RootsChat.Com
General => Technical Help => Topic started by: Nick29 on Saturday 06 February 10 08:28 GMT (UK)
-
I have always believed that the weak spot in Mozilla Firefox was in its 3rd-party plug-ins, and this has just been confirmed in a shocking revelation....
"Two Firefox add-ons available for months on Mozilla's website infected users with malware that stole passwords and opened a backdoor on Windows machines, the open-source browser maker has confirmed.
The add-ons, available on an experimental section of Mozilla's official add-on download site carried trojans that have been detected since 2008 by commercial anti-virus products. And yet they weren't removed until late January and earlier this week because a scanning tool used to vet add-ons during upload failed to catch the malicious files.
If a user installs one of these infected add-ons, the trojan would be executed when Firefox starts and the host computer would be infected by the trojan," a note on Mozilla's add-on blog stated.
Uninstalling these add-ons does not remove the trojan from a user's system.
http://www.theregister.co.uk/2010/02/05/malicious_firefox_extensions/
-
Hmm - But what are the add-ons? The article doesn't name them and in any case, anyone with decent security/firewall wouldn't be able to download any infected things anyway.
Lizzie
-
Hmm - But what are the add-ons? The article doesn't name them and in any case, anyone with decent security/firewall wouldn't be able to download any infected things anyway.
Lizzie
Sadly, the vast majority of people have minimal virus protection and no firewall (other than the weak one within Windows). A virus checker would only find the virus after it had been "dropped" by the Firefox plug-in, and a firewall would be of no use at all, if it used a browser which already had internet access.
-
Lizzie,
To quote from the site linked above, "Mozilla removed Master Filer on January 25 and nixed Sothink on Tuesday.". Can't say I've ever heard of them :-\
Sadly, the more popular Firefox becomes, the more it attracts attackers. And the same might be said for Linux, although that has other safeguards built in.
It's hard to imagine why anyone who uses the internet would not bother with anti-virus software, though of course the odd one might still slip through.
-
Nick29
If thats the best security breech you can find, then People should rush to install Firefox...Its far more secure & their at far less risk using Firefox than IE....
Steve
-
Its far more secure & their at far less risk using Firefox than IE....
Unfortunately this isn't always true. Depending on which "test" you read, every browser gets to be top or bottom of the best/worst securitiy risks at some time.
Sadly, the more popular Firefox becomes, the more it attracts attackers. And the same might be said for Linux, although that has other safeguards built in.
This is very true. If no one is using a program then there is not much point in hacking it. The more popular any program is, the more likely it is to attract hackers.
Rather than getting into the "best program"/"browser wars" yet again, every one should try and learn more about computer security, generally, and install the software that meets with their own personal security wishes and requirements.
Bob
-
Sadly, the more popular Firefox becomes, the more it attracts attackers. And the same might be said for Linux, although that has other safeguards built in.
Can't agree with that statement in respect of Linux. Can you provide an example of any Linux system having its security compromised by a Firefox browser?
It's hard to imagine why anyone who uses the internet would not bother with anti-virus software
I'm guilty of not using an anti-virus program and guess what, I have not been infected once since I stopped using one back in April-2009. As I suspected most talk of viruses is paranoid hysteria used by software companies to sell products.
-
Sadly, the more popular Firefox becomes, the more it attracts attackers. And the same might be said for Linux, although that has other safeguards built in.
Can't agree with that statement in respect of Linux. Can you provide an example of any Linux system having its security compromised by a Firefox browser?
I`d be interested to see any links/examples as well.
It's hard to imagine why anyone who uses the internet would not bother with anti-virus software
I'm guilty of not using an anti-virus program and guess what, I have not been infected once since I stopped using one back in April-2009. As I suspected most talk of viruses is paranoid hysteria used by software companies to sell products.
Whilst I do agree in part with your sentiments, I still run A/V & a few other security programs, for most (majority) it is wise to run A/V software. I presume you still have a F/W installed & use other safe-guards?
Most PC security is almost common sense, but sadly many get taken in by criminals with phising emails or "Too good to be true offers".....
I`d also presume you`d recommend that the majority run an A/V program?
Steve
-
I have a Firewall and I manually run a scan using MalwareBytes Anti Malware about every 7-10 days (if I remember).
Does phising come under anti-virus programs?
I just use my common sense and experience and it seems to work.
What worries me is that some people put too much faith in these so-called security programs and think they offer 100% protection - which they don't. Every forum I look at people with Norton and McAfee installed are always getting problems - normally trojans though. I haven't met anyone who has been infected specifically by a virus (in the strict sense of the word).
