Homeland Security

[Grasshopper]

clickyDon't know how accurate this is but it gives me a big chuckle...

[Neil P]

CERT says use Mozilla too!While we're on the topic of security, I read an Interesting blog post by Jesse Ruderman of Burning Edge fame.I'll admit, I am one of the users frustrated by the delay when installing extensions (and at the same time one of the users not able to figure out why it was done), but now the solution makes sense.

[Grasshopper]

Heh.I mentioned this to my wife today (who has a 2.4 GHz Sony VAIO with XP Home running IE6) and she asked me what are the alternatives. ..door opens...Allen steps thru...Allen preaches his sermon...Allen converts his wife from the darkside!!!Hallelujah!! Be healed, woman!!!...ahem...'scuse me...uh...So I got Firefox installed on her machine and showed her how to install the themes. She's happy now....hehe.Thing is, if I would have tried to convince her without this bit of information, she would have resisted, saying that IE is just fine.I feel better now.

[Ed_P]

If you read the article it linked to this Yahoo News item which stated " Alternative browsers such as Mozilla or Netscape may not protect users, the agency warned, if those browsers invoke ActiveX control or HTML rendering engines.". You do realize tbird that FireFox is a subset of Mozilla yes?

[Neil P]

If you read the article it linked to this Yahoo News item which stated " Alternative browsers such as Mozilla or Netscape may not protect users, the agency warned, if those browsers invoke ActiveX control or HTML rendering engines.".  You do realize tbird that FireFox is a subset of Mozilla yes?

Wait. "...if those browsers invoke ActiveX control or HTML rendering engines." Am I missing something about how a browser works? Or are they using "HTML rendering engines" to mean something else? What else would a browser do if not to invoke an HTML rendering engine?ActiveX is a different story...Mozilla (and Firefox) do not use ActiveX by default (HOWEVER, I think that Netscape includes it!)

[Ed_P]

What else would a browser do if not to invoke an HTML rendering engine?

Exactly. So to be safe you need to view all pages in plain text mode. No Javascript, no jscript, no Java, no .Net, no graphics. While that may be safe it will sure be a boring web experience.

[Neil P]

But Firefox is more inherently secure. IE allows pretty much anything to install itself, run wild on a system, etc. Not to mention VBScript or ActiveX which are nightmares by themselves. Firefox doesn't allow that kind of thing to happen.Now don't get me wrong, I'm sure Firefox is vulnerable to its own set of attacks, but it has two advantages.1) Users can submit bugs that developers will actually look at, and the whole world can see whats going on (well, most of the time big security flaws are limited access--usually until after they are fixed. But the reporter is still allowed to see whats going on. I think we can all agree its for the best that everyone can't see the exact steps needed to compromise any/all Mozilla browsers...Read all about it here)2) The above statements about VBScript, ActiveX, and not allowing "Browser Helper Objects" which seems to me to be a fancy term for spyware. Malicious XPI's have been attempted in the past, but Mozilla has worked around them (the delay on Extension install helps--and i'm pretty sure that the only way an XPI will even try to install is based on a user's request...never on its own)

[GolfProRM]

Umm... Mozilla and Firefox do NOT use ActiveX... That would be one of those MS proprietary things (it's for this reason that some websites require IE). The vulnerability of IE is a factor mainly because IE is built into the OS much differently than any other browser is. It's practically impossible for a Mozilla user to come across a website that can screw up their system. Moz can't call or activate the "unchecked buffers" that are causing all the problems. This would be the ActiveX vulnerability. That said, each browser is only as safe as the user running it. If you go to spoofed websites (whidh Moz handles better than IE), and enter personal info, there's nothing anybody can do to stop you from being ignorant and giving away your info. A better browser helps, but isn't foolproof. The point is: why take any more risk than you have to? While nothing's perfect, I'd rather use the safer product (especially since it's better anyway).

[Neil P]

The point is:  why take any more risk than you have to?  While nothing's perfect, I'd rather use the safer product (especially since it's better anyway).

That sounds like This blog post by Asa Dotzler

[teacher]

tbirdI love it. I converted my Aunt this week to Firefox and converted hubby a few months ago. He read the article and stopped and asked me about it. It was nice to see it in the newpaper stating that you are better using anything else.Julia :'(

[ibe98765]

In Scot's latest newsletter he discusses the changes coming with WinXP SP2. Seems there are also some changes coming to IE. Which may change the equation for the better...

[wawadave]

helloa quote from slashdot" believe the poster was referring to a company knowing about a severe defect in a product and simply failing to address the issue for a ridiculously extended period of time. "but heres my thought on ieie is a defect period! jmho .