Security

First, in the article I sited, he admits that FF will NOT stop every threat out there.

Second, notice the VERSION of FF that was used in "vitalsecurity.org"'s unbiased article. 1.0.1? Would like them to try this on 1.7 that is the current version. (of course, the article was written in March, but how long did it take for a fix, and HAS it been fixed?)

Another question, has SUN fixed their JAVA as that what is the leak here, not the browser?

I walk out with more questions than answers.....

I agree that FireFox can't stop all exploits due to the holes in Microsoft's code.

I just wanted less-experienced tech support folks to realize that they were not safe from exploits just because they are running FireFox.

My answer to being less vulnerable is to run your workstation OS virtualized (I prefer VMWare) and if you get infected, well you just delete that file and replace it with your backup copy.

use your co-workers for the porn instead of your own! B-)

"and if it gets infected, well you just" use a different co-workers system!

(Hey, you can't expect me to be serious all the way through a discussion, now can you?) ;\

proves what I have said before, clientside scripting is a security hole, do not use java, javascript, vbscript or activex, do not have them enabled on your browser at all, ever.

do not put any plugins / addons in to extend the functionality. they all do nothing but create security holes.

This is impractical in the business world. Since end users expect flash with substance. There are a lot of web based apps that depend on client side scripting. Many are specific to an industry. I recently worked with a college that had a library management system that had a web front end. Most colleges use the web for registration. In my current position, there are many accounting apps that use web pages to deliver accounting specific content.

In short, while I would love to do away with all active content and return to the days of static web pages. It just is not possible in the current real world.

it is just poor thinking to have anything connected to a browser that would be able to make changes to your system.

Regardless of what the permissions the user has, IE should always be FORCED to run as a low end user that can only read and write to a temp folder that is cleared ever time the browser is closed.

Why would ANYONE want a browser to have admin rights?

Also, don't trade "ease of use" for functionality and reliablitiy. Anything that allows a virus/trojan/malware to take over your system or your users systems is hurting reliablity.

Poor design and implimentation is no excuse.

The other problem is coders without a clue that make the "For IE only" pages, that have never heard of something called "industry standards".

It is Common sense that IE shouldn't be run with admin rights. I do not know why MS makes it possible to make system changes from IE.

Additionally, I cannot stand IE only pages. It is not that hard to write pages that look right through most browsers.

I just do not believe that removing all client side scripting is practical. I would love it. I just cannot do it in the business environment I work in.

I have to problems by not having clientside scripting on my systems.
If I run across a site that requires it, I just leave and never go back.