I don't normally recommend software and if people get 'peace of mind' through buying an expensive security program then I don't criticise them.
Ultimately if I do get infected then I know I can rely of sites like Bleeping Computer for help and guidance. Malware is just a set of files and all you have to do is remove them.
-
I have ZoneAlarm Security Suite, which picked up a Trojan (called Trojan-Spy.HTML.Bankfraud.hs) a few days ago, which was something to do with banking. Don't know what because it quarantined it and then deleted it. Strange thing is, although we do use internet banking, I have never used it on my laptop, nor do I have any passwords stored anywhere, in any case they have to be changed each time we log on. I have no idea what the Trojan intended to do, but it didn't do it.
I have a feeling it might have been connected to IE, as it seems to have tried to access the laptop the day I was using IE and not Mozilla.
Lizzie
-
Downside
Very nice reply...one of the very best I`ve read on most forums.
Does phising come under anti-virus programs?
Good question....No I believe it falls into using common sense, but if it contains a Virus/Trojan then an A/V may catch it.
You don`t sound too disimilar to me, I run a scan once in a blue moon, with approx 8Tb of HDDs to scan (on the PC I use) it takes a while, I did 1 HDD & it took IIRC 9hrs the other day.
You mention Norton and McAfee, I believe McAfee has a safe site thingy which seems to flag up sites that aren`t any threat, so if it can`t distinguish sites that aren`t a threat how can anyone trust it to flag up sites that are a threat, I`ve never really liked Norton...Had a few probs in the past.
As you say NO A/V software is 100% & it does come down to user knowledge.
But I`d still recommend that ALL Windows users use an A/V unless they have a lot of experience & knowledge.
There are Free A/V & F/W software available, but ultimately it comes down to a user to recognise a risk or something odd happening on their PC.
Steve
-
Nick29
If thats the best security breech you can find, then People should rush to install Firefox...Its far more secure & their at far less risk using Firefox than IE....
Steve
You make it sound as if I was actively looking - I found this when viewing The Register (which I do on a regular basis), so don't shoot the messenger !
I don't know why you have to be so on the defensive ?
As for "Its far more secure & their at far less risk using Firefox than IE" - that's a very rash statement to make, IMHO.
-
I'm guilty of not using an anti-virus program and guess what, I have not been infected once since I stopped using one back in April-2009. As I suspected most talk of viruses is paranoid hysteria used by software companies to sell products.
I don't normally recommend software and if people get 'peace of mind' through buying an expensive security program then I don't criticise them.
Ultimately if I do get infected then I know I can rely of sites like Bleeping Computer for help and guidance. Malware is just a set of files and all you have to do is remove them.
How do you know when your computer is infected ?
-
Nick29
If thats the best security breech you can find, then People should rush to install Firefox...Its far more secure & their at far less risk using Firefox than IE....
Steve
You make it sound as if I was actively looking - I found this when viewing The Register (which I do on a regular basis), so don't shoot the messenger !
I don't know why you have to be so on the defensive ?
As for "Its far more secure & their at far less risk using Firefox than IE" - that's a very rash statement to make, IMHO.
Ok.
I`ll admit, I posted a few links regards IE, which likely would affect almost 1 Billion PC owners.
The Firefox exploit may have affected........lets see ...Hummm........Hummmmmmmmmmmmmmmmmmmmmm
4,600 users, so my statement is Rash?????
I don`t shoot any messengers, this really is a scare mongering tactic, theres little or no threat to anyone... if the threat to IE was of a similar level I wouldn`t have bothered posting.
Steve
-
Steve, I was reporting something from a very well respected IT-related website. I don't think it was their intention to scare-monger, and it certainly wasn't mine.
The reason I said that your advice was rash because I would not want to make presumptions on the security of any software without knowing all the facts, and since I don't work for either Mozilla or Microsoft, then I don't.
-
Nick
Facts as far as I can acertain.
There are 1 Billion PCs in the world. 2008 figures, likely a lot more now.
http://www.gartner.com/it/page.jsp?id=703807
IE has approx 55% & Firefox has 30% of the userbase Worldwide, approximately.
http://gs.statcounter.com/#browser-ww-monthly-200812-201001
So I`ll guess that there are 1 Billion Windows users, thats a guess/estimate.
So FF is based on a userbase of 30million approx.
So 0.0001533% of Firefox users are affected.
Given that 100% of IE users are affected by the exploits that have been widely published that would equal 55million users. Don`t forget the exploits haven`t been fixed yet. Fact.
