FireFox Users

If you use FireFox, you might want to download this update if you haven't done so already.

http://www.computerworld.com/securitytopics/security/story/0,10801,101676,00.html

but i thought firefox was oh so secure....... :rolleyes:

Apparently not. In fact, I don't think it's possible to create something that's completely bullet-proof. Sooner or later, someone is going to find out an exploit and take advantage of it.

At least for now, it's better and more secure than IExplorer.

yeah fishy, way to be negative :wink:

I love FF just for the TABs

I don't think it's possible to create something that's completely bullet-proof.

To clear up your conception: it is impossible to make a bug free program. Now, you know it's not possible.

Crono said:
To clear up your conception: it is impossible to make a bug free program. Now, you know it's not possible.

Crono, Perhaps you should borrow some of Leps skin cream. I bet your head aches from all that swelling. :biggrin:

/runs

nah, i wasn't meaning to be negative, just a little mischievous. i was a little bored and thought i might kick some life into a FFF or two.

the whole 'what's the best browser' is something i care even less about than the possibility of being invaded by martians with pointy sticks.

We are being invaded by martians with pointy sticks....oh no, wait....they are just some Japanese people pole riding on MXC.

Open source software intrinsically has a higher security risk, simply because hackers etc. can see the source code and more easily figure out vulnerabilities than something 'closed' or which is very difficult to get a hold of the source. But on the other hand, if you have a large enough number of skilled people working on it, then these holes can be found and fixed quicker, although you must still operate in a 'company' style framework to release a patch which will slow you down- and given that MS probably has more programmers working for them than 'official' FF people (I don't know any details) they should really be faster to patch things. Methinks there's some secret background agenda here, to be honest :razz:

yeah fishy, way to be negative :wink:

I love FF just for the TABs

IMO, the TABs are better in Opera. That's what I be using.

I think I will stick with my MAXTHON. But thanks for the update info.. im sure some of the peeps here can use it.

Open source software intrinsically has a higher security risk,
simply because hackers etc. can see the source code and more easily
figure out vulnerabilities than something 'closed' or which is very
difficult to get a hold of the source.

Security through obscurity NEVER works. You can look around at the
amount of spam being generated by spamzombies via various botnets if
you want further proof.

But on the other hand, if you have a large enough number of
skilled people working on it, then these holes can be found and fixed
quicker, although you must still operate in a 'company' style framework
to release a patch which will slow you down

Very few Open Source products work like the corporates do.
Gecko/Firefox itself has a somewhat unique dev process (involving
someone called a Rotating Sheriff) who runs around approving and
killing changes to the base code as he sees fit. Obviously, this job
requires that the work be fast seeing as modifications to the source
trees are very frequent, and contributions to the tree from external
sources are very high. One drawback is that the process is very
fallible since it depends entirely on one person, so his mistakes are
very costly. But for a project like a browser, which is small compared
to some other stuff, it most definitely works.

• and given that MS probably has more programmers working for

them than 'official' FF people (I don't know any details) they should
really be faster to patch things. Methinks there's some secret
background agenda here, to be honest :razz:

The whole point is that official FF people need to do very little.
Community contribs count for a huge number of changes (in fact, most
exploits themselves seem to be released with fix info). Methinks the
secret agenda of the FF people is to make a bit of cash with a good
browser.

Security is not a state, it is a process. No software can be secure if
it is not updated continuously. IE fails to handle this process.

Opera, on the other hand, would be an excellent replacement, if it weren't adware.

</fanboy>

<DIV class=quote>
<DIV class=quotetitle>? quoting fraggard</DIV>
<DIV class=quotetext>

<DIV class=quote>
<DIV class=quotetitle>? quote:</DIV>
<DIV class=quotetext>Open source software intrinsically has a higher security risk, simply because hackers etc. can see the source code and more easily figure out vulnerabilities than something 'closed' or which is very difficult to get a hold of the source. </DIV></DIV>

Security through obscurity NEVER works. You can look around at the amount of spam being generated by spamzombies via various botnets if you want further proof.

</DIV></DIV>

Of course obscurity helps improve security! What better defence than not giving an enemy a clue about what you're doing or how you're going to do it? The amount of attention focused on h4x1ng Windows/IE dwarfs that thrown at Mozilla and others (simply because there are more benefits from doing so). What's easier to break into right now: phpBB forum software (c.f. recent world-wide h4xing) or my 'closed source' stuff? :razz:

But yes I do agree with you that M$ are failing to update their software fast enough, which was the 'secret agenda' I was referring to.

