More reason to use Firefox, Linux, or a Mac . . . You had to figure eventually all the <a href="http://www.safecenter.net/UMBRELLAWEBV4/ie_unpatched/">unpatched internet explorer bugs and vulnerabilities</a> would catch up to it eventually . . . <blockquote><H2>Researchers warn of infectious Web sites</H2> By Robert Lemos CNET News.com June 25, 2004, 9:03 AM PT URL: http://zdnet.com.com/2100-1105-5247187.html <i>update Security researchers warned Web surfers on Thursday to be on guard after uncovering evidence that widespread Web server compromises have turned corporate home pages into points of digital infection. The researchers believe that online organized crime groups are breaking into Web servers and surreptitiously inserting code that takes advantage of two flaws in Internet Explorer that Microsoft has not yet fixed. Those flaws allow the Web server to install a program that takes control of the user's computer.</i> What's new: Intruders are using compromised Web sites to infect visitors' PCs though two Internet Explorer flaws. Bottom line: This method of attack is increasingly being used by the Internet underground. While it's unknown how many Web sites carry the malicious program, Windows users should turn their IE security to the highest setting or install a third-party browser. Click here for more stories on this topic Late Thursday, Microsoft advised customers to increase their browser security to the highest settings, although that could cause some Web site functions to stop working. The extent of the attacks is unknown, but the security community has seen numerous cases of personal computers infected when the user merely visits a Web site. "It is not epidemic, but it is being seen," said Alfred Huger, senior director of engineering for security company Symantec. "Do we think it is serious? Yeah. It's a concern and it's insidious." The tactic is not new. Earlier this month, an independent security researcher found an aggressive advertising program, known as adware, that installed itself onto a victim's computer via the same two flaws in Internet Explorer. A large financial client called in Symantec in late April after an employee's system had been infected when he used Internet Explorer to browse an infected Web site. Last fall, a similar attack may have been facilitated through a mass intrusion at Interland, said sources familiar with that case. This time, however, the flaws affect every user of Internet Explorer, because Microsoft has not yet released a patch. Moreover, the infectious Web sites are not just those of minor companies inhabiting the backwaters of the Web, but major companies, including some banks, said Brent Houlahan, chief technology officer of NetSec. "There's a pretty wide variety," he said. "There are auction sites, price comparison sites and financial institutions." The Internet Storm Center, which monitors Net threats, confirmed that the list of infected sites included some large Web properties. "We won't list the sites that are reported to be infected in order to prevent further abuse, but the list is long and includes businesses that we presume would normally be keeping their sites fully patched," the group stated on its Web site. The group also pointed out that the malicious program uploaded to a victim's computer is not currently detected as a virus by most antivirus software. With no patch from Microsoft, that leaves Internet Explorer users vulnerable. A representative of the software giant was not immediately available for comment on when a patch might be available. Researchers believe that attackers seed the Web sites with malicious code by breaking into unsecured servers or by using a previously unknown vulnerability in Microsoft's Web software, Internet Information Server (IIS). When a victim browses the site, the code redirects them to one of two sites, most often to another server in Russia. That server uses the pair of Microsoft Internet Explorer vulnerabilities to upload and execute a remote access Trojan horse, RAT, to the victim's PC. The software records the victim's keystrokes and opens a back door in the system's security to allow the attacker to access the computer. Currently, researchers have two theories as to who is behind the attacks. The Internet Storm Center pointed to the similarities between these attacks and previous virus epidemics aimed at co-opting computers for use in illegal spam networks. "There is quite a bit of evidence that what we are seeing is yet another technique for spreading and installing 'spamware,'" the group stated on its site. "We don't see any evidence that this attack is related to the construction of a DDoS (distributed denial of service) network or other type of typical zombie-based attack group." However, Symantec believes that the attacks last fall and in April, which the current one most resembles, were conducted by online organized crime groups from Russia. The theory is supported not only by the fact that the server storing the malicious code is in Russia, but also by the sophisticated nature of the attacks, Symantec's Huger said. "It's a group of people that have resources to bring to play," he said, adding that the attack programs were not amateur material. "The code wasn't pulled off a Web site; it was custom." Meanwhile, the average Internet surfer is left with few options. Besides choosing the highest security settings for Internet Explorer, Windows users could download an alternate browser, such as Mozilla or Opera. Mac users are not in danger. NetSec's Houlahan advocated drastic action. "I told my wife, unless it is absolutely necessary and unless you are going to a site like our banking site, stay off the Internet right now," he said. </blockquote>
Little kid: "So are you WITH Mozilla?" Vengeance: "Well, unofficially" Other Little Kid: "That means no"
So does Mozilla block all those damn trojan horses and what not because last time I was using IE that is what I got and it kept setting my home page to Search For or about:blank and Adaware, Spybot, CW Shredder, etc. couldn't take care of it and neither did a virus scan (Panda) so I had to reformat or at least that's what I did. So if I use Mozilla and go to a website with trojans, spyware, adware, etc. will it get blocked or will it get on my computer and just show up if I use IE?
