BBC News - Germany warns against use of Firefox browser

And you can avoid most of the risks in the usual ways: Don't run Windows. However if you really do prefer Windows, then don't run your browser in an account with Admin rights. If you really want to run Windows with Admin rights, then install Windows in a Virtual Machine under some other OS, & discard all changes each time you shut down the VM.

Layered defence is the best approach.

G-CPTN,

(I won't repeat what Tim00 says .... people who use Windows daily as admin user are just asking for trouble)


1/ I would happily recommend Firefox (or almost anything !) over Internet Exploder any day !

2/ Let's brush past the journalistic hype ... as long as software is written by humans, there will always be the possibility for bugs (bugs being an instance in which the software does not behave as expected, and in certain circumstances, these "bugs" can be exploited by cunning evil doers). What next, are you going to switch to Linux or Mac when yet another Microsoft security flaw is discovered ?

The moral of the story is to practice safe computing ... see Tim00 above PLUS .... make sure your software is regularly kept up to date .....patching up once a month or once a year is not enough !

Therefore .....to other readers of this thread, I would suggest.... "please move along, nothing to see here".

What Mixture et al says, the Germans are merely bashing MS based stuff because they hate Microsoft and will find any excuse to criticise it or programs that use it. I'm already running Firefox 3.6.2 anyway.

gg - I thought the Germans were actually 'bashing' Firefox' this time? As for feeling 'dumb fat and happy' running an untested beta with as yet unknown vulnerabilities......................................

Basically it's anything to do with windows they hate.
There are safari vulnerabilities, but they've not mentioned those.

As for running a beta, who said I was feeling 'dumb fat and happy'? By running the beta I'm doing you lot a favour testing it out in the real world and, possibly revealing any other problems before it's let loose on the great unwashed.

As secretary of 'the great unwashed' club we offer grateful thanks. It was the 'anyway' that caught my eye.

BOAC

Firefox 3.6.2 released today - a week early.

Check the vulnerability of your PC's ports here GRC|Gibson Research Corporation Home Page Scroll down to HOT SPOTS & choose ShieldsUP! In the light blue window click on "all service ports". The vulnerability of your baby will be tested.

If you have the time, read through the sight, seems like they know what they're doing.

I'm running Firefox 3.5 under Windows XP pro SP3 & none of my ports are detectable, stealth mode, I came to learn.

Edited to add : I've always run as Admin (single user) and have never had any problems.

MikeX: It's more complex than a simple port scan.

The GRC test (and it's a good site) probes the device at the end of the public IP address that your browser reports. This is likely to be your router, not your computer. Routers generally have incoming firewalls blocking this kind of probe, and also translate the IP address(es) of your computer(s) from one range to another (I'm oversimplifying here), so there is no direct incoming path from the internet to your computer. This protects your LAN & computers from certain vulnerabilities, & is a valuable 1st line of defence.

However this does not protect against risks arising from faults in software on your computer. Your browser could make an outgoing request (to a website for example), & if the site uses certain techniques that exploit certain errors on certain systems, you can get a situation where your browser can be made to execute other people's code. If you are running an OS that the malicious code doesn't expect (e.g. OS X when the attack assumes Windows), then you'll merely get a browser crash or error (again, I'm oversimplifying). Attacks use lots of social engineering techniques (such as asking you to install a 'special codec' so you can see the latest pictures from Sheep Worrier's Monthly), or whatever. Or they try to exploit known vulnerabilities. As soon as MS (or Mozilla with Firefox) for example issue a patch, then people will try to reverse-engineer the appropriate attack by analysing the fix, and so go for those people who are tardy applying the patch. It's a Darwinian race. I don't intend this to be a Windows-bashing session; it just reads that way, BTW.

Microsoft in the past developed horrendous technology known as ActiveX, which in the innocent prehistory days of the internet, allowed anyone to write executable extensions to IE. This is the one of the main reasons why (to this day) people are suspicious of IE. Thankfully MS have shown some sense in recent times.

If the holes in the cheese line up, then you might be in a position to allow this 3rd-party code to run natively on your computer, outside the browser. This is particularly serious if you are running in an account that has full admin rights, because then that code does too. If you are running a restricted account, then (barring privilege escalations, which I'm not going to bore you with) that code can only do restricted things.

In my case, I generally use Firefox under OS X or Linux in a non-admin account, with Firefox not installed system-wide: it (1) only exists in my limited account, and (2) can't touch anything in the system that's outside my own account (this is enforced by the OS). So I'm confident that even if I get an infection, the worst thing it can do is damage to that single user account. I do the important stuff such as banking running OS X in a fairly locked-down configuration.

I do use Windows at times, but I'm rather more careful what I do with it, since it's inherently less secure in real situations than the alternatives, and also more actively targeted. Whatever you think of its usability, it's a poor OS in that people generally end up running in admin accounts routinely (careless software developers often write apps that won't install in non-admin accounts for one thing, although again it's a bad OS that allows them to do this).

Tim, I agree.

Microsoft sealed their fate in making it a closed system - but they come from DOS and Xerox developed the Windows idea, if I remember correctly.

It is not diffucult to launch an attack on a user connected to the Interweb, but if your ISP fails to catch it ? Your IP address is assigned by your ISP (dynamic). Their filters are supposed to work, in general.

For the average user, the attacks are a result of poor protection/responding to e-mails/clicking on suspect sites.

There's nothing wrong with a closed system take a look at the famous (in the IT security industry at least !) Sidewinder Firewall for example, it's been around for ages (1994-ish) and the number of security advisories issued against it's name can be counted on less than one hand.... and amongst those limited vulnerabilities, I think you would be hard pushed to find one that would allow you access to the network behind the firewall.

Microsoft is a fully fledged o/s worlwide. Its history of development is well known. Simply put, if MS was good, then why all the fixes - inside & outside ?

Oh believe me Mike X, my post wasn't intended to defend Microsoft.

I was countering your statement of "closed source = bad security"

Mix - I speak from a backround of working in the industry from DOS/ Windows 3.1 (Talk about teething).

It's all about code and with the "new generation", it's a snitch. Code controls everything. The softscape is immensely different.

There was no such thing as a virus in my day (early 90's), but I programmed at high level + the guts.

I feel that the mordern way of programming misses the obvious.

Paranoia rules in the internet arena. There is only one sure defence, common sense.
Most of the problems encountered by people are from clicking on links in unsolicited emails and on dubious sites or, by falling for the basic email scams.
I've surfed the internet arena for many years, including some of the dark side, with basic precautions. I run FF (Latest update installed), Avast, free anti virus. Comodo, free firewall and Spyware Terminator. The only other security is through my Wireless router.
I have never had a virus, Very few Trojans and my bank still has all (not a lot) of my money in it.
If it can be designed by man it can be hacked by man. What is comforting (to a degree) is the fact that these days the browser people try to stay atop of it all.
Oh yes, I forgot to mention, I enjoy surfing with FF. Having tried all the others I keep coming back...