InsideTech

Windows Secrets article (12/17/2008) was recommended FireFox as an alternative browser to deal with the horrendous flaws in IE. It appears Windows Secrets is wrong!

My conclusion is there is NO browser that can be effectively patched and used on the Internet. It seems that any "active" internet page technology is the primary reason all browsers are gigantic security problems. (Notice" the Bit9 apps list" "Adobe Flash & Acrobat; EMC VMware Player, Workstation, and other products; Sun Java Runtime Environment; Apple QuickTime, Safari, and iTunes; Symantec Norton products; Trend Micro OfficeScan; Citrix products; Aurigma and Lycos image uploaders; Skype; Yahoo Assistant; and Microsoft Windows Live Messenger." Not sure why Symantec Norton products is on the list BUT all the rest involve "dynamic content".

Considering the Bit9 article and the Windows Secrets incorrect recommendation to use Firefox, my 30year IT Sr Manager experiend is that ALL BROWSING on the Internet is an inherently a high risk activity, The CAUSE is ACTIVE CONTENT that "EXECUTES" on your machine without permission.

Grins...RussH

TIP: One security measure you can take that may allow you to fix your system if it's attacked is a feature in Windows XP. It's the System Restore facility which allows you to restore your machine to a previously known checkpoint state. Catch is you have to have the feature active on your machine and you have to be logged in as Administrator to run the "Restore".

All programs/Accessories/System Tools/System Restore

If you go to this menu pick...System Restore settings link is on the left hand side of the screen. You can check to see if you have "system resotore" in operation.

agree with doorun on what the function of broswers are. by the way ive been using iexplorer for longest time and no problems with hijackers, toolbars, ect....it really comes down to smarter websurfing, latest security windows updates, good spyware/antivirus protection with rogue website checking, and common sense.

So wait... We all know IE is the most popular browser, it's the most vulnerable amongst the big three with ActiveX running and it's not all that tight with it disabled, and we know that many businesses that run IE run IE6 for internal reasons. Both IE6 and IE7 have a large variety of XSS vulnerabilities that Firefox 3 doesn't, as well as more technical exploits that are widely known, and they carry the near pariah in the hacking world of the MS brand name... and Bit9 figures you're better off running IE than Firefox in your business solely because of automatic updates? Interesting. Are they not aware, perhaps, that Firefox has a built-in updater that gets checked every time you launch the application? Or that deploying updated versions of Firefox is not any more difficult than any other 3rd-party app?

You're obviously just checking to see if someone is still reading this because april fools day is still a long way off... I would laugh if it wasn’t for the fact that my company’s brain dead policies are based on the same half baked opinions employed by entities like Bit9.

I'm not a MS cheerleader, but I think the central point of the study is being missed by most people. It doesn't look like they're claiming FF is less secure than IE, just that it's tougher for IT to ensure that patches are applied. If you update your WSUS you can ensure that all copies of IE are updated via group policy. You don't have that option with FF, which is why they're calling it "tougher to patch". Of course, that's not going to stop us from rolling out FF in my office since it runs one of our central apps about 3 times faster than IE.

What a joke, this article is ... quote - "It has grown a substantial enough market share to place it in a strong second after Microsoft." So Bit9, the "quintessential" resource in application whitelisting lumps IE7 together with IE6 to push Firefox into "second" place in browser usage ... rofl

quote - "The remaining spots on the list were filled out with more familiar names ... Symantec Norton products; ... Trend Micro OfficeScan; Citrix products ... " Symantec was put on the list because they have a business arrangement w/ Norton's competitor - McAfee. Trend Micro OfficeScan - ditto. Citrix products ... Wha' ... ?!!! Yup, that's right ... Citrix is at the top of my Favorites list, if I really want to tick off the IT staff and download malware to my corporate computer ... BLAH ... Citrix shows up on the list because they are more established than Bit9, and they offer solutions in direct competition to Bit9's. I see Bit9 has their marketing staff working overtime - if they're not, they're sleeping w/ Microsoft ... W A J!!!

Hihi, funny! I worked at MS for about a year (my contract ended 5 months ago), and guess what? EVERYBODY uses Firefox there, even the top managers.