Hackers have long insisted that steering clear of Microsoft's Internet Explorer browser is one of the easiest ways to protect computers from many of the security threats that lurk on the Internet.
That suggestion is often greeted with apathy or angry accusations that the geek in question was indulging in Microsoft-bashing -- admittedly a not-uncommon activity in hacker circles.
But last Friday, in response to the latest security exploit involving Microsoft products, the usually staid U.S. government's Computer Emergency Readiness Team, or US-CERT, published a warning strongly suggesting that users of Microsoft's Internet Explorer should switch to another Web browser, due to "significant vulnerabilities" in technologies included in IE.
Gary Schare, director of the Windows Client Division at Microsoft, said that CERT's advice had been misrepresented in much of the press coverage.
"Microsoft certainly respects the work CERT does to help protect the Internet and users. Regarding the consideration that users switch browsers, it is unfortunate that the published articles have misrepresented CERT's suggestions, and we are working with CERT to clarify their advice," Schare said.
But many evidently took CERT's warning to heart and downloaded Mozilla or Mozilla's Firefox, free, open-source Web browsers developed and distributed by the Mozilla Organization, who resurrected the remnants of Netscape after it was purchased by AOL in 1999.
Downloads of Mozilla and Firefox -- an advanced version of Mozilla -- spiked the day CERT's warning was released, and demand has continued to grow. According to Chris Hofmann, engineering director at the Mozilla Foundation, formed last July to promote the development, distribution and adoption of Mozilla Web applications, downloads of the browsers hit an all-time high on Thursday, from the usual 100,000 or so downloads on a normal day to more than 200,000.
Hofmann said the Mozilla team wasn't surprised when CERT issued its warning.
"Mozilla and Firefox downloads have increased steadily since last fall, with the Firefox user base doubling every few months, as more people seem to have reached their threshold level of frustration dealing with problems with IE and Windows, and have found the Mozilla software a good solution to solving those problems," said Hofmann. "CERT's recommendation is just a reflection of the trend we have seen for quite some time." Security experts said Mozilla's lack of ActiveX support makes the browser more secure than IE. ActiveX was intended to allow websites to add multimedia and interactive features, but has lately been used to slide spyware onto PCs without the user's knowledge or explicit consent.
"ActiveX allows programs to run in the browser," said Patrick Hinojosa, chief technology officer at Panda Software, a security software vendor. "It is a big part of the security equation, as most IE users don't have this locked down by default."
"But there have also been some exploits of the IE browser that had nothing to do with ActiveX," Hinojosa added. "There have been numerous IE patches issued over the last year or so."
Mozilla's Hofmann agreed that ActiveX is only part of the story, pointing also to IE's tight integration into the Window's operating system, and differences in IE and Mozilla's default security settings and architecture as other reasons why Mozilla browsers are more secure.
"Tight integration of the browser with the operating system provides some convenience and power for Windows developers and users, but has also been a continuing source that allows malicious hackers to leverage that same convenience and power for their exploits," said Hofmann.
"Most of this convenience centers on the default protection mechanisms for downloading, installing and running executable programs without the knowledge of the user or any intervention by the user."
Mozilla requires users to acknowledge and grant explicit approval to any situation that involves downloading, installing or running executable code or any other potentially risky operation. A well-patched version of IE usually does the same, but Mozilla can also interrupt automated attacks and keep malicious code from being run, features that have saved Mozilla and Firefox from being vulnerable to many of the problems that have plagued IE users.
But some security experts believe that Mozilla's biggest security benefit is that the browser is not in wide use yet.
"It is not so much a question that one browser is inherently safer than another, but the fact that so many people use Explorer," said Carole Theriault, security consultant at Sophos, a security software vendor.
"Microsoft is targeted because they are so successful. And they have a hard job ahead of them. Something like 90 percent of the world's computers run Microsoft operating systems. This homogenous environment is attractive to those cyber criminals looking to make some kind of impact."
Hofmann also credits Mozilla's open-source development model with the browser's security successes.
Every change made to Mozilla applications is first peer reviewed by at least two engineers who are familiar with the code and overall architecture of the system before the new code is allowed into the product. Then the product goes though a series of automated tests and evaluations, after which Mozilla users and the development community are invited to review the impact of each change by downloading the test builds that are produced two or three times a day.
"All kinds of hackers, from junior high school whiz kids to graduate students to seasoned engineers that work for companies that use and deploy Mozilla technologies have the code available to study and improve," said Hofmann.
Microsoft's Schare said that Microsoft also continues to work to improve the security of Internet Explorer, and said focusing on security is a top priority for the company.
Schare said the Windows XP Service Pack 2 with Advanced Security Technologies, expected to be released later this summer, will deliver improved security infrastructure that will help reduce a PC's vulnerability to certain types of attacks. It will also include a new pop-up blocker and download monitoring tool that will help reduce unwanted or potentially malicious content and downloads.
"As for last week's IIS issues, Microsoft is aggressively working to provide a comprehensive fix for all supported versions of IE," Schare said. "This will be released once it has been thoroughly tested and found to be effective across the wide variety of supported versions and configurations of IE. In the meantime, we have provided customers with prescriptive guidance to help mitigate these issues."
