FireFox? Mozilla?
What is wrong with Internet Explorer?
Perhaps Everything.
5/17/2005
Internet Explorer is the world's most popular
browsing software; the choice of 95% of all Internet users. It
does not mean, however, that it is the best. At this point in
time, it also offers some serious security problems that have
NOT been resolved by Microsoft.
We must, reluctantly, conclude that Internet
Explorer may still provide an open pathway to
allow criminals control of your computer. For general purpose
browsing, we continue to suggest Mozilla's FireFox until Microsoft resolves
outstanding security problems with Internet Explorer.
Note that the recent Windows XP SP-2 update included many important security fixes for Windows XP and Internet Explorer. However, we still do not trust that our security concerns have been completely addressed.
See our full report on the SCOB virus and other
Internet Explorer vulnerabilities:
http://www.softprose.com/information/antivirus/scob.shtml
Due to the
lack of a positive track record for security when surfing the Internet with Microsoft's Internet
Explorer, we invite users to install and try the Mozilla browser
"Firefox".
Firefox is a "pure browser", and is a viable alternative
to Internet Explorer. It is fast, clean, and elegant. FireFox
is the end product of years of work by the Mozilla (formerly
Netscape) open-source software project. Although earlier versions
of the "new Netscape" were flawed, many of these problems
have been resolved with FireFox.
FireFox
Users Guide:
A Users
Guide that we were pleased with can be found at:
http://www.nidelven-it.no/articles/introduction_to_firefox
FireFox is SMALL- the complete download is less than 5mb, putting
it in reach of nearly any user. It seems to be fast, and looks
(to the user) much like Internet Explorer. Instead of the clumsy
"Favorites" system, FireFox uses the Netscape Bookmarks
model, which is far easier to use and manage. Most importantly,
FireFox is not subject to the latest round of security threats
that are plaguing Microsoft's Internet Explorer.
FireFox's installation also includes an Import utility that says
it will import all Favorites, cookies, stored passwords, logins,
etc. from Internet Explorer, effectively replicating your current
experience with the new browser. This does not appear to work
100%, but most of it does work and it should preserve the majority
of your settings.
Tweaks
and Tips:
We found only a few tweaks to be desirable
in FireFox. The first is to go into Options, and to change Downloads
to "Ask for Download Location" instead of automatically
placing all downloads on the desktop. (CTRL-Y calls up the Download
Manager, another useful "Netscape" historical innovation.)
As with all browsers, installing Sun's JAVA
is a good idea and will resolve a host of problems with certain
sites. A quick JAVA download (requires a reboot) can be found
at http://www.java.com;
recommended for all machines.
Download:
FireFox 1.04 can be downloaded from http://www.mozilla.org, and downloads and
installs quickly. (Note that this version solves several recently discovered potential security issues with FireFox.) During installation, there may be an offer to install
"ThunderBird", a free Email client; we don't know anything
about this product (and are happy using Eudora, which is another
story, or Outlook- Assuming all the latest security patches are
applied!) FireFox is one of the components of the (12mb) "Mozilla
1.7 suite", which includes ThunderBird Email and other software.
We have been using FireFox and are impressed
by both its speed and the apparent full compatibility with the
majority of websites. In addition, the program has RESOLVED problems
our clients have had with some websites, including Microsoft's
own Hotmail.
There are, regretfully, some considerations. Banking websites are often written ONLY for Internet Explorer, a reprehensible and sloppy practice that we hope will soon end. Users may find some Style Sheets differences that may result in Font
and Line Colors not being properly displayed. FireFox wants the CSS (Style Sheet) color descriptions without surrounding Quote markes (No quotes, such as: "#FF00FF"). This follows the standard for Style Sheets, but these quotes were accepted by Internet Explorer and may have been incorporated into many web sites.
Also, the new ASP.NET program from Microsoft
will not render HTML properly (natively renders HTML 3.2, not
4.0 to anything but IE) to FireFox (or Netscape 7, Safari, Gecko,
Mosaic, or Opera) browsers without a patch in the web.config
file that tells it explicitly to render 4.0 HTML. If any developer
who gets this note needs these adaptations please write to us with the links below. We would
be pleased to provide the code that we have found successful.
Internet
Explorer- Can I fix it instead?
IF you choose instead to continue to use Internet
Explorer, there are ways to reduce your risk:
Automatic Updates are STRONGLY RECOMMENDED
IF you wish to continue using Internet
Explorer, Microsoft suggests running Windows Update (see the
Start Menu for Windows Update, or go to http://windowsupdate.microsoft.com) and installing
all Critical Updates. After installing your updates, RETURN to
Windows Update; there may very well be subsequent patches. You
should also set your PC on AUTOMATIC UPDATES. We suggest setting
your PC to update automatically whenever it is on, either at
9 or 10AM, or in the early morning if it stays running. Automatic
Updates can be set in Windows XP by right-clicking My Computer
and choosing "Properties" from the menu. Then select
the "Automatic Updates" tab, and configure to Automatically
Update at a set time each day.
In Windows 2000, the Automatic Updates feature
is a Control Panel item.
Modify your Internet Options:
Microsoft says to set all Internet Zone
security settings on their HIGHEST LEVEL. (We are unsure if this
offers real protection against these threats, however.) To do
this we need the Internet Options control panel. Go to Start
Menu > Settings > Control Panel > Internet Options.
(Or choose Internet Options from Tools menu inside Internet Explorer.)
Select the Security tab. Click on the "Internet" Zone,
If set on "Custom", first click the "Default"
button to reveal the slider. Move the slider from Medium Low
or Medium all the way to the top.
By the way, this will cause Internet Explorer
to demonstrate some VERY unusual behavior. No user will be comfortable
using the Internet with this high a setting, at least not for
very long! There will be a great many prompts, and also some
site features may not work. You will need to make good decisions
when you see these prompts, as accepting certain functions can
also accept the SCOB virus and it's variants.
Turn Off Javascript?
Another "Solution" is to turn
OFF Javascript. Javascript is a system for running website functions
inside your computer, and is essential to the operation of most
modern websites. Still, Javascript is the mechanism where this
particular security problem attacks your computer. Turning off
Javascript can be done in Internet Explorer from the Internet
Options control panel. (See above for how to access this.) Go
to the Security Tab. There should be a button for Custom settings
on the bottom right, press it. There is a long list of Security
options. Under the Scripting category, select DISABLE on the
radio buttons for all three items: "Active Scripting",
"Allow paste options via script" and "Scripting
of Java applets". Say OK twice to exit; Javascript should
now be DISABLED on your browser and you will be safe from this
current infestation.
"Power User" Mode:
Still another (partial) solution is to only
surf the web with a Windows 2000 Professional or Windows XP Professional
machine logged in with only "Power User" permissions.
In this state, software cannot be installed- and neither can
the infection. You can still GET the infection, and it may reside
on the machine and infect it in the future- but it should not
be able to install itself and perform its nefarious tasks. Note
that many corporations only permit computers to operate in "Power
User" mode.
Helpful
FireFox Links
FireFox Download
http://www.mozilla.org
Users Guide to FireFox (Excellent
reference)
http://www.nidelven-it.no/articles/introduction_to_firefox
Our info on the SCOB virus and Internet Explorer vulnerabilities:
http://www.softprose.com/information/antivirus/scob.shtml |
|
|
