Firefox Users Surf Safer 240
SenseOfHumor writes "According to two University of Washington Professors, Firefox users have a safer browsing experience than users of IE. These researchers sent their crawlers to 45,000 websites and studied the impact on Firefox and IE." From the article: "Levy and Gribble, along with graduate students Alexander Moshchuk and Tanya Bragin, set up IE in two configurations -- one where it behaved as if the user had given permission for all downloads, the other as if the user refused all download permission -- to track the number of successful spyware installations. During Levy's and Gribble's most recent crawl of October 2005, 1.6 percent of the domains infected the first IE configuration, the one mimicking a nave user blithely clicking 'Yes;' about a third as many domains (0.6 percent) did drive-by downloads by planting spyware even when the user rejected the installations."
Who cares? (Score:4, Interesting)
Re:Who cares? (Score:5, Insightful)
Re:Who cares? (Score:4, Interesting)
I went from amigaos (fast browsers with no javascript) to unix with mozilla (and popup blocking by default) and never encountered things like popups and spyware, i had a rose tinted view of the internet...
Then i went to a friend's place, and saw him battling with IE... i was absoloutely disturbed, how could anyone's experience of the web be so horrendous, and yet he was still willing to use it!
Had i first experienced the internet in that way, i'd not have had much interest in it at all.
Re:Who cares? (Score:2)
Re:Firefox doesn't prevent spyware. (Score:3, Insightful)
Really? Care to give us an example? Or are you just playing the "Opera Fanboy" again?
Post this in Public Somewhere (Score:4, Insightful)
Slashdot readers already know this!
This needs to be in USA Today, New York Times, on Fox News, CNN, local newspapers, local news, etc.
Then it would actually mean something.
Re:Post this in Public Somewhere (Score:2, Insightful)
Re:Post this in Public Somewhere (Score:3, Informative)
Look at Apache, for instance. It is used by an estimated 60% (if not more) of all web sites. But we rarely hear about serious security issues. Sure, bugs and exploits do crop up occasionally, but nowhere near at the rate of its competitors.
Likewise, if Firefox is a well-written application, then it should be secure if it has one user, or if it has hundreds of millions of users.
Re:Post this in Public Somewhere (Score:2)
Re:Post this in Public Somewhere (Score:2)
Re:Post this in Public Somewhere (Score:3, Informative)
Ever wondered why OpenBSD is so secure? In part, it's because they don't differentiate between bugs which they know how to exploit, and ones they don't. If they find a bug, they categorise it and scour the code base for instances o
Re:Post this in Public Somewhere (Score:2)
Think of the debates! (Score:3, Funny)
I just had this image of guys in suits yelling at each other about the merits of Firefox and IE; saying things like "Firefox is a liberal plot to undermine American values!", etc...
Re:Think of the debates! (Score:2, Funny)
Re:Post this in Public Somewhere (Score:2)
Sure! I'll rush over to kuro5hin with this right away!
They used unpatched browsers (Score:3, Informative)
So reporting this on CNN and the like wouldn't have the impact that you hope it would. In fact, this study might be useful in studying malware but is meaningless in comparing FF with IE regarding security (as they rightfully admit).
Re:They used unpatched browsers (Score:2)
How Firefox fared (Score:3, Insightful)
So we can say that if you don't explicitly accept anything, you're safe with Firefox. Pretty much what I expected.
I wonder what the numbers will be for IE 7.
Re:How Firefox fared (Score:2)
Re:How Firefox fared (Score:2)
We all know the problems Microsoft have had with quality control in the past, they just want to be sure they have all the kinks ironed out of their malware so that they can be sure have some Vista exploits to point to when they want to scare users into subscribing to their protection racket.
How about a four-way matchup... (Score:5, Insightful)
"We can't say IE is any less safe," explained Levy, "because we choose to use an unpatched version [of each browser.] We were trying to understand the number of [spyware] threats, so if we used unpatched browsers then we would see more threats."
I hope they used a very old version of Firefox. Comparing FF1.5 to an old unpatched version of IE is hardly a fair comparison.
They should have patched both browsers and had them run the same crawl. Then we could see how each browser in its most current state handles spyware, and how much each one has improved via patch releases.
