IT Employment·20,059 discussions

Is it worth switching browsers from IE to secure a network?

Locked

The Download.Ject flaw seems to have been the final straw for a few organizations in dealing with Internet Explorer and its many insecurities. New data shows that IE has actually lost some market share over the past month. Even CERT, the cybersecurity organization for the U.S. government, has basically recommended that organizations that want tight security switch from using IE.

Is it really worth the hassle of switching from IE? Has anyone out there already done this yet? What alternative browsers are suitable for a business environment? If you decide to keep IE, what steps can be taken to make it more secure?

Here are some link on this topic:
http://techrepublic.com.com/5100-6264-5259044.html
http://zdnet.com.com/2100-1105_2-5232993.html
http://news.com.com/2100-7355_3-5250697.html

Topic

Why not?

In reply to Is it worth switching browsers from IE to secure a network?

There is no real reason to stay with IE over another browser. Most people use it because it came with Windows. Other browsers such as Opera or Mozilla Firefox offer the same benefits and more, and patch their flaws much more quickly than MS patches IE.

I’ve been using Opera for a few years now and I like it. However, it does cost money. I just downloaded Firefox and intend to use it more often, and it is free. The downside is that certain sites, especially financial sites, are often coded specifically for Internet Explorer and tend to choke on other browsers. This is a matter of getting lots of customers to complain to the financial companies so that the web designers will get off the IE-only bandwagon.

Dump IE for security and piece of mind!

In reply to Why not?

I personally switched to using Netscape 7.0 again and since the switch I found that when I run ad-aware 6.0 and Spybot to get rid of malware I have come up clean, but when I used IE I always got some ‘stuff’ to delete so it must be IE specific and that is why I am ‘dumping’ IE once and for all.

as to banking applications , I worked on a project at Chase a number of years ago and we developed with browser compatability for IE and Netscape.
Opera has the option to identify as IE so that may not be an issue, I have used the ‘free’ version of Opera for a while myself but now prefer Netscape now.
bye bye IE
bye bye spy

Already did

In reply to Why not?

What is the point of staying with IE just because Bill tells you to.Foxfire is working just great.
If IE fixes flaws it not a day till there is something else wrong. If Bill would spend as much time trying make a good program as he does trying to sell new stuff we would be better off.
I am getting tired it
derf

Better Than Firefox and doesnt use IE shell

In reply to Already did

I have tried several browsers. I currently have Firefox, but I have been using Deepnet Explorer as my default since I found it about a week ago. It does not use the IE shell, but does use aspects of IE, and you CAN get Windows updates on it. It has tabbed browsing, autocomplete and autologin, has a page filter that you can edit as u surf to block banner ads(I blocked all banner ads on this site for instance, except Flash). Don’t anybody else use it, tho, cuz I don’t want it to become popular;)

Staying with Firefox

In reply to Better Than Firefox and doesnt use IE shell

I have been using Firefox for Windows and Linux for several months now. After reading about Deepnet, I don’t think I’ll be making the switch to it anytime soom. My biggest dislike about deepnet is P2P file sharing.

I am also switching email to Thunderbird. If anyone knows any security risk here, I’d appreciate hearing about them.

Eric

Foxfire, Thunderbird, Mozilla, Netscape, and IE

In reply to Staying with Firefox

Yes, I agree, Foxfire is great and so is Thunderbird. I use IE for three things only, that is to keep you wife’s Win98se and my WIn2000pro up to date, to do an online security check with symantec, and to check my W3C Accessibility complient HTML code for our blind users who use IE with their JAWS readers. However, since Opera is proprietary, it has been rejected for even testing. My default browser/e-mail client is Mozilla 1.71; Firefox and Thunderbird are still in development and will become Mozilla 2.0 in time. The best thing about Mozilla is that it is open source and cross platform and is by far one of the most popular standards complient of all the browsers (since Netscape amoung others is based on it). Microsoft tends to want to promote their own “inovations” in order to promote Microsoft and tehy tend to downplay the standards as old fashion in order to promote their “inovations”. They are not the only ones who do so, but they are, by far, the worst of the lot, after all, they invented the idea.

Am Currently Using Yahoo

In reply to Staying with Firefox

You may wish to consider using Yahoo as your client. Yahoo stores the email on it’s servers, rather than on the local C drive of one specific machine as any PC-based client does. I find it quite handy to be able to access my email from anywhere I can obtain Internet access.

DeepNet Explorer

In reply to Better Than Firefox and doesnt use IE shell

I just checked out Firefox as well as DeepNet Explorer. I find that Firefox is pretty good but it doesn’t have the tabed feature and in my line of work. I have to keep about 12 different windows open and having more windows open doesn’t help. DeepNet on the other hand is pretty sweet and simple. But I have have one problem with Deepet Explorer, it eats away at your memory with all the caching. That’s a minor problem but other then that I would go with DeepNet Explorer.

No Firefox tabbed browsing? Look again …

In reply to DeepNet Explorer

Tabbed browsing has been a basic feature of Moz/Firefox for years. Use a control/click (or enter) when loading another address or link. That will induce another tab.

In Firefox, adjust this to have the tabbar show even with only 1 site open:
tools | options | advanced | (in the “Browsing” section – UNcheck the “Hide the tab bar when only one site is open”.

Trust millions of us: Firefox has tabbed browsing …

CCoach

Deepnet and ActiveX

In reply to Better Than Firefox and doesnt use IE shell

Does Deepnet utilize ActiveX? Do you get Ad/Spyware with Deepnet? My experience with Firefox does not have Ad/Spyware which I think is due to ActiveX, but not sure. Yes some pages require IE and I simple load IE and go to that page then shut it down once completed with that page, then continue with Firefox. If Deepnet can view those pages without the Ad/Spyware it deserves a long look.

ultimately what major corps & fin institutions will support will reign

In reply to Why not?

I guess in the end it comes down to personal choice, firefox is nice and I’ve used it a little (my 1st experience with it was using it for the euro2004 soccer championship website) but downloading updates and plug-ins still leaves alot to be desired, it’s a much easier process in ie (internet explorer). Also if firefox was the most widely used browser and ie was in firefox’s position, we’d be having the same discussion, as we’d all be downloading patches for firefox or opera on a regular basis. Most of the planet currently uses ie5,5.5 or 6. Even though adoption of firefox & opera is growing, their total usage numbers compared to ie are relatively small. Hackers & virus writers attack the medium that gets used the most, which in this case is windows & ie. If this was a linux world, same problems would exist for them as well. Jumping ship to another platform doesn’t solve the underlying problem which is that there are people out there looking to create security problems by writing viruses, spyware, malware and invent methods of hacking into pc’s, servers, website, etc. The platform being attacked isn’t the problem, even with winxp sp2 and ie’s beefed up security, in a short while, there will be security patches needed again just because someone’s found another way to get in and cause problems. I don’t mind using firefox because of it’s new look but I don’t think you’re going to get worldwide adoption of this new browser (or any other non-ie browser) and even if that happened, don’t look for the security problems to go away – it’s foolish to think that these security issues are that easy to solve – security will always be an issue. Instead of continually knocking MS for their products, try to acknowledge that it’s difficult to keep pace with every new security threat out there and developing patches to secure a platform is difficult work when you have to support several generations of OS’s that use this browsing platform. I’m not a huge fan of Microsoft but at least I’ll admit that security isn’t easy to tackle and at least they’re trying. Just my 0.02 cents, you don’t have to agree, opinions are free.

More than worth it

In reply to Is it worth switching browsers from IE to secure a network?

For most of my browsing, I now use Mozilla Firefox.

The transition is nearly seamless.

The installation wizard can import your existing IE or Netscape favorites / bookmarks.

Firefox is a much smaller download than any other full function web browser. At 4.7MB, it is less than 1/5th the size of IE 6.

I keep IE for 2 reasons:

I have a web form spell check program that does not work in Firefox.

A few websites do not open properly with Firefox.

So yes, make the change.

My only fear is that after enough users change to alternate browsers, the mal-ware writers will start targeting more than IE.

Chas

How to disable IE

In reply to More than worth it

I would consider switching, if I knew how to disable IE for the users in my company that don’t need to access financial sites. I would switch the rest of them in a heartbeat, and disable IE. For the ones that do need financial institution functionality I would make Firefox the default browser, and leave IE for that purpose alone.

Is this possible in NT4, 2Kpro, and XP?

IERadicator

In reply to How to disable IE

There are a few programs that will remove IE from most systems.

One is IEradicator

http://www.litepc.com/xplite.html

Sounds like the free IERadicator is only for Windows 9X, they have software that does allow full customization of W2K and XP.

Here is a thread at annoyances.org on disabling IE on XP systems.

http://www.annoyances.org/exec/forum/winxp/1027961141

Best Wishes,

Chas

Opera

In reply to IERadicator

G’day, I’ve used Opera for years, and its integrated email component downloads from Yahoo for me automatically. My antivirus programme of course automatically screens them as they come as well. Sygate personal firewall is also standard on my XP machine. [The other one uses Opera on Mandrake Linux 10.0.] Then there is Ad-aware, and my ADSL modem/router with VPN. I think disabling IE on the XP machine may be all I need.

