Wednesday, January 27, 2010
Good news for Firefox users: Microsoft was wrong; hackers try to hack Firefox frequently, and fail
Brian Krebs, independent computer security blogger and former columnist at the Washington Post reported on a commercial web browser exploit toolkit for hackers. Note when I say commercial that does not in any way imply it is legal or anyone in there right minds endorses it.
What it does say is that hackers go after web users systematically and would like no marks to get away, regardless of the browser the user has chosen.
However, the statistics published in the screenshots of the article show that the user's choice of web browser has the most drastic choice on whether he gets successfully hacked or not.
In the statistics sampled, Firefox 3.5.6 registered several successful attacks against it, but others were left unscarred.
Internet Explorer, you ask? Oh, my god! It gets mauled when it shows up on an infected web site!! The article shows that IE is like some barroom brawler that cannot possibly walk away from a fight. Though the successful attack rate against Internet Explorer has been steadily decreasing since version 5.0 (about 2/3 successful attacks) the rate of successful attacks for IE 8.0 is a little over 1/10.
Another interesting thing is that Firefox 3.5.x was seen twice as much as Internet Explorer 8.0 by the toolkit.
To me, these statistic say when Microsoft has been saying for the past 6 years that Firefox was not getting infected a lot was because few people are using it is not just one lie but two. Apparently, Firefox is seen quite a bit by infected web sites. However, for the most part these sites can look but they cannot touch.
The other surprise is that plugins do get attacked and sometimes the attacks are successful: Java, Adobe plugins, etc. are attacked. Java attacks are rarely successful but you do see a grouping of some successful attacks against a recent but non-current version of Java 6. The lesson there is clear: keep your Java web browser plugin up to date in all of your web browsers!
Another interesting though perhaps malleable fact is that the Adobe Acrobat Reader and Adobe Flash attacks that are wildly successful on Windows when running IE, just do not currently work against the Macintosh. Another case for the argument that a lot of people should have switched from Firefox to Macintosh years ago. If they had, then this web hacker industry would not be quite so large and wealthy as it is now. There is no question the minions and gangs in this industry are making quite a lot of money.
Perhaps, if IE users want to be slightly safer on the web, they will update their browsers and avoid installing plugins - like, say Silverlight. But if they want to cut there risk by another ten to hundredfold, they will install Firefox. At least then they will not be reeling around like a punch drunk barfly with a glass jaw.
Lesson learned: avoid Internet Exploder - run Firefox instead - beware Adobe plugins, and keep Java plugin up to date if you have it installed in your web browser.
What it does say is that hackers go after web users systematically and would like no marks to get away, regardless of the browser the user has chosen.
However, the statistics published in the screenshots of the article show that the user's choice of web browser has the most drastic choice on whether he gets successfully hacked or not.
In the statistics sampled, Firefox 3.5.6 registered several successful attacks against it, but others were left unscarred.
Internet Explorer, you ask? Oh, my god! It gets mauled when it shows up on an infected web site!! The article shows that IE is like some barroom brawler that cannot possibly walk away from a fight. Though the successful attack rate against Internet Explorer has been steadily decreasing since version 5.0 (about 2/3 successful attacks) the rate of successful attacks for IE 8.0 is a little over 1/10.
Another interesting thing is that Firefox 3.5.x was seen twice as much as Internet Explorer 8.0 by the toolkit.
To me, these statistic say when Microsoft has been saying for the past 6 years that Firefox was not getting infected a lot was because few people are using it is not just one lie but two. Apparently, Firefox is seen quite a bit by infected web sites. However, for the most part these sites can look but they cannot touch.
The other surprise is that plugins do get attacked and sometimes the attacks are successful: Java, Adobe plugins, etc. are attacked. Java attacks are rarely successful but you do see a grouping of some successful attacks against a recent but non-current version of Java 6. The lesson there is clear: keep your Java web browser plugin up to date in all of your web browsers!
Another interesting though perhaps malleable fact is that the Adobe Acrobat Reader and Adobe Flash attacks that are wildly successful on Windows when running IE, just do not currently work against the Macintosh. Another case for the argument that a lot of people should have switched from Firefox to Macintosh years ago. If they had, then this web hacker industry would not be quite so large and wealthy as it is now. There is no question the minions and gangs in this industry are making quite a lot of money.
Perhaps, if IE users want to be slightly safer on the web, they will update their browsers and avoid installing plugins - like, say Silverlight. But if they want to cut there risk by another ten to hundredfold, they will install Firefox. At least then they will not be reeling around like a punch drunk barfly with a glass jaw.
Lesson learned: avoid Internet Exploder - run Firefox instead - beware Adobe plugins, and keep Java plugin up to date if you have it installed in your web browser.
Labels: browsing, snafus, statistics, web
Hopefully, someday I will get this page to validate!