Author Topic: Microsoft Security Essentials 2.0 beta has been released a few days ago.  (Read 20457 times)

0 Members and 1 Guest are viewing this topic.

YoKenny

  • Guest
can you name the ten last flaws in FF (for the last month)?

Quote
Mozilla patches 16 security bugs in Firefox 3.6
http://www.computerworld.com/s/article/9179504/Mozilla_patches_16_security_bugs_in_Firefox_3.6

Dch48

  • Guest
can you name the ten last flaws in FF (for the last month)?
There was a huge fix package issued very recently with a lot more than 10.

YoKenny

  • Guest
can you name the ten last flaws in FF (for the last month)?
There was a huge fix package issued very recently with a lot more than 10.
There are those that can count in decimal and know that 10 is more than 2 ;)

Hermite15

  • Guest
I see our Internet Explorer warriors are back on track ;D ...yeah, just two so far, and counting ? ;D ...you see guys, the problem with Firefox is that most security flaws that are found (in labs) rarely (or never) make it to the desktop, when at the opposite most of the Internet crap will land on your systems through...Internet Explorer (I hate swearing sorry, and I always got the feeling to swear when I say or write...I-N-T-E-R-N-E-T E-X-P-L-O-R-E-R... hope the forum software won't censor that ;D ). And on a side note Yokenny, you know what you can do with your sarcasms, as usual >>>, yes, there ;)

 Internet Explorer has been - oh yes, indirectly, as the ultimate malware vector - contaminating tens of millions of computers world wide since it exists. Internet Explorer must be patched continuously, some of it is considered unpatchable (no solution, dixit Secunia). Let the carnage continue, and enjoy ::)

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89439
  • No support PMs thanks
Until IE is totally separated from the OS integration, e.g. just a browser, then there will always be security issues as effectively if you exploit the browser you have exploited the OS. That is my reason for not using it as my primary browser.

If only I could get rid of it completely I would, but you can't because of its OS integration, which forces you to keep IE up to date even though you don't use it, to avoid OS exploits via the backdoor.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Dch48

  • Guest
IE8 was well behind a bunch of 3rd party applications in the last year in the numbers of vulnerablities found. It no longer can be the whipping boy and really never should have been. I've even seen a few professionals in the field saying that IE9 will probably be the browser they recommend to their customers for security reasons.
If you didn't know, the program with the most vulnerabilities was, once again, Firefox. The vendor with the most overall problems in their software was Apple.

Online polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33985
  • malware fighter
Hi Logos,

To turn the tables again will take a lot of propaganda and making somehow you cannot go around the built-in software browser. It is always funny to see that where critique on IE is concerned some mainly US users almost react as if you attacked their home-base. One must admit that building their browser deep, deep into the OS brought Windows an important leap-start against competitive third party software browsers. It was a clever trick and brought competitor Netscape to its knees. Their slower browser got already half way up from boot time while the other browser was not even launched from the desktop. Google independent process per tab browsing was the answer to that trick, and also was cleverly anticipated and off course now imitated by the Mozilla browser. The as per default installation also brought that the masses thought that IE was the only way they knew to go unto the web, the EU regulations brought another landscape since their regulations.
After leaning back for a long, long time, after numerous mishaps like with the ActiveX disaster, still haunting us with malware, finally MS realized that if they did not invest and improve their IE it would endanger their revenue streams and they woke up with IE8 and are even improving further with IE9,

Alas there has not been any monopoly since the Roman Empire that lived forever and it seems Google for one could come as  a serious threat to the Windows mono-culture.

And I really don't know if IE would have NoScript, RequestPolicy and AdBlock+ extensions for it, I would consider going back to IE. For now the blue e browser is only for updates and upgrades because that is vital for the security of the OS. But I would not come running to defend any browser....
And about the many, many bugs in Mozilla, well I have been a Fx test-pilot for some time and they have a large developer base to file bugs, loads of them are made public and are quickly patched, also cause regressional problems, that has to be dealt with,
and open source and propriety source cannot be compared, as apples are no pears and both do not taste like bananas...

polonus
« Last Edit: July 25, 2010, 10:49:15 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76029
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
For now the blue e browser is only for updates and upgrades because that is vital for the security of the OS.

