General discussion

Locked

Firefox a threat to security products security?

By jdclyde ·
I have been reading several reviews lately discussing FireFox and security.

The most recent was by Andy Dornan of http://wires.ITarchitect.com, with that article titled "No one ever caught spyware from Firefox".
http://tinyurl.com/b24pp

The main point is it seems to be the security VENDORS that are having an issue here because it has the ability to reduce the NEED for so much of IT's spending on security with not using the intigrated, ActiveX using MicroSoft Internet Explorer.

Do you think we are getting a straight feed on the security and stability of alternative browsers from companies that have a vested interest in you NOT switching to a secure browser?

This conversation is currently closed to new comments.

78 total posts (Page 1 of 8)   01 | 02 | 03 | 04 | 05   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

well we are

by Jaqui In reply to Firefox a threat to secur ...

getting the straight goods from thier point of view.
if we don't use ie they have to find new jobs so it's better if we do use ie.

any pro ms review is suspect as the reviewer is probably making money off us for some product that only runs on windows.

Collapse -

Firefox Spreads Spyware!

by BFilmFan In reply to Firefox a threat to secur ...

Read all about the first spyware to infect the Windows OS VIA Firefox:

http://www.vitalsecurity.org/2005/03/firefox-spyware-infects-ie.html

And this is just the first of MANY to come...

Collapse -

A few notes

by jdclyde In reply to Firefox Spreads Spyware!

First, in the article I sited, he admits that FF will NOT stop every threat out there.

Second, notice the VERSION of FF that was used in "vitalsecurity.org"'s unbiased article. 1.0.1? Would like them to try this on 1.7 that is the current version. (of course, the article was written in March, but how long did it take for a fix, and HAS it been fixed?)

Another question, has SUN fixed their JAVA as that what is the leak here, not the browser?

I walk out with more questions than answers.....

Collapse -

Agreement

by BFilmFan In reply to A few notes

I agree that FireFox can't stop all exploits due to the holes in Microsoft's code.

I just wanted less-experienced tech support folks to realize that they were not safe from exploits just because they are running FireFox.

My answer to being less vulnerable is to run your workstation OS virtualized (I prefer VMWare) and if you get infected, well you just delete that file and replace it with your backup copy.

Collapse -

Even better way to protect YOUR system

by jdclyde In reply to Agreement

use your co-workers for the porn instead of your own! B-)

"and if it gets infected, well you just" use a different co-workers system!

(Hey, you can't expect me to be serious all the way through a discussion, now can you?) ;\

Collapse -

that actually only

by Jaqui In reply to Firefox Spreads Spyware!

proves what I have said before, clientside scripting is a security hole, do not use java, javascript, vbscript or activex, do not have them enabled on your browser at all, ever.

do not put any plugins / addons in to extend the functionality. they all do nothing but create security holes.

Collapse -

They do create security holes but...

by faradhi In reply to that actually only

This is impractical in the business world. Since end users expect flash with substance. There are a lot of web based apps that depend on client side scripting. Many are specific to an industry. I recently worked with a college that had a library management system that had a web front end. Most colleges use the web for registration. In my current position, there are many accounting apps that use web pages to deliver accounting specific content.

In short, while I would love to do away with all active content and return to the days of static web pages. It just is not possible in the current real world.

Collapse -

Finding a balance

by jdclyde In reply to They do create security h ...

it is just poor thinking to have anything connected to a browser that would be able to make changes to your system.

Regardless of what the permissions the user has, IE should always be FORCED to run as a low end user that can only read and write to a temp folder that is cleared ever time the browser is closed.

Why would ANYONE want a browser to have admin rights?

Also, don't trade "ease of use" for functionality and reliablitiy. Anything that allows a virus/trojan/malware to take over your system or your users systems is hurting reliablity.

Poor design and implimentation is no excuse.

The other problem is coders without a clue that make the "For IE only" pages, that have never heard of something called "industry standards".

Collapse -

I agree

by faradhi In reply to Finding a balance

It is Common sense that IE shouldn't be run with admin rights. I do not know why MS makes it possible to make system changes from IE.

Additionally, I cannot stand IE only pages. It is not that hard to write pages that look right through most browsers.

I just do not believe that removing all client side scripting is practical. I would love it. I just cannot do it in the business environment I work in.

Collapse -

re: removing clientside scripting

by Jaqui In reply to I agree

I have to problems by not having clientside scripting on my systems.
If I run across a site that requires it, I just leave and never go back.

Back to Security Forum
78 total posts (Page 1 of 8)   01 | 02 | 03 | 04 | 05   Next

Related Discussions

Related Forums