Browser Alternatives Are No Guarantee of Security (http://www.pcworld.com/howto/article/0,aid,120768,tk,wb062005x,00.asp)
Wednesday, May 25, 2005
by Andrew Brandt, PC World

If you use an alternative browser--Firefox, Opera, Mozilla, or anything not named Internet Explorer--you may be feeling pretty smug these days. Every time you hear about another patch for IE or about another way hackers use that browser to attack unsuspecting Web users, you think to yourself, "I don't have to worry."

Well, think again. The fact is, alternatives like Firefox have security problems of their own. And even if you don't use Internet Explorer for your everyday browsing, you still have to keep it patched: Those ever-creative hackers have found ways to enter your system through Firefox, and then exploit IE.

If you grabbed your copy of Firefox or Mozilla a few months ago, you're at risk. Programmers have discovered at least 28 holes in Firefox since January 1. The Mozilla browser shared 27 of those problems with Firefox (click here for details (http://www.mozilla.org/security)). You must install a new copy of the browser. Use Secunia's tool (http://secunia.com/mozilla_products_arbitrary_memory_exposure_test/) to see whether your browser is vulnerable.

The right piece of malware could trigger older versions of Mozilla or Firefox to launch programs at will or to read data from the browser cache out of memory, threatening your privacy by exposing your browser history, search queries, and possibly passwords.

Opera has released security fixes this year, too, though fewer than Mozilla and Firefox. To get more details, click here (http://www.opera.com/support/service/security/).

What propaganda. We all know the facts, all software has bugs.

The difference is with firefox, they get fixed immediatly.

With Internet Explorer, which is too tightly integrated to the inner rings of the OS, MS has to go through a long process of determining how a fix will affect the OS overall.

I judge my software not by how many bugs turn up, but by how fast those bugs can be fixed.

I'm running FF 1.0.4 seems to be fine at the moment. Thanks for the info.

noppid, this isn't a contest to see which browser has more bugs. The problem is that there are too many people who believe that they are now immune because they've switched to IE -- that's the point:

If you use an alternative browser--Firefox, Opera, Mozilla, or anything not named Internet Explorer--you may be feeling pretty smug these days. Every time you hear about another patch for IE or about another way hackers use that browser to attack unsuspecting Web users, you think to yourself, "I don't have to worry." Well, think again. The fact is, alternatives like Firefox have security problems of their own.

noppid, this isn't a contest to see which browser has more bugs. The problem is that there are too many people who believe that they are now immune because they've switched to IE -- that's the point:

The point gets lost in the proaganda though, it reads slanted to me.

What propaganda?

The article isn't deifying IE at all -- in fact, it's warning you that you need to keep IE updated even if you're not using it.

All it's saying is don't relax your vigilance or think you don't need to keep those updates coming just because you've switched to another browser.

Noppid, do you talk with Anthony about this stuff- the word propaganda is his, he has copywriten, trademarked and patented it.

It read fine to me, it doesn't make me feel like the writer has a preference. I would almost be he uses firefox.

Noppid, do you talk with Anthony about this stuff- the word propaganda is his, he has copywriten, trademarked and patented it.

It read fine to me, it doesn't make me feel like the writer has a preference. I would almost be he uses firefox.

If someone isn't inconsistant, we'd all just say yeah cool. It's my job to stir the pot.

Most of the time, whether I agree or disagree, it's not necessarily my true stance on the matter, I just need to stir the pot.

This is the internet, I'm nothing like this in real life. :D

I'm only serious about code, and then only if whom I'm conversing with wants to get it. ;)

Hey Minstrel...weren't you just posting about Firefox flaws a couple weeks ago? Oh yea...and a couple weeks before that too? Oh...and even a week or so before that as well? Do people who use Firefox never check for updates and need help finding them?

Hmmmm, why not just start a blog on Firefox and/or browsers? Or is it that you can't think of more exciting things to post about in General Chat? :D







[I'm just teasing ya, cause you're always getting on others about posting stuff that could easily be found/read/blogged about elsewhere.] :p

These are new warnings.

And yes, the point is the same, because I continue to hear and read claims that FF users and the like don't need to worry any more about security issues because they're no longer using IE. Those who believe that are not only putting their own systems at risk but are also adding to the problem of clogged mail servers for people who do have secure systems.

I checked it out. I'm good. I don't mind a little reminder every once in a while. I would start to worry if minstrel started wearing orange and blue tights and started calling himself Captain Firefox, until then it doesn't bother me.

Actually I would start to worry at the orange and blue tights.

You would start to worry? Believe me... I would start to worry if that happened... :eek:

I would start to worry if minstrel started wearing orange and blue tights and started calling himself Captain Firefox...

LOL

Uh yea...please we don't need another Howard Stern Assman. ;)

Uh yea...please we don't need another Howard Stern Assman. ;)

We didn't need the original one either.