Does anyone know whether I can forget the Windows updates at that point?

disabling IE

In reply to IERadicator

I find it much easier to write a dummy proxy address in IE as a way of disabling it.

That way when someone wants to browse with IE, it will simply not be allowed.

IE needed for Windows to run

In reply to How to disable IE

Basically, removing IE from W2K and above will break Windows eg. Windows Update technology needs IE to function period. If web page needs ActiveX to render correctly – IE needed.

Answer :
1) Use alternate browser as default
2) Set IE such that ALL Security Zones except Trusted Site set to “High”. Trusted Site set to “Medium” and then customize various ActiveX and other settings to “prompt” where appropriate. Enter each trusted site into the Sites table as authorized exceptions. Prompts are annoying I know, but what choice do you have for (slightly) better security? See note below.
3) Make sure antivirus, antispyware programs are running and updated.

Even with (2), some exploits still can bypass IE Security settings (giving users false sense of security). That’s why the experts say dump IE! Got that? Be very careful when using IE – run at your own risk – browser hijack, drive-by download, cross domain zone cache mixed up etc…

I believe MS bet on the wrong technology when incorporating ActiveX into IE for general internet use. ActiveX should run in intranet environment, not internet – too much trust with too little customized restriction – that’s the diff between Javascript and ActiveX.

MS better redesign ActiveX and IE right now.

Meanwhile, Good Luck.

IE & Windoze Explorer

In reply to IE needed for Windows to run

Windoze Explorer requires IE to run properly or at all. I’ve had a problem, twice now, when installing the latest patches for IE. The left pane of WE will not display its contents, that is, the directory tree. I had to uninstall the patch or reset the security settings back to default to get WE working again.

I’ve been using Firefox/Firebird/Phoenix & Mozilla for more than 2 & a half years now. Before that I used Netscape. I only use IE for the sites written expressly for it.

It’s sad that some web sites pander to Microsoft & won’t support other browsers. It’s also sad that the judge can’t see or care what Microsoft is really like.

questionable management too!

In reply to IE & Windoze Explorer

>It’s sad that some web sites pander to Microsoft & won’t support other browsers.

Worse yet is the management team that allows R&D to corner the site with MS only architectures and products. POSIX and W3C compliance would have avoided this nightmare long ago, but as the say, “the horse is already out of the barn” :-{

IE Not needed for updates of Windows

In reply to IE needed for Windows to run

IE only needed for AUTOMATIC updates of Windows, however, if you are willing to go to the Microsoft website and download the batch files, unzip them and then click to install, any browser will work. During the old days of the war with Netscape, the Microsoft website was specifically tuned not to respond to any other brouswer but IE, this is no longer true.

IE needed for…

In reply to IE needed for Windows to run

About 5 years ago, I bought 98Lite for my PC at work (I was the Network Mgr.). I used it to uninstall IE, but had to reverse the install because hyper-linking stopped working in every application. Apparently, hyper-linking in W98 is controlled by IE. I don’t know if uninstalling IE in the current OS’s will produce the same effect. If you need hyper-linking (& who doesn’t), be sure you can reverse the IE uninstall.

BTW, I use Firefox for everything other than web sites that bow down to Redmond & have been using it since version 0.4 (I also use Mozilla).

Don’t need to.

In reply to How to disable IE

Just make your alternative browser the default, then remove the IE icon from the desktop. Now, if you need to go to Windows Update, IE will automatically fire up, otherwise you will default to the alternative….

Disable IE (and a lot more!)

In reply to How to disable IE

Try XPlite and 2000lite Professional v1.3 with 2Kpro Windows and XP and you will see a much lighter and safer OS! Disable IE and much more.
Surf to http://www.litepc.com/xplite.html

Another Firefox vote

In reply to More than worth it

Even I tried Firefox (I am a big Windows guy, as many of you know), and I really like it. The Tab feature is, alone, worth any hastle you get with website not displaying properly.
Sure, I keep IE around now for only when a site doesn’t display correctly (our corporate intranet site is run off Lotus Domino, and it doesn’t work well in Firefox), but I’m pretty much cut over to Firefox.
Plus there are kinds of interesting plugins for it. Definately stable enough and robust enough to be tested.

Me too.

In reply to Another Firefox vote

Firefox gets my vote.

I tried Opera for a while, but found it wasn’t always stable, (but no worse than IE) however, so far, Firefox has been absolutely stable, and the usability is so much better than IE, I can’t ever imagine going back. For those of us advancing in years, the ability to increase the font size within the browser is a boon (Ctrl [+] +). As already mentioned, the tabbed environment is so much better than having multiple Windows open and more resource effecient. Perhaps it’s wishful thinking, but I swear its quicker than IE too.

I can’t see any disadvantage compared to IE whatsoever. However, like others here, I maintain IE for those sites still in the dark ages that don’t understand, there is a world outside of Microsoft!

Firefox speed

In reply to Me too.

I find Firefox much slower than IE. It seems to slow my whole system until I unload it. However, the speed issue isn’t bad enought to make me go back to IE.

Firefox beats Explorer

In reply to Firefox speed

Been using Firefox for over a month now and I think it beats IE Explorer hands down. Seems faster and the tabbed browsing is very very handy. T

Speed comments

In reply to Firefox speed

Firefox does take a lot more time to open than IE does.

If Firefox or Mozilla is slowing down your system, you might want to disable the quick load feature.
Or, increase your system resources.
For Windows 9X, install between 128MB and 384MB of RAM.
For W2K and XP, have at least 256MB of RAM.

I do have 1 strange speed issue with Firefox.
On my XP Pro system, image, page, and downloads take several minutes during which time the browser is locked out.
On my W98 system, saves are nearly instantaneous.

I’ve searched through options and configuration settings and just don’t have a clue as to why the 2 systems operate so differently.

Chas

Who knows?

In reply to Speed comments

It’s probably the same reason that my XP Pro laptop takes up to 5 minutes to log on to my school’s Novell network and my old Win98SE desktop can log on in under 30 seconds.

Firefox is faster than IE

In reply to Speed comments

I’ve been using Firefox for a few weeks at work & home. If there are any speed differences, it might be a little faster than IE. I’m guessing that Firefox has less overhead.

Will

Firefox flies

In reply to Firefox speed

Firefox flies on our Win 2000’s

Count me in for Firefox too.

In reply to Another Firefox vote

We have IE as the standard still here at work, but I’m trying to get that to change as well – just takes time with the corporate politics and what not.

At home I’m almost exclusively FireFox and I even got my best friend to switch over to it and she loves it now (of course she pretty much relies on anything I say regarding her computer so that’s not a great challenge).

For whatever silly reason though I have one gaming site that I pay money to for premium content and that site only completely works well with IE, so when that site works just as well in FireFox I will 100% be using it!

Found a spell checker

In reply to More than worth it

For those of you who like to use a spell checker for web forms, I finally found one for Firefox.

http://www.exchangecode.com/spellbound/

Now all I need IE for is the sites that don’t load properly in Firefox.

Chas

Thanks!

In reply to Found a spell checker

Chas, this is a great find!
Let’s see if it works:

“this sentence is typed really fast so I will make mistakes in typing. let’s see what happens”

Wow! It actually worked! Spell checking in a text form! I’m a happy IT guy now!

I’m really hoping that I’m detecting sarcasm

In reply to Thanks!

If not I worry about both of you

Spellchecker

In reply to Found a spell checker

Bless you TheChas, may your tribe increase!!!

Firefox – cross platform browser

In reply to More than worth it

Firefox is my recommendation too because it is available for Windows, Linux and Mac OS X. It looks the same (by default) on all OS and is easily customisable by individual users, the administrator or root.

This will make it difficult for malware to target Firefox and because it doesn’t run ActiveX content eliminates most of the Windows risks as well.

There are numerous “extensions” available for Firefox that include spell checkers, games, configuration options and many more – http://texturizer.net/firefox/extensions/.

Using Favorites in Firefox

In reply to More than worth it

I have tried Mozilla & Firefox. It has imported my IE favorites, but they are a mess. Almost no order what-so-ever. Is there a way to get them mor organized?? More like I had them in IE??

Thanks!

Organise Bookmarks

In reply to Using Favorites in Firefox

Normally importing the bookmarks keeps them in the folders/structure that they were in. However to re-organise your bookmarks simply click on Bookmarks => Manage Bookmarks and you can drag, drop, delete and create folders to your hearts content.

You may also want to click on Tools => Options => Extensions => Get New Extensions and try some of the Bookmark extensions to help you manage your bookmarks.

Have Fun!

Corporate Deployment & ROI

In reply to More than worth it

There doesn’t appear to be any postings addressing what I take to be the question of primary consideration, namely; what are the costs associated with changing browsers in a corporate environment?

It’s not just a matter of individual preferences, browser features or conspiracy paranoia. It’s a matter of testing business critical apps, user training, the associated costs of the learning curve, and deployment feasibility and costs as well as available technical resources (don’t know about others, but we operate with an emaciated skeleton crew).

