Re: Mozilla vs IE when it comes to security?

I have not read the article cited, however I would note that you need
only use Mozilla to realize it is far superior to IE in many ways. The
only drawback is that many web authors use creation tools which are
tailored for flavors of IE. This, of course, leads to some problems with
Mozilla (or Netscape for that matter). The trade-off being superior
performance and security. Mozilla could be crap in many areas, but the
fact that I am able to actually control browser settings, as you
mentioned, makes it far superior in my estimation.

H. S. wrote:
> Hi,
>
> "It is very trivial to actually exploit it," said Marc Maiffret, chief
> hacking officer at eEye Digital Security, which discovered the more
> serious of the two vulnerabilities. "It's a bug that tricks IE into
> running content that it shouldn't, like executables."
>
> This is from:
> http://www.cnn.com/2003/TECH/biztech...eut/index.html
>
> I am not an expert when it comes to security and worms and trojans. I
> know I shouldn't be worried about the viruses mentioned in the news
> above since I use Linux. But my wife uses Win XP, and I have recently
> installed Mozilla on her computer (she loves it, and loves the relief
> from the menace of popups :)
>
> I was wondering, does NOT using IE actually help somewhat in the case
> mentioned in the news? And, is Mozilla inherently better at security
> than IE?
>
>
> regards,
> ->HS
>

On Sun, 24 Aug 2003 12:32:22 -0400, without thought wrote:

Yes all well and good but that doesn't help the original poster with his
question about Mozilla running on XP. And I don't think the Mozilla on XP
helps with the Blaster virus 1) if she went to the webpage containing the
virus it would still infect Win9x-WinXP 2) the same if she downloaded the
infected images from a newsgroup 3) or if she received the infected email.
The virus was OS specific and did not impact Win3.x, Linux/Unix or Mac
OS.

> I have not read the article cited, however I would note that you need
> only use Mozilla to realize it is far superior to IE in many ways. The
> only drawback is that many web authors use creation tools which are
> tailored for flavors of IE. This, of course, leads to some problems with
> Mozilla (or Netscape for that matter). The trade-off being superior
> performance and security. Mozilla could be crap in many areas, but the
> fact that I am able to actually control browser settings, as you
> mentioned, makes it far superior in my estimation.
>
> H. S. wrote:
>> Hi,
>>
>> "It is very trivial to actually exploit it," said Marc Maiffret, chief
>> hacking officer at eEye Digital Security, which discovered the more
>> serious of the two vulnerabilities. "It's a bug that tricks IE into
>> running content that it shouldn't, like executables."
>>
>> This is from:
>> http://www.cnn.com/2003/TECH/biztech...eut/index.html
>>
>> I am not an expert when it comes to security and worms and trojans. I
>> know I shouldn't be worried about the viruses mentioned in the news
>> above since I use Linux. But my wife uses Win XP, and I have recently
>> installed Mozilla on her computer (she loves it, and loves the relief
>> from the menace of popups :)
>>
>> I was wondering, does NOT using IE actually help somewhat in the case
>> mentioned in the news? And, is Mozilla inherently better at security
>> than IE?
>>
>>
>> regards,
>> ->HS
>>
>>

$uRoot wrote:
>
> Blaster wasn't a virus - it was a worm. It had nothing to do with
> browsers, email or usenet. Furthermore, it only infected NT, 2000 & XP.

One question since I don't run any M$ products.

Does Mozilla on Windows automatically run attachments like IE
does? I was under the impression that it didn't but as I said I
don't run windows so have no way to test it.

--
Confucius: He who play in root, eventually kill tree.
Registered with The Linux Counter. http://counter.li.org/
Slackware 9.0 Kernel 2.4.21 i686 (GCC) 3.3
Uptime: 7 days, 10:49, 1 user, load average: 2.31, 1.67, 1.43

David wrote:

> $uRoot wrote:
>
>>
>> Blaster wasn't a virus - it was a worm. It had nothing to do with
>> browsers, email or usenet. Furthermore, it only infected NT, 2000 & XP.
>
>
> One question since I don't run any M$ products.
>
> Does Mozilla on Windows automatically run attachments like IE does? I
> was under the impression that it didn't but as I said I don't run
> windows so have no way to test it.

*NOTHING* not directly written by M$ runs that crap automatically. M$
found it very useful for demoware purposes to have all that behavior
occur automatically, and since they also wrote the OS, they could bind
the functionality from one tool into the other, or even actually alter
the OS to support such stupidities. It makes for great demos and is thus
left on by default, but has demonstrated itself as the security
nightmare most of could have predicted.

Verily, David spewed forth:

> Does Mozilla on Windows automatically run attachments like IE
> does?

IE doesn't run attachments - Outlook does. Through IE, yes, but the
culprit is Outlook.

\\kristian
--
Somebody ought to cross ball point pens with coat hangers,
so that the pens will multiply instead of disappear.

Kristian Thy wrote:
> Verily, David spewed forth:
>
>
>>Does Mozilla on Windows automatically run attachments like IE
>>does?
>
>
> IE doesn't run attachments - Outlook does. Through IE, yes, but the
> culprit is Outlook.
>
> \\kristian


Thanks everyone who replied to my query about Moz and IE security
comparison. In the Win XP i talked about, OE is never used. In fact, it
is because I specifically ask that it be never used because of its
security holes. Moz is proving to a bit hit since I installed a few
weeks ago.

By reading all the posts, I conclude that NOT running OE and IE helps
protect the computer againt the present viruses. At the same time, the
user needs to be very careful on what s/he does with any recieved email.
And to be extra careful when an emails has an attachment or asks to
click on a website.

Thanks all,
->HS

--
---------------------- X ----------------------
Remove all underscores from my email address to get the correct one.
Apologies for the inconvenience, but this is to reduce spam.