PCWorld Discusses Gecko Browser Security

Browser Alternatives Are No Guarantee of Security

Firefox, Opera, and Mozilla have their own vulnerabilities--and their own collections of necessary fixes.

Andrew Brandt
From the July 2005 issue of PC World magazine

If you use an alternative browser--Firefox, Opera, Mozilla, or anything not named Internet Explorer--you may be feeling pretty smug these days. Every time you hear about another patch for IE or about another way hackers use that browser to attack unsuspecting Web users, you think to yourself, "I don't have to worry." Well, think again.

Read more.....


.

 

We all know about the Firefox vulnerabilities, which are found by a dedicated group of people, accepting the fact that the programs are created by human, so they have weaknesses. I don't feel smug, although with a name like Mozilla Thundergrub, I, almost, feel I should. I keep my Windows updated, and my gecko browser patched, and someone could very well get to my firefox, or whatever. But, is this Microsoft mentality or what, when a statement is made about attacking IE through Firefox. Should I care, since hardly ever use IE?
And, my IE is protected with Spyware Blaster, which will not permit too much nonsense, since over 3000 cookies are, automatically, not allowed in IE or FF.
What difference does it make if the Mozilla products have ten times as many vulnerabilities than anything else. The Mozilla Foundation has been paying, or was paying individuals for bringing up to its attention vulnerabilities. The patches do count, though.

 

It all boils down to using common sense...


.

 

Everybody talks Browsers.

I do not think it makes so much difference which browser we use. If we run the available AV and FF. They are all vulnerable in their own way. Maybe not today but tomorrow somebody will figure out a way to get in.

But I believe that an area where we REALY NEED to use great caution is E-MAIL

I think E-Mail is just as ( if not more ) dangerous than the Web if were on not carefull. A firewall can be used to ( or help to ) block stuff from coming in on the web.

BUT ! The AV and/or Firewall are out of the picture ( way out and to pasture with the cows ) after we open the door to E-mail and let it come in. Neither one will blocks what looks like a valid link to a Web Site.

1-Use something like MailWasher to pre-screen the mail. Then you can delete right off of the server. I myself have deleted as many as 25-30 per day.
2-If you do not know where it came from DO NOT OPEN IT

Now if anyone thinks I am wrong or going too far then they are welcome to say so.

When we open E-Mail we open the door to any body if we click on a link.

But before I go let me add this.

This note IS NOT from GUESSWORK. I thought I had e-mail from a trusted site awhile back. MAN-O-MAN was I every WRONG. Thank GOD ( or somebody for things like SpyBot etc. I had at least three Spyware.

BillyBob

 

You are leaving yourself open to al sort of problems, if you are not careful with e-mail. However, it is good to know what you have, View|Message Source.
You don't open the e-mail, but rather see what they have to say, so that Filters can be created. My ISP does a good job of blocking spam, buut there is a tendency to mispell words to avoid controls, or the use of preposterous little stories often mispelled. I could just delete the mail, but it is more fun to see what I can do.
Three e-mails went by the ISP spam control. One was handled by the Junk Controls. The other two required filters:how about this subject? "At tell no bated semeiology ". I hope that there was nothing obscene, but: On-lineRx in the body did the trick. The other with Subject: "Don't pass it by" had "casiino ", very common mispelling. Now 100% of my spam is gone.
The moral of the story is: use common sense. E-mail does not have to be dangerous. But, if anything is downloaded an up-to-date AV will do the job.
Don't open attachments. BillyBob and my observations are safety conscious. I do not need Mail Washer, as my ISP handles about 50 pieces of junk mail. 3-5 may go through, but the Filter, especially to items in the Body of the message are invaluable.

 

Good Morning all.

Ol' BillyBob sittin here with his 1st cup of Java and more questions, thoughts, or what ever.

Westside writes about creating filiters etc. Good idea. I know it helps,but how long does the list remain usefull ? 1 days ? 2days ? A week ?

As I mentioned I use MailWasher which has a Blacklist. It is quite long but still seems to be useless. Everytime I add a buch of new stuff to it the incoming trash seems to slowdown for a while. All of the sudden WOW I get 15-20 trash e-mails.

So, I start examining things and fine at least two things different.

#1 as Westside mentioned SPELLING. For instance SIEVE is now SEIVE.

#2 I look at addressing. HMMMMM !! I fine that the mail has been Forwarded.

Speaking of forwarding. My Wife got a mail the other day that she asked how to forward to a Grand Daughter. The Title looked very nice. But, when I went deeper into Viewing it she SURPSISED me BIG TIME. She used words that I did not even know she knew. I sure would not want to be the guy that sent the mail and meet her face to face.

But I believe FIRMLY that all Myself and Westside are trying to do is Make users aware of problems and ask them to be carefull for their own good.

OH BTW.
I have a strong suspicion that they are also using SPELLING changes to by-pass any URL blocking we may have setup.

OK. The coffee cup needs refilling.

BillyBob

 

Billy Bob,
I need coffee now!
Mail has become a chore, and, I don't read as many good messages, because of the stupid ones. As for the filters, I used them sparingly, and, I agree, it is mainly the satisfaction of seeing the message dumped than any kind of permanance. It is so much easier to hit the Junk buuton, but I get curious, but not too much. I am wondering how many people fall for the mispelling, or the bizarre subjects and stories. I guess enough to make it worthwhile.
I am still grateful for my ISP spam controls. I, had, actually, taken that username out of circulation. And, my Inbox had maxed out after about four months. That is another solution to the problem! Unfortunately every ISP is getting so generous with their large mailbox, that it would take me years to fill it up.
I am glad that Mail Washer is working for you. It never did much to me.

 

My coffe was great. How was yours ?

And one that MANY users shirk on and then complain when they get hit with something they do not like.

Or they sit back and say " They can't do any harm. It is just mail."

MailWasher is only my HELPER by allowing me to preview what is in my MailBox. on the server. How that help gets used is TOATALY, 100% up to me as the USER.

BillyBob

 

My coffe was great. 2 parts Starbuck Decaf Verona, and one part Seattle's Best French Roast. Strong, but very flavorful. I am really spoiled.
Server-based screening is vital. I may take a look to Mail Washer, but I get so little junk mail that I don't think that it is important. In Netscape/Mozilla, as long as Javascript is off, as it is by default, there is no danger from mail automatically triggering HTML or Virus containing file, but I don't go that far.