Comments on: A safe browser? No longer in the lexicon

CERT security analyst Art Manion warns that all Web browsers now face similar threats--and some even share similar design features.

[Harfeld Bilgewing]

You're kidding me...

Surely only Microsoft ships security flaws in their code? Please don't rock my world like this!

[Harfeld Bilgewing]

You're kidding me...

Surely only Microsoft ships security flaws in their code? Please don't rock my world like this!

Opera?

I'm surprised that Opera isn't mentioned in this article. It has the fewest security flaws.

[RavingEniac]

Alternatives to the rescue

A few flaws have turned up in Mozilla/Firefox, but I've never had a problem in the three or four years that I've been using Mozilla. Diversity in browsers and operating systems would help.

How do you know?

Have you counted them? You problably are right about the number of reported issues, but this is no guarantee that the product is 'safer' than IE.

[TimeBomb]

Correction

You should have said "fewest KNOWN security flaws".

Big difference.

If I were a hacker, I'd ignore the browser with 0.5% share, too.

Opera?

I'm surprised that Opera isn't mentioned in this article. It has the fewest security flaws.

[RavingEniac]

Alternatives to the rescue

A few flaws have turned up in Mozilla/Firefox, but I've never had a problem in the three or four years that I've been using Mozilla. Diversity in browsers and operating systems would help.

How do you know?

Have you counted them? You problably are right about the number of reported issues, but this is no guarantee that the product is 'safer' than IE.

[TimeBomb]

Correction

You should have said "fewest KNOWN security flaws".

Big difference.

If I were a hacker, I'd ignore the browser with 0.5% share, too.

[Bytesmiths]

Equal Time: thanks, but no thanks

Are you aware of specific Apple Safari vulnerabilities?

It would appear that Apple was mentioned only in some strange
sort of "equality of negativity" campaign. You would have served
your audience better if you had touted diversity, and suggested
that people move to browsers that have low rates of vulnerability.

[Bytesmiths]

Equal Time: thanks, but no thanks

Are you aware of specific Apple Safari vulnerabilities?

It would appear that Apple was mentioned only in some strange
sort of "equality of negativity" campaign. You would have served
your audience better if you had touted diversity, and suggested
that people move to browsers that have low rates of vulnerability.

Browser Selection

This article is pointing out that when any browser has market share it is then exploited. That no matter what Browser you have you are going to have to be careful. People talk about Opera and it is a nice browser but to say that it should be pushed because it has less vulnerabilities is madness. Chosing a browser is like the lesser of 2 evils at that moment of decision. It will probably change many times.

Browser Selection

This article is pointing out that when any browser has market share it is then exploited. That no matter what Browser you have you are going to have to be careful. People talk about Opera and it is a nice browser but to say that it should be pushed because it has less vulnerabilities is madness. Chosing a browser is like the lesser of 2 evils at that moment of decision. It will probably change many times.

[Stating]

Workaround Unworkable

I am so sick of seeing the oft repeated recommendation "Disabling scripts can make browsing much safer, but also less functional or enjoyable. In IE, consider locking down the Internet zone and putting regularly used Web sites in the Trusted sites zone." The utter impracticality of Microsoft's zone technology, which yet again shifts the burden to the customer, is what lead me to abandon IE in favor of Firefox.

Zone is an unworkable solution because so many sites use functions on completely different URLs to complete transactions. It is maddening, for example, to put a shopping site URL in the Trusted Zone and then at checkout time have the transaction fail because the checkout function is handled by another site which is not in the TZ. And there is no way of knowing in advance the entire list of URLs that a site uses for all its functions. Sites like BOFA and AMEX may uses as many as 5 other URLs, none of which are linked to bofa.com, thereby preventing the use of wildcarding in the TZ. The Trusted Zone technology is stuck way back in 1995 when sites used only use a single URL for perform all functions.

[TimeBomb]

I hate to tell you, but...

The advice to disable scripting has been said, even very recently, by Mozilla devs, too.

Did you even read the article?

This isn't a Microsoft-only problem anymore. I use Firefox with the popular "NoScript" extension ( http://noscript.net ), and it adds security, but also adds inconvenience--and sometimes, the exact same inconveniences and hassles you outlined.

Get real. If you use something other than MSIE, and find it more convenient, it's only because you're oblivious to the security risks.

[Stating]

Workaround Unworkable

I am so sick of seeing the oft repeated recommendation "Disabling scripts can make browsing much safer, but also less functional or enjoyable. In IE, consider locking down the Internet zone and putting regularly used Web sites in the Trusted sites zone." The utter impracticality of Microsoft's zone technology, which yet again shifts the burden to the customer, is what lead me to abandon IE in favor of Firefox.

Zone is an unworkable solution because so many sites use functions on completely different URLs to complete transactions. It is maddening, for example, to put a shopping site URL in the Trusted Zone and then at checkout time have the transaction fail because the checkout function is handled by another site which is not in the TZ. And there is no way of knowing in advance the entire list of URLs that a site uses for all its functions. Sites like BOFA and AMEX may uses as many as 5 other URLs, none of which are linked to bofa.com, thereby preventing the use of wildcarding in the TZ. The Trusted Zone technology is stuck way back in 1995 when sites used only use a single URL for perform all functions.

[TimeBomb]

I hate to tell you, but...

The advice to disable scripting has been said, even very recently, by Mozilla devs, too.

Did you even read the article?

This isn't a Microsoft-only problem anymore. I use Firefox with the popular "NoScript" extension ( http://noscript.net ), and it adds security, but also adds inconvenience--and sometimes, the exact same inconveniences and hassles you outlined.

