Posted on 04/30/2005 6:48:42 AM PDT by r5boston
Every thread about Firefox has a a bunch of folks chime in to claim that because Firefox is gaining in popularity, that it will start to claim its share of viruses, worms, spyware and malware.
The problem is, we're just not seeing it happen yet, nor do I think it is likely to at least anywhere near close to the level that it does today with IE. While Forefox, like any complex program, is not perfect, it just doesn't have the same level of OS integration as IE does, which is the vector normally taken by malware because it makes the job of malware writers so much easier than it would otherwise be. So, while Firefox is not perfect, and will never be, especially since so much active development is occuring on it, it will most likely continue to be safer than IE for the forseeable future even though IE is, for the most part, in maintennance mode and has been for years.
Having smaller market share does not protect one from being attacked. That's just a FUD point that is bandied about because it sounds reasonable. I ask you to consider the following as a lesson in how even small targets are easy to hit in today's internet era.
Softwarecreator, you often ask if those of us cheering Firefox on have an economic basis in our hopes. I'd imagine that for the most part, in the most commonly accepted meaning of the term, that would not be true. However, we do have a direct interest in seeing the number of rogue spam bots and zombies being reduced. I have to filter out all the attacks on my webservers by zombies looking for machines to compromise when I run my traffic analysis. There are hundreds of thousands, if not millions of these zombies out there, and they do affect the bandwidth available for legitimate use of the internet. This is the primary basis for my desire that Microsoft and their customers get their acts together.
The following is a post I put together to illustrate that obscurity doesn't help you if someone wants to make you a target:
Oh, I don't know. Perhaps as someone else already said on this thread, it might be done for the bragging rights of having created the first successful virus/worm to attack Macs.
I've seen this charge that the small market share that Mac and Linux have is what keeps them safe. It is repeated often enough and seems reasonable enough until you actually look at the history of some other worms/viruses.
Consider: the spread of the Witty Worm.
Quoth the poster:
Witty infected only about a tenth as many hosts than the next smallest widespread Internet worm. Where SQL Slammer infected between 75,000 and 100,000 computers, the vulnerable population of the Witty worm was only about 12,000 computers. Although researchers have long predicted that a fast-probing worm could infect a small population very quickly, Witty is the first worm to demonstrate this capability. While Witty took 30 minutes longer than SQL Slammer to infect its vulnerable population, both worms spread far faster than human intervention could stop them. In the past, users of software that is not ubiquitously deployed have considered themselves relatively safe from most network-based pathogens. Witty demonstrates that a remotely accessible bug in any minimally popular piece of software can be successfully exploited by an automated attack.
I suspect there are more than 12,000 Linux and/or Mac hosts out there on the internet.
Also, consider that the folks who were hit with this were also among the more security-concious users:
The vulnerable host population pool for the Witty worm was quite different from that of previous virulent worms. Previous worms have lagged several weeks behind publication of details about the remote-exploit bug, and large portions of the victim populations appeared to not know what software was running on their machines, let alone take steps to make sure that software was up to date with security patches. In contrast, the Witty worm infected a population of hosts that were proactive about security -- they were running firewall software. The Witty worm also started to spread the day after information about the exploit and the software upgrades to fix the bug were available.
Show me a successful worm/virus against Macs and I'll listen. Until then, your talking point is FUD.
I am running a p3 733mhz with 512mb ram with win xp pro sp2 and no problems at all, matter of fact I cant remember the last time my computer crashed or a program froze and I let it run constantly with all kinds of processor chomping apps.
Here is a story about the architecture's part in these exploits between wintel and Mac/*NIX. http://www.cio-today.com/story.xhtml?story_title=Apple_Mythology_and_Desktop_Security&story_id=33272
No, it also helps that the people creating the virus are doing it because they hate MS and specifically target them because they have an agenda ... to prove how bad the product is and how superior their OS of choice is.
I've seen several times where they arrest the perpetrator and they say they did it specifically to point out the flaw. Kind of like shooting someone to prove they bleed.