MS gets the lion’s share of attacks due to the economies of scale. Why would a cracker worth his salt hack an app/OS that’s used by <5% of the world when they can hack an app/OS used by >95% of the world? When that ratio changes (and it will eventually), crackers will turn their attention elsewhere. No app/OS is 100% secure.

We need an honest discussion on the costs and methodology necessary to switch browsers in a corporate environment. Postings of individual preferences and anti-MS rants are unproductive.

Administering Firefox with Active Directory

In reply to Corporate Deployment & ROI

I use Firefox personally, and I wouldn’t go back to IE. I’m interested in the security side.
But IE can be controlled from the Active Directory very easily. Last week I changed the proxy server for IE – just went to the GPO and changed the settings. I’m aware it is possible to do this sort of thing with Firefox, but I haven’t the time to work out how to deploy it. Therefore I’m not rolling out Firefox to everyone.

How about an adm for Firefox, someone?

Updating Firefox

In reply to Administering Firefox with Active Directory

it’s true… Firefox is far better from the point of view of usability, functionality and everything to do with speed.
The only thing it is missing is a methodology of deploying updates and patches, and centralised administration.
As far as I can tell, you cannot set up a “Firefox Update Server” internal to a network, nor can you use group policy to control it.
Apart from the few and far between sites that won’t take anything other than IE, this is the main reason not to switch. Currently, updates are not as important as they are with IE, as it isn’t being exploited as often, but nevertheless, in the future it will be, and Network Administrators need to be able to automate deployment of updates…

Malware writers pick on IE cuz everyone uses it

In reply to Is it worth switching browsers from IE to secure a network?

People can switch browsers to get security but that doesn’t mean the browser they switch to is secure. ALL BROSWERS USE BHOs!{Broswer Helper Objects]. Here’s what Robert Lemos and Paul Festa wrote for Cnet News:
The suggestion to use other browsers also underscores some security researchers’ arguments that software diversity can improve security.

Borrowing a term from agriculture and the fight against pests, software developers and security experts have warned about the hazards of “monoculture.” The term refers to the widespread farming of a single variety, making the entire crop vulnerable to a single pest. Historians pin such disasters as the Irish potato famine on monoculture.

Mozilla acknowledged that much of the value of using its software, or that of Opera, stemmed from the hazards of monoculture rather than any inherent security superiority.

Microsoft’s browser currently dominates the Internet landscape, with more than 95 percent of Web surfers using the browser, according to WebSideStory, a Web analytics firm. Mozilla, on the other hand, makes up 3.5 percent, and Opera accounts for 0.5 percent of all users of the sites monitored by WebSideStory.

“Since there is such a disproportionate use of IE on the Internet right now, it does make it a very high-profile target,” said Chris Hofmann, the Mozilla Foundation’s director of engineering. “That’s what people who are writing exploits are targeting, because that’s where they get the biggest bang for the buck.”

So you MAY switch browsers and feel secure but that security is only because no one uses em. Why bother writing worms and trojans for something no one uses. Just like Targeting Windows. 90% of the world uses Windows. be kinda stupid to write an exploit to scam money for Macs,Linux,Unix and the lot when they have 10% of the world market.

Point noted

In reply to Malware writers pick on IE cuz everyone uses it

Agreed

Wrong

In reply to Malware writers pick on IE cuz everyone uses it

They pick on IE because a) there are so many holes in the security, and b) MicroSloth takes such a long time to fix the holes.

When there was an exploit in FireFox, the code was repaired the same day… now that is service to your customers. I can only feel MicroSloth does not like it’s customers…. 🙂

Point of Clarification

In reply to Wrong

Just to be technically accurate, the flaw was not in Firefox itself, it was in XP. No matter how secure you make a program, it has to use the OS APIs for some things and, therefore, is somewhat vulnerable.

Running Firefox (or any other browser) under ’98 is much, much more secure.

I absolutely despise XP!

Ralph

98???????

In reply to Point of Clarification

98!!! That OS crashes if you sneeze loud enough. Microsoft doesn’t support it any more either.

98 More Secure??

In reply to Point of Clarification

Just what makes you believe that W98 is more secure than XP?

Many of the holes that Microsoft has been patching in XP exist in W98.
Microsoft is not releasing patches for W98 because they do not rate the holes as “critical” in W98.

Now, you might make a case that XP Home is less secure than W98, but not XP Pro.

One key to XP security is setting and enabling (disabling) assorted connection and browser settings.

One of the “big” features of SP 2 is that it is going to set most system settings to secure mode by default.

Chas

Reply To: Is it worth switching browsers from IE to secure a network?

In reply to 98 More Secure??

What will that fix? Know what your IT department is gonna do when this “fix” starts breaking applications? They are going to set those system settings right back where they were so those apps will start working again. IT departments just don’t have the time or manpower to keep fixing things that MS breaks.

98? secure?

In reply to 98 More Secure??

98 is not more secure. I find it play doh! It is true there are fewer ways for people to access them remotely as it was designed as a workstation only (few server functions).Passwords are stored in an easy to find/delete *.pwl files(blanking them out) and without NTFS security you can browse any file on the drive(s)! While it is true XP Home is poor as it leaves raw ports available to the user Pro does not. No matter what OS installed you have to take action to secure these systems. Without continued support from the vendor, patches and updates, you have no way to plug holes.

sidenote: what tech uses AOL???

98?

In reply to 98 More Secure??

HAHAHAHAHAHAHAHAHAH!!!!!!!!!

You’re almost right

In reply to Wrong

MicroSloth doesn’t like its customers. That’s very apparent. What MicroSloth does like is its customers’ money!

You’re almost right

In reply to Wrong

MicroSloth doesn’t like its customers. That’s very apparent. What MicroSloth does like is its customers’ money!

Totally agree

In reply to Malware writers pick on IE cuz everyone uses it

Got to agree with that logic – if you are number 1 – and someone can effect the largest group for the least amount of effort – then you attack number 1..

If Netscape becomes number 1 – then it will be hit – its all a matter of who’s at the top – how many sites can be effected with least amount of effort –

I don’t forgive MS for putting out trash software – when they know they will be hacked… Oh we’ll let the users tell us were the fawls are.. I am sure Netscape would be more secure for a longer time than – M$Trash… but if they become number 1 – then they will be the top target… 🙁

You don’t get it

In reply to Malware writers pick on IE cuz everyone uses it

The reason IE and Windows has so many attacks is because of all the vunerabilities. It is an easy target. Like taking candy from a baby! The sloppy and bad code is easy picking! The fact that the code is only viewed by “biased eyes” propogates the problems.

The fact that many web developers write sites that only work in IE is fueling the M$ conspiracy!

You don’t totally get it

In reply to You don’t get it

There are two reasons why IE is attacked so much. One reason is clear, the amount of security holes in the application itself and the fact that MS is not quick enough to fix them.

However, there is a very valid point that IE is attacked because of its popularity. If any other program becomes as popular and widely used as IE, hackers will find ways into them. Just becuase a different web browser other than IE is being used, will not making hacking and viruses go away.

Not totally correct.

In reply to You don’t totally get it

The argument that IE is targetted so much because it is the leading browser, is not a valid argument; at least not any more. If that is the case why wasn’t Netscape a target when it was the browser leader. I rarely had to deal with Netscape security issues when it was the industry leader. Second, how many years must it take for IE to get its act straight since it was claimed the winner of the browser wars 2-3 years ago. This is a typical action by MS when it “wins” a battle, it moves onto another battle and leaves the first product pretty static. There has been little innovation in IE for at least 3 years – another good argument for why monopolies are not good for the customers/competitors. How many companies/users have been impacted by the cost of constantly updating IE for security violations. When MS wins a battle it is usually at the users cost in the end.

Mozilla, Firefox, Safari, and other small browser vendors make security a priority; that is why you see fewer security violations with those products; NOT, because they have a smaller market share. Second, they quickly fix any new threats unlike MS which fixes them whenever they please (if at all).

Frank Cicchetto

how attacks happen to browsers

In reply to You don’t totally get it

Malware writers don’t attack browsers: they attack vulnerabilities.

They attack the most common vulnerabilities most often, which means that the more commonly used a browser is the more available its vulnerabilities are to attack. That also means that vulnerabilities that exist in multiple browsers will get attacked more often than those that exist in only one browser.

They also attack big, easy vulnerabilities that provide lots of easy access to the system more often that piddly little vulnerabilities that hardly allow anything untoward to happen. Because of the way IE is integrated with the OS and provides multiple direct paths to the most basic functions of Windows (ActiveX is a major culprit there), IE is and (as long as it has that vulnerability and no similar vulnerabilities exist in other browsers) will continue to be the biggest, most favored target for malware writers on the World Wide Web, regardless of whether it’s the most popular browser.

So, yeah, popularity of a browser has an effect. If the browser wasn’t popular enough, it wouldn’t be worth attacking ? but that’s where popularity’s effects on commonality of attacks ends. Firefox, Mozilla, and Netscape all use the Gecko engine, which makes them tempting targets because they all share certain vulnerabilities (until identified and addressed), and each of them individually is popular enough to warrant being targeted for attacks, and yet they don’t receive the same volume of attacks that IE gets.