It gets blocked no matter what, but if the spyware writer has written it for Mozilla/firefox (there are a few now who do), it'll ask you if you want to install it if you hit a site that tries to upload that crap to your machine. Just say no and you're all good to go. You can also turn off all installation of programs through firefox in the Preferences.
I think there are more than likely security holes in a Mozilla browser, just like IE. The only difference is Microsoft is the big bully on the block so everyone is gunning for them. Don't get me wrong, I'm a big fan of Firefox and use it exclusively except for work related testing, but I don't think the product is THAT much more secure than Internet Explorer. Every application has security flaws that can be exploited with the right amount of time and knowledge. Just my $.02.
Ooooooooh!!!! Take that. Rage agaisnt the Machine, use FireFox. Microsoft is the mighty, we don't like the mighty, take em down.
It's all I use and now I've converted my parents, grandparents and sister over to the side of Firefox. I have no complaints.
More than likely it does have holes, but there are a few important points to note: 1. Firefox is based on the Mozilla engine which has been open-source software for many years now. With the hundreds to perhaps even thousands of people who've looked at the code, security flaws are found more often than with closed-source software like MSIE, and they are pretty much always patched MUCH faster. My link above contained 24 or so <i>known</i> IE flaws that MS has not patched. That would never happen with Firefox. 2. Part of the reason the security flaws with MSIE are so bad is because it's so heavily tied into Windows. It's a lot easier to do larger damage because of that than it is with Firefox or other non-IE browsers But, that's not to say there aren't flaws with Firefox, but I would venture to say there aren't as many, and they aren't as bad.
I keep getting this message when I try to come to www.clutchfans.net using Firefox 0.8 -- "The file / cannot be found. Please check the location and try again." Only problem I've ever had with Firefox. Need to get on google and figure out how to fix it. I'm typing this in Internet Explorer
Fixed it. Had to go to tools-options-privacy and clear my cache. Apparently this is a known bug in Firefox. This is the first one I've encountered personally. I'm typing this in Firefox
I'm exclusively using Firefox at the moment as well. I like the downloader I have installed on IE, but I'll have to live without it -- at least for awhile.
When I was using IE I was asked if I wanted to install a number of things an I always said NO but some way I still ended up with Trojans and bugs on my computer that set my IE home page to a Search page but it didn't do it with Mozilla. Does Mozilla block that kind of crap?
Using firefox.09 with the Noia 2.0 eXtreme theme! Never had a problem since I started using Mozilla last year....
You can probably get a extension that will let you use the downloader on Firefox. I'm using one called DownloadWith, I think. IIRC, it lets you use common downloaders like Getrights, Download Accelerator, etc. You can find some at http://update.mozilla.org/extensions/?application=firefox I really love the extensions for Firefox. The automatic reload ext. has helped lately as well as one called BugMeNot, which lets use premade usernames and passwords for sites that require them. I've had no problems reading any articles about Tracy McGrady, despite the fact I never reallly registered to the Orlando Sentinel. Yeah, Firefox is ok.
