Damn Popups

[Cask]

There has been a fair bit of free publicity for firefox this week. Tech sites have been reporting the 25 million downloads for firefox 1.0, but more important to my post there was an article recently talking about how malware would start [url="http://www.computerworld.com/softwaretopics/software/story/0,10801,99685,00.html?source=NLT_PM&nid=99685]targetting firefox[/url] now it has become more widely used.

Today I was browsing the web, minding my own business and what do I find? A big nasty popup in the middle of my screen.

I'm guessing that this popup used javascript to appear on my screen, as I found that while building a website it was pretty easy to get javascript popups to work in firefox even with my abysmal HTML skills.

It's not a big deal, I can disable javascript without impeding my surfing too severely, but I'm wondering if this is the start of a slippery slope? Is Firefox's popularity going to be its downfall or is it really secure enough to stand up to the increasing numbers of attempts to find holes in the code? Anyone have an opinion?

 

[Jonty]

Hi Cask

I've always contended, to much abuse, that Windows suffers so many attacks because it is so popular. Yes, I happily agree that it may well be very insecure and badly constructed, but popularity (and thus 'recognition' to malicious developers) is an important factor in its constant state of bombardment.

I think the same can be said for Internet Explorer. Insecure and buggy? Yes (SP2 notwithstanding). However, it's possible it is targetted so much because it dominates the market. If this reasoning holds true then Firefox's growing popularity will place it within the sights of malicious users. The Javascript is just the beginning, as pop-up blocking usually just involves sniffing for certain types of code. By recoding certain things you can make them work without pop-up blocking getting in the way (ultimately all browser developers want to allow things like pop-ups, but only legitimate ones, so there is always going to be a balancing act between functionality and security).

As for 'proper' malware, the likes which IE seems so vulnerable to, I'm not sure how Firefox and co. will fare. In theory, with it's open-source structure and automatic updating, fixing problems should be an easy and quick task. Add to that it's apparently well-coded foundations and you should have a fairly robust line of defence, but I guess time will tell. Microsoft have a nearly unlimited resources and automatic updating and they still suffer.

One could argue that, now Microsoft has strengthened its IE team and has pretty much stated they will be releasing a pre-Longhorn IE update, that IE may remain dominant. Despite all of Firefox's successes (and I'm not knocking it, I've loved it since its buggy Phoenix days) it still occupies a tiny section of the market. Even IE5, now years outdated, presently has more active users than every other non-Microsoft browser ever made.

So, basically, I agree that as Firefox and non-Microsoft browsers grow in popularity, they will become the subject of more intense scrutiny by malicious developers (who, unlike IE, have access to the source code). Hopefully, however, Firefox and co. will have the ability to respond quickly and ensure they stay ahead of the game. Then again, maybe we won't even have web browsers in a few years, if access to information can become seemlessly integrated ...

Kind Regards

 

[sibanac]

Hi Cask

I've always contended, to much abuse, that Windows suffers so many attacks because it is so popular. Yes, I happily agree that it may well be very insecure and badly constructed, but popularity (and thus 'recognition' to malicious developers) is an important factor in its constant state of bombardment.

Jonty,

I'dd like to point out that Apache has always been much more popular then IIS, as are there more mysql servers on the internet then there are MSsql servers on the internet.
Yet as far as i can remember there hasnt been any apache or mysql worms, yet there have been a bunch of IIS and MSsql worms.

I think the thruth is samewere in the middle, the most attacked target is one that is easy and has a good market share.
I higher market share target will be left alone if the dificulty is higher then a lesser but still significant other product

 

[Jonty]

I think the thruth is samewere in the middle, the most attacked target is one that is easy and has a good market share.
I higher market share target will be left alone if the dificulty is higher then a lesser but still significant other product

Hi Sibanac

That's really what I was trying to say, albeit not very articulately, hehe

Anyway, I agree with what you're saying Sorry for rushing my post, I guess I should have been clearer.

Kind Regards