IE attracts thousands more attacks than it would otherwise because of the prevalence, ease of access, and severity of its security holes. There are truly egregious security holes in the IE style of web browser design that nobody else has any interest in designing into a browser, and if IE disappeared today and was replaced by Firefox there would be a sharp drop-off in browser-targeted attacks on the Web that would never fully recover. The main reason for that is that Firefox is a more difficult target for writers of malware, and there are other vulnerabilities in any Windows system than Firefox that are much more tempting targets than a non-IE browser ? due to ease of access and severity.

IE Easy to hack

In reply to Malware writers pick on IE cuz everyone uses it

IE is by far the easiest to hack, that is why it is hacked!

You hit the nail on head!

In reply to Malware writers pick on IE cuz everyone uses it

I agree with you 100%. I could not have said any better.

Partially

In reply to Malware writers pick on IE cuz everyone uses it

While I agree that IE is a target because it’s market dominance helps mal-ware to spread, don’t discount the fact that the hacker community holds a very large grudge against Microsoft.

The more havoc that a worm or hack creates for Microsoft, the more respect a hacker earns among the other anti-Microsoft hackers.

Chas

Diversify

In reply to Is it worth switching browsers from IE to secure a network?

You probably do not really have to ‘dump’ IE. Retain IE for use on sites (Such as Microsoft Updates Service) that will only accept IE. Set a secondary browser as default and set Firewall to prevent IE from accessing the Internet without permission (Zone Alarm does a good job of this). If you cannot access a site, just copy and paste the address to IE and just use it for that one session only.

My personal druthers lead me away from Netscape since it’s affair with AOL – which may be ok for family use, but IMHO, not for serious business.

Mozilla is an excellent choice. You don’t have to install the Mail client, Chat or Composer if you don’t need it. It’s tabbed browsing function is an EXTREMELY POWERFUL AND EFFICIENT TOOL. Once set up and familiarized, you will wonder why you ever bothered with IE.

The only inconvenience with using a multi browser environment that I have found is the lack of universal native ability to share the same bookmark source. I have heard that there are some programs available that will do this. My personal solution was to copy and paste Favorites and Bookmarks to a Word document, edit same to my liking, and then save it as an HTML document. I then put a link to this document at the top of the Favorites / Bookmarks of all of my in-use browsers. Additions to my bookmark list are made by addition to the HTML file. Slightly more work, but a lot more efficient.

Currently using, in order of preference:

Mozilla
Firefox
Flash Point
Netscape
IE

….and I know that there are other good ones out there, but you’ve got to stop somewhere….

Happy Browsing

Managing bookmarks / favorites across multiple browsers

In reply to Diversify

I use an excellent tool called Powermarks (http://www.kaylon.com/power.html) to manage my 2300+ bookmarks across multiple browsers (and machines via net sync). I also can type in a keyword or two and quickly pull up relevant bookmarks, rather than have to manage a hierarchical structure. It’s the first tool I install on a new machine. Check it out!

Another good browser

In reply to Is it worth switching browsers from IE to secure a network?

In the last few months that MS has been going through the wringer with IE and all the flaws seems to be coming home to roost in a big way. I have never used IE in the past except for the MS updates. I have tried alot of other browsers and like the Mozillia Firefox and Thunderbird mail,Opera IMHO is not that good. Another browser thatI have come across that works very well with alot of features of both worlds is Enigma, an advanced browser can customize to your hearts content, Tabbed browsing, security rich, and best of all Free. Can be found at http://www.suttondesigns.com I have not seen any comments in other groups for this browser so though I would start one.

Enigma is IE

In reply to Another good browser

Yes I have been using Enigma too, when forced to access pages not rendered by Firefox or Opera, but you should note from the home page that the system requirements include at least version 4 of IE installed. If I understand it correctly then this and many other enhanced Windows browsers are just pretty shells for IE with features tacked on. Some have improved privacy features but I assume the underlying vulnerabilities are still present.

Cheers
PD

IE browser in drag

In reply to Another good browser

This browser is IE with all it’s holes. So is the “yahoo browser” posted about earlier in this thread. If you don’t like IE, why use a garbage browser that is just a faceplate for the one you don’t like?

Corporate Deployment

In reply to Is it worth switching browsers from IE to secure a network?

Does anyone have a good resource list for deploying Firefox in a corporate environment (eg Win2K domain)?

I am looking to make the change in our office (110 users) and would appreciate any advice, web resources etc.

Deploying Firefox in a Win2k domain

In reply to Corporate Deployment

I’ve looked for this as well, and there doesn’t seem to be an .msi available right now. However, there are .xpi files that are supposedly able to run install scripts for firefox. I haven’t pursued this too far yet, but I’m hoping there’s a deployment guide by the time version 1.0 rolls around.

Address Toolbar problems with Firefox?

In reply to Corporate Deployment

I am experimenting with Firefox as an alternative for IE. One feature of windows I enjoy using is the Address toolbar (systray toolbar). However, I have noticed, with Firefox as my default browser, that everytime I try to launch a URL from the toolbar two instances of Firefox open to that page. Has anyone else had this problem? Any solutions?

address bar

In reply to Address Toolbar problems with Firefox?

We have used this for about 4 months and have not experienced your problem. I am sure if my husband had experienced this I would have heard about it. I know I have not. bb

A matter of supply and demand…

In reply to Is it worth switching browsers from IE to secure a network?

IE (and any derivative) will be targeted by the sickos for as long as it is the product of choice simply because they (the sickos) can inconvenience much more people. If we switch, and enough do, their target will change accordingly. What is needed is tighter laws and more severe punishment for those that are caught causing mallicious damage. We (a royal one!) should get more involved in hunting the sickos down and bringing them to justice!

Easy Target

In reply to A matter of supply and demand…

It is a matter of IE and M$ being such an easy target.

What is an “Easy Target”

In reply to Easy Target

With open source software like Mozilla the source code is out there for anyone in the world to read and exploit. No reverse engineering, etc. is required. What could be easier than that? Yet Mozilla and the other browsers have not been targeted like Internet Exploiter.

True the saturation of m$ products means more people are affected when someone exploits yet another vulnerability found in IE.

I have been using Mozilla for years now along with a good firewall and although I don’t feel 100% safe on the internet, I do feel 99.9% safe from exploits of m$ apps. For sites that exclude other browsers except IE… I ignore ’em. There is almost always a simple workaround to get the same info. And, the more that happens the more those sites will get the message and convert to the www standards as it should be.

When I’m building web pages, again Mozilla includes a Composer so I can start with a standards complient page that can be viewed by more regardless of browser.

I have prevented a lot of headaches over the past years by ditching m$. And yes, Windows runs pretty darn good without IE.

ROI? Do you know what the cost has been in trying to keep up with all the service packs and patches and worrying when the next is gonna come out to fix the latest exploit? That will all but be eliminated if you “standardize” on other better products even if they don’t all come from the same company. And because they are not all from the same company security will improve since one exploit is even less likely to affect most of your software.

M$ and Bill Grates has been great at marketing vaporware and selling a dream… but has a terrible track record at delivering. Unless you own stock in m$. LOL M$ is not the only game in town. There are other and oft times better alternatives out here besides m$.

Why Switch

In reply to Is it worth switching browsers from IE to secure a network?

Does anyone really think that because you switch to Mozilla or Enigma or whatever that you will no longer need to worry about browser insecurities? CERT needs a reality check…Do they have a browser that is 100% secure and they will pay the damages in the event you get hacked. I would think not….Why would someone worry about hacking a browser that hardly anyone uses. Whatever browser you decide to go with and enough people adopt it as their browser of choice, it will be hacked as well.

Matter of time for bigger egos

In reply to Why Switch

You can bet that there will be some hackers that are or will change over to the “less used” browsers. If for no other reason than the challenge. These hackers have their own world and “know” each other as to who is the best. Challenges is what it’s really all about to hackers.

Why isn’t MS Proactive?

In reply to Matter of time for bigger egos

I’ve often wondered, with all the spare cash MicroSoft has, why it can’t employ a corps of “white hat” hackers, moles, private investigators, machete weilding enforcers and so forth to take care of the “busy hands” in the hack community?

Not my experience

In reply to Why Switch

In our organization we have used Netscape before IE or Outlook existed. We haven’t had a reason to change, and have never had a security breach via browser or email client. To my recollection there has only been one publicized security flaw that effected Netscape and that was several years ago. The main problem with Microsoft products are that they were built with programability (ActiveX) in mind, and not security. Now Microsoft has to go back and patch things up, which is a very difficult task as illustrated by the never ending series of security updates they release. What they really need to do is build a browser and email client from scratch with security in mind. Since, that solution would likely break existing functionality I don’t see that happening.

Reply To: Is it worth switching browsers from IE to secure a network?

In reply to Is it worth switching browsers from IE to secure a network?

I wouldn’t allow IE on the network if I had a choice.

There is no reason for it, and if you have tinkered with some of the exploits and watched them work, you’d be convinced of that yourself…

Mrafrohead

True choice and corporate reality

In reply to Reply To: Is it worth switching browsers from IE to secure a network?

