I read about how they said Firefox was so secure.. Hmmm...
Firefox Users Beware of New Malware
Posted 12.05.2008 by Frank J in Computers, Internet,
Make sure your antivirus definitions are updated as many vendors will have an update for this malware quickly.
Researchers at BitDefender have discovered a new type of malicious software that collects passwords for banking sites but targets only Firefox users.
The malware, which BitDefender dubbed “Trojan.PWS.ChromeInject.A” sits in Firefox’s add-ons folder, said Viorel Canja, the head of BitDefender’s lab. The malware runs when Firefox is started.
The malware uses JavaScript to identify more than 100 financial and money transfer Web sites, including Barclays, Wachovia, Bank of America, and PayPal along with two dozen or so Italian and Spanish banks. When it recognizes a Web site, it will collect logins and passwords, forwarding that information to a server in Russia.
Firefox has been continually gaining market share against main competitor Internet Explorer since its debut four years ago, which may be one reason why malware authors are looking for new avenues to infect computers, Canja said.
Users could be infected with the Trojan either from a drive-by download, which can infect a PC by exploiting vulnerability in a browser, or by being duped into downloading it, Canja said.
When it runs on a PC, it registers itself in Firefox’s system files as “Greasemonkey,” a well-known collection of scripts that add extra functionality to Web pages rendered by Firefox.
BitDefender has updated its products to detect it, and other vendors will likely follow suit quickly, Canja said. Users could avoid it by only downloading signed, verified software, but that’s a measure that restricts the usability of a PC, he said.
Or how about
Less than one day after its launch, Firefox 3 has a vulnerability.
According to Tipping Point's Zero Day Initiative, the vulnerability, which it rates as critical, was reported within the first five hours of Firefox 3's release.
"Once the vulnerability was verified in TippingPoint's DVLabs and acquired from the researcher, the vulnerability was promptly reported to the Mozilla security team," said a representative.
Although the Zero Day Initiative team does not offer specifics until the vendor has a chance to patch it, the blog post did say this vulnerability, which also affects Firefox 2, requires user interaction and could result in an attacker executing arbitrary code.
Mozilla is reported to be working on a fix.
The Zero Day Initiative has been criticized in the past for paying researchers who find vulnerabilities.
or how about
Firefox has its plate full when it comes to security. It has grown a substantial enough market share to place it in a strong second after Microsoft. This gives it a high profile and leaves it a desirable target to be exploited by hackers and malware writers. Worse yet, it has less money to fund security efforts that Microsoft, and according to some experts, less focus as well.
While small market share browsers like Opera and Chrome have built a reputation on their security (with Safari’s reputation for insecurity being a notable exception), Firefox continues to plod along in a day to day fight, trying to remain a secure platform while dealing with the challenges of browser celebrity.
Perhaps for this reason, Bit9, an application whitelisting firm that helps employers block employee access to certain apps, placed Firefox on the top its list of most vulnerable apps. The remaining spots on the list were filled out with more familiar names, with two through twelve respectively being: Adobe Flash & Acrobat; EMC VMware Player, Workstation, and other products; Sun Java Runtime Environment; Apple QuickTime, Safari, and iTunes; Symantec Norton products; Trend Micro OfficeScan; Citrix products; Aurigma and Lycos image uploaders; Skype; Yahoo Assistant; and Microsoft Windows Live Messenger.
The Bit9 study looked at several factors in ranking vulnerability. One factor was how popular the applications were. Another factor was how many known vulnerabilities existed, and how severe they were. Lastly, it looked at how hard patching was for the particular application.
In order to make the list, programs hand to run in Windows and not be centrally updatable via services such as Microsoft SMS and WSUS. Many say that the survey was unfair to Apple products because it kept easier patched Microsoft applications off the list.
In some ways, though Bit9’s list is a useful benchmark. It aptly points out that many networks have Firefox installations running on machines, without the system administrator being fully aware of the instance of these installs. Thus, despite the fact that most of the vulnerabilities looked at have been patched, the installs may not receive these patches immediately, until the employee upgrades to the next edition of the browser.
The study’s conclusions only marginally apply to the consumer market. However, when it comes to the business market, the study argues that picking or allowing employees to run Firefox, even with its security plug-ins, is a ticket to the IT danger zone as malware increasingly targets application layer targets such as Firefox.
So even experts state that MS IE is more secure than Firefox, especially in the business environment.
These articles come from Dec 5, 2008 to present.
As I stated.. IE 8 Beta 2 is the most secure and functional browser. Combine this with running Vista and you get even more built in security.. place on top of that 64 bit and Ultimate edition and a nice router.. you have a fortress.. add in bitlocker.. most hackers are hard pressed to infiltrate the system.
Also consider IE 8 Beta 2 installs several browers in 1 install.. given I run Vista Ultimate x64.. I have :
IE 8 Beta 2 x86
IE 8 Beta 2 x86 In Private
IE 8 Beta 2 x64
IE 8 Beta 2 x64 In Private
IE 8 Beta 2 x86 No Addons
IE 8 Beta 2 x86 No Addons In Private
IE 8 Beta 2 x64 No Addons
IE 8 Beta 2 x64 No Addons In Private
So I get a choice of which IE I want to use.. each one runs a separate instance and each one runs its own security..
Also setting the security tab to Med level and then customising non security issue settings to allow increased functionality without opening holes..
Also setting Cookies to Block third party will not stop incoming trojans.. but blocking the Addresses for the cookies left from trojans or tracking will prevent IE from allowing them to load on to your system.
I have used Avast AV in the past and recently also.. AVG has found many things that Avast has not found.. so it depends on what your preference is...
Personally I like Kapersky, but I don't like paying for it.. so I use AVG with Panda and Trend Micro to back up the results.. Spybot, I do not use Tea Timer or Browser Helper.. I only allow Spybot to scan my system and write protect my hosts file.. it does this by encrypting the domains and then encrypting the hosts file in such a way that only Spybot and Windows can alter the file.
You can disable the encryption using the Advanced settings checkbox, however I can't see any reason to decrypt the file.
Also UAC adds a security level when combined with Windows defender notifying you and blocking changes to the start up files and the OS.. Many disable UAC, but you should actually leave UAC operational and set it to quiet mode using TweakUAC.
If someone wants lessons on how to properly configure IE, then I would be glad to teach them..... So long as they are openminded and not a Firefox premadonna...
IE and Firecox both have exploits and security vulnerabilities.. Firefox is subceptable to Zero Day still through Quicktime faults that IE is not subceptable to.. the problems with Flash have been taken care of.. and IE 8 was patched for Zero Day 48 hours after detection.. Firefox users are still waiting a new build...
So please.. with all the $ MS has to dump into IE which they are doing.. and Mozilla is trying to stay up especially with Acid compliance... both browers are about the same with different lay outs...
in FF, you have to use No Script to block certain scripts.. which is an add on.. in IE, just go into security settings and put Scripts to either Prompt or Block.. it is built in.... In FF to stop Flash, you mostly have to use an addon.. in IE, you can set Active X controls to allow, block or prompt.... again built in..
IE allows you to re-arrange the tabs as you like.. again built in.. no addons needed...
It all boils down to preference.. IE gets updates every 2nd tuesday of the month.. or with major security risks.. within 48 hours of detection...
How long does Firefox take to fix exploits or vulnerabilities.. there are security risks in FF that have been outstanding since Dec 5.. IE's have been fixed 48 hours after detection.. so which is more secure?
Topic: Scanning your computer (Pestalence) (Read 4569 times)