Browsers: A return to arms

C|Net News ^ | 01/01/05 | Paul Festa

[holymoly]

While IE went much of the year with a lock on better than 90 percent of the browser market

This continues to amaze me, particularly when the United States Computer Emergency Readiness Team (a partnership between the Department of Homeland Security and the public and private sectors) has advised that web surfers use a different browser.

  U.S. Government (US-CERT) warns web surfers: Stop using Microsoft Internet Explorer

U.S. Government Computer Emergency Readiness Team

Vulnerability Note VU#713878

Excerpt:

"Use a different web browser"

"There are a number of significant vulnerabilities in technologies relating to the IE domain/zone security model, local file system (Local Machine Zone) trust, the Dynamic HTML (DHTML) document object model (in particular, proprietary DHTML features), the HTML Help system, MIME type determination, the graphical user interface (GUI), and ActiveX. These technologies are implemented in operating system libraries that are used by IE and many other programs to provide web browser functionality. IE is integrated into Windows to such an extent that vulnerabilities in IE frequently provide an attacker significant access to the operating system.

It is possible to reduce exposure to these vulnerabilities by using a different web browser, especially when viewing untrusted HTML documents (e.g., web sites, HTML email messages). Such a decision may, however, reduce the functionality of sites that require IE-specific features such as proprietary DHTML, VBScript, and ActiveX. Note that using a different web browser will not remove IE from a Windows system, and other programs may invoke IE, the WebBrowser ActiveX control (WebOC), or the HTML rendering engine (MSHTML)."

Check my FR homepage for more PC security-related links, etc.

[searchandrecovery]

I like firefox. It blocks the drudge popups, and I've had few problems viewing pages since I installed it (month ago?). Good stuff - although the mail tool thing is a bit slow.

[Jotmo]

If you could tell me where to get a spell checker for FireFox (like "iespel" for IE) so I wouldn't have to use Word, I would use FireFox almost exclusively. Also, some web sights features don't work with FireFox either, and that's annoying.

Otherwise, I like FireFox, and will use it most of the time.

[Gorzaloon]

All this is true, MSIE Sux, etc, etc, but possibly it is time to stop considering script kiddies, trojan writers and proxy spammers as being "cute" and start nailing them to the wall. Is anything conceptually wrong with that, other than bribes from the Direct Marketing Association and others?

If Firefox, or any other browser, captures a large majority of the market, then it also will be a target.

I think is is more productive to attack the problem at its source. Why do we have to jump through hoops and keep changing our software or installing countermeasures all the time? It is the same thing as perpetually buying new locks for our doors because nobody goes after burglars.

[El Gran Salseron]

"Now let's see. IE is free and comes with part of the Windows package but is backed by Microsoft who has multi-millions to spend on the browser.

Firefox is free and it is their only product.

Something doesn't add up.

Something is rotten in Denmark.

[Willie Green]

word got out that AOL was preparing not only a standalone browser based on Internet Explorer but a new Firefox-based browser that can also run on IE;

Uhhhhh... can anybody explain to me why I would want "a new Firefox-based browser that can also run on IE"???

That sounds awfully redundant and inefficient to me.

[holymoly]

If Firefox, or any other browser, captures a large majority of the market, then it also will be a target.

It may be a target, but Firefox will never be as vulnerable as IE.

The info provided by US-CERT (above) lists the many IE-only faults and vulnerabilities. However, for those who think Firefox can/could become as vulnerable as IE, I suggest they read the following:

An extended explanation on why Internet Explorer is insecure

[Malsua]

Google: Firefox spellbound

Should do what you need.

[Poser]

The quick adoption of Firefox shows that Microsoft has no monopoly on any software market. Lots of people whine about Microsoft, but they are only a couple of good applications away from becoming the next Wordstar, WordPerfect, Visicalc, Supercalc, Lotus or Novell. Remember ARCnet?

The continued success of Microsoft is amazing.

Firefox is a great application. It is better than IE and is being adopted by millions because of that.

The more things change, the more they stay the same. The constants in the computer software business are that todays programs will be bypassed by better ones in a couple of years and that standardization is more important than bells and whistles.