I’ve personally switched to Opera and Firefox (both, variously), though am a ‘corporate’ entity of all of… one (a sole proprietor, so not even truly corporate – just borrowing the term to illustrate point). I still have IE stashed in the background for occasional need and DO keep up my windows updates manually and will: IE isn’t the only security loophole on Windoze.

However, I’ve encouraged and gotten some of my clients and colleagues to switch to either Opera or Firefox, but keeping IE for backup needs as described. But, one of my busiest and more experienced colleagues, a network admin of 150 or so over 4 buildings for a small Oregon municipality said while she’d dearly love to switch, she has neither a) the time, b) the staff, nor c) the resources to pursue such options, in light of the fact that some of their billing and tracking software (wtih MS SQL Server databases behind) *require* MS IE to run on the front. (Sorry, I can’t remember the actual app, or would name it).

So, while you may have a choice, and she really does too to some extent, the practical reality is she doesn’t really, not while keeping a small WAN running on a skeleton staff and inherited proprietary software. (Try delaying utility billing or any other municipal record keeping for a day – you won’t just hear from users;). Boy do I feel better about my company size and reach now. (So easy to manage my one ‘user’;).

Ultimately I do recommend switching to almost anything but IE where practicable, which may depend on several factors for different companies (resources, apps that need to retain IE, number of workstations/users, clientele, etc.) And I found a free version of Opera, you just have to deal with small ads which can be text only at the top vs banners (another choice). And, there will undoubtedly be more options over time. Key is: manageability, when you have many other things to do.

Jan

Use exploits to your advantage

In reply to Is it worth switching browsers from IE to secure a network?

Yes. IE is very unsecure and requires some additional work on the part of network engineers to ensure security of their network. There are many tools available to asssist with this.

I prefer using IE, not in spite of the exploits but because of them. They allow me disallow certain functions I do not want my users to have.
I also have better control over my users who use IE as I can prevent and control most IE browser functions.

IE may be a hinderance, but a well-managed network will allow you to use the exploits to your advantage.

Absolutely

In reply to Is it worth switching browsers from IE to secure a network?

After dealing with increasing amounts of adware and spyware I decided to try Firefox on the recommendation of a friend. The problems stopped immediately.

I’ve done it.

In reply to Is it worth switching browsers from IE to secure a network?

Done it. Switched to using both Opera and Firefox. Some web sites do not display properly and I am forced to use IE on those sites. Cisco GUI’s also do not represent properly (CallManager 3.2 doesn’t work at all, TACACS can be buggy). Displaying the Windows Media player in web pages also does not work in Opera and Mozilla (go figure :P). I have also noticed that some ASP pages also do not work properly.

Overall, I am glad that I have switched, especially the tabbed browsing that Firefox and Opera do “out-of-the-box”, whereas there is a plug-in that you can download to get IE to do the same.

Yes – very much so

In reply to Is it worth switching browsers from IE to secure a network?

For security alone it is worth switching from MSIE, but you have so many choices where you get better features as well. And I would recommend doing the same with Outlook Express.

Some months back I switched to Avant browser and have recommended it to clients as it provides better security, easier maintenance, easier blocking of pop-ups etc (right there on the toolbar), and is free. What appeals to most is that it uses less resources, automatically imports the MSIE settings and has the same feel as MSIE (based on MSIE) so staff already know how to use it. http://www.avantbrowser.com

Also recommend that they switch to Foxmail for better security, easier management of spam etc at the desktop, less resources and other useful features. Again it is a freebie from http://www.foxmail.com.cn

Interesting how the free software people can build better products than the expensive highly paid people at MS.

Curious!

In reply to Yes – very much so

Never seen the browser that you mentioned but am curious to know if this would be a good home use for the family, (thank god I have a seperate comp for myself).

I think it is

In reply to Curious!

Avant is based on MSIE and does use much of the MSIE program and code, but uses much less resources and has tabbed features. I have recommended it to many people and all have started using it and say that they found it easy to use. The only complaint was that some are used to closing a window by the X box in the top right hand window. The default setting for this is to minimise the browser to the SysTray and leave it open instead of total closure, handy if you only meant to cloe the opened tab window and not the browser. The tool bar includes icons to block pop-ups, flash, and pictures. Extra, but easy to use, tools options in extra ‘Tools’ setting. The web site http://www.avantbrowser.com has screen pics and a good write up. I have not tried to rpove everything they say about it, but what I have tried has proven true.

One friend, and old lady who has trouble using computers, switched over without realising it. Thinks it is an MSIE upgrade, I snuck it in as I got fed up with her somplaints re the faulty behaviour and the systme needing checking (pop-ups bugging her and she does not understand them).

Someone else has told me Avant is similar to ‘Crazy Browser’ which they use, I have not seen Crazy.

IE SWITCHING

In reply to Is it worth switching browsers from IE to secure a network?

HI IM CLNRGR IHAVE TRY SWITCHING THE IE TO ,
MOZILLA ( FIRE FOX ) . LET ME TELL YOU THAT NOT
THE THING TO DO ,TO HAVE FIRE FOX AS A DEFAULT
WEB BROWSERS, ITS OK FOR # 2 BROWSERS.
I DELETE THE FIRE FOX AND HAD MY IE RESTALING.
ITS CHG ALL MY IE SETLING FOR MY IE ,IWLL STAY
WITH IE, IE , IE THANK YOU CLNRGR
CLNRGR42@GHG.NET

BIG decision

In reply to Is it worth switching browsers from IE to secure a network?

yea foxfire looks and sounds nice but what about home use? can I teach my comp Illiterate woman and kids to use it? Lord knows I’m sick of my home system malfuntions from this IE flaw crap. and where can I get it?

Not so big

In reply to BIG decision

Firefox is a browser. What’s to teach? Type in a URL and it displays the page. There is more setup required since you’ll probably need to install Java and Flash if you want those to work. Once it’s installed, it works like any other browser. The integrated search is nice, also.

I’ve switched my mother to it and Thunderbird, and she hardly notices the difference.

http://www.mozilla.org/products/firefox/
http://www.mozilla.org/products/thunderbird/

No more Spyware!

In reply to BIG decision

I’ve been using Firefox for about two weeks now, and have been so impressed, I’ve also switched to Thunderbird for my e-mail.

IE and OE are redundant!

It’s true to say, there are a few sites that will not display correctly on Firefox, so I keep IE just for that purpose, and a plug-in in Firefox, allows you to display a site in IE if necessary, at the click of a button!

What has been a real eye opener, is Spy-ware has become non-existent. Although I still run Spybot and Ad-Aware as a matter of course, they no longer find anything at all, unless I’ve used IE.

Without a doubt to my mind, Firefox is head and shoulders better than IE in almost every respect. If I were you, I wouldn’t hesitate any longer – Go for it!

skin that pup

In reply to BIG decision

There are skins available for Mozilla and maybe also for Firefox that makes it look so similar to IE that some just think they got an “upgrade”. And, well, it is an upgrade from IE!

Firefox & Netscape

In reply to Is it worth switching browsers from IE to secure a network?

When a computer has spyware, trojan problems then I clean it up, hide internet explorer and use either Firefox or Netscape as the browser depending if it is business or home use.

Personally I have one of each browser on my 3 computers. Netscape is my favorite design and IE has the least plug-in hassles. To me it depends on the user’s need and sophistication. You can make IE safe but it requires a lot of overhead. It is not the best browser but is ubiquitously compatible. Personally, I like having choices.

Absolutely!

In reply to Is it worth switching browsers from IE to secure a network?

It’s time for the die hard faithful to give up the notion that MS can ever secure it’s OS or it’s Browser. We are well over a year into the MS security initiative and the most prominent outcome of that initiave is not that MS is more secure, but, rather, the erroneous claim that MS is no less secure than Linux, which is patently absurd. To continue the pretence that a secure MS box is just around the corner is nothing more or less than an act of Faith.

Try Deepnet Explorer

In reply to Absolutely!

If you use IE to go to the sites that wont display on Firefox or the other non-IE shell browsers(like Windows Update), isn’t it like wearing a raincoat everyday but Tuesday?
Deepnet explorer was recently released…check it out at http://deepnetexplorer.com/support.asp

P2P on Deepnet Explorer …

In reply to Try Deepnet Explorer

My first glance opinion on Deepnet is that the built-in P2P feature could wreak havoc on a network. Gnutella – based doesn’t mean anything of benefit to me.
Again – my first impression is to keep this browser forhome use only – if that. I’l have to giveFirefox a real looking into.

P2P on Deepnet

In reply to P2P on Deepnet Explorer …

Actually the P2P browser is a separate browser, as is the news reader…you can choose not to install those browsers, and you also have the option of toggling off the P2P and News Readers.

IE, your days are number!!!

In reply to Is it worth switching browsers from IE to secure a network?

Come on, We’ve been taking so much crab from IE and its makers (MS) and its gat to stop. But as we all know you can’t seperate IE form windows, hence most people are forced to you use. Unfortuantely a lot of people do not know the existence of other browser that aremuch more secured and can perform much better than IE

Before switching to firefox, I was faced with a lot pop ups and other B.S. the only problem now is some site’s are built purposely to work on IE and dont really work well on firefox or other non IE browsers. but it hasnt stopped me from using firefox or mozilla and i would say 98.5% of the sites I visit work perfectly. Its so smooth and fast. The tab feature is a really a good thing and the best thing is patches are released so quickly its just so amazing. unlike IE…. NO COMMENT.

