NationStates Jolt Archive


Right! Thats It! Final Positive Proof! PROOF! IE 6 SP2 IS THE ANTICHRIST!!!FIREFOX!!!

Rubiconic Crossings
19-08-2007, 13:21
So here it is. Empirical proof that in fact IE (IE6 SP2) is inherently fux0r3d.

http://www.honeynet.org/papers/mws/images/Figure6.JPG

Figure 6 - Remote code execution vulnerabilities per browser

Internet Explorer 6 SP2 is known to be at risk of being attacked by malicious web servers. As the final piece of this study, we evaluated whether using a different browser would be an effective means to reduce the risk of attack. We compared three browsers: Internet Explorer 6 SP2, Firefox 1.5.0 and Opera 8.0.0. Common perception about Internet Explorer and Firefox is that Firefox is safe and Internet Explorer is unsafe. However, a review of the remote code execution vulnerabilities (primary source: SecurityFocus) that were publicly disclosed for Firefox 1.5 and Internet Explorer SP2 reveals that, in fact, more were disclosed for Firefox 1.5 (see Figure 6) indicating more the opposite is true.

Number of security flaws.

Yeah. Firefox is bollocks huh? So much for the much vaunted updates and the like...you'd think IE was ok...

heh

Oh dear.

IE is in fact fux0r3d...

http://www.honeynet.org/papers/mws/images/Figure7.JPG

Figure 7 - Malicious classifications of adult content URLs per browser

To determine which browser is actually safer to use, we set up our client honeypots to use these browsers to interact with the servers. Due to time constraints, we were not able to re-evaluate all 300,000 URLs with each browser, but we did reinspect the highly malicious category of adult content comprising approximately 30,000 URLs. As shown in Figure 7, these input URLs that resulted in a 0.5735% of successful compromises of Internet Explorer 6 SP2 did not cause a single successful attack on Firefox 1.5.0 or Opera 8.0.0. Particularly the results on Firefox 1.5.0 are surprising, considering the number of remote code execution vulnerabilities that were publicly disclosed for this browser and the fact that Firefox is also a popular browser. We can only speculate why Firefox wasn’t targeted. We suspect that attacking Firefox is a more difficult task as it uses an automated and “immediate” update mechanism. Since Firefox is a standalone application that is not as integrated with the operating system as Internet Explorer, we suspect that users are more likely to have this update mechanism turned on. Firefox is truly a moving target. The success of an attack on a user of Internet Explorer 6 SP2 is likely to be higher than on a Firefox user, and therefore attackers target Internet Explorer 6 SP2.


Running all browsers past rather dodgy websites shows that while FF has 0...thats ZERO exploits...IE has been rather totally shagged.

This research is from the Honeypot project. The link is to a paper they published...rather interesting reading although quite technical to our non IT/geek whatever readership.

Either way its worth reading...

http://www.honeynet.org/papers/mws/KYE-Malicious_Web_Servers.htm
Pan-Arab Barronia
19-08-2007, 13:47
I use IE7. That said, I never really like Firefox, if only because (in my mind) it looks worse than IE7*.

*(Read as: I just like the way IE7 goes with Vista and refuse to change)
The_pantless_hero
19-08-2007, 14:03
The comparison statistics are seriously out of date. Fail.
Greater Ctesiphon
19-08-2007, 14:13
I like Firefox in my opinion its better and more visually pleasing.
Extreme Ironing
19-08-2007, 14:18
The comparison statistics are seriously out of date. Fail.

This is correct, Firefox 2.x and IE7 are the current versions, the majority won't be using those older versions.

Even still, it shows the view that IE is still considered unsafe, and probably users of it are less security-aware than FF users.

And RC, your thread titles are really borderline spammy.
The_pantless_hero
19-08-2007, 14:23
People may be using IE6, but 1.5.0 would be impossible as it updates itself and now tells you to update to 2.0.06.
Rubiconic Crossings
19-08-2007, 14:41
The comparison statistics are seriously out of date. Fail.

The most widely used browser is IE6 SP2...

Last update on the article - Last Modified:9 August 2007

We collected our data in the first half of May 2007

Maybe you fail at reading?
Rubiconic Crossings
19-08-2007, 14:46
This is correct, Firefox 2.x and IE7 are the current versions, the majority won't be using those older versions.

