| WIKI | FAQ | Tech FAQ | |
 http://csua.com/feed/ | |
| ||||||
| 4/5 |
| 2006/2/10-13 [Computer/SW/WWW/Browsers] UID:41793 Activity:moderate |
2/10 "Spyware Barely Touches Firefox"
http://news.yahoo.com/s/cmp/20060210/tc_cmp/179102616
"Internet Explorer users can be as much as 21 times more likely to end
up with a spyware-infected PC than people who go online with Mozilla's
Firefox browser, academic researchers from Microsoft's backyard said in
a recently published paper."
\_ I hate made up statistics like "21x more likely to!!!!". There are
many reasons for this such as the generally higher clue level of
people who know enough to make an active decision to install/use an
alternative browser (or have someone smart set it up for them) which
means the machine is better maintained in general and the user is
less likely to download and run freeporn.exe from spywarez.ru. Yes,
IE is a piece of crap, but FF has it's own problems and there are
many ways for shitware to get on a box.
\_ yes, but. working in IT, I've never had a problem with spyware
on machines running firefox as the main browser. with IE
sometimes you don't have to click the misleading message to
accidentally hose your system... sometimes you just need to go
to the wrong site in your daily google searching. no matter
what problems FF has, it doesn't change the fact that IE is a
total piece of crap.
\_ Absolutely true. But as I said above, the browser isn't the
only way and clue level is just as important, if not more so.
The loud mouthed sales moron always had porn popups but the
equally clueless marketing chick didn't because she didn't
run freeporn.exe every morning. User behavior.
\_ it's the same users going to the same sites. It's just
that with FF I haven't had to spend as much time fixing
hosed computers. -pp
\_ Did you actually read the article? The study was not a survey of
infection rates from internet ussers out there who install or
don't install browsers themselves. The IE and Fx test machines
were set up by the same two professors and their two grad
students.
\_ A survey of infection rates would be more useful than 2 bored
grad students surfing the net. At least then we could pretend
it was an "all else being equal" and "we used a large enough
sample size to..." argument.
\_ They didn't surf the net themselves. They used web
crawlers to do the surfing. (So they didn't get to enjoy
the porn while doing official work.)
\_ The result is pretty clear; if you go to the same set of
randomly-selected sites with unpatched IE and unpatched
Firefox, you're much more likely to get spyware on the
IE machine. If you want to do a different study, do it.
-tom
\_ "with unpatch IE and unpatched Firefox". What a
useless study. How about a study of what happens to
unpatched Linux machines on the net? Equally useless.
\_ A lot less happens to unpatched Linux machines than
unpatched Windows machines; that's the point.
(Typically an unpatched Windows machine will be
broken into within minutes of being connected to
the net, if it's not behind a firewall. -tom
\_ And it will take about 10 minutes more for the
Linux box. There's no point. Anyone who runs
an unpatched anything will very quickly get hit
with something nasty and if by some miracle they
don't, they'll run freeporndialer.exe. It does
not matter in the least if it takes 5 minutes or
15 minutes for your box to get owned if you're
unpatched. A study that might have been useful
would have been patched boxes, but I suspect when
they tried that first, very little happened. I'm
highly suspicious of this 'study' of unpatched
boxes.
\_ All MS apologists are suspicious of studies
which show that Windows is a security risk.
Anyone who actually has to manage different
platforms already knows it. -tom
\_ Yep, when you're against the wall and have
nothing left to support your argument,
resort to personal attack and smear. Good
call.
\_ You have provided absolutely nothing to
support your argument. -tom
\_ The sky is still blue, academic
tests of unpatched boxes is still
stupid and you resort to personal
attack when cornered. I'm glad the
world remains predictable. BTW, how
does it feel to always be right? I
always wondered what it was like to
be perfect. Please tell us.
\_ sounds like you're the one
resorting to personal attack. -tom
\_ Tell us about perfection and
always being right, tom.
\_ Step back, man. AFAICT, tom
has been pretty technical and
succinct in expressing his
opinions. Perhaps you should
reread the thread again, man.
reread the thread again.
Could you elucidate to a
clueless like me what exactly
it was that was said that
that upset you so much? -mice
it was that was said which
upset you so much? -mice
was said which upset you
so much? -mice
opinions. Could you elucidate
to a clueless like me what
was said which upset you so
much? -mice |
| 4/5 |
|
| news.yahoo.com/s/cmp/20060210/tc_cmp/179102616 com Thu Feb 9, 2:15 PM ET Internet Explorer users can be as much as 21 times more likely to end up with a spyware-infected PC than people who go online with Mozilla's Firefox browser, academic researchers from Microsoft's backyard said in a recently published paper. threats, so if we used unpatched browsers then we would see more threats." Levy and Gribble, along with graduate students Alexander Moshchuk and Tanya Bragin, set up IE in two configurations -- one where it behaved as if the user had given permission for all downloads, the other as if the user refused all download permission -- to track the number of successful spyware installations. "These numbers may not sound like much," said Gribble, "but consider the number of domains on the Web." In the same kind of configurations, Firefox survived relatively unscathed. browser when it was set, like IE, to act as if the user clicked through security dialogs; no domain managed to infect the Firefox-equipped PC in a drive-by download attack. Compare those figures, and it seems that IE users who haven't patched their browser are 21 times more likely to have a spyware attack executed -- if not necessarily succeed -- against their machine. Most of the exploits that leveraged IE vulnerabilities to plant spyware were based on ActiveX and JavaScript, said Gribble. Those two technologies have taken the blame for many of IE problems. In fact, Firefox boosters often point to their browser's lack of support for ActiveX as a big reason why its security claims are legit. Levy and Gribble didn't set out to verify that, but they did note that the few successful spyware attacks on Firefox were made by Java applets; Windows XP , tightens up ActiveX controls by disabling nearly all those already installed. IE 7 then alerts the user and requires consent before it will run an in-place control. Good thing, because one of the research's most startling conclusions was the number of spyware-infected sites. One out of every 20 executable files on Web sites is spyware, and 1 in 25 domains contain at least one piece of spyware waiting for victims. "If these numbers are even close to representative for Web sites frequented by users," the paper concluded, "it is not surprising that spyware continues to be of major concern." The moral, said Levy, is: "If you browse, you're eventually going to get hit with a spyware attack." |