How Can I Trust Firefox? 1464
TheRealSlimShady writes "Peter Torr (who?) from Microsoft invites a certain flamewar with his essay 'How can I trust Firefox?' He raises some interesting security related points about the download and installation of Firefox, some of which should probably be addressed. The focus is on code signing, which Microsoft is hot on. Of course, the obvious question is 'Do I trust Firefox less than IE?'"
whoa wait! (Score:5, Funny)
Re:IE? (Score:3, Funny)
"Numeric IP address" ? (Score:5, Funny)
As opposed to what? A graphical IP address? A string IP address? A musical IP address?
I hope this kind of remark does not reflect the technical skills (or lack thereof) of the author, although the content of the lame flamish post seems to lead us to the same conclusion.
Re:Verisign Code Signing Certificate (Score:1, Funny)
Downloading Firefox w/ IE? (Score:4, Funny)
That is like saying (Score:2, Funny)
But look at their boat...
it's got a dent in its hull
also, why spend time trying to break into one car that has its windows rolled up..
when its sitting in a parking lot full of cars with their windows down and keys in the ignition
Re:This guy is right. Listen to him. (Score:5, Funny)
Of course, with IE's spoofing vulnerabilties, you may not really be at firefox.org.
Re:Yeah, right. (Score:5, Funny)
And even if I press no, I *still* get spyware. Why? IE Sucks.
Hey, I have a solution! Firefox can present a dialog box on the first installation that asks, "Do you want to run with better security than Microsoft Internet Explorer?" with only one button labeled "Yes".
Excuse me (Score:2, Funny)
Off Topic I know but come on.
URL? (Score:3, Funny)
I guess he's hoping for a Christmas bone-arse from Bill Gates.
Did I make FIRST POST?
Re:Multiple Firefox Security Flaws Discovered (Score:4, Funny)
Re:Yeah, right. (Score:4, Funny)
Re:Legitimate but GENERIC issues. (Score:3, Funny)
In Windows XP, QQXXZZ.DLL was renamed to PLUGH.DLL
Re:Yeah, right. (Score:5, Funny)
"I wanted to download Microsoft's Internet Explorer, so using Firefox I popped across to Google and searched for:
'Microsoft Internet Explorer'
The 3rd link told me:
Internet Explorer Home
https://www.microsoft.com/windows/ie/defaul
Ok. I'll go there!
Up pops the message:
'Unable to verify www.microsoft.com as a trusted site'
Ok. I'll examine this certificate. Lets see who it is signed by... ah. Microsoft. Fine. As I'm testing this off a Knoppix-style CD and USB memory stick I'll accept this self-signed certificate. Seems all a bit snakeoil to me.
Once I do accept this this I immediately get redirected to another page - something ending with "mspx". Thats not where I clicked! I guess I have to trust it for now though and just carry on.
Over on the left is a "downloads" link, so I go there. I'm presented with a downloads page, where I have to go to another page of languages. I don't see my native Israeli, so I opt for "English". I'm taken to another downloads page (yes, I'm getting board of downloads pages already too). From here I am told that I must go to the 'downloads centre'. Great. Another downloads page. Here I get to select my language again. Um. Still no Israeli, so I go for English again. But Wait! There - no kidding - are only versions for Microsoft Operating Systems!"
I close my browser and grin.
Re:I agree ... (Score:5, Funny)
He's claiming, in public, that his company's monopoly browser is presenting warnings that should cause users of that browser (the default on the monopoly operating system) to believe that installing Firefox (which is recommended, remember, by the Dept. of Homeland Security's CERT as being more secure) is inherently insecure and dangerous.
That sounds like at least an antitrust violation, and probably fraud on top of it. Maybe a PATRIOT Act violation, as well.
Re:Yeah, right. (Score:3, Funny)
Re:Yeah, right. (Score:5, Funny)
Re:Yeah, right. (Score:5, Funny)
On top of that is some education on IE's faults, the scum of the net, and to note that the Firefox icon is much cooler than a dumb, swooshy "E"
This approach has worked pretty well for me so far.
