Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Firefox passes 50 million download mark
CNet News ^ | 04/29/2005 | John Borland

Posted on 04/30/2005 6:48:42 AM PDT by r5boston

click here to read article


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-80 ... 101-107 next last
To: evad; UseYourHead; softwarecreator; SengirV
All,

Every thread about Firefox has a a bunch of folks chime in to claim that because Firefox is gaining in popularity, that it will start to claim its share of viruses, worms, spyware and malware.

The problem is, we're just not seeing it happen yet, nor do I think it is likely to at least anywhere near close to the level that it does today with IE. While Forefox, like any complex program, is not perfect, it just doesn't have the same level of OS integration as IE does, which is the vector normally taken by malware because it makes the job of malware writers so much easier than it would otherwise be. So, while Firefox is not perfect, and will never be, especially since so much active development is occuring on it, it will most likely continue to be safer than IE for the forseeable future even though IE is, for the most part, in maintennance mode and has been for years.

Having smaller market share does not protect one from being attacked. That's just a FUD point that is bandied about because it sounds reasonable. I ask you to consider the following as a lesson in how even small targets are easy to hit in today's internet era.

Softwarecreator, you often ask if those of us cheering Firefox on have an economic basis in our hopes. I'd imagine that for the most part, in the most commonly accepted meaning of the term, that would not be true. However, we do have a direct interest in seeing the number of rogue spam bots and zombies being reduced. I have to filter out all the attacks on my webservers by zombies looking for machines to compromise when I run my traffic analysis. There are hundreds of thousands, if not millions of these zombies out there, and they do affect the bandwidth available for legitimate use of the internet. This is the primary basis for my desire that Microsoft and their customers get their acts together.

The following is a post I put together to illustrate that obscurity doesn't help you if someone wants to make you a target:


Why bother writing a virus for 3% of the US computer market?

Oh, I don't know. Perhaps as someone else already said on this thread, it might be done for the bragging rights of having created the first successful virus/worm to attack Macs.

I've seen this charge that the small market share that Mac and Linux have is what keeps them safe. It is repeated often enough and seems reasonable enough until you actually look at the history of some other worms/viruses.

Consider: the spread of the Witty Worm.

Quoth the poster:

Witty infected only about a tenth as many hosts than the next smallest widespread Internet worm. Where SQL Slammer infected between 75,000 and 100,000 computers, the vulnerable population of the Witty worm was only about 12,000 computers. Although researchers have long predicted that a fast-probing worm could infect a small population very quickly, Witty is the first worm to demonstrate this capability. While Witty took 30 minutes longer than SQL Slammer to infect its vulnerable population, both worms spread far faster than human intervention could stop them. In the past, users of software that is not ubiquitously deployed have considered themselves relatively safe from most network-based pathogens. Witty demonstrates that a remotely accessible bug in any minimally popular piece of software can be successfully exploited by an automated attack.

I suspect there are more than 12,000 Linux and/or Mac hosts out there on the internet.

Also, consider that the folks who were hit with this were also among the more security-concious users:

The vulnerable host population pool for the Witty worm was quite different from that of previous virulent worms. Previous worms have lagged several weeks behind publication of details about the remote-exploit bug, and large portions of the victim populations appeared to not know what software was running on their machines, let alone take steps to make sure that software was up to date with security patches. In contrast, the Witty worm infected a population of hosts that were proactive about security -- they were running firewall software. The Witty worm also started to spread the day after information about the exploit and the software upgrades to fix the bug were available.

Show me a successful worm/virus against Macs and I'll listen. Until then, your talking point is FUD.

35 posted on 04/08/2005 10:35:22 PM CDT by zeugma (Come to the Dark Side...... We have cookies! (Made from the finest girlscouts!))

41 posted on 04/30/2005 9:09:53 AM PDT by zeugma (Come to the Dark Side...... We have cookies! (Made from the finest girlscouts!))
[ Post Reply | Private Reply | To 3 | View Replies]

To: UseYourHead

I am running a p3 733mhz with 512mb ram with win xp pro sp2 and no problems at all, matter of fact I cant remember the last time my computer crashed or a program froze and I let it run constantly with all kinds of processor chomping apps.


42 posted on 04/30/2005 9:13:07 AM PDT by aft_lizard (This space waiting for a post election epiphany)
[ Post Reply | Private Reply | To 16 | View Replies]

To: zeugma

Here is a story about the architecture's part in these exploits between wintel and Mac/*NIX. http://www.cio-today.com/story.xhtml?story_title=Apple_Mythology_and_Desktop_Security&story_id=33272


43 posted on 04/30/2005 9:21:02 AM PDT by SengirV
[ Post Reply | Private Reply | To 41 | View Replies]

To: zeugma
Having smaller market share does not protect one from being attacked.