[Quix]

EVIDENTLY part of or the main reason I have trouble with FIREFOX is

my dual CPU AMD ASUS MOTHERBOARD SYSTEM. . . . that Firefox doesn't do well with dual processors.

Any recommendations?

Is Opera really worth the money--having so little of the latter?

Anything better, free?

I've used OFF BY ONE and it's nice but limited and also seems to be a bit glitchy in some area--I forget what.

[FateAmenableToChange]

I just got two pop ups on Firefox in the last two days. One for Hollywood Video, another for a collection of smileys. And yes, my pop up blocker is turned on.

Firefox is good, but it's not perfect. It also crashes when I try to go to Yahoo Games to play Go.

[FreedomPoster]

>>but possibly it is time to stop considering script kiddies, trojan writers and proxy spammers as being "cute" and start nailing them to the wall.

Personally, I've been saying for some time, that I am for capital punishment for spammers, malware and virus writers, and others of that ilk. Those in foreign countries, we should nail with CIA wetwork.

I am not kidding.

[holymoly]

EVIDENTLY part of or the main reason I have trouble with FIREFOX is my dual CPU AMD ASUS MOTHERBOARD SYSTEM. . . . that Firefox doesn't do well with dual processors.

Any recommendations?

Sorry, no. Have you tried asking at the Mozilla Firfox Support Forum?

Is Opera really worth the money--having so little of the latter?

Only you can answer that. As you probably know, the "free" version displays an ad. You may want to give it a test spin & see for yourself.

Anything better, free?

Have you tried the "old" Mozilla browser (not Firefox)?

I've used OFF BY ONE and it's nice but limited and also seems to be a bit glitchy in some area--I forget what.

Lol. No java, ActiveX, plugins, HTML 3.2 mean it has trouble displaying some sites. However, it is safe. ;)

[tubebender]

My computer use is typical of the millions of home users. I surf a few web sites, buy on eBay and send and receive a few eMails. I rely on a guy to help me from time to time because I don't learn well at my age. I have been using Netscape 7.2 on my iMac for about 3 months and it works well for me. I use Eudora for mail and delete spam on the Cox Cable site before downloading it. Filters tend to delete some mail from eBay sellers and that's a worry to me.

By sliding my cursor off the scroll bar a pop up menu lets me hit a back or refresh button without going to the top left of the page which IE also does but Safari does not...

[primatreat]

Firefox looks like the younger brother of Safari, a native OS X program. It is even set up the same. Made by the same people. At last the PC group will have some relief from the Microsoft stuff.

[230FMJ]

I've been using Firefox for a week now, and I'm very impressed. I have yet to explore the tabs option that I read about in other FR threads.

[holymoly]

I just got two pop ups on Firefox in the last two days. One for Hollywood Video, another for a collection of smileys. And yes, my pop up blocker is turned on.

Firefox is good, but it's not perfect. It also crashes when I try to go to Yahoo Games to play Go.

No, it certainly isn't perfect. Which is why I also have a version of Opera on my system, as well as "Off By One". I use Opera for those rare sites which don't seem to work with Mozilla (I still run Mozilla, and am quite happy with it).

Still, when considering the vulnerabilities of IE, I consider Mozillas' problems to be minor in comparison.

[Fresh Wind]

Firefox is good, but it's not perfect.

I got hit with a Startpage.6.BQ trojan about a week ago. Norton ignored it, which is another reason Symantec products are permanently off my buy list.

[discostu]

It shouldn't amaze you. The computer has become an appliance, the vast majority of users are not technically savvy and don't even know where to start looking for a new browser. IE comes bundled with the OS, and if they've signed onto AOL they get another version from there (being bought by AOL was the worst thing that ever happened to Netscape). The only way I can see IE dropping below 2/3 of the market is if AOL drops it entirely, even then it will still probably have the majority of the market.

[discostu]

It's AOL, they don't have to make sense, and rarely do. Remember they spent millions on buying Netscape and have done nothing with it other than bundling their crap in with the Netscape install, and notice they still don't have a plan to use Netscape as their primary distributed browser, or even AS a browser distributed to AOL users at all.