You say don`t shoot the messenger, but you started the thread " If you think you're safe with Firefox, think again... "
I`m just pointing out that you are wrong!
If I started a thread titled as your`s is I`d be able to back the title up, as I did in the IE thread!
I`m not & never would try & take away someones opinion, but if you post a thread like yours expect someone to take it up & post some opinions against it.
I`m sure you have some links/threads on other forums to back up your opinions as to how insecure & rubbish FF is?
I wouldn`t start a thread without a few links & you also mentioned Linux....not to sure you`d find much if anything there.
Steve
-
You say don`t shoot the messenger, but you started the thread " If you think you're safe with Firefox, think again... "
I`m just pointing out that you are wrong!
No, I'm not, because (even by your convoluted maths) there is a danger to some Firefox users. So it isn't safe, which is what the title said.
I also said that I had suspected for some time that plug-ins were the weak part of Firefox, and this was also proved.
I'm locking the thread now, because this thread was started by me to warn the unwary, not an invitation to start an adolescent fanboy war, because I'm 45 years too late for all that :)
-
Just in case anyone was concerned by another member's post, here's the reality:
http://www.scmagazineus.com/mozilla-recants-assertion-that-firefox-add-on-has-trojan/article/163611/
I'd rather see a software publisher be over-cautious and publicise a potential threat, even if it turns out to be a false alarm than spend months or years trying to brush it under the carpet... :-X
Moderator Comment: topics merged
-
I'd rather see a software publisher be over-cautious and publicise a potential threat, even if it turns out to be a false alarm than spend months or years trying to brush it under the carpet... :-X
So would I, and who would want to do that ? I'm not sure I understand what you're alleging, or who ? ???
-
Just in case anyone was concerned by another member's post, here's the reality:
http://www.scmagazineus.com/mozilla-recants-assertion-that-firefox-add-on-has-trojan/article/163611/
I`m going to make an educated guess here so I may be incorrect, but it wasn`t this thread?
http://www.rootschat.com/forum/index.php/topic,435665.0.html
Moderator Comment: topics merged
I'd rather see a software publisher be over-cautious and publicise a potential threat, even if it turns out to be a false alarm than spend months or years trying to brush it under the carpet... :-X
So would I,
100% agree with you, no ifs buts or maybes!!!!
and who would want to do that ?
Have you any suggestions? It isn`t Mozilla........Maybe its a very little known software publisher or perhaps its a very large software publisher?
I'm not sure I understand what you're alleging, or who ? ???
I`m little lost as well as to what you refer to? Are we talking about what Sofware Publisher, What member or what?
-
The browser war has been raging for years and will no doubt rage for many years yet.
- Every browser has it's fans and devotees
- Every browser has it's detractors and vilifiers
- Every browser has it's' merits and strengths
- Every browser has it's bad points and weaknesses
- Every browser has it's good security points
- Every browser has it's bad security risks
I think we are all getting fed-up with this constant bickering about browsers.
This topic is now locked.
-
Now it seems that discussing anything about the pros & cons of IE & Firefox isn`t allowed, either its a pro IE poster who locks His thread or a Mod that merges threads & then locks it.
I don`t see that there is any justifiable reason to lock a thread where no abuse or contravention of any rules have occured, at least I`ve never locked a thread on any forum I`ve been a Mod or Admin unless its gotten out of hand & believe me I`ve seen some very lively discussions.
So mindful of the above I`ve found the ultimate Firefox v Internet Explorer link......
http://www.bbspot.com/news/2005/01/firefox_vs_internet_explorer.html
Have a read, have a laugh, don`t worry its funny & you don`t need to be a Techie to understand.
Lets hope it won`t get locked, at least I won`t lock it. ::)
Enjoy.
Steve
Moderator Comment: topics merged
-
The Technical Help board was created to help members with specific technical problems.
The problems with "discussing" the benefits if IE as against Firefox is that there is a lot of hot air generated which has nothing to do with family history.
And as I said in my last posting, all browsers have good and bad points.
I am going to add this to the other topic, and I'll even unlock it,
but please, don't just keep going round and round in circles.
Firefox users will always find reasons why Firefox is better than Internet Explorer,
Internet Explorer users will always find reasons why Internet Explorer is better than Firefox
Chrome users will always find reasons why Chrome is better than .....
Opera users will always find reasons why Opera is better than ...
Safari users will always find reasons why Safari is better than ...
etc
etc
etc
and so on ad infinitum et ad nauseum.
Bob