Re:How about a four-way matchup... (Score:3, Insightful)
Re:How about a four-way matchup... (Score:5, Informative)
Somebody should start a news site that takes all the top news stories, finds the original research or primary source, and links to that instead of the dumbed-down yet sensationalistic news wire blurbs and blog whores. I know I'd appreciate it.
Re:How about a four-way matchup... (Score:2)
I dunno... (Score:2)
Re:How about a four-way matchup... (Score:2)
Re:How about a four-way matchup... (Score:2)
Firefox more successful than Linux? (Score:4, Interesting)
Could it mean the death of IE?
Re:Firefox more successful than Linux? (Score:2, Interesting)
Why do users want this to happen? (Score:5, Funny)
Owning a computer now is a bit like having a pet rabbit. It never just is. You have to feed it the right stuff or it gets sick. If you leave the hutch door open it might run away then you have to search the street for the bloody thing.
People could choose to have computers which just do their job from year to year but they seem to want to believe that the thing is alive, just like the pet. They want it to have issues and risks, to get "infected" and require "cleaning".
They won't be happy with something which just browses the web and shows them pictures. It won't be as entertaining and involving that way.
Re:Why do users want this to happen? (Score:2)
even the viruses multiply like rabbits
Re:Why do users want this to happen? (Score:3, Insightful)
At work I primarily use a Linux workstation. I give it no care and feeding, as it requires none. It has no registry, it has no spyware, adware, or virii. Completely boring, untinteresting, and extremely useful. Perfect for me, as I am more interested in doing my job than fighting my PC.
And at home I primarily use a Macintosh running OSX. Similar experience to Linux, better graphics, better ap
Re:Why do users want this to happen? (Score:2, Funny)
And users often had to futz around with memory segmentation (remember Quarterdeck's QEMM386? What a problem solver!), IRQs, etc. Adding hardware or just installing a game could cause you far more problems than you'll typically see now.
Putting away the
Re:Why do users want this to happen? (Score:2)
Re:Why do users want this to happen? (Score:2)
Yes, I think for the average common user (not the sort of person who would have had a computer at all more than 15 years ago) it is more comforting to think of their computer system as having some of the characteristics of life. They want it to be somewhat unpredictable.
I don't think they go out looking for viruses, etc; but I do think the software market is adapting to this kind of user, in just the w
Re:Why do users want this to happen? (Score:2)
I don't think that users WANT the computers to be unpredictable (so, I disagree with the GP). I think that they BELIVE that they are unpredictable, and act much more like a pet than an VCR.
Does it count if Spyware... (Score:3, Funny)
Seriously though, since I installed Firefox last Summer it's made Ad Aware and HijackThis obsolete.
Re:Does it count if Spyware... (Score:3, Informative)
AdAware's obsolete if you don't pay for it anyway - they stopped updating the free version a long time ago. I would pay for spybot if I needed a corporate version, because it's free, but I would now NEVER EVER pay for AdAware and I try to encourage everyone else in the same direction, just because I'm a bitchy fucker and I don't think that security should cost money.
I, too, have not been infected with anything since I stopped using IE and started using a firewall - which was quite some time ago. You do
User education (Score:5, Insightful)
The misleading headline makes it sound like people who use firefox are less likely to visit a site that would take advantage of an unpatched exploit in their computer. That conclusion, however, would not surprise me if it were true.
In addition, there are very few people who just go the websites of the world in a random fashion. So who cares if around four percent of the websites out there have malicious programs - that is a problem of domain hosts that allow nasties to keep their sites on those servers. In a world where most people (probably around 80% of internet users) visit the top websites (probably around 20% of sites), I think the problem is one of user education (don't go to sites you don't trust, don't randomly click on crap - which probably needs to be applied most to pr0n surfers).
Why isn't lynx ever in these comparisons? (Score:3, Funny)
Re:Why isn't lynx ever in these comparisons? (Score:2)
Firefox user's mindset (Score:3, Insightful)
I think that a lot of people using Firefox go beyond just having a different browser to be safer doing the exact same things. I think that the average firefox user probably has a somewhat different web surfing habit than IE users. Many are using Firefox because they sought out something "safer" than MSIE in general, and are probably actively trying to be safer in their usage as well by not doing some of the things or going to the sorts of sites that those less interested or less knowledgable are doing or going to.