IE, your days are numbered!!!

In reply to Is it worth switching browsers from IE to secure a network?

Come on, We’ve been taking so much crab from IE and its makers (MS) and its gat to stop. But as we all know you can’t seperate IE form windows, hence most people are forced to you use. Unfortuantely a lot of people do not know the existence of other browser that aremuch more secured and can perform much better than IE

Before switching to firefox, I was faced with a lot pop ups and other B.S. the only problem now is some site’s are built purposely to work on IE and dont really work well on firefox or other non IE browsers. but it hasnt stopped me from using firefox or mozilla and i would say 98.5% of the sites I visit work perfectly. Its so smooth and fast. The tab feature is a really a good thing and the best thing is patches are released so quickly its just so amazing. unlike IE…. NO COMMENT.

I wish you all luck…

In reply to IE, your days are numbered!!!

Unfortunately, switching our network to something that has known issues as I have read with Firefox would not be an option for us.

Our network users could care less about the security, they just want their pages to come up when they surf!!!

Does anyone have the answer? Is there a browser that is more secure than IE AND works?

Known issues…

In reply to I wish you all luck…

Yes there are “known issues” with Firefox and the Mozilla browser and that is good. We can all read about them and read about what developers are doing about them.

It’s the unknown issues with IE and m$ apps and the exploits that come along one after the other that more people should be concerned with. When it comes to “known issues” with IE first there’s denial, then when it can’t be ignored there’s “We’ll fix it soon, er, when we get a round-tuit.” When it comes to a sense of safety that is scarey.

It is worth switching browsers for security alone.

Mozilla’s FireFox

In reply to Is it worth switching browsers from IE to secure a network?

I am a County-wide Tech for a school system and we’ve always preferred Mozilla over IE…this latest lack of security is no surprise to us. Firefox v0.9.2 works great!! It has popup blocking, it’s clean…just a great browser all around. With so many computers, and so few techs, we need things to run as smoothly as possible and switching to Firefox just made sense for us.

Use no default browser, use all, some sucess

In reply to Is it worth switching browsers from IE to secure a network?

First, satifying business needs is one thing, but I project that at the least have LAN, WLAN, and WAN that accepts all browsers (Mozilla, IE, IEaol,Netscape) for many systems (OS 10x, XP, Linux).

Sucess? Imac dvd to airport extreme works to hp Laptop ze4560us, and pc systen, 1996 pc with upgraded eprom bios, to Dlink: pci, wireless router, and 2100ap. Not sure his dlink stuff works, but airport with apple airport extreme software, after almost biweeky upgrades, does work, but, …

At local public Arcadia (mich) Library, hp laptop does configure with gateawat AP wireless, and this configuation does work at home.So I can most all here starting at library wireless first, then they can call me or e-mail me for help.

So, I try out at library, take home, and now hp laptop works with library laptop.This has gone on for a month with progress.

Some procedural knowledge and understanding is required: the xp lower right double monitor for wireless airport, right, set properties, must be set to no security, and then it works through aol and mozilla, we’re working on linux. Mozilla does work sometimes better than net 7.1 each computer is individual,so this is confusing, not real statement to make.

As first time users may try this, some do some don’t, depends upon “figer liking good” brain/finger skills, but most can do if they spend the time and are not pressured, so that is why any business should consider installing “training wheels” stations.

Interesting differences: pc Gates donated xp desk tops will print out text, not graphics, have yet to get airport to print. So I save to aol, then go to library window Gate’s (guilt donation) machine, and can print text.

Aol ie with betas is ok, but in development and upgraded fequently, as d-link, apple, windows,….

Others who have laptops for wifi report they pick up on road local wlans. But goal of being browser independent needs further trial and error and both firmware/software upgrade continually done.

Rural, here in arcadia, have only IP through phone line, one Charter cable,and one DSL to library. That is township had not WAN, so apple airport extreme (50 users) with it’s modem connection acts as a “virtual” WAN, and this connecter I connect to LAN on dlink d-link 620 wireless router. This must work to some extent, but I cannot report such as real.

For me it fun, emperical, but for business, the “pressure” of the bottom line may not make it do-able, but I’d argue to “top downers”, that we “bottom uppers” need to do this, beside, the employees can use this at home, anywhere, so employee’s can be out with customers anywhere wireless is available, satilite on top of Sears Truck, laptop in home (we got a new refrig recently), and so forth.

Good luck with hands on both lap tops.

NetScape 7 has protected me!

In reply to Is it worth switching browsers from IE to secure a network?

I’ve been using NetScape almost exclusively for the past 8 years. I rarely get viruses for my A/V software to clean up, and pop-ups & spy-ware are just as rare. I do on-line banking with 3 different banks and 2 credit unions. No problems with NetScape. I do get some border and scrolling nuisances when I am on Microsoft’s sight looking up error messages for my customer’s Internet Explorer problems. Go figure.

Core of Netscape is Mozilla

In reply to NetScape 7 has protected me!

The core code of Netscape 7 is Mozilla.

I think it is version 1.4 or before.

Mozilla is now at version 1.7.1 and 1.8 Beta testing.

Chas

This is a question that need to be answered?

In reply to Is it worth switching browsers from IE to secure a network?

Allowing IE onto the internet is about as safe
as a week-long binge of unprotected sex in a
Bangkok whorehouse. The question that SHOuLD be
asked is “Should you allow Microsoft Crapware in
a business environment?”.

what about ActiveX

In reply to Is it worth switching browsers from IE to secure a network?

I have clients that use web based applications that only seem to work in IE.

What do I do? They are in asp and I believe activeX.

Charles
chagen@execpc.com

Try Qwik-Fix

In reply to what about ActiveX

If your forced to use IE because some vendors can’t use anything other then Micro$oft development tools I would suggest installing Qwik-Fix to help secure IE. You will also want to invest some time in setting up security zones (although there are exploits for this too). You might also drop the vendor a line and ask them to code for “standard compliant” browsers (insert veiled threat to switch to their competitor if they don’t).

White Paper on Qwik-Fix
http://www.pivx.com/qwikfix/whitepapers/QwikFixProWhitepaper071304.pdf

Download here
http://www.pivx.com/qwikfix/index.html

I have an IE user that seems to click YES to everything she sees (no amount of (L)user training has helped, I think on the 10th visit I’ll bring a Taser) and this has helped immensely (well… so far, so good).

RedWolf
Future inductee to the BOFH Hall of Fame

FF 0.9.2 and IE View 0.8

In reply to what about ActiveX

Check out the extension IE View 0.8. It will let you right-click on the offending page and jumpt to IE. http://ieview.mozdev.org/

Yes, and it works well, but…..

In reply to FF 0.9.2 and IE View 0.8

your back to all the security issues your trying to overcome by switching browsers.

Use IE View Only on Safe Sites

In reply to Yes, and it works well, but…..

Very true. The thing is, only use IEV on “safe” sites, like a brand-name store. If it’s someone’s personal site and s/he insists I use IE, it’s like, “You’re kidding me, right???”

Agency standard has always been Netscape

In reply to Is it worth switching browsers from IE to secure a network?

Our Agency standard has always been Netscape and it has proven to be a wise choice. The primary reason has been calendaring but cost to switch to Microsoft Exchange and Outlook are a big factor. We do use IE for software updates of course but only going to the Microsoft site minimizes problems.

Been there done that

In reply to Is it worth switching browsers from IE to secure a network?

I been a life long user of Netscape / Mozilla. I am in the process of switching the whole company over to Firefox. I got the President on board within 24 hours just by having him use it once. I have found that once someone uses it they instantly become a supporter. No popups no hijacks no crapware. No more spending hours cleaning up workstations after someone fills their workstation with spyware. AAAhh life is good.

No one is safe from spyware

In reply to Been there done that

Unfortunately, it will only be a matter of time before spyware, malware is written for Firefox or whatever the flavor of the month will be.

Virus-writers (spyware, malware, etc. included) write to affect the most amount of people as possible. Why write malware for Firefox right now when you can affect 90% of web-surfers by writing for IE?

I don’t want to be a doomsayer, but it will happen.

I do like Firefox better, though – I tend to gravitate towards using it over IE. There are some minor things I’d like changed (prompt for file save location, open new window at same URL, etc.) – but for the most part, it’s a very cool program.

True Enough But

In reply to No one is safe from spyware

It’s good enough for now. After all no answer to security is forever. It’s only as good as your diligence and the will and skill of the next bored hacker. But with significantly fewer holes to crawl through, or hook on to, it’s good for the foreseeable future. Just having no popups for the users to accidentally or ignorantly click on, installing who knows what is 90% of the battle for me.

Does OWA run on Firefox?

In reply to Is it worth switching browsers from IE to secure a network?

Outlook Web Access for Exchange 2003 rocks, especially compared to 5.5. That in itself could kill an attempt to move off of IE in a corporate environment if the alternate platform does not support it.

