25 replies to this topic

[eltak27]

Hi

I kind of lost a bit of confidence using IE and i've been using Mozilla's Firefox instead. Most malwares target IE (primarily CWS and all its variants), but how about other browsers, like Firefox for example, how confident should i feel using it, is it considerably more safe? I'm i still vulnerable to CWS?

Any feedback will be appreciated

[Tuxedo Jack]

You're invulnerable to CWS.

However, the rats over at ABetterInternet have developed a .XPI file, which is a Mozilla installer. All it does is pop up a request to install it. Just say Cancel every time, and it'll never hurt you.

I've heard that in version 1.0 of Firefox, only .xpis from Mozilla itself will install directly, and you'll be referred to the manufacturer's site for the others. That'll stop even the popups.

[eltak27]

Thanks Tuxedo Jack these are great news.

[Tuxedo Jack]

If you _really_ want to have some fun, try doing what I do - having _LOTS_ of browsers on one system.

I've got the following on my Win2K Pro box:

- IE (despite my most fervent wishes, and I neutered it so it won't run)
- Firefox 0.9
- Firebird 0.6
- K-Meleon
- Netscape Navigator 4.08
- Lynx

It's just so much fun to have multiple browsers.

[Archon_Wing]

Well, currently Firefox users don't need to fear much from browser hijackings, but they aren't invincible. You still need to stay patched with windows update and also watch what you download. (Don't download Kazaa!!-_-)

Edited by Archon_Wing, 20 May 2004 - 04:59 AM.

[Tuxedo Jack]

True, you have to exercise control over your downloads, but you'll be safe from web pages a la CWS and their ilk.

As for downloads, use InCtrl and monitor what gets installed. _DON'T_ download it unless it's absolutely necessary, as a general rule.

[Paranoid]

You're invulnerable to CWS.

However, the rats over at ABetterInternet have developed a .XPI file, which is a Mozilla installer. All it does is pop up a request to install it. Just say Cancel every time, and it'll never hurt you.

I've heard that in version 1.0 of Firefox, only .xpis from Mozilla itself will install directly, and you'll be referred to the manufacturer's site for the others. That'll stop even the popups.

Personally I would turn off the xpi installations mode until you need them. A extension easily allows you to toggle between the 2 modes

For sure the new Firefox. will prevent XPI installation requests from being autoloaded (similar to how it blocks popups), but I understand there is still quite a bit of debate over other ideas, such as whitelisting, blacklisting, signatures and the like.

[eltak27]

Hi

Tuxedo good suggestion, i was planning to do so but was not sure which browsers, i was originally thinking of Avant and Opera, but i will check the others too!!!

Thanks to all

[Archon_Wing]

The main thing about those xpi installs is that you have to be prompted first, so none of that drive-by crap. Yes, we'll always have a few people who will click yes to everything but most people will have a chance to say no at least.

[Paranoid]

The main thing about those xpi installs is that you have to be prompted first, so none of that drive-by crap. Yes, we'll always have a few people who will click yes to everything but most people will have a chance to say no at least.

True, but as more of those new users are coming to use Firefox, we want to protect them as much as possible.

In fact, currently 0.8 milestone, these xpi popups are even a greater annoyance than activex popups for inexperienced users. AT least in IE, the option to turn off activex is settable with the UI, while to turn off XPI installs in Firefox you need to change a crytc setting name after typing about:config in the addressbar. Also spywareblaster which blocks known bad activex controls, provides some protection,.

[SpywareDestroyer]

Mozilla 0.8 is still beta, so if u do not like betas, use Opera instead.

[Mike]

This XPI issue is still fairly new. It's being fixed for the next public release and it might already be fixed for the nightly builds.

[Freebird]

It's being fixed for the next public release and it might already be fixed for the nightly builds.

Do the nightly builds run alongside the regular Firefox installation, or do they install over it?

[Mike]

I couldn't tell you. I don't play with the beta releases.

[Paranoid]

It's being fixed for the next public release and it might already be fixed for the nightly builds.

Do the nightly builds run alongside the regular Firefox installation, or do they install over it?

You can put the program files elsewhere. The profile directory is generally reusable.

[Archon_Wing]

So when's the next version coming out?

[Paranoid]

When it's ready.

[Mike]

FireFox .9 is supposed to be out soon. Maybe in the next few weeks.

[Tuxedo Jack]

0.9RC is out, and it addresses the .xpis Flingstone and others have created with a three-second delay before the Install button appears.

There's not an option in about:config to increase/decrease that as of yet. To turn .xpis off, you still have to go to about:config and change xpinstall.enabled's value to "false."

There is, however, a Mozilla Update tool in the Tools menu, which leads me to believe that they're going to start writing patches and creating a patch.mozilla.org subdomain or something.

Edited by Tuxedo Jack, 09 June 2004 - 03:03 PM.

[Archon_Wing]

There's an option in the advanced menu that allows you to disable software installs.

[preston]

I'm currently using Firebird 0.7 but it was suggested to me that I switch to Firefox.

Any reason why I should ?

=

[Paranoid]

I'm currently using Firebird 0.7 but it was suggested to me that I switch to Firefox.

Any reason why I should ?

=

It's newer (0.8) ??

[wreck]

Were you aware that Firefox is the replacement of Firebird? It was renamed and updated.

[preston]

wreck,

No i wasn't aware of the name change.
Checking the Mozilla site, I took a look at their press release.

A couple of questions from anyone who might have upgraded ...

Any major improvements that you can't live without now that you have them.
Does Firefox install on top of my resident Firebird or is it a completely different application.

When I originally installed Firebird I had to go in and manually install some of the plugins which was a royal pain. Macromedia Flash and Shockwave were 2 that weren't part of the original Firebird 0.7 package.

Does Firefox 0.8 include most of the common plugins like Flash and Shockwave.


=

Edited by preston, 10 June 2004 - 02:19 PM.

[Mike]

If you've installed java, flash or any other plugin for Netscape, Opera, Mozilla, FireFox or Firebird, it will work in any of these other browsers. Any extension you've installed for Firebird will be there as long as you installed it in your user profile and not the application directory.

To upgrade, just delete the Firebird folder from c:\program files (or wherever you installed it). The new version should automatically detect your profile folder and use it.