, but they still do the job.

Yeah im pretty sure that plenty of people out there have third party apps and the like. And im pretty sure IE7 will have some a minimal amount of the features firefox have (and still be called revolutionary and uber).

But security is one of the biggest reasons I switched. And as long as IE has ActiveX, im not touching it.

Reply #23 June 11, 2005 6:37 PM from WinCustomize Forums Top

Ka806 - Lovely way to spout off the mouth like that. As for a rebutal without making you look bad here goes:

I'm sure if you examined my system you would find very little or nothing at all. I don't rely on all those programs by them themselves. I search my hard drive just as you do. By the way what's so bad about those programs? Nothing. Even the hard core PC gurus here at WC use them.

I have updated my BIOS. SP2 still has problems. To my knowledge I am not using any outdated software on my system. Everything besides SP2 is up to date.

The whole reason I "popped up" about Firefox not being secure is because I'm sick of the Firefox fanboys and zealots saying how secure it is when in fact Firefox has security problems as well.

And YES I assure you I know what computer security is and how to protect myself and keep the system clean.

I guess I should remember a old saying - "Never argue with a idiot. A passing bystander might not know who the idiot is."

Reply #24 June 11, 2005 11:25 PM from WinCustomize Forums Top

I will not install SP2 due to the fact that SP2 has a weird affect on my system. It slows down boot time to 4 minutes. It slows down the whole system to the point that it takes 2 minutes to launch any application. I have an Nvidia Nforce chipset and I have read there is problems between SP2 and Nforce chipsets.

I have an Nforce chipset and SP2 and no such problems.

Reply #25 June 11, 2005 11:34 PM from WinCustomize Forums Top

The whole reason I "popped up" about Firefox not being secure is because I'm sick of the Firefox fanboys and zealots saying how secure it is when in fact Firefox has security problems as well.

Do you think its not secure? The zealous say its secure for a reason. In fact, there are many people saying its secure that are not secure. I hope you dont think that the US government are firefox zealots cause they think its more secure.I mean secunia (the company that found both of the recent security flaws) works with mozilla to find these flaws.
And you are greatly exaggerating the security problems in firefox. mozilla in conjunction with secunia have found 2 flaws in their browser, one label as critical and the other label as mildly critical. The critical one was fixed before it was even exploited and right now we are talking about the second one which will most likely be fixed before its exploited.

But to answer your questions. Yeah I used to use adaware. I really did just install the thing today. I dont do an actual manual search through the hard drive...thats way to inefficient. To do my real cleans I use linux. I mount my nfts partition and use a modified version of a program called slocate. Which tallies everything in the system. I applied it to the mounted nfts partition right after. not to go into the logistics of the code. Basically any time a new file is added it is recorded into a list. There are some other fuctions which organize where the files are but i try to limit that. Anytime a new file is added it gets checked though. I purposely keep my nfts partition small (20 gigs out of the 350 gigs i got) so any new media files goes into a seperate fat32 partition (which can be used by both linux and windows). The checks on that partition is minimal. And yeah I did do the modifications myself.

I never said that the programs are bad....Im just saying they do not detect everything...even when u use all of them. There are a lot more xxware on the internet then you think, and that these people can actually register. It isnt necessarily illegal. There are plenty data miners/spyware/adware/malware/ etc. that are not detectable by all the programs put together. The places these things hide is amazing sometime.

I personaly think its foolish to dismiss the fact that firefox prevents bad things from going on your computer. I find 10-15 critical items unnacceptable. I should be getting none.

And you are greatly exaggerating the security problems in firefox. mozilla in conjunction with secunia have found 2 flaws in their browser, one label as critical and the other label as mildly critical. The critical one was fixed before it was even exploited and right now we are talking about the second one which will most likely be fixed before its exploited.

Oh and if your bios is updated then it most likely isnt your nforce chipset. And it really shouldnt be the nforce chipset. Your windows installation/hard drive/ partition may be very unstable. If you have one partition dedicated to windows and thats it. I suggest u back up and wipe it. If that dont work, then a virus may have altered your bios so u may need to take to technician. I have an nforce 2 and it works just fine. And its nice to know windows is a little bit safer.

I guess I should remember a old saying - "Never argue with a idiot. A passing bystander might not know who the idiot is."

whatever man