OWA for Exchange 5.5 seems to work…

In reply to Does OWA run on Firefox?

Not sure about anything above that (we are making the switch this year to 2003)…

Yes and No

In reply to Does OWA run on Firefox?

Firefox will let you login to OWA on Exchange 2003, but it doesn’t look quite as good as it does in IE (in other words it doesn’t look just like the Outlook 2003 fat client). Much of the functionality seems to work, but it doesn’t look quite as slick.

OWA and Firefox

In reply to Does OWA run on Firefox?

I have no problems accessing OWA 2003 using Firefox 0.8 and I’m using Firefox on SUSE Linux.

I’m not sure about the “look” being consistent with an “IE look” as I don’t use IE to access it.

Firefox and Outlook Web Access

In reply to Does OWA run on Firefox?

I use Outlook Web Access for Exchange 2003 at the company where I work. It has two client modes, Premium, and Basic. The Premium client has the interface that looks like Outlook 2003. If I use plain-vanilla Firefox, I can only access the Basic client. I have tried the user agent extension to have Firefox identify itself as being IE. This lets me select the Premium client, but the Premium client interface has display errors. I have yet to find a way to use Firefox for Premium client access. I have to use IE for Premium client access.

Web application compatibility

In reply to Is it worth switching browsers from IE to secure a network?

Remember, if you are going to “make the switch” from IE to anything else, you have to take into account any in-house/3rd party applications that use the IE object as part of it’s integral back-bone.

For example, we use Network Associate’s Magic Help Desk system, and it choked when I attempted to use it through Firefox. Whether this is a simple interface code that needs to be changed or an overall overhaul (hey, that rhymed!), it needs to be taken on by the application developer proactively.

Also, I have a few vbscripts that require IE objects. If Firefox can provide some sort of programming/scripting interface (I’m researching now), I would be more than happy to look toward a switch of some sort.

that’s another part of the problem

In reply to Web application compatibility

Getting 3rd party vendors to write standards based applications instead of Microsofts proprietary garbage. I send a nasty email to any site I can’t access through Mozilla. Somebody earlier mentioned W3C compliance and that is absolutely correct. Sites should be written with universal compatibility which includes text browsers and screen readers.

Users need to educate themselves to what’s out there. A HUGE part of the problem is that you have people using computers who don’t have a clue. They just want to use the machine and Microsoft has been all about ease of use. So here they are and they couldn’t identify what a browser is if you asked them, much less shop around for a better one. So they mindlessly use what the computer comes with, oblivious to the dangers out there.

Active X inhouse apps

In reply to Web application compatibility

I am doing what I can to switch users over to Mozilla (Firefox). Many of our apps are served out to end users through Terminal Server. I have turned off, using group policies, use of IE from a terminal server session. (Somewhere you can specify what executables cannot run, and I added “iexplore.exe” to that list.)

But we have an in-house app that uses Active X for functionality – an app that runs only from those terminal server sessions. I tried the Active X plugin for Firefox, but it didn’t work. Which, actually, I’m glad for. Why take a fairly-secure browser and give it Active X functionality??

Anyway, I was wondering how one can set up users on the network to perhaps use IE locally on the internal network, but deny IE access to the outside internet. Is this done through the security settings of the various zones in IE? I must confess to not having played around with those settings very much.

In the end I want people here to use IE only for internal applications that require it, and with no access to the internet outside. If there are outside sites that require it, I will handle that on a per-case basis.

Well I’m Already Gone….

In reply to Is it worth switching browsers from IE to secure a network?

to quote the old Eagles song. My users are on Netscape 7.1 and I’m checking out Firefox 0.9.2. Bout ready to move everyone to FF and Thunderbird. For the few sites that insist on Idiot’s Excrement, there’s a nice little extension called “IE View 0.8” that let’s me right-click on the offending page and jumpt to IE.

Sorry, Forgot IE View URL

In reply to Well I’m Already Gone….

Here tis:
http://ieview.mozdev.org/

How naive are you people?

In reply to Is it worth switching browsers from IE to secure a network?

I can’t believe that you really think that changing browsers is going to solve your network security problems. The security problem will simply follow the most popular browser. The cycle goes…The more people use it, more features will be added, more possible security vulnerablities, more opportunities for bad hackers.

Not Naive but Want Better SW & Service

In reply to How naive are you people?

You’re right to a degree. The “hackers follow the most popular software” reasoning is just part of why I and many others have made the switch. For many of us, Microsux arrogance/lousy customer service is also part of it. Firefox, Netscape, and Opera, to name the major players take their users suggestions and issues quite seriously. To M$, their user base is just one big ATM machine that pays&pays&pays to buy, beta test, and maintain their products.

A difference in basic philosophy

In reply to How naive are you people?

Many companies do not work with the same rape, pillage, and blunder philosophy as m$ so are generally ahead of the curve. Yes as more users switch to different browsers those may become bigger targets. But why are exploits so far and few between with open source software where a person can see the source code along with everyone else? Is that too easy or is the software harder to exploit because more eyes are on it ferreting out potential problems before they are go into releases.

Microsoft Security Crap

In reply to Is it worth switching browsers from IE to secure a network?

Folks,

Why do you insist on using Microsoft Products at all? Consider
switching to UNIX based Macintosh. You will actually be able to
just work instead of worrying about security holes all over the
place.
If not Mac, then Lindows, or Linux, anything but Microsoft. I
used Microsoft based PC’s for years and just got fed up with
viruses and other crap that you have to put up with. I do not
understand why people put up with it.

firefox rocks

In reply to Is it worth switching browsers from IE to secure a network?

windows and linux. mac too, i suppose.

Reply To: Is it worth switching browsers from IE to secure a network?

In reply to Is it worth switching browsers from IE to secure a network?

This is a hard choice. Just keep in mind that the more people move to other alternatives, those will become targets. We all know that people with bad intent will targer the most used apps. I have tried using others such as Opera, Mozilla but they just don’t render the pages properly specially with javascript loaded pages and that’s another thing to keep in mind. For now I will stay with IE, try to educate our users and stay updated much as I can.

Have you tried ’em recently?

In reply to Reply To: Is it worth switching browsers from IE to secure a network?

I’ve been using Mozilla now for a few years and have watched and it has steadily improved. Although it isn’t perfect yet, it is not as imperfect as IE. It gives you real control over things like popups, cookies, etc. without the risk of using bunches of other programs that can cause even more problems as I understand happens when trying to “make do” with IE.

I haven’t tried it yet but I also understand Firefox is even faster.

With Mozilla and my favorite firewall, when I’m not busy just getting work done, I can sit back and watch as the masses scramble around trying to get away from the latest security exploit of IE and other m$ apps. It’s sometimes more entertaining than playing Tetris.

I did recently..

In reply to Have you tried ’em recently?

I have tried both recently and although they are decent products, I don’t think it’s worth the trouble of switching over. As for popups I have no problems since I have a utility to handle them and they hardly ever appear. As for updates they are so simple to apply that I lose no sleep over that issue. Unfortunately all programs have their weaknesses and as more people switch to these other browsers those security problems will become apparent.

“not worth the trouble” ???

In reply to I did recently..

The problem here is not so much that it’s “troublesome” to switch, but that IE is inherently an insecure browser, and responsible users shouldn’t use a browser that basically begs to be exploited.
I don’t understand why it would be “trouble” to switch over. The program is easy to install, will automatically load all your preferences and bookmarks during install if you wish.
I have always had multiple versions of Netscape and IE on my PCs, because I write web pages and like to test them in alternate browsers. I did lean towards using IE when version 6 came out, but only until Mozilla came out with their new version.
I still don’t understand the whole “trouble” idea.

Standards Compliance

In reply to Reply To: Is it worth switching browsers from IE to secure a network?

You state that Firefox/Mozilla don’t render JavaScript “properly” – sorry it is actually Microsoft Internet Explorer that doesn’t render JavaScript “properly”.

Microsoft use their own Document Object Model (DOM) not the DOM standard from the W3C. The two DOMs are available online.

The IE DOM is at:
http://msdn.microsoft.com/workshop/author/om/doc_object.asp

The Mozilla/Firefox/Gecko DOM is at:

http://www.mozilla.org/docs/dom/domref.pdf

If Microsoft was standards compliant by default (which it isn’t – http://msdn.microsoft.com/library/default.asp?url=/nhp/default.asp?contentid=28000441 => Technical Articles => CSS Enhancements in …) we wouldn’t have many of these issues.

hell yes

In reply to Is it worth switching browsers from IE to secure a network?

that is exactly what I am doing.

I am going with FireFox as the primary browser.

But I have 2 mission critical apps that require IE; so I have to educate users when to use IE and when not. its a pain but I think IE is too huge a vulnerability to tolerate it.

No browser is safe

In reply to Is it worth switching browsers from IE to secure a network?

Firefox suffers from certificate spoofing vulnerability

Today, in a post on the Full-Disclosure mailing list, Emmanouel Kellinis described a new SSL certificate spoofing vulnerability that affects Mozilla Firefox 0.9.1 and 0.9.2. By spoofing the SSL certificate of a site you trust, a malicious Web administrator could exploit this flaw to trick you into believing that his hostile Web site is one you trust.

