2 weeks ago

Matts on 2004-08-05T08:27:53

Two weeks ago I spent the day at a major UK financial institution talking about our anti-spam service. One of the things they asked me was what they should be looking out for next. They feel that as a customer of ours they already have the email virus problem licked, and spam is mostly taken care of, but they expect there will be a new avenue of entry that they haven't thought about.

I talked to them about IM, but they outright block it (to the best of their abilities, via both firewall and proxy blocks). So the only thing I could think that they might be vulnerable to was Spyware. We spoke briefly about this and they asked what they could do. I told them to dump IE in favour of Mozilla or Firefox.

Amazingly they didn't seem too against the idea.


Firefox just starting to receive attention...

Dom2 on 2004-08-05T09:26:58

Whilst firefox is an improvement, it's still got problems of its own. Have a look at this demo for a good example.

-Dom

Re:Firefox just starting to receive attention...

jplindstrom on 2004-08-05T11:38:47

Wow!

That is so cool|scary!

Re:Firefox just starting to receive attention...

Matts on 2004-08-05T12:41:20

Yes it's true. On the plus side though I believe that updates come out more timely for firefox, and are less painful to install due to not requiring a reboot. And I have more faith that firefox will become more secure than I have in IE, but YMMV.

Re:Firefox just starting to receive attention...

Dom2 on 2004-08-05T13:34:25

I agree totally, I was more trying to point out that with eyes focussed upon it, firefox will probably have a lot more security incidents as time goes on. I think it's still overall a safer bet than MSIE, but it's disingenious to suggest that it's a security panacea.

-Dom

MS annoying their own advocates

ajt on 2004-08-05T11:14:46

Our IT dept is getting annoyed with SpyWare and AdWare and other malware that installs it's self via IE. So far they are not keen to swicth to another browser, they are very loyal to MS, but cleaning infected machines is starting to try their patience.

At the individual level, I'm converting people one at a time from IE to Firefox, and having some success. I find once people have installed Firefox they seem happy to stay put.

2 things about browsers

TeeJay on 2004-08-05T11:15:11

1) Firefox and Mozilla have always had the attention of their developers and some of the security tech people. Black hats may only just starting to notice or care about it but that doesn't concern me.

2) Given a choice would you rather have to admin 100's of peoples desktops and having to patch their O/S regularly just to keep on top of frequent critical flaws in their browser or upgrade only the browser and less often

Re:2 things about browsers

Dom2 on 2004-08-05T13:38:43

Point 2 is a bit of a straw man. The OS will need updates anyway, as will all the applications in use. I would imagine one of the reasons for not using firefox is that it's more maintenance hassle as opposed to simply having everything come through windows update.

-Dom

Re:2 things about browsers

TeeJay on 2004-08-06T09:00:37

It is a lot easier to test updates to parts of a system individually. I would expect any outfit with significant IT support to be very careful about updates to O/S.

Patching windows is known to be something you shouldn't do blindly as it can break key business applications. Also the patches often interfere with unexpected and unexplained parts of the system and behaviour.

It is a lot better to be able to apply a patch to just the browser, particularly if you have different versions of the O/S running. In fact if you are running older versions of windows such as 2000 (which is likely) then you won't even get patches to fix IE.

Also most, even dangerous, vulnerabilities in microsoft products have fixes shipped once a month, rather than as soon as they are discovered as is the case with firefox, etc.

You can't just say, 'oh well as this other stuff needs patching too', not if you care about you systems running reliably and without large ammounts of downtime.