/still uses IE because it loads faster and has a Google toolbar, plus I don't visit too many pr0n websites that try to exploit vulnerabilities :wink:

LEP, if you like IE and want Tabbed browsing, try this... http://www.maxthon.com/

Its better than FireFox in my opinion.. I tend to try tons of software to find what best for me.. before I settle onto one. So this has been tested with 14 other browsers I have onmy machine.

fraggard said:

Open source software intrinsically has a higher
security risk, simply because hackers etc. can see the source code and
more easily figure out vulnerabilities than something 'closed' or which
is very difficult to get a hold of the source.

Security through obscurity NEVER works. You can look around at
the amount of spam being generated by spamzombies via various botnets
if you want further proof.

Of course obscurity helps improve security! What better defence than
not giving an enemy a clue about what you're doing or how you're going
to do it? The amount of attention focused on h4x1ng Windows/IE dwarfs
that thrown at Mozilla and others (simply because there are more
benefits from doing so). What's easier to break into right now: phpBB
forum software (c.f. recent world-wide h4xing) or my 'closed source'
stuff? :razz:

That's like sticking a piece of tape across your keyhole and saying the lock can't be picked because you can't see it.

You don't need source to find an exploit... AFAIK there are other
ways. I do not know much more about the h4x0ring side of things, but
the common problems like buffer overflows, SQL injection, cross
site scripting, and whatnot are easily done even with 'closed'
software, it just needs a little knowledge and patience.

Hiding the source may make vulnerabilities a little harder to find,
but once an exploit is out in the open , full disclosure and a quick
patch are the best options. That sort of responsibility cannot be
expected from a large company, but hundreds of eyes on the same bug can
fix it very quickly.

Of course, the snarkpit is safer because of Leper Power ?. Can't beat that.

Leperous said:
/still uses IE because it loads faster and has a Google toolbar, plus I don't visit too many pr0n websites that try to exploit vulnerabilities :wink:

There's a nice Google toolbar in Firefox too, by default.

Thanks for the heads up Satchmo. I switched over a few months ago
and I definitely like FF. I've become so attached that it mildly
annoys me when my friends use my computer and fire up IE not knowing
about FF.

Ive deleted any reference to ie from desktop start menu etc so only way
peeps on my comp use it over ff is if they start searching away or use
run.

One little thing that bugged me with previous updates of ff after
installing them is when I open an html file to edit using "open
with..." there is more than 1 reference to ff so I have to go and mess
about in regedit to get rid of it.

There's a nice Google toolbar in Firefox too, by default.

Not just Google...

/looks at list of fifteen different search engines in own copy of FF

By 'nice', do you mean it can search the current website you're on, or just the country you're in, or images, or news, or can it translate a page, or check the spelling of what you're typing into a form (which I wish more people here used), or, most importantly to me, have the most genius button ever created: the 'up one level' button ?! The only good thing about FF search is that you can use it with multiple search engines, but it's hardly an improvement over having these places bookmarked.

Fraggard, I never said that you can't hack anything that isn't open source, I just said that it's harder to do so. Your analogy about tape over a lock is a bit bizarre and isn't what I was implying- rather, how about keeping the lock mechanism inside an opaque door, so you can't see the shape of the key you need to put inside it?!

You can make it search for google images, google news, probably BBC
news and the like too if you download the right search engine plugin.
Add dictionary.com, amazon, ebay, IMDB, play.com, google maps, etc...
to the mix and its a pretty powerful little search box. I don't know of
a plugin to let you search in the current website, but there is most
likely one out there. FF's "find in page" search tool is pretty neat as
well.

Of course, the snarkpit is safer because of Leper Power ?. Can't beat that.

That reminds me. When is SnarkPower coming out?

/offtopic

Anyways, I prefer FF to IE purely because of tabs and extensions. I use
Thunderbird with e-mail because it's small and handles RSS and IMAP
(the latter being my school e-mail account, the former being useful for
BBC headlines, blogs etc) really well, and I use
Sunbird,
Mozilla's new standalone calendar project, for calendar stuff as I
prefer the style to that of Outlook.

So yeah. "Mozilla fanboy" is the phrase :biggrin:

I've become so attached that it mildly
annoys me when my friends use my computer and fire up IE not knowing
about FF.

I second that.