In one extreme case I did rename the Firefox icon 'Internet Explorer' for an exceedingly uncooperative user. Once it was called 'Internet Explorer' she didn't care anymore. I'm sure some poor SOB in tech support has a hell of a time with her though.
Re:Yeah, right. (Score:3, Funny)
Hijinks ensue.
Re:Yeah, right. (Score:5, Funny)
If you were actually a native Israeli, you'd know the language is called Hebrew, or, in the actual language, ivrit (ayin-vet-resh-yud).
(If you're a native Israeli who just can't speak English, I apologize, but all evidence from your post shows you can, in fact, speak English.)
Re:Yeah, right. (Score:1, Funny)
Wrong again, it's ayin-vet-rest-yod-tav.
On an offtopic note, when is Slashdot going to allow hebrew in comments?
Re:Yeah, right. (Score:5, Funny)
Am I the only one to read this as hotsperm?
Re:Yeah, right. (Score:5, Funny)
Right after they fix the HTML to work properly in the Firefox browser we're all praising in this thread.
Re:Yeah, right. (Score:1, Funny)
-- GNU/Anonymous Coward[s]
-- -- Or are we?
Re:Random servers (Score:2, Funny)
Yes, that's authoritative.
Hi, I'm Tim and I want a secure browser.
Oh, good, some random fuck on Slashdot trusts this site, it must be secure.
There's a world beyond your comfort zone, and your walls may have been breached.
Firefox != iPod (Score:3, Funny)
Re:Most Spies for Beijing are Taiwanese (Score:2, Funny)
*sniff* I'm going to die alone and unloved. (Oh, wait, I'm a Slashdot poster. That was already a given...)
Kierthos
Re:I agree ... (Score:2, Funny)
> IE is signed code...do you trust it? I don't.
IE's signature tells you for sure it came from Microsoft. Another reason to trust it even less :-)
Perhaps you doubt the veracity of my statement (Score:3, Funny)
Ah. I see by the expression on your face that you are confused by my statement. Perhaps you doubt its veracity, but let me assure you, I speak not a word of English [kithfan.org].
Backdoor jab (Score:2, Funny)
I've already got IE, why would another backdoor be any big deal?
one more fucktard... (Score:4, Funny)
We wouldn't *need* all these warnings in the first place if MS hadn't allowed two extremely popular programs (IE and OE) to run executables with no user intervention. If they would have stuck with the ORIGINAL design--"Code canNOT run until you tell it to"--we'd all be better off. Run all the JS on a web page you want, but NO ONE can run code that affects the LOCAL MACHINE until told to. But no, stupid fucking MS, who didn't even *know* netowrks existed until Win 3.11, jumps into the game with the assumption that "Hey, you're on a network? Well then, you're probably at work, so the network's probably safe." Maybe we can fix the problem by putting up signs on the Redmond campus: "Strangers have the best candy!" and see if that thins the herd some.
How many old-timers here remember telling their new-to-the-net friends "You can *read* any email you want and NOTHING BAD CAN HAPPEN, but always be sure before clicking an attachment!"? And then we had to go and revise that statement.
Grade A Prime - BS (Score:2, Funny)
Ok, that's Grade A B.S. Right there.
First of all, isn't www.cnn.com a trusted site? If so, why does IE allow Spyware "Avenue A" download on my system.
Second, Verisign cost more money than what's it worth. Hey, if I had $300+ to spend every year so that Micro$haft can grant me it's blessing, that doesn't make my tabloid of a site anymore trustworthy.
Third, You don't know where mirror.sg.depaul.edu is? Give me a break. www.microsoft.com goes to a cluster of machines all across the US. Maybe I'll get lucky playing Russian rolutte one day with a disgruntled MS employee that decides to send an... opps torjan from one of it's sites. Spectulation is a two-edged sword.
Fourth, MS has a 10+ year track record with its greed, its defiance, its manipulation and persussain, and most of all, it deception. Now, knowing this let's apply that Law#1 to the Ten Immutable Laws of Security "If a bad guy can persuade you to run his program on your computer, it's not your computer any more." Seems like I hear this one directed to MS users... a lot.
-my four cents worth.