Get real. If you use something other than MSIE, and find it more convenient, it's only because you're oblivious to the security risks.

[rcsteiner]

What about Links?

That's the browser I use for most of my day-to-day web surfing. The latest version from then original source tree (Links 0.99) has no scripting support and runs in text mode, but it presents everything in nice clear text and has good table/frames support.

For reading news and forums, I've found nothing better, and it doesn't have the security encumberance that a thousand unused bells and whistles can subject me to.

[rcsteiner]

What about Links?

That's the browser I use for most of my day-to-day web surfing. The latest version from then original source tree (Links 0.99) has no scripting support and runs in text mode, but it presents everything in nice clear text and has good table/frames support.

For reading news and forums, I've found nothing better, and it doesn't have the security encumberance that a thousand unused bells and whistles can subject me to.

Adsurd

You should be telling everyone to uninstall IE in favor of Mozilla and Opera. I find it extremely irresponsible on your part not to mention Opera, as it is the browser with the least security flaws. This guy is actually getting paid with taxpayer money to protect the HOMELAND, and giving such bad advice? I could have given you a better tip, and it wouldn't cost you a penny! Stop using Internet Explorer.

Adsurd

You should be telling everyone to uninstall IE in favor of Mozilla and Opera. I find it extremely irresponsible on your part not to mention Opera, as it is the browser with the least security flaws. This guy is actually getting paid with taxpayer money to protect the HOMELAND, and giving such bad advice? I could have given you a better tip, and it wouldn't cost you a penny! Stop using Internet Explorer.

[huddie klein]

Is it all the same?

Here's a little story:
After having used mozilla/firefox for more than two years without the tiniest problem, I had to go back to IE on a new pc to download firefox.

I made a typo in the adressbar and after 30 seconds of Internet-Exploring I got stuck in a webring and had some spyware installed on my brand new pc...

So much for 'the same flaws in mozilla'...

Regards,

Huddie

[huddie klein]

Is it all the same?

Here's a little story:
After having used mozilla/firefox for more than two years without the tiniest problem, I had to go back to IE on a new pc to download firefox.

I made a typo in the adressbar and after 30 seconds of Internet-Exploring I got stuck in a webring and had some spyware installed on my brand new pc...

So much for 'the same flaws in mozilla'...

Regards,

Huddie

[202578300049013666264380294439]

where is opera?

is opera ommited by purpose? it is the ONLY browser with 0 security warnings by Secunia..

[202578300049013666264380294439]

where is opera?

is opera ommited by purpose? it is the ONLY browser with 0 security warnings by Secunia..

[Indyan]

Wow!HOw could you ignore opera?

It seems that Mr.Manion has never heard of a browser called opera.When discussing about browser security there is no way it can be ignored.Assocrding to secunia opera has the best security track record.Not only that unlike Internet explorer or Firefox opera has patched all secunia advices.
Apart from that with all the hype surrounding Firefox hackers and virus makers are now specifically making exploits for Firefox users too.However since opera has a lower market share it's users remain more safe!

[WesFlash]

Security through Obscurity

Security through obscurity is old news, though effective if you can live without the functionality of other competing products. It's just like the people saying move to Linux because it's more secure and safer. Using the most popular product means using the most likey target of hackers, and the one that get's most vulnerabilities abused and exposed because of that.

Opera also works faulted CPU

My CPU recently got toasted. My PC froze and when I hit hard-reset button the BIOS warned me about "CPU temperature too high. Shutting down now!".
Then I turned off the PC, opened the case and tried to look at my CPU (which I thought was ruined) after a couple of housr I started my PC and it seemed like it was working fine. Until I tried to start Firefox which worked for about two seconds and crashed. IE also crashed once in a while. Parts of the CPU are volatile and are generating messsed up memory data it seems as the problems shift around. I traced the main cause of the problems to JavaScript. Opera also failed to work but it has an easy way to turn off JavaScript (by hitting F12 key). So I did and my Opera runs without any crashes. I know I will have to buy a new computer, but now it works with MSN and e-mail and simple web-browsing until I can get enough money for a new PC.

[Indyan]

Wow!HOw could you ignore opera?

It seems that Mr.Manion has never heard of a browser called opera.When discussing about browser security there is no way it can be ignored.Assocrding to secunia opera has the best security track record.Not only that unlike Internet explorer or Firefox opera has patched all secunia advices.
Apart from that with all the hype surrounding Firefox hackers and virus makers are now specifically making exploits for Firefox users too.However since opera has a lower market share it's users remain more safe!

[WesFlash]

Security through Obscurity

Security through obscurity is old news, though effective if you can live without the functionality of other competing products. It's just like the people saying move to Linux because it's more secure and safer. Using the most popular product means using the most likey target of hackers, and the one that get's most vulnerabilities abused and exposed because of that.

Opera also works faulted CPU

My CPU recently got toasted. My PC froze and when I hit hard-reset button the BIOS warned me about "CPU temperature too high. Shutting down now!".
Then I turned off the PC, opened the case and tried to look at my CPU (which I thought was ruined) after a couple of housr I started my PC and it seemed like it was working fine. Until I tried to start Firefox which worked for about two seconds and crashed. IE also crashed once in a while. Parts of the CPU are volatile and are generating messsed up memory data it seems as the problems shift around. I traced the main cause of the problems to JavaScript. Opera also failed to work but it has an easy way to turn off JavaScript (by hitting F12 key). So I did and my Opera runs without any crashes. I know I will have to buy a new computer, but now it works with MSN and e-mail and simple web-browsing until I can get enough money for a new PC.