lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <DFAB3C4F9F93E1468E28F4385CAC74CB016B789E@SBKE2KMB03.win.dowjones.net>
From: Edward.Crotty at dowjones.com (Crotty, Edward)
Subject: [in] Re: IE is just as safe as FireFox

I'm not a Win based guy (troll?) - Un*x here - and even I was offended by #1.

There is such a thing as "runas" for Windows.

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of devis
Sent: Friday, November 19, 2004 11:10 AM
Cc: full-disclosure@...ts.netsys.com
Subject: Re: [in] Re: [Full-Disclosure] IE is just as safe as FireFox


This message is primarily destined to all MS trolls, no matter their 
levels, and i can see so many in this list that i am happy to target a 
large audience.

Please run some unix or at least read about the unix permission system, 
and lets pray god this sheds some light in your mono cultured brains. 
Here are the relevant points:

1) Despite recent ameliorations of MS ( multi user finally, permissions 
... ) and some effort at making the system more secure, something very 
important is still left out: The first default user of the MS computer 
is made an administrator. This comes down to giving uid0 to ur first 
unix user. Unix does NOT do that. It requieres you to use su and become 
root ( administrator ) after proper credentials submission ( password ). 
The first user is NOT and administrator, and any recent Unix 
documentation will insist on the danger of running as root(admin). Unix 
keeps the admin account well separated from the user account, which MS 
DOESN'T, despite all wrong arguments i read on this list. VERY BAD 
practice generally. So its user friendly, as the user has admin rights 
and can therefore install and remove software and change major 
configuration. Majority of users don't and will never know there is an 
'administrator' user that hides from their eyes.
This little detail that apparently Ms people can't 'understand' is  a 
huge step. Please install a proper unix, create 2 accounts and try to 
read the home directory of the second user from the first.

2) "After all, they don;t need to know" . " You're on a need to know 
basis job"
Do MS really think the users are stupid ? Do understanding different 
IDs/ roles / accounts on a computer that much of a tough message to pass 
to the end user ? Isn't security important and supposedly the goal of 
recent MS developpements ? If they really did target security, their 
efforts will have been into making the user understand that he should be 
admin to install programs, and a non priviledged user to surf the web. 
IS that that hard to understand ? And that much hidden into high IT 
security professionnal unreachable knowledge ? I don;t think so. Doesn't 
a company such as MS has enough ressources to make that a priority and 
educate the users ? Off course it has. Just not very 'commercially' 
friendly as if user then understand roles, it might requires less Anti 
virus, personnal firewall and other bullshit FUD's scareware ( Yes its 
scareware, and it is the best selling software category OF ALL times of 
software history ).


This is why, Firefox being independant from this OS that carries 60 of 
its code base as being legacy code for older system hardware and 
backward compatibility, is likely more secure than the in house 
integrated application. Now if u are running Firefox as an administrator 
.....don't be surprised if something happens. Don;t blame the software, 
but your poor security practices.

Lets not hide from ourselves whats needed from MS to reach modern world 
security:
a complete rewrite, and a ditch of old Dos base and the 20 years old 
legacy code.

Hopes that clears things.



Rafel Ivgi, The-Insider wrote:

>Firefox is not intgrated to the OS, because it doesn't have an OS.
>Its just a trimmed Mozilla for windows..
>However Mozilla in Linux is integrated at some level...so they are just the
>same as I.E.
>
>
>Rafel Ivgi, The-Insider
>Security Consultant
>Malicious Code Research Center (MCRC)
>Finjan Software LTD
>E-mail: rivgi@...jan.com
>---------------------------------
>Prevention is the best cure!
>----- Original Message ----- 
>From: "john morris" <me.morris@...il.com>
>To: <full-disclosure@...ts.netsys.com>
>Sent: Sunday, November 14, 2004 3:34 PM
>Subject: Re: [in] Re: [Full-Disclosure] IE is just as safe as FireFox
>
>
>  
>
>>Firefox avoids several fundamental design flaws of IE, in that:
>>
>>-Firefox is not integrated into Windows, and thus closes holes
>>allowing access to the OS.
>>
>>-Firefox does not support ActiveX JavaVM or VBScript, three Microsoft
>>proprietary technologies that are responsible for many security holes.
>>
>>-Firefox does not allow for the invasion of your system by adware and
>>spyware just by visiting a website.
>>
>>(FROM LINKS TO LINKS WE ARE ALL LINKED)
>>
>>cheersssss.....
>>
>>morris
>>
>>_______________________________________________
>>Full-Disclosure - We believe in it.
>>Charter: http://lists.netsys.com/full-disclosure-charter.html
>>    
>>
>
>
>-----------------------------------------------
>This message was scanned for malicious content and viruses by Finjan Internet Vital Security 1Box(tm)
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
>  
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