Re: Mozilla Firefox

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Fuzzy Logic (bob_at_arc.ab.caREMOVETHIS)
Date: 12/16/04 

Date: Thu, 16 Dec 2004 14:24:00 -0800

"BC" <bconneely@yahoo.com> wrote in news:1103233470.489013.127500
@c13g2000cwb.googlegroups.com:

> Bill Martin wrote:
>> > Three Firefox features you might like are: (a) a great popup
> blocker (with
>> > IE this is available only to those with XP SP2), (b) tabbed
> browsing (for
>> > many who use it, it is a godsend); (c) better security (really).
>>
>> Ok, I'll bite. Better security how? Fundamentally more secure
> design
>> somehow, or just a question of who did the better coding?
>>
>
> Both. IE and its ActiveX controls have been nothing
> but bad news for security since its introduction way
> back when:
> http://www.halcyon.com/mclain/ActiveX/Exploder/FAQ.htm
>
> All these years and patches/updates since and IE is
> even more insecure than ever since the virus writers
> have been doing much better at improving their wares
> than Microsoft. There is NO way to truly secure IE
> without disabling a lot of its so-called features that
> Microsoft disengenuously convinced a lot of naive
> companies into requiring it for web access to their
> services.

Many of the questionable features are disabled in XP SP2. There is nothing
to stop a user from disabling features that they don't want or need.

> As far as coding goes, look at the size difference
> between a full download of IE6 and Mozilla Firefox:
> Approx 76.8 Mb versus 4.7 (or about 5.4 Mb if you
> include Flashplayer, or about 11.2 Mb if you also
> include Thunderbird.) And this for a product that
> hasn't been fundamentally improved since the original
> NSCA Mosaic and Netscape browsers:
> http://www.greytower.net/help/browsers.html

A full download of IE contains Outlook Express, Windows Media Player,
Shockwave and assorted other components.

> If Microsoft was truly committed to improving security,
> it would have at the very least phased out ActiveX
> years ago.
>
> I hope you find this food for thought and whatever.

Turn off ActiveX. It's not that hard. Even better configure it to only run
on trusted sites.

Here are Microsoft's recommendations:

http://www.microsoft.com/security/incident/settings.mspx

Relevant Pages

  • Re: Mac OS X hacked under 30 minutes
    ... It has to take action to expose him or herself to eventual security holes ... You're clearly playing with words to make "features you're supposed to have" ... you are disabling Windows features you are supposed to have. ...
    (comp.sys.mac.advocacy)
  • Re: Lisp and low-level operating system development
    ... > by /writing secure software/. ... If you start putting in VM features to ... There are more categories of security than ... the most common class of security exploit would be much less common. ...
    (comp.lang.lisp)
  • Re: Secure OS Thoughts
    ... I agree that a secure system would have to be built from the ... and so would not have all the fancy features users demand ... > fatal blow if it were forced to embed genuine security, ...
    (sci.crypt)
  • Re: Latest win 2k patch can lock systems
    ... >> Companies don't consider security first, ... >> Cost, features and ease of use usually come first, as perhaps they ... >> won't be able to make other operating systems secure either. ... > In this day and age featuritis needs to take a back seat to security. ...
    (microsoft.public.security)
  • Re: Mac OS X hacked under 30 minutes
    ... Security by not turning on features of the system is not security. ... I.e. Windows advocates knows windows won't get secure even if you turn ...
    (comp.sys.mac.advocacy)