Regardless of the browser in use, who is more likely to click through the bank account phishers, the average MSIE user or the average Firefox user? Things like that...
Re:Firefox user's mindset (Score:2)
Is the browser really the reason? (Score:2, Insightful)
Re:Is the browser really the reason? (Score:2)
I think you have a sound point, but my experience is different. I find that even the non-techies like firefox and find it so much more "secure" than internet explorer. I've installed it for my parents and for some colleagues, and they all appreciate it. The only complaint is about the sometimes slow behavior (and they get bored when I explain what a "memory leak" is.) We all know that pop-ups and spyware are annoying, and I think my non-techie friends like a browser experience without that hastle. I put ad-
Re:Is the browser really the reason? (Score:2)
Their experiment tried to emulate the careless behavior of the "average user" and it was found that Firefox was much less susceptible to attacks. So yes, the browser does matter as well as its default configuration. It also helps that Firefox doesn't support ActiveX by default and isn't affected by drive by installatio
Yet another lame FF ra-ra post (Score:5, Insightful)
This whole "study" was stupid in terms of proving one browser more secure from malware than the other (which wasn't their point apparently, which makes the
Ok, as others have said, that's not exactly like finding out the Sun orbits the Earth or anything.
It is much like saying "hey, you know, if you go into a burning building without firefighting gear, your gonna get burnt".
REALLY?!? WOAH! HEADLINE NEWS!
"If you have sex with a number of HIV-positive people you may well contract the virus".
SERIOUSLY?!?
"If you vote republican, you will slowly lose your personal rights".
THE HELL YOU SAY?!?
"If you vote democrat, you will pay a bunch more in taxes".
YEAH, I GET IT, IT'S OBVIOUS!
Let's see what happens with two FULLY-PATCHED browsers. Will FF still come out on top? Yes, I would imagine so. I'm not about to say IE isn't inherently more dangeruos than FF, because I think it is. But it's a question of degrees... are two completely up-to-date installs of FF and IE going to be *that* much different? I would seriously doubt it. I'd be willing to bet they are close enough that you could effectively ignore the difference (until your machine gets wiped out by the
It's interesting to me... I've been using IE all along... there are some things that annoy me about FF that keeps me from using it full-time. In all that time, I can count on one hand how many times I've been infected with anything. And, once I moved to Maxthon a year or so ago, I haven't been infected with anything even once. The difference between IE and FF is not THAT big, when you are fully-patched.
Talking about anything less is pointless... and yeah, I know the argument... "But grandma doesn't know she should be patching her browser and doesn't know how". Well, get grandma off the computer! We don't let kids drive cars because THEY DON'T KNOW HOW TO (neither do many adults of course, but I digress). Using a computer is no different than using any other tool: you can hurt yourself, and sometimes others, if you don't know how to use it. Can't you smash your hand with a hammer? Can't you cut a finger off with a can opener? Can't you badly burn yourself using your oven? There is a certain amount of risk to using any tool, and you accept that risk, but more importantly, you learn about the tool to some minimal degree that allows you to mitigate the risk as much as possible. People need to start doing the same with computers. Not everyone has to know how to hook a system call or spawn daemon threads in a VM or whatever else, but keeping a browser up to date, especially as relatively easy as it is today? Yeah, I'd say that's the MINIMUM level of knowledge one should have, and if you don't have it, git knit a sweater, you shouldn't be touching a computer.
Enough with all the "FF rules and IE sux0rs" crap... if you like one or the other, great, no problem, choice is good, use what you like. But enough with constantly telling me how unsafe I am using IE (or an IE derivative). My experience does not bear it out, and even if it did, the answer would still be what it's been all along: the USER is more at fault than the browser.
Hey, when something gets through FF by the way, do we start screaming that it is insecure and no good? Of course not! We first ask "well, what did the USER do to let the garbage in"? Because OF COURSE it could never be FF's fault. And you know what? 9 times out of ten, it isn't! Just like 9 times out of 10, it isn't IE's fault... ok, to be fair, 8.5 times out of 10 for IE... like I said, I don't doubt FF is a bit better.
