Firefox and your system's security
I wanted to post this story because it strikes me as a very good counter-weight to a flurry of recent so called Firefox 'security problems'.
2 years ago I made my best friend's mother a new computer. I installed it with windows 2000, a firewall, zonealarm, norton antivirus, and, most important, I told her she had to use Firebird browser, that's the old name for Firefox.
She had asked me to look at it because she was seeing a messenger pop up alert telling her to 'upgrade her security by clicking the button', which is very funny, I will post a screen shot of it later, it's one of those windows messenger exploits that were popular a few years ago, which I hadn't seen for a while. I turned off the windows messenger feature [control panel, services, messenger, disable and stop] then took a closer look at the machine.
I hadn't looked at this machine until today. She connects using dialup modem, and a few months ago had some issue with Norton, called their tech support, and they told her to remove Zonealarm. She also had norton internet security [I hate using that term in reference to norton products, but it's what they call it...], but all the features were disabled, especially the firewall. So their tech support people basically removed the front line defense she had, and she went on her way.
When I finally looked at the machine, I had forgotten most of the setup stuff, I was surprised to see firebird browser, and that she used it. I had told her in no uncertain terms the risks of using IE, and she had listened, and has never used IE on this box.
There are as far as I can tell no malware items on this box after 2 years. Amazing. This may be the first time I've looked at somebody's box and found no malware on it. And it's not a coincidence: IE has never been used to browse the internet.
Since she has never invited in malware by running a browser that supports active x controls, she has never gotten malware. End of story. Forget all the FUD about Firefox security holes. They are pin pricks, and IE ones are canyons.
In fact, no friend I have setup with Firefox has had any significant issues with spyware, malware, or anything else.
I updated her machine for her, following Vkaryl's excellent advice to use AVG free antivirus, I put back on zonealarm, updated the now ancient firebird 0.6 to Firefox 1.0, and will soon upgrade her Outlook Express to Thunderbird, although she does not report getting spam or many viruses on her current account so it's not strictly necessary to do that switch at this point. I may wait for a few versions, there are some thunderbird bugs I'd like to see worked out first.
Another key note here: she has never used the Outlook preview pane feature, and has simply deleted all spam and viri without viewing it. This combination of good practice and safe software has created a reasonably safe machine. And this is not a computer savy person, to put it mildly, but would be almost a perfect average user, with the one exception that she actually paid attention to the advice she was given, and followed it.
Buoyed by this complete affirmation of why you shouldn't use Internet Explorer, and the benefits of not doing so, I am now going to begin the process of moving some older friends, who only need basic features like browing, email, and word processing, to Beatrix Linux, which will work exceptionally well on slower old hardware, as long as there are more than 128 mB of ram. That's real security. And stability.
Microsoft knows this is true, the forum admin for beatrix reports that his number one visitor source is currently, 1, and 2, the redmond MS IP address range, and second, a british MS consulting group's IP range. MS knows that many windows users simply do not need what windows is offering anymore, and really don't need the constant security headaches.
Back to top
i've always gotten away with just deleting the messenger file. it got annoying when using outlook that it would launch everytime. simple solution...delete the messenger exe file.
Back to top
Posted: Feb 27, 05, 9:00 vkaryl
Joined: 31 Oct 2004
Location: back of beyond - s. UT, closer to Vegas than SLC
I'm pleased to see the validation of my own therories regarding my machines and IE - or lack thereof of course.
I'm perfectly convinced that since all of the Win updates are due to IE crap, I don't have to bother. I run IE ON MY LOCALHOST SERVER ONLY to verify websites before uploading. That's it....
You might see if your friend would consider using the latest MailWasher version, just as an added layer of protection for her mail, at least until T'bird gets fixed. It's not very expensive, and it allows you to control mail ON THE SERVER before it ever gets to the machine. MailWasher
Back to top
All times are GMT - 8 Hours