Even still, it shows the view that IE is still considered unsafe, and probably users of it are less security-aware than FF users.

And RC, your thread titles are really borderline spammy.

There are still more IE6 users than IE7.

The authors state that the best aspect of FF is the way it updates. If memory serves the main FF browser in May 2007 was 1.5...

My titles are works of art man! WORKS OF ART!

*hrmph*
The_pantless_hero
19-08-2007, 14:47
The most widely used browser is IE6 SP2...

Last update on the article - Last Modified:9 August 2007



Maybe you fail at reading?

No one is using FF 1.5.0.
Rubiconic Crossings
19-08-2007, 14:48
People may be using IE6, but 1.5.0 would be impossible as it updates itself and now tells you to update to 2.0.06.

Exactly! And that is why it is much better than IE. You have to download and install the entire app with MS....FF is just a small what..5 meg file?
Rubiconic Crossings
19-08-2007, 14:49
No one is using FF 1.5.0.

There where when they ran the project....
The_pantless_hero
19-08-2007, 15:00
There where when they ran the project....
Then those people wern't on the internet and therefore it's really irrelevant. Firefox updates itself. You can make it ask you if you want to update, but default is download automatically. 1.5.0 would barely be the majority of users if anyone was using it. Now it is 15.13.


Besides, we know IE6 is the most vulnerable. Let's move on now.
Rubiconic Crossings
19-08-2007, 15:23
Then those people wern't on the internet and therefore it's really irrelevant. Firefox updates itself. You can make it ask you if you want to update, but default is download automatically. 1.5.0 would barely be the majority of users if anyone was using it. Now it is 15.13.


Besides, we know IE6 is the most vulnerable. Let's move on now.

Yet in July this year the most commonly used browser is....IE6...so no. Not irrelevant. Maybe to you. But obviously not to those who still use IE 6

And guess who those people are? Yep...not home users but corporates.
[NS]Fergi America
19-08-2007, 15:37
Then those people wern't on the internet and therefore it's really irrelevant. Firefox updates itself. You can make it ask you if you want to update, but default is download automatically. 1.5.0 would barely be the majority of users if anyone was using it. Now it is 15.13.


I'm using FF 1.5.xx

I kept reading that 2.0 would fux0r bookmarks, so I didn't let it update me to that...
Extreme Ironing
19-08-2007, 16:13
Fergi America;12979070']I'm using FF 1.5.xx

I kept reading that 2.0 would fux0r bookmarks, so I didn't let it update me to that...

I've had no problems with it. Only thing that annoyed me for a few days was the close tab button being on the tab rather than at the right hand side of the window.
Kryozerkia
19-08-2007, 17:35
Right now I would kill for either Firefox 2.0.x or IE7 and I hate IE so much.... I hate IE6 even more and due to being over seas, I'm in a crappy internet cafe trying to make do.

And right now I'm using IE 6 and it's mighty craptacular so this article isn't far off base.
Pure Metal
19-08-2007, 17:43
looks to me like y'all should be using Opera.
Sel Appa
19-08-2007, 17:51
I use IE7. That said, I never really like Firefox, if only because (in my mind) it looks worse than IE7*.

*(Read as: I just like the way IE7 goes with Vista and refuse to change)

Looks?!?! IE7 looks horrible. I finally uninstalled it like 2 months ago. It's slower than molasses and is totally ripped off Firefox just like Vista is off Mac.
Ifreann
19-08-2007, 18:11
Firefox 1.5 is full of security problems you say? Well, it's a mighty good thing that I have 2.0.0.6, mighty good.
Pan-Arab Barronia
19-08-2007, 18:19
Looks?!?! IE7 looks horrible. I finally uninstalled it like 2 months ago. It's slower than molasses and is totally ripped off Firefox just like Vista is off Mac.

All a matter of taste, though. And it's really not slow. At least, not on my laptop. And I'd just rather not use Firefox. Freeware has always given me shitloads of trouble, the IE series quite simply hasn't. Honestly, I have had very few problems with IE7 since I started using it, and Vista...meh, so it's "ripped off" from Mac. I'm still using it.

And if you haven't got a decent anti-virus system, then you deserve to have these things happen, quite franckly. There are plenty of freeware options from what I hear, so there's no excuse.
New new nebraska
19-08-2007, 19:08
I use IE7. That said, I never really like Firefox, if only because (in my mind) it looks worse than IE7*.