No, it also helps that the people creating the virus are doing it because they hate MS and specifically target them because they have an agenda ... to prove how bad the product is and how superior their OS of choice is.

I've seen several times where they arrest the perpetrator and they say they did it specifically to point out the flaw.  Kind of like shooting someone to prove they bleed.

I know of one person, a Linux devotee, who claims he spends a lot of time purposely attacking MS systems because people stupid enough to use MS deserve it.

44 posted on 04/30/2005 9:31:37 AM PDT by softwarecreator (Facts are to liberals as holy water is to vampires)
[ Post Reply | Private Reply | To 41 | View Replies]

To: UseYourHead
It's too annoying to have to kill FF and Thunderbird several times a day.

Do you view a lot of PDF files? The only times I've run into problems with Firefox has been with opening large PDF files. I haven't seen the problem since downloading the latest version.

45 posted on 04/30/2005 10:23:13 AM PDT by PAR35
[ Post Reply | Private Reply | To 16 | View Replies]

To: softwarecreator
sorry fella, but I'll have to disagree here too. A large proportion of the virus/worm attacks these days is fueled by the unholy alliance between criminal elements and spammers (I generally consider them to be one and the same). There are huge bot-nets of zombies being 'rented' out to spammers these days, and it would appear that much of this activity is at least moderately organized.

The reasons Microsoft products are attacked so frequently is multi-faceted. First, and formost IMO, is that most windows boxes are the low-hanging fruit of the internet. The tight integration between the browser, ActiveX, and the operating system combined with defects in all three components are the enablers that allow the boxes to be 'owned' so easily.

Second, and this ranks pretty high up there as well, is that the vast majority of windows users are completely computer illiterate. For many of these users, if a file they created doesn't exist on their 'desktop' or in the 'my documents' directory, the file is lost to the user for all practical purposes because they have no idea how to find a file that might have been misfiled for some reason. I see this all the time, and it's extremely frustrating to me, as a long-time nerd. People generally have no desire to learn anything about directory structures and methods of how to organize their data even though it would make their life much easier in the long run with just a little bit of initial effort on their part. I imagine that serious automobile mechanics feel the same thing about most car owners for similar reasons.

Third, the security model under Windows is, for the most part almost non-existant. The vast majority of users out there login as an administrative user because they don't know any better, and because of the extremely poor design decisions the writers of some software have made that require it.

On a side note, I had a disussion with a fellow I work with the other day that touched on exactly this issue. Something that came to mind was the warning you see if you are using Linux and run a program called "xcdroast", which is for writing CDs/DVDs. If you start the program while running as the 'root' user, it presents you with an annoying initial dialog box (that can't be disabled), telling you how incredibly stupid (they actually use the word) it is to run the program as root. They give you the option to continue as root but recommend most strongly against it. Our discussion expanded from that, as I'd like to see Linux window managers say exactly the same thing if you login as root, or execute any program as root, so as to remind the user that usernames exist for a reason. From what I understand, the folks at Apple take that approach a bit further in that there are separate "root" and "administrator" users under OSX that are used to install software. It's a good solution IMO and mitigates greatly the damage that a computer illiterate user can do.

Personally, I'd like to tar and feather the folks who create malicious code, but in today's society, that's not likely to be accepted by most. However, it is the software vendor's responsibility to make sure that stupid and avoidable defects (i.e., buffer overflows), don't exist in their software, so there is a fair amount of responsibility on the vendors. I think Microsoft gets much more of a free pass on such things than they deserve.

46 posted on 04/30/2005 10:39:14 AM PDT by zeugma (Come to the Dark Side...... We have cookies! (Made from the finest girlscouts!))
[ Post Reply | Private Reply | To 44 | View Replies]

To: SengirV
Thanks. That was interesting.
47 posted on 04/30/2005 10:42:46 AM PDT by zeugma (Come to the Dark Side...... We have cookies! (Made from the finest girlscouts!))
[ Post Reply | Private Reply | To 43 | View Replies]

To: martin_fierro

Cute....LOL!


48 posted on 04/30/2005 10:58:47 AM PDT by Ernest_at_the_Beach (This tagline no longer operative....floated away in the flood of 2005 ,)
[ Post Reply | Private Reply | To 4 | View Replies]

To: UseYourHead

I don't have that problem....I have others though!


49 posted on 04/30/2005 10:59:41 AM PDT by Ernest_at_the_Beach (This tagline no longer operative....floated away in the flood of 2005 ,)
[ Post Reply | Private Reply | To 5 | View Replies]

To: UseYourHead

Sounds like a problem with XP!!!