I know of one person, a Linux devotee, who claims he spends a lot of time purposely attacking MS systems because people stupid enough to use MS deserve it.
Do you view a lot of PDF files? The only times I've run into problems with Firefox has been with opening large PDF files. I haven't seen the problem since downloading the latest version.
The reasons Microsoft products are attacked so frequently is multi-faceted. First, and formost IMO, is that most windows boxes are the low-hanging fruit of the internet. The tight integration between the browser, ActiveX, and the operating system combined with defects in all three components are the enablers that allow the boxes to be 'owned' so easily.
Second, and this ranks pretty high up there as well, is that the vast majority of windows users are completely computer illiterate. For many of these users, if a file they created doesn't exist on their 'desktop' or in the 'my documents' directory, the file is lost to the user for all practical purposes because they have no idea how to find a file that might have been misfiled for some reason. I see this all the time, and it's extremely frustrating to me, as a long-time nerd. People generally have no desire to learn anything about directory structures and methods of how to organize their data even though it would make their life much easier in the long run with just a little bit of initial effort on their part. I imagine that serious automobile mechanics feel the same thing about most car owners for similar reasons.
Third, the security model under Windows is, for the most part almost non-existant. The vast majority of users out there login as an administrative user because they don't know any better, and because of the extremely poor design decisions the writers of some software have made that require it.
On a side note, I had a disussion with a fellow I work with the other day that touched on exactly this issue. Something that came to mind was the warning you see if you are using Linux and run a program called "xcdroast", which is for writing CDs/DVDs. If you start the program while running as the 'root' user, it presents you with an annoying initial dialog box (that can't be disabled), telling you how incredibly stupid (they actually use the word) it is to run the program as root. They give you the option to continue as root but recommend most strongly against it. Our discussion expanded from that, as I'd like to see Linux window managers say exactly the same thing if you login as root, or execute any program as root, so as to remind the user that usernames exist for a reason. From what I understand, the folks at Apple take that approach a bit further in that there are separate "root" and "administrator" users under OSX that are used to install software. It's a good solution IMO and mitigates greatly the damage that a computer illiterate user can do.
Personally, I'd like to tar and feather the folks who create malicious code, but in today's society, that's not likely to be accepted by most. However, it is the software vendor's responsibility to make sure that stupid and avoidable defects (i.e., buffer overflows), don't exist in their software, so there is a fair amount of responsibility on the vendors. I think Microsoft gets much more of a free pass on such things than they deserve.
Cute....LOL!
I don't have that problem....I have others though!
Sounds like a problem with XP!!!
To tell the truth, when I first saw your posts on the tech threads I thought you were an obvious astroturfer, but have seen you elsewhere as well, and you're willing to see things from other points of view, so I try to respond as well as I can. If you do get caught in any of my flamethrower salvos, don't take it personal. Call me on bull**** when you see it, as I'm guilty as guilty of throwing that out as the next guy. I sure as heck don't take things said in cyberspace personally, or I would have abandoned the internet a decade ago. We have a lot to learn, from both people we agree and disagree with.
Thanks. I think anyone who sees only their point and refuses to acknowledge another's is foolish. I'm not an expert on anything and know it ... you can only learn by listening.
Come to the Dark Side...... We have cookies!
No matter how many times I see your tag line, over the last few months or so, it still cracks me up.
Anyway...it still is 1000 times better than my IE experiences.
Yeah, looks like some advertisers have found a way around F-Fox's pop-up blockers.
That's the thing about technology .. you put up a security wall and they find a way around it.
It's my oldest daughter's creation. I liked it so much it's been my tagline for a while now.
I never have to reboot any of my machines unless a critical patch really insists - I leave them running 24 hours a day. I really have tried to give FF a chance but it grinds my machine to a halt until I kill it off. Thunderbird is just too annoying to use.
I've been running IE and Outlook for years and I've never had a virus or spyware infection.
Nice try - running 2003 to 2005 just the last 6 months, FF is running about even and will fare worse as the year goes on. 50 million downloads means that FF is now worth the time of those who write malware.
You would think FF was defect free the way it is being trumpeted.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.