Ok, I'm done, rant over.
Re:Yet another lame FF ra-ra post (Score:2)
That being said, I am *also* more than experienced enough for it to not be a major risk because I know what activities to avoid. As I indicated in my original post, I've had scant few malware infections ever (only one I can think of that was of any severity, and that was completely my fault), and I have not had a virus infection in well over 10 years.
So, I would NOT say running as admin being more dangerous is a myth, but
File Permissions (Score:2)
How many of the infections are caused by the silly default perms th
Re:File Permissions (Score:2)
Re:File Permissions (Score:2)
Taking it to the next level (Score:2)
I'll probably be alright using Firefox on Linux though.
Test the browsers yourself... (Score:2)
There used to be a "browser buster" on mozilla.org that would reload this URL (loading a new page each time) automatically in a frame. But I don't see that out there anywhere any more. Probably because the YRL was busted for a long time.
Re:Test the browsers yourself... (Score:2)
In other news (Score:2)
DUMBASS ZONK (Score:2, Funny)
Re:DUMBASS ZONK (Score:2)
Re:Or 100% if its a new installation... (Score:3, Informative)
Re:Or 100% if its a new installation... (Score:5, Insightful)
Get a router with NAT to block most of the bad stuff - and heck, disconnect IT from the internet. Get the computer working and as much security in place before going online with it.
A simple netgear or linksys router provides tons of protection and costs about $50... definitely worth the time saved from reinstalling windows once or twice.
If you're really paranoid, download the security patches and burn them to CD so you can install them without going online.
Re:Or 100% if its a new installation... (Score:2, Troll)
The real solution -- Microsoft should be sending free updates to all registered XP owners with updated CD's that contain pre-patched installation
Re:Or 100% if its a new installation... (Score:2)
Yeah, by installing Linux. When an operating system can't even install and update itself in a networked environment without become an infected cesspool, then it's the fault of the operating sy
Re: (Score:3, Informative)
Re:Or 100% if its a new installation... (Score:5, Informative)
I don't remember the particular release of Red Hat.
Ditto for Win2K (Score:2, Interesting)
Before it was done installing I'd been rooted and someone had already started making ISO'd warez available.
Needless to say, I don't forget that part anymore (hey, it was 3 AM or something).
Re:Or 100% if its a new installation... (Score:2)
I think you'd be really amazed at the sweep scans going toward your box all the time; majority of them are targetted towards greate
Re:Or 100% if its a new installation... (Score:2, Insightful)
Re:Or 100% if its a new installation... (Score:5, Informative)
Heh heh. Here's how you avoid that: On XPSP1 installs, turn on the firewall before connecting. On XP without SP, you use the IP Filtering option, which has been there at least since NT4, and probably 3.51. Filter all incoming connections of all three filterable types (ICMP, TCP, UDP.)
I know you were just making a funny but maybe this will help someone clueless... or, if you were serious, someone more clueless.
Re:Or 100% if its a new installation... (Score:3, Interesting)
Re:Or 100% if its a new installation... (Score:2)
Re:Or 100% if its a new installation... (Score:2)
Re:Or 100% if its a new installation... (Score:2)
Re:Or 100% if its a new installation... (Score:2)
Won't affect your outgoing connections to download updates at all.
Re:Or 100% if its a new installation... (Score:3, Insightful)
Re:Or 100% if its a new installation... (Score:2)
Re:Targeted links to adware sites cropping up? (Score:2, Flamebait)
Re:Targeted links to adware sites cropping up? (Score:2, Insightful)
Re:I can't take it any more! (Score:2, Funny)
n : the central area of a church
Re:I can't take it any more! (Score:2)
Re:I can't take it any more! (Score:2)
Re:I can't take it any more! (Score:2)
With all due respect, the meaning of the word "leverage" in every example you gave is plainly obvious, and not really even that buzzwordy.
Within the business world, "leverage" is ABSOLUTELY NOT a meaningless buzzword -- no more so than "quantum" is a buzzword in the science community. In case you really don't underst
Re:I can't take it any more! (Score:2)
Really? Let's try replacing the word 'leverage' with the word 'use' in all the three examples, and see if we lose any significant meaning:
Most of the exploits that used IE vulnerabilities to plant spyware were based on ActiveX and JavaScript, said Gribb.