Firefox and IE7 are almost completely identical.I think Firefox has better security though.I still use IE6 as there are still kinks that need to be worked out of IE7.
Rubiconic Crossings
19-08-2007, 19:27
looks to me like y'all should be using Opera.

Yeah...thats true....I have been using Opera on and off since they first started...in fact I started using their email service when it first started...to support them.

But I just don't like the GUI...I much prefer firefox...and firefox is much smaller...and free.
Pan-Arab Barronia
19-08-2007, 19:42
I think Firefox has better security though.I still use IE6 as there are still kinks that need to be worked out of IE7.

Well, I've not had anything that I would deem unusual. Sure, occassionally it'll randomly cut our (maybe once a month) but then everything I use does that.

As for Firefox having better security, I expect you're right. I have Windows Defender and Norton Antivirus running though, so I'm not fussed about the problems with IE.
UpwardThrust
19-08-2007, 19:44
I use IE7. That said, I never really like Firefox, if only because (in my mind) it looks worse than IE7*.

*(Read as: I just like the way IE7 goes with Vista and refuse to change)

You dont like the looks ... you can make FF Look anyway you want

https://addons.mozilla.org/en-US/firefox/browse/type:2

You can even make it look like IE7
Rubiconic Crossings
19-08-2007, 19:45
Well, I've not had anything that I would deem unusual. Sure, occassionally it'll randomly cut our (maybe once a month) but then everything I use does that.

As for Firefox having better security, I expect you're right. I have Windows Defender and Norton Antivirus running though, so I'm not fussed about the problems with IE.

Won't stop some attacks though...
UpwardThrust
19-08-2007, 19:46
Well, I've not had anything that I would deem unusual. Sure, occassionally it'll randomly cut our (maybe once a month) but then everything I use does that.

As for Firefox having better security, I expect you're right. I have Windows Defender and Norton Antivirus running though, so I'm not fussed about the problems with IE.

I will have well over a hundred students that come in over the next two or three months with Norton and Windows Defender that would argue that you should be fussed with it.
Entropic Creation
20-08-2007, 03:50
I get a laugh out of MS shills who say that, despite the reputation, firefox is less secure than Internet Explorer because it has more acknowledged security flaws.

Thats right, go ahead and believe MS that their product is bug free and safe because MS doesnt publicly acknowldege security flaws. If we dont acknowledge them, they must not exist, and therefore inferior companies like Mozilla, that do disclose when someone finds a flaw, must be worse because it is disclosed.

It doesnt matter how many security flaws the company acknowledges, it matters how many flaws actually exist.
Dinaverg
20-08-2007, 03:52
It doesnt matter how many security flaws the company acknowledges, it matters how many flaws actually exist.

How are we to say Mozilla would disclose a higher proportion of flaws?
Jeruselem
20-08-2007, 04:05
How are we to say Mozilla would disclose a higher proportion of flaws?

They don't - they deny it's an issue then they release a patch next release anyway :p
Similization
20-08-2007, 04:22
I've had no problems with it. Only thing that annoyed me for a few days was the close tab button being on the tab rather than at the right hand side of the window.You can place that/those buttons pretty much wherever you like.
Aryavartha
20-08-2007, 04:34
I will have well over a hundred students that come in over the next two or three months with Norton and Windows Defender that would argue that you should be fussed with it.

In over a year of using W.D. regularly, I have never seen it actually do anything...like an alert or anything...every scan is "successful".

Is that the same with everybody?
Jeruselem
20-08-2007, 04:49
In over a year of using W.D. regularly, I have never seen it actually do anything...like an alert or anything...every scan is "successful".

Is that the same with everybody?

I tried it when it was a Beta and well, it found nothing. I use ZA Suite, AVG Anti-Spyware and Spybot.
[NS]Fergi America
20-08-2007, 05:27
In over a year of using W.D. regularly, I have never seen it actually do anything...like an alert or anything...every scan is "successful".

Is that the same with everybody?
I did have one thing caught. It claimed some sort of coupon toolbar had installed itself on my computer, and got rid of it when I said to just delete it. Weird thing is, I didn't see a mystery toolbar appear (even in IE)...but then again, sometimes adware will start out in "stealth mode" and then appear later (to try to hide where it came from, I guess).