Re: Mozilla vs IE when it comes to security?

This is a discussion on Re: Mozilla vs IE when it comes to security? within the Linux Security forums, part of the System Security and Security Related category; In message <naX1b.2345$W01.390900@news20.bellglobal.com>, H. S. <g_reate_xcalibur@yahoo.com> writes >...


Go Back   Usenet Forums > System Security and Security Related > Linux Security

Reload this Page Re: Mozilla vs IE when it comes to security?

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 08-24-2003
Joe
 
Posts: n/a
Default Re: Mozilla vs IE when it comes to security?
In message <naX1b.2345$W01.390900@news20.bellglobal.com>, H. S.
<g_reate_xcalibur@yahoo.com> writes
>Hi,
>
>"It is very trivial to actually exploit it," said Marc Maiffret, chief
>hacking officer at eEye Digital Security, which discovered the more
>serious of the two vulnerabilities. "It's a bug that tricks IE into
>running content that it shouldn't, like executables."
>
There is a never-ending stream of ways of persuading IE to run
attachments it shouldn't. As fast as one is plugged, (not very fast, as
it happens) another is found.
>
>I was wondering, does NOT using IE actually help somewhat in the case
>mentioned in the news? And, is Mozilla inherently better at security
>than IE?
>
Yes, but it doesn't help a lot unless you frequent dodgy websites. Cases
of respectable websites being hacked and malicious programs being
embedded in their pages are not common.

Far better in security terms is to avoid using Outlook/Outlook Express
for email. Both of them fall over themselves to provide kiddies with
instant entertainment, and will happily use IE to render HTML emails and
play any embedded sounds, animations etc., even if IE isn't your default
browser.

Here is where just opening an email (or having it automatically
previewed when you select it) can run malicious attachments, most of
which are viruses. Indeed, unless you have patched the default OE/IE
installation, or have a recent new version, the IE rendering engine can
be passed an executable file while being told it's midi, or other audio,
and it will run the file without checking what it actually is.
Wonderful. This is how most Windows viruses spread, though it has to be
said that the amazingly successful sobig.f virus does not run
automatically and requires idiots to run unsolicited attachments. Which
many have done.

It is possible to discourage the automatic behaviour, but in involves
considerable fiddling with the default settings of OE/IE. Microsoft
ships them with defaults providing what it considers the best possible
Internet experience, which is fine until that experience includes a
serious virus infection, which it inevitably will one day.

I tend to dump HTML email in my spam bin, and occasionally glance though
the pile to see if any legitimate mail ends up there. I also use an
email client that doesn't render any aspect of HTML apart from the text.
Finally, I try to discourage everyone I know from using HTML in email,
though without complete success.
--
Joe
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 04:49 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0