+1
There's nothing more to do with it... ;)
Here IE only gets the rights it needs to update, that's it. Everything else is blocked..!
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48700
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Here, I use all the major browsers:
IE, Firefox, Chrome and, Opera.
They all have some features not available in one or all of the others.
Browsers are a tool nothing more. They aren't something to be worshiped or whipped.
I was also always of the impression that it was the folks who wrote the malware that where
responsible for making the internet unsafe. Without them, there wouldn't be any exploits.
But, what do I know, I'm from the old school.  ;D
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v24H2 64bit, 32 Gig Ram, 1TB SSD, Avast Free 24.4.6112, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Online polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33985
  • malware fighter
Hi bob3160,

Right there are malcreants, they did it in the past to be better than others (in the past) and now they do it for Cybercriminals for illegal revenue, but there are always two sides of the coin, there is the cat and there is the bacon. If you have a lot of delicious bacon ready there you proverbially bind the cat to the bacon, you might be familiar with that good old proverb?. Well some developers make their software much easier exploitable as other developers. To say all browsers are browsers and it is only the evil ones to blame that try out "da evil code" against it, is just telling the story from one point of view, in that case the poor developers of browsers are left off the hook, for what can they do? ... evil hackers you know. What a lame excuse for "the inventor" of DirectX in Internet Explorer. He should have you for boss, bob, "evil hackers, boss, not much we can do here...". ;D "Sure, my friend, browsers are browsers you know",

polonus

P.S. And to try the exploitable is always goin' on: http://www.mikeonads.com/2008/07/13/using-your-browser-url-history-estimate-gender/
« Last Edit: July 26, 2010, 12:38:30 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Hermite15

  • Guest
Quote
I was also always of the impression that it was the folks who wrote the malware that where
responsible for making the internet unsafe. Without them, there wouldn't be any exploits.

Bob the point here is that there's a browser integrated into our operating system that's an open door for these guys... there's always been guys like that, in real life before the Internet, and there will always be guys like that.

 Weren't we talking about MSE 2 beta? ...not blaming anyone, I've been off topic too ;)

Online polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33985
  • malware fighter
Hi Logos,

Well you spotted that specific trait of that software and the close relationship to the embedded MS browser, that became a main topic of discussion in this thread because it is an essential factor and then you cannot say we are off-topic, we were sort of "forced to go that way" by the nature of this software itself. So that means that MS still will use the deeply embedded function of their browser and interrelation to the OS to their full monopolistic benefit, so one could say in this respect security did not come at the first place - there is much more exposed attack surface that way, no one can deny that, no one. Well we here all know that letting users have the false impression that using their software out of the box is secure is still hunting us and all inexperienced users until this day. Who of the average users know about surfing with normal user rights, who has all their third party software fully updated and patched? I think that will create more negative impact security wise than all the malcreants together can launch, because that gives the latter the platform to abuse and go on exploiting. Yes, folks, 3.6 million zeus bot ridden machines only in the U.S.A. alone is the proof of that!

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Dch48

  • Guest
Well I do not run my machines with limited user rights either.  I want to be able to do what needs to be done without having to keep changing settings back and forth. There are people who know about all these things that "experts" recommend but choose not to do them if they decrease usability and/or enjoyment of their machines. I also do not much care about open source. I think the only app I use that is open source is 7-Zip. To me the words Open Source attached to an application are the same as a caution flag.

I also feel that the integration of IE into Windows has been far more of a boon to the computer world than a problem. It has made software developers jobs much easier when programming net access and updating mechanisms for their applications. They just use the settings of IE and the user does not have to set anything up. Sure the pond scum have taken advantage of this like they do everything but that's no reason to condemn IE or MS any more than any other thing that gets hacked into.

As far as the new MSE goes, it looks promising but I just recently dumped the current version on the Vista machine because of problems upgrading it and then getting updated defs afterwards. Until they fix those problems and get a better and more frequent updating mechanism, I will not try it again. MSE is the only MS application that I can think of that has not worked flawlessly for me. Some others I don't use because I don't need them or like them but they always work.

With 2.0 it seems to me that they are trying to accomplish two things besides improving the program itself. One is to encourage people to use IE and the other is to make people think harder about giving up XP and moving to W7.

« Last Edit: July 26, 2010, 01:40:43 AM by Dch48 »

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48700
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Logos,
I believe in Europe you now have the right not to have IE integrated in your OS ???
So I guess that excuse will soon not hold any water.  :)
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v24H2 64bit, 32 Gig Ram, 1TB SSD, Avast Free 24.4.6112, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Hermite15

  • Guest
Logos,
I believe in Europe you now have the right not to have IE integrated in your OS ???
So I guess that excuse will soon not hold any water.  :)

you don't get rid of IE in Europe either, it's always installed. Just the GUI isn't there. And I use a US version so... In Seven "US" you can "uninstall" IE...sort of; again it's just the GUI that disappears, the whole IE code is still there and active, used by many programs. IE is in Windows, any version ;)
 There's absolutely no difference between Seven/US and Seven/EU, concerning IE.
« Last Edit: July 26, 2010, 01:48:26 AM by Logos »