OSNews

If people want a secure web browser, they should not be using IE.

http://www.mozilla.com/en-US/
http://www.opera.com/
http://www.mozilla.org/projects/seamonkey/

Every story about IE gets a ridiculous post like this.

Like everyone using IE is totally unaware of the alternatives at this point!

Some people might require IE for a specific page or application and a few people probably even like the browser *shudders at the thought*

yup, alot of posts about windows, seems to get some kind of post like this. I like Linix/FreeBSD and all but sheesh. I belive in using the right tool for the job. and for OS/Broswer what ever makes you comfortable. period, what ever that is.


-Nex6

Man, IE7 is a world apart from IE6, stop living in the past. I use firefox myself, but I have upgraded all my IE users and they and I sleep better at night because of it.

And, besides, anyone that reads OSNews should know there are alternatives.

have you seen the bugtraq lists? all broswers have issues. some people prefer IE, so let them use it. and for *them* IE7 is a huge improvement. if fact, it's protected mode is basicly read only. which I think is very good. hopefully mozilla will start using the low rights framework also.



-Nex6

Well, if it just so happens they develop a method that is more secure, then yes they should follow the example.

Here is hoping the Mozilla team are not as blind as some to just dismiss something because the word Microsoft is mentioned.

Reputation is important:

Spamming/trolling also it seems.

"Spamming/trolling also it seems. "

Highlighting alternatives to MS software is "Spamming/trolling"?

Yes. At the very least it's off-topic.

Doing it constantly, agressively and being offtopic, yeah, I think that fits the definition.

Only if the people offended by it are employed by Microsoft... ;P

--bornagainpenguin

Results are more important. MS is making strides to overcome their reputation for being a swiss cheese factory. People like yourself, however, is the real barrier, people who cannot be swayed by changes, new evidence, or just realizing that your choices are not the best choices for all people.

I don't think Mozilla team would be that blind. If you remember from last year Microsoft invited the Mozilla team to their HQ to get an early glimpse of Vista and how to make its firefox work better with it. A lot of people screamed at the mere thought but The Mozilla team accepted and had some good things to say about the experience. I'd bet that security was an issue that came up during the meeting and how both companies could better secure their applications through Vista.

The thing is Firefox is no longer safer than IE7* in fact the reverse is true. And when it comes to policies, procures and practices around security the CURRENT situation is that Microsoft is the industry benchmark.

Things change, Microsoft is no longer a security lagard. They have a legacy to overcome, but Vista is a big step, IE 7 uses some of the security features to reduce the risk of a flaw and applications like Firefox should take advantage of this. Not to do so would be like cutting your nose to spite your face or sticking your head in the sand and refuse to believe Microsoft can do anything to improve security.

* I still use Firefox because of things like Firebig and many anoyances that in IE7 that are not security related.

"The thing is Firefox is no longer safer than IE7* in fact the reverse is true."

I doubt that. Does this new security require Vista? Mozilla software is cross-platform, secure and reliable. No vendor lock-in!

"Things change, Microsoft is no longer a security lagard. They have a legacy to overcome, but Vista is a big step"

http://www.techworld.com/security/news/index.cfm?newsID=8656&pagtyp...
http://www.techworld.com/security/news/index.cfm?newsID=8490&pagtyp...

And when it comes to policies, procures and practices around security the CURRENT situation is that Microsoft is the industry benchmark.

If it's possible to have negative credibility, you've just achieved it. Microsoft has such an absolutely atrocious attitude towards security, played out consistently over many, many years, it just isn't funny. Microsoft's head of Vista and Windows development also even believed that Vista's security problems should be downgraded, just by virtue of Vista being more secure and apparently having more security features! Unbelievable.

Unless it can be marketed, Microsoft often has a shockingly naive attitude to how to go about making software more secure, and what makes secure software.

So who currently has a better security policies, procures and practices than Microsoft? Microsofts current practices border on the obsessive if you have read their SDLC.

Microsoft's head of Vista and Windows development also even believed that Vista's security problems should be downgraded, just by virtue of Vista being more secure and apparently having more security features! Unbelievable.

You are referring to a particular security issue and not the general plural - I may be wrong but I think Vista has had one security issue and relates to code from Windows 2000.

Microsoft certainly can make a strong case why it should be marked as less serious. Anyone exploiting the flaw can do less damage in Vista than they could in XP therefore the bug is less serious. At least that is their reasoning. And if you think objectively about it they may be right.

"if fact, it's protected mode is basicly read only. which I think is very good. hopefully mozilla will start using the low rights framework also."

You think Mozilla should be taking security advice from MS? Everyone should consider secure, reliable, alternatives to MS software.

-------------

Actually, when the Firefox devs visited Microsoft's Windows Vista Readiness ISV Lab, one of the things the Firefox devs were interested in *was* getting Firefox to use Vista's protected mode.

Here's an article on Microsoft's inviting the Firefox team to the lab:
Microsoft invites Firefox development team to Redmond
http://arstechnica.com/journals/microsoft.ars/2006/8/21/5065

Here's a record of that invite and subsequent newsgroup postings (the invite was made on the mozilla.dev.planning newsgroup):
http://groups.google.com/group/mozilla.dev.planning/browse_frm/thre...

Note the post made by Firefox dev "beltzner", from which I'll quote the relevant parts:
"As Mike Schroepfer indicated, I think we're already in discussion with someone on your team about this, but for the record: yes, we'd definitely be interested in getting some 1:1 support. We have, of course, been testing on Vista, and Rob Strong has done some work with Ed Averett to ensure that we take advantage of the new "Default Program" infrastructure.

Other areas that I think both Firefox and Thunderbird should investigate are:

- effects of running in the new application security mode
- interacting/integrating with InfoCard
- integration with the common RSS data store and services
- integration with the Vista calendar and address book"

In other words, Firefox devs are mature adults, unlike many Firefox fanboys or Microsoft haters that would've derisively dismissed this invite and protected mode.

Edited 2007-05-03 21:12

Not really. I've just repaired a machine this evening that had IE7 spyware toolbars. They may have been installed by software that was downloaded, but the machine was heavily infected by spyware throughout. IE7 might have new security features, but as a whole insidious industry's income relies upon the exploit of IE, I suspect that there are already 0-day exploits out there, and in use.

But if this was on a Vista system none of that spyare (or malware) could effect anything outside of the IE process.

No, IE protected mode restricts all to anything that runs within the IE process, including ActiveX controls.

There is a handler that manages communication to the rest of the OS, which is what allows you to download content wherever you want, etc..

Nothing can stop a user from downloading some malware and then running said malware.
However, IE protected mode does basically sandbox IE, including ActiveX controls, which used to have full reign on the system.

I had a similar experience - but the user had deliberately, infected their PC and than tried to speed up there horribly infected PC with more scumware optimisers etc.

Just two points>

· IE 7 did remove all the toolbars etc by simply clicking the return to manufactures spec button (very good)

· The main problem is the idiot behind the keyboard who installs every bit of scumware they come across

Personally I use Firefox seems a little quicker and more stable to me, I suppose eventually there will be CWS for IE 7.

Maybe I'll work on such an article in a week or so... would you like to help?

If only I had the time...

Will look forward to reading it though, if you go through with it.