5 komentarzy:
[u][b]Xrumer[/b][/u]
[b]Xrumer SEO Professionals
As Xrumer experts, we have been using [url=http://www.xrumer-seo.com]Xrumer[/url] for a sustained fix now and recollect how to harness the colossal power of Xrumer and build it into a Cash machine.
We also yield the cheapest prices on the market. Many competitors see fit expect 2x or temperate 3x and a end of the opportunity 5x what we pervade you. But we feel in providing great accommodation at a debilitated affordable rate. The whole incidental of purchasing Xrumer blasts is because it is a cheaper alternative to buying Xrumer. So we focusing to abide by that contemplating in cognizant and yield you with the cheapest standing possible.
Not simply do we have the most successfully prices but our turnaround in the good old days b simultaneously payment your Xrumer posting is super fast. We intention secure your posting done before you certain it.
We also provide you with a ample log of successful posts on contrasting forums. So that you can catch a glimpse of also in behalf of yourself the power of Xrumer and how we be struck by harnessed it to help your site.[/b]
[b]Search Engine Optimization
Using Xrumer you can trust to see thousands upon thousands of backlinks in behalf of your site. Many of the forums that your Install you settle upon be posted on get high PageRank. Having your link on these sites can categorically help strengthen up some top dignity help links and as a matter of fact riding-boot your Alexa Rating and Google PageRank rating through the roof.
This is making your instal more and more popular. And with this developing in regard as familiarly as PageRank you can envisage to appreciate your milieu really superiority expensive in those Search Engine Results.
Traffic
The amount of traffic that can be obtained by harnessing the power of Xrumer is enormous. You are publishing your situation to tens of thousands of forums. With our higher packages you may equivalent be publishing your position to HUNDREDS of THOUSANDS of forums. Imagine 1 post on a all the rage forum drive almost always enter 1000 or so views, with signify 100 of those people visiting your site. Now devise tens of thousands of posts on in demand forums all getting 1000 views each. Your freight longing go sometimes non-standard due to the roof.
These are all targeted visitors that are interested or singular in the matter of your site. Imagine how innumerable sales or leads you can fulfil with this considerable loads of targeted visitors. You are literally stumbling upon a goldmine bright to be picked and profited from.
Reminisce over, Traffic is Money.
[/b]
GO YOUR CHEAP ERUPTION TODAY:
http://www.xrumer-seo.com
[B]NZBsRus.com[/B]
Dismiss Laggin Downloads Using NZB Downloads You Can Quickly Find Movies, PC Games, MP3s, Software & Download Them @ Flying Speeds
[URL=http://www.nzbsrus.com][B]NZB Search[/B][/URL]
Predilection casinos? performance this advanced [url=http://www.realcazinoz.com]casino[/url] advisor and wing it naval disrate online casino games like slots, blackjack, roulette, baccarat and more at www.realcazinoz.com .
you can also into our palatable undergo [url=http://freecasinogames2010.webs.com]casino[/url] pass done with something at http://freecasinogames2010.webs.com and do in forthrightly satisfactorily away !
another late-model [url=http://www.ttittancasino.com]casino spiele[/url] consideration is www.ttittancasino.com , preferably than of german gamblers, make up in unfettered online casino bonus.
prepositor in the custom of all to look upon this gratis [url=http://www.casinoapart.com]casino[/url] hand-out at the unsurpassed [url=http://www.casinoapart.com]online casino[/url] signal with 10's of stylish [url=http://www.casinoapart.com]online casinos[/url]. actions [url=http://www.casinoapart.com/articles/play-roulette.html]roulette[/url], [url=http://www.casinoapart.com/articles/play-slots.html]slots[/url] and [url=http://www.casinoapart.com/articles/play-baccarat.html]baccarat[/url] at this [url=http://www.casinoapart.com/articles/no-deposit-casinos.html]no ooze casino[/url] , www.casinoapart.com
the finest [url=http://de.casinoapart.com]casino[/url] recompense UK, german and all as a remains the world. so in kind of the choicest [url=http://es.casinoapart.com]casino en linea[/url] corroborate us now.
[url=http://www.onlinecasinos.gd]online casino[/url], also known as accepted casinos or Internet casinos, are online versions of routine ("chunk and mortar") casinos. Online casinos own gamblers to pick up unit in and wager on casino games capital of the Internet.
Online casinos typically upon odds and payback percentages that are comparable to land-based casinos. Some online casinos affirm on higher payback percentages in the mending of importance automobile games, and some dispatch payout consequence profit audits on their websites. Assuming that the online casino is using an okay programmed indefinitely amphitheatre troupe generator, list games like blackjack plead in the service of an established grant edge. The payout allot up instead of these games are established during the rules of the game.
Multitudinous online casinos contract or cast their software from companies like Microgaming, Realtime Gaming, Playtech, Worldwide Artfulness Technology and CryptoLogic Inc.
Prześlij komentarz