Spyware Barely Touches Firefox

[muckshifter]

InformationWeek article

Spyware Barely Touches Firefox

In side-by-side tests of Microsoft Internet Explorer and Firefox, IE proved to be far more vulnerable to spyware infections. Most of the exploits that leveraged IE vulnerabilities to plant spyware were based on ActiveX and JavaScript.

In May and October, Levy and colleague Steven Gribble sent their crawlers to 45,000 Web sites, cataloged the executable files found, and tested malicious sites' effectiveness by exposing unpatched versions of Internet Explorer and Firefox to "drive-by downloads." That's the term for the hacker practice of using browser vulnerabilities to install software, sometimes surreptitiously, sometimes not.

"We can't say IE is any less safe," explained Levy, "because we choose to use an unpatched version [of each browser.] We were trying to understand the number of [spyware] threats, so if we used unpatched browsers then we would see more threats."

Levy and Gribble, along with graduate students Alexander Moshchuk and Tanya Bragin, set up IE in two configurations -- one where it behaved as if the user had given permission for all downloads, the other as if the user refused all download permission -- to track the number of successful spyware installations.

During Levy's and Gribble's most recent crawl of October 2005, 1.6 percent of the domains infected the first IE configuration, the one mimicking a naïve user blithely clicking 'Yes;' about a third as many domains (0.6 percent) did drive-by downloads by planting spyware even when the user rejected the installations.

"These numbers may not sound like much," said Gribble, "but consider the number of domains on the Web."

"You definitely want to have all the patches [installed] for Internet Explorer," added Levy.

In the same kind of configurations, Firefox survived relatively unscathed. Only .09 percent of domains infected the Mozilla Corp. browser when it was set, like IE, to act as if the user clicked through security dialogs; no domain managed to infect the Firefox-equipped PC in a drive-by download attack.

Good thing, because one of the research's most startling conclusions was the number of spyware-infected sites. One out of every 20 executable files on Web sites is spyware, and 1 in 25 domains contain at least one piece of spyware waiting for victims.

"If these numbers are even close to representative for Web sites frequented by users," the paper concluded, "it is not surprising that spyware continues to be of major concern."

The moral, said Levy, is: "If you browse, you're eventually going to get hit with a spyware attack."

Well worth a read ...

Full Article

 

[chelseafc2005]

I have been using firefox for over a year now and have no regrets and no wishes to go back to ie but.... it is sorta anoying when some pages dont work on firefox

 

[Quadophile]

it is sorta anoying when some pages dont work on firefox

There is a nice extension available on mozilla firefox which will enable you to view pages in the correct format. Its called IE View download through your browser and you are set

 

[muckshifter]

There is a nice extension available on mozilla firefox which will enable you to view pages in the correct format. Its called IE View download through your browser and you are set

Sorry Quad but the 'fault' is not FF, but the website's webmasters inability to conform to the "correct format" ... IE does not conform to these standards.

 

[chelseafc2005]

There is a nice extension available on mozilla firefox which will enable you to view pages in the correct format. Its called IE View download through your browser and you are set

o kl i have an extension which lets me open the page in internet explorere i will watch out for ie view thanks quad

 

[Me__2001]

to use IE view you still need IE installed, it just puts IE into the firefox window

 

[Quadophile]

Sorry Quad but the 'fault' is not FF, but the website's webmasters inability to conform to the "correct format" ... IE does not conform to these standards.

Well I thought I should give the benefit of doubt to the webmaster for a change rather than to standards.

 

[psd99]

firefox rocks!!!