World Wind uses satellite imagery and elevation data to allow users to experience Earth terrain in visually rich 3
Re:a quiet sense of dread... (Score:3, Funny)
Well you asked for it....
The reason why Firefox is safer is that you don't have to 'hang 10' seconds while the domain infects the first Internet Explorer configuration.
Re:What are those 0.6% evil sites doing? (Score:5, Insightful)
They're popping up a dialog box that says "To view this site, you must install the "Fuck My Computer Up Beyond Recognition" ActiveX Control". Please click "Yes" to continue."
Sad but true. Most people just blindly click "OK, YES, I AGREE". There's no good way to stop that.
Re:What are those 0.6% evil sites doing? (Score:2)
=)
Re:What are those 0.6% evil sites doing? (Score:2, Redundant)
Re:What are those 0.6% evil sites doing? (Score:2)
Re:What are those 0.6% evil sites doing? (Score:2)
Still not got into the reflex of downloading FF as the very first thing.. bad I know.
Re:What are those 0.6% evil sites doing? (Score:2)
Re:Also in the news: (Score:2)
Seriously, somebody queue up Ric Romero from Fark...
/troll, I don't care.
Re:Browse safely and smarlty![sic] (Score:2)
If by "browse smartly" you mean "only visit one or two well-known sites and go noplace else", then I agree, you probably won't get hit. But one of the points they made in this study was that spyware installed itself in a 'drive-by' fashion, with or without user interaction. Sometimes those suckers come from 3rd part ads on wel
Re:Browse safely and smarlty![sic] (Score:2)
I'm not sure if you were serious about disabling ActiveX, Java, and Flash completely, but you forgot to mention JavaScript. IMHO, it's usually more annoying than Java, which at least runs in a sandbox.
Re:Browse safely and smarlty! (Score:2)
Yeah, let's bet on smart in a country where GDubya won a majority of the vote.
Re:Browse safely and smarlty! (Score:2)
With any browser that auto-executes any form of code that isn't trusted (or otherwise interferes with the browser or system), you have a vulnerability. It might not necessairly be a security leak, but it can and will disrupt normal operations.
In particular, I'm talking about:
- The Firefox Sun Java plugin, which locks the browser whi
Re:Browse safely and smarlty! (Score:2)
Re:Who was the target? (Score:3, Informative)
IE is the primary target because it is unsafe.
Even back when IE was the minority browser, in 1997, when MS introduced "Active Desktop" it opened up a MASSIVE flood of malware targeting the gaping hole they created. There was no similar attack on netscape or Mosaic.
No, IE is the primary target because it is unsafe, and it (or more properly the HTML control) is unsafe because it is inherently unsafe to give one component that kind of responsibility over
Re:Who was the target? (Score:2)
Err, no, you would be thinking of Internet Explorer there Every time there's a new release of IE we are required to hold off on upgrades until the IT guys at the head office update the intranet sites to work with it. Most large companies have to behave the same way. And have you seen the complaints about pages broken by the IE7 beta?. Newer versions of Firefox work better on more pages, because unlike Microsoft they
Re:How much safer? (Score:2)
Still not perfect, but it is almost 20 times safer.
The version that wasn't set to default accept had a 0% spyware infection rate.
Re:Just an observation... (Score:2)
Do not use IE, we will install Firefox on all machines with a broadband ISP or dialup that isn't AOL.
Do not install any toolbars if you have to use IE. (I know that google & yahoo are supposedly safe, so what)
All pop ups are evil, do not click on any.
All ads for anything to stop spyware, are spyware. We install Ad-Aware and Spybot, update and run at least weekly.
Since starting this we have fewer comebacks for infected machines and much happier
Can you feel AOL's hand? (Score:2)
2 cents,
Queen B
Re:FireFox v IE (Score:2)
Yes - my sister and brother-in-law. They won't read this article here of course, but I've read it and use such things when asked my opinion. They've moved over to Firefox, and they're about 80% convinced to move to OS X too.
Now to the rest of the post:
I challenge anyone to disagree; but with an intelligent argument, not just emotion and flame. (BTW, I don't mean a clever 'flame' argum