Re: Mozilla Firefox
From: Fuzzy Logic (bob_at_arc.ab.caREMOVETHIS)
Date: 12/16/04
- Next message: Robert Aldwinckle: "Re: Fixing or REPLACING I.E.6 (PLease see replies)"
- Previous message: Elowan: "Pop-up Blocker after XP SP2"
- In reply to: C. A. Upsdell: "Re: Mozilla Firefox"
- Next in thread: C. A. Upsdell: "Re: Mozilla Firefox"
- Reply: C. A. Upsdell: "Re: Mozilla Firefox"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 16 Dec 2004 11:03:27 -0800
On 16 Dec 2004, you wrote in
microsoft.public.windows.inetexplorer.ie6.browser:
> "Fuzzy Logic" <bob@arc.ab.caREMOVETHIS> wrote in message
> news:Xns95C16DC314A24bobarcabca@207.46.248.16...
>> "C. A. Upsdell" <cupsdellXXX@-@-@XXXupsdell.com> wrote in
>> news:#Gw0Obx4EHA.2964@TK2MSFTNGP15.phx.gbl:
>>
>>> "Bill Martin" <wylie@earthKILLSPAMlink.net> wrote in message
>>> news:MPG.1c2a82ae76621a85989769@msnews.microsoft.com...
>>>>> Three Firefox features you might like are: (a) a great popup
>>>>> blocker (with
>>>>> IE this is available only to those with XP SP2), (b) tabbed browsing
>>>>> (for many who use it, it is a godsend); (c) better security
>>>>> (really).
>>>>
>>>> Ok, I'll bite. Better security how? Fundamentally more secure
>>>> design somehow, or just a question of who did the better coding?
>>>
>>> From a Firefox FAQ (text in parentheses is mine):
>>>
>>> - There is no support for VBScript and ActiveX, two technologies which
>>> are the reasons for many IE security holes. (IE users may be able to
>>> disable them, but typical IE users are not techies, and just use IE as
>>> it is.)
>>
>> These same users don't know they need to get updates for Firefox when
>> vulnerabilities are found in it. XP SP2 does a much better job of
>> locking these settings down.
>
> Actually, Firefox has an automatic update built in. As for IE in XP
> SP2, yes it is more secure than IE without SP2, but don't forget all the
> customers that Microsoft abandoned.
Automatic updates may cover Firefox but what about any plugins the user
has likely installed?
As I said at the end of my post it's ultimately up to the user to properly
configure and maintain their software:
http://www.computersecurityday.org/pstr2004.htm
I don't have a car that get's oil changes by itself...ultimately the user
has to take some responsibilty.
>>> - No spyware/adware software can automatically install in Firefox just
>>> by visiting a web site. (A survey in 1Q 2004 found that, of about 1M
>>> PCs scanned, there were 300,000 incidences of "serious System Monitors
>>> and Trojans")
>>
>> If IE is properly configured this can be prevented as well. Most
>> spyware is installed by users hitting OK to some prompt they don't
>> understand or downloading some 'freeware' that comes with more than
>> than had anticipated. Firefox won't help them there.
>
> "If IE is properly configured" ... obviously a lot of people don't have
> it 'properly configured', and probably would not know how to do it. IE
> out of the box is simply too insecure.
>
> "Firefox won't help them there" ... Firefox can help them, because it
> doesn't provide the hooks that IE does.
How is Firefox going to stop a user from downloading some free screensaver
that comes with spyware?
>>> - Firefox doesn't use Microsoft's Java VM, which has a history of more
>>> flaws than other Java VMs.
>>
>> We wont mention the recent security patch for Sun Java that allowed a
>> Java application read/write access to the users machine:
>>
>> http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1
>
> One patch. (Though admittedly Sun did a very poor job of publicizing
> this, and a worse job of helping people to update.)
So the uneducated user is somehow better served by this?
>> FWIW Since XP SP1 IE uses Sun Java.
>
> It was my impression -- possibly mistaken -- that it came with no Java,
> and that customers had to find a JVM to install.
My mistake. We setup a lot of Dell boxes and Dell installs Sun's Java. IE
no longer comes with any Java.
>>> - You have complete control over cookies.
>>
>> IE has this as well. I disable all cookies except for sites that I
>> need.
>
> FF has better control.
If IE does exactly what I want I'm not sure what would be better?
>>> Techies might know enough to lock down IE: but, as pointed out above,
>>> most IE users are not techies.
>>
>> I would argue that the biggest factor in browser/computer security is
>> not the software you are running but the person at the keyboard and how
>> familiar they are with their software settings and what to do/not do
>> while online.
>
> Arguably true. But most people are incredibly unaware, so for such
> people at least a more secure browser is a plus ... if they can be
> educated as to what a browser is (many who use IE don't know!), and what
> alternatives are available.
I am aware of this as I do user support for our company as well as
computer security. We lock down IE for the user. I would argue that for
the uneducated user using Firefox is similar to the misconception that a
SUV is 'safer' in bad conditions. This results in the user assuming they
have nothing to fear and in fact it puts them in greater jeopardy as they
may do things they wouldn't normally do because it's touted as 'safer'.
I like this quote:
If you want to minimize your exposure to automated attacks, using less
popular software might be a good idea. This is true not only for the OS
but also for productivity software, browsers, and mail clients. Yet simply
switching is not an effective security solution. Only if you use the
proper security tools and remain vigilant about staying up to date and
cautious about what you do online should you start to feel some sense of
comfort.
Source: http://www.pcmag.com/article2/0,1759,1618781,00.asp
- Next message: Robert Aldwinckle: "Re: Fixing or REPLACING I.E.6 (PLease see replies)"
- Previous message: Elowan: "Pop-up Blocker after XP SP2"
- In reply to: C. A. Upsdell: "Re: Mozilla Firefox"
- Next in thread: C. A. Upsdell: "Re: Mozilla Firefox"
- Reply: C. A. Upsdell: "Re: Mozilla Firefox"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
|