Attackers and Internet scamsters commonly use flaws like these in their phishing attempts. Phishing is when network hackers use all the tricks of their trade to convince you that their Web site belongs to an entity you trust. For instance, an attacker might try to copy the look and feel of Citibank or PayPal’s Web site so that you’ll enter your sensitive account details. The more closely the attacker’s site mimics the one you expect, the more likely you are to unintentionally give him your sensitive information.

Usually, paying careful attention to URLs and SSL certificates can help you authenticate the sites you visit and avoid phishing attacks. Unfortunately, flaws like this one in Mozilla make it a lot easier for hackers to trick you.

Kellinis released this vulnerability before Mozilla could release a patch. Furthermore, he released Proof-of-Concept code, so net criminals can implement it in their next phishing attempts. To protect yourself, I recommend you follow the advice given by the Anti-Phishing Working Group. –Corey Nachreiner

Give users a choice, but educate them about other browsers

In reply to Is it worth switching browsers from IE to secure a network?

We have both IE 6 (of course) and Mozilla 1.7 installed on our lab computers. Some machines even have Opera, Firefox and Netscape 7 on them. I educate ALL users (students) that complain about IE in some manner to use Mozilla or its Firefox version, even for a test run. Most look at me somewhat puzzled because IE is their “staple” to get on the web and they can’t fathom double-clicking on another icon. Once they use Mozilla (or another browser) once or twice though, several have chosen to stick with Mozilla, especially for its pop-up blocker.
Microsoft needs to pay attention to the way the Mozilla dev team rolls out updates. They’re excellent and I thank them for well-crafted browsers. Make sure to send them a donation through your Paypal. 🙂

It all depends…

In reply to Is it worth switching browsers from IE to secure a network?

Do you like tabbed browsing?
Do you like being able to block pop-ups?
Do you like not having to worry about having your PC hijacked by visiting websites?

If so, then all you have to do is switch to Opera, Firefox, Mozilla, or any number of alternative browsers. Caution: some sites don’t work well in alternate browsers, and some plug-ins aren’t flawless in execution.

Succinctly, you sacrifice some extended useability for better security and basic useability.

Lower your admin overheard

In reply to It all depends…

Even presumming you don’t get tagged by a virus, hacker, trojan, or whatever else slips in the doorway that IE leaves wide open, there is the matter of administration overhead to apply a never-ending stream of patches, reading never-ending supplies of security warning documents, and watching breathlessly to see if this latest patch will break your web app. Too much fun, and if you’re short of job security, perhaps IE offers some of that.

Personally, I wash my hands of it. Done. No more. I’ve switched the network over to Netscape/Mozilla (and will give Firefox a go when the 1.0 release hits next month). And now, when I read about the latest IE nightmare, my blood pressure stays nice and low, and I don’t go scrambling for data, patches, and testbed setups.

This dog ain’t salivating any more when the bell rings.

-psk

I want Explorer back

In reply to Is it worth switching browsers from IE to secure a network?

Well so much for using Firefox and Netscape. Two out of three clients where I replaced explorer for better security wanted their old browser put back.

They both found explorer easier and simpler to use.
You can make explorer secure by blocking all ActiveX
but they inevitably complain about loss functionality. I’m convinced the only reason other browsers are more secure is because the offer less functionality and it is not as lucrative for varments to find their flaws…yet.

Reply To: Is it worth switching browsers from IE to secure a network?

In reply to I want Explorer back

Users hate to learn new things. They will adamantly fight against it.
Non-IE browsers are “new things.”
They don’t offer less functionality; that would be the fault of web developers who don’t know how to create a website that is W3C compliant, instead concentrating on making it work in IE.
But then we could go off on the Dreamweaver/FrontPage tangent, where WYSIWYG editors create web developers.

That’s the great thing about internet standards…there are so many to choose from!

Until all the web guys out there start making websites by the rules, you’ll never be able to completely get away from IE.

Swicth from IE always pays off!

In reply to Is it worth switching browsers from IE to secure a network?

I have made a switch from IE to Opera and I am very happy I did. Never tried Mozilla but I bet that is a good choice too. Switching away from IE has many security advantages and also makes your browsing much simpler and a LOT faster, if you use Opera at least. But keep in mind that many security threats from IE do not require you to use IE as your browser!! They pose a threat as long as IE is present on your system, even if you never use it as a browser!

Switching Browsers?

In reply to Is it worth switching browsers from IE to secure a network?

Sure….

If you want it really secure try Netware servers and OS/2 clients. When was the last time you saw a virus-writer that could spell OS/2?

Even CERT admits that you really can’t get rid of IE without ditching MS altogether – the core functionality is built into EVERYTHING.

Roger That on Netware…

In reply to Switching Browsers?

Too bad I gotta use WinO$x due to software requirements. 🙂

I switched

In reply to Is it worth switching browsers from IE to secure a network?

I switched, and I’ve encouraged ALL my customers to switch as well. I use the following browsers, in order:
Firefox, Mozilla, Opera, Idiot Exploder.

Actually, Opera is my first choice for checking mail at my OperaMail account. I use it for next to nothing beyond that.

IE is used for Windows Update and checking my spam at Hotmail about once a week.

Firefox is the most used browser on all my machines. It’s quick, and I like it’s features. Mozilla comes in a distant second, being every bit as feature rich as Firefox, if not moreso, but just not as quick and efficient.

Nothing, however can beat Konqueror in my opinion, both as a web browser and a file system browser.

Slightly off topic here, but I can’t find an email client under winders that I like. I guess I’m spoiled to K Mail. My favorite feature is the option to “bounce” an email. Keeps me off of most spam lists.

Some site do not work

In reply to I switched

The problem is that many companies and Web developers create their sites so they work best with Internet Explorer, and not so well with other browsers that are used by quote minority who do not use IE.

Some site that do not work for me as a Firefox user include Expedia, MSNBC, Yahoo LAUNCH, some bank sites, etc. Most sites such as Yahoo Launch and Shutterfly will warns visitors that it only supports a limited set of browsers.

This posses a real problem as so many novices and even web developers have relied so heavily on Microsoft’s front page and multimedia plug-in software that in some cases the true form of HTML language has been lost or pushed by the weigh-side, and thus not complying with the W3C standard. I have to keep IE around for the simple fact when I can not access a sites that cannot be accessed by any other browser I use it, because I am not installing 5 differnt browsers to avoid using one.

Check out My “Already Gone” 07-26-2004

In reply to Some site do not work

You will see my info about a great Firefox add-on called IE View.

My two cents

In reply to Is it worth switching browsers from IE to secure a network?

I’ve heard so many people say that everyone should switch to Firefox, and that it’s so much better, but I’m not convinced. All too often, people point the finger at Internet Explorer and say how it is lacking in standards compliancy in certain areas, and that it has security holes. The truth of the matter is that Firefox is also lacking in standards compliancy, and the only reason it doesn’t have as many potential security holes is that it doesn’t support certain technologies which are essential on some web sites.

To make IE more secure, you need Windows XP with Service Pack 2. That fixes major security holes such as ActiveX and drive-by downloading. If you want the same level of security as Firefox, you can crank up the security and privacy settings in IE, but be warned that browsing experience can be hindered when, for example, cookies are completely blocked. Spybot S&D and Spywareblaster both have an “immunize” feature which further protects IE from the bad stuff out there, and those are updated on a regular basis.

It’s well known that some web pages don’t render the same in Firefox as they do in Internet Explorer. This is always blamed on IE, with the excuse that it isn’t standards compliant. While IE doesn’t support the latest standards, it does support most standards. I validate my code to XHTML 1.1 and it doesn’t render properly in Firefox, but renders beautifully in Internet Explorer. Firefox hides the fact that it’s rendering engine is flawed by blaming people for writing bad code and saying Internet Explorer isn’t standards-compliant, but it’s a lie. For example, Firefox still uses the proprietary EMBED tag to display things such as Flash animations.

The real problem with IE and security is user education. The receptionist at my Dad’s office has loads of spyware on her computer, and she claims she doesn’t know how it got there. The truth of the matter is, she downloaded some freeware app and installed it. I’ve been using IE since Windows 95 and have never had problems, because I only download from trustworthy sources.

It’s only a matter of time before the hackers download the source code for FireFox and start finding vulnerabilities in that. I’m sticking with Internet Explorer, and I don’t see any reason to switch. The solution is user education and government legislation.

Switch browsers?

In reply to Is it worth switching browsers from IE to secure a network?

The only reason that IE is a security hole is because people have had years of practice researching and exploiting its flaws. Consider this analogy…in the OS world, people praise Linux distributions for their security…wait and see…as it becomes more and more popular, there will be more and more underground effort devoted to hacking, cracking, and infecting these systems.

I’ve said it before and…

In reply to Is it worth switching browsers from IE to secure a network?

I’ll say it again. I don’t like to defend MS, but the reason IE has so many flaws is that there is more effort aimed towards IE in the underground. Wait until your favorite browsers are #1 on the list.

[Author]

Replies