50 posted on 04/30/2005 11:01:37 AM PDT by Ernest_at_the_Beach (This tagline no longer operative....floated away in the flood of 2005 ,)
[ Post Reply | Private Reply | To 16 | View Replies]

To: zeugma
Very good post, you know what you are talking about and don't go off on a tangent.  It's refreshing to read something where the writer has insight, makes good points and yet, doesn't "brow beat".  Thank you.
51 posted on 04/30/2005 11:17:49 AM PDT by softwarecreator (Facts are to liberals as holy water is to vampires)
[ Post Reply | Private Reply | To 46 | View Replies]

To: softwarecreator
Same here. Sometimes this forum gets heated about these things, but that doesn't help things. I can be pretty merciless against some of the more obvious trolls who post only on these topics, and are mr. johnny-one-note. Flamage is a part of the internet whether we like it or not (speaking from ===long=== experience). We might as well enjoy both aspects.

To tell the truth, when I first saw your posts on the tech threads I thought you were an obvious astroturfer, but have seen you elsewhere as well, and you're willing to see things from other points of view, so I try to respond as well as I can. If you do get caught in any of my flamethrower salvos, don't take it personal. Call me on bull**** when you see it, as I'm guilty as guilty of throwing that out as the next guy. I sure as heck don't take things said in cyberspace personally, or I would have abandoned the internet a decade ago. We have a lot to learn, from both people we agree and disagree with.

52 posted on 04/30/2005 12:05:36 PM PDT by zeugma (Come to the Dark Side...... We have cookies! (Made from the finest girlscouts!))
[ Post Reply | Private Reply | To 51 | View Replies]

To: zeugma
and you're willing to see things from other points of view

Thanks.  I think anyone who sees only their point and refuses to acknowledge another's is foolish.  I'm not an expert on anything and know it ... you can only learn by listening.

53 posted on 04/30/2005 12:16:45 PM PDT by softwarecreator (Facts are to liberals as holy water is to vampires)
[ Post Reply | Private Reply | To 52 | View Replies]

To: zeugma
BTW:

Come to the Dark Side...... We have cookies!

No matter how many times I see your tag line, over the last few months or so, it still cracks me up.

54 posted on 04/30/2005 12:19:47 PM PDT by softwarecreator (Facts are to liberals as holy water is to vampires)
[ Post Reply | Private Reply | To 52 | View Replies]

To: r5boston
I just recently started getting pop-ups with Firefox...I never had any until about two weeks ago. Anyone else?

Anyway...it still is 1000 times better than my IE experiences.

55 posted on 04/30/2005 12:23:52 PM PDT by Half Vast Conspiracy (It's the tag line you're upset about, isn’t it?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Half Vast Conspiracy
I just recently started getting pop-ups with Firefox

Yeah, looks like some advertisers have found a way around F-Fox's pop-up blockers.

That's the thing about technology .. you put up a security wall and they find a way around it.

56 posted on 04/30/2005 2:00:46 PM PDT by softwarecreator (Facts are to liberals as holy water is to vampires)
[ Post Reply | Private Reply | To 55 | View Replies]

To: softwarecreator
Come to the Dark Side...... We have cookies!

It's my oldest daughter's creation. I liked it so much it's been my tagline for a while now.

57 posted on 04/30/2005 3:12:28 PM PDT by zeugma (Come to the Dark Side...... We have cookies! (Made from the finest girlscouts!))
[ Post Reply | Private Reply | To 54 | View Replies]

To: MikeinIraq

I never have to reboot any of my machines unless a critical patch really insists - I leave them running 24 hours a day. I really have tried to give FF a chance but it grinds my machine to a halt until I kill it off. Thunderbird is just too annoying to use.


58 posted on 04/30/2005 3:12:47 PM PDT by UseYourHead (Just when I think you've said the stupidest thing ever, you keep talking.)
[ Post Reply | Private Reply | To 20 | View Replies]

To: savedbygrace

I've been running IE and Outlook for years and I've never had a virus or spyware infection.


59 posted on 04/30/2005 3:14:15 PM PDT by UseYourHead (Just when I think you've said the stupidest thing ever, you keep talking.)
[ Post Reply | Private Reply | To 27 | View Replies]

To: frogjerk

Nice try - running 2003 to 2005 just the last 6 months, FF is running about even and will fare worse as the year goes on. 50 million downloads means that FF is now worth the time of those who write malware.

You would think FF was defect free the way it is being trumpeted.


60 posted on 04/30/2005 3:24:13 PM PDT by UseYourHead (Just when I think you've said the stupidest thing ever, you keep talking.)
[ Post Reply | Private Reply | To 37 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-80 ... 101-107 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson