WHICH IS SAFER,INTERNET EXPLORER OR FIREFOX

WHICH SAFER,INTERNET EXPLOREE OR FIRFOX ?

There is a lot of discussion going on about the relative safety of Internet Explorer vs. Firefox. In this article I say why I think most of the commentary is missing the point.


--------------------------------------------------------------------------------



The battle over the question in the title has been raging in discussions all over the Internet. Unfortunately, this is the wrong question. In fact, it is a meaningless question unless a lot of additional factors are considered. Security is a multidimensional problem and cannot be usefully discussed in the kind of simplistic comparisons that are being made.

I am not a professional security expert but there are some pretty obvious points that can be raised about how you define what is meant by “security”. The most popular way seems to be a kind of numerology where somebody with a vested interest like Symantec purports to count “vulnerabilities” or even “possible” vulnerabilities. The conditions where these vulnerabilities apply are usually not specified. Many questions have to be asked before any meaningful assessment of the severity of a problem can be made, For example, does having a firewall prevent them? Do typical anti-malware packages detect them? Does the user have to click on a link or do something stupid for the problem to apply? Can the problem be fixed by changing a default setting? How long does it take before a patch can be made? Not all “vulnerabilities” are created equal. A so-called vulnerability may be “potentially” very dangerous but not be a problem in practice because it easily fixed by standard measures or can only be incurred because of stupidity. So this numbers game looks very misleading to me.

The whole subject is quite complicated but in an attempt to keep this discussion reasonably short I suggest we replace the single question of the title with three questions (all pertain to Windows systems):

1. Which browser is safer for experienced computer users?

2. Which browser is safer for average computer users?

3. Which browser is safer for careless, uninformed or clueless computer users?

The answer to question 1 is that either browser will do. What browser is used by an experienced person is a matter of personal habits and preferences about different browser features. An experienced user knows what security precautions must be taken and will rarely get a problem just because of the browser that is being used. Personally, I use both Internet Explorer (IE) and Firefox. I prefer Firefox for most things but some sites only work in IE.

Next let’s consider question 2. The term “average” computer user covers a lot of different people so only a few generalities can be stated. The average PC user is not going to be familiar with the details of security measures but most will be aware that they need some kind of defense. If they have a PC bought in recent years they will have quite a bit of automatic protection such as anti-virus programs that update themselves and at least the Windows XP firewall. Also Windows update will be set to run unattended. Many PC users also have installed entire security suites. It is important to note the presence of these security measures because otherwise the question of which browser to use is moot.

For those people who have enough other security in place so that they can turn their attention to browser security, one question concerns updates. Both IE and Firefox have periodically been found to have security holes. IE has an apparent advantage in that it is automatically updated whereas at present Firefox has to be patched manually. Typical PC users can be lax about updating so that looks like a point for IE. However, this possible advantage is much lessened or even disappears because Microsoft can take many weeks to issue a patch for a known problem. Firefox patches come out within a few days after a problem is revealed. Which browser has the advantage here? For those who would keep up with the Firefox updates, I give the nod to Firefox on this particular issue. For procrastinators, maybe IE is better but future versions of Firefox are supposed to also update automatically. Note added later: Firefox version 1.5 is scheduled for release at the end of November, 2005. It contains an automatic update feature and that removes any advantage IE had for procrastinators.

There are also other security factors such as ActiveX, which I have discussed in detail on another page. On the issue of ActiveX, individual PC users will have to balance convenience with safety to decide on a browser. Knowledgeable users can configure IE to avoid ActiveX problems but I wonder how many average PC users will actually do what’s necessary. From a theoretical point of view, I think Firefox is safer because it doesn’t support ActiveX but from a practical view it can sometimes be inconvenient that some pages won't work for any browser but IE.

What about the average PC user who has an older system with Windows 98/Me? These people are totally ignored by most commentators but there are still quite a few of them around. They will be missing a lot of the security that Microsoft has added to IE in Windows XP SP2. Personally, I think that these systems are safer with Firefox. However, there is the psychological barrier that many people have about installing a whole new browser when they already have one in place. Also, IE has to be used for certain sites and this is another obstacle to using Firefox. For these users, I think that the theoretical answer to question 2 clearly is Firefox. In practice, however, most of these users will probably stick with IE. Hopefully, they will have enough security measures in effect to obviate the newer IE exploits that they are exposed to.

Now we come to question 3. This one is easy to answer. It doesn’t matter what this group uses for a browser. These are the ones that do not use firewalls or do not install security updates or blithely click on any old link. They have much bigger problems than what browser to use. Unfortunately, their problems are our problems, too. This group is where most of the worms and Trojans hide out. It is also where the crackers get their “zombie” machines to carry out Distributed Denial of Service attacks and conduct various criminal activities.

I have framed the discussion in terms of who the intended user is. To really discuss the issue of browser security would require a much more complicated metric. However, I think the discussion helps illustrate my contention that measuring security is not simple and that there is no easy answer that applies to everybody for the question of which browser is safer to use. If you held a gun to my head and demanded that I choose a browser for everybody, I would personally pick Firefox. But you still have to use IE for some sites like Windows Update whether you like it or not. And I haven’t even mentioned Opera or Netscape.

I am very interested to hear what you have to say about all this. Log on to http://tips.vlaurie.com and let me know what you think.

WHAT IS TROJAN HORSE

TROJAN AND HORSE

In addition to the viruses and worms discussed on the previous page, there is a third kind of malware known as a"Trojan horse" which we consider next.




--------------------------------------------------------------------------------

What is a Trojan horse?
The term Trojan horse is applied to malware that masquerades as a legitimate program but is in reality a malicious application. It may simply pretend to be a useful program or it may actually contain a useful function as cover for a destructive one. Screen savers are often used as a carrier. Trojan horses do not replicate themselves as do viruses and worms. However, a Trojan horse can be part of the payload of a worm and can be spread to many machines as part of a worm infestation. Many Trojan horses have been sent out as email attachments.

One favorite use of Trojan horses is to allow a malicious hacker ( more properly called a "cracker") to use systems of unsuspecting owners for attacking other machines or as zombies. Another use is for relaying spam or pornography. Yet another use is to steal account passwords and then relay them back to someone for fraudulent use. Trojans can also be destructive and wipe out files or create other damage. Recently, phishing scams have been making use of Trojans.

Sometimes social engineering is used to induce people to click on a link. Here's one that enticed people to try to download some photos:

Osama Bin Ladin was found hanged by two CNN journalists early Wednesday evening. As evidence they took several photos, some of which I have included here. As yet, this information has not hit the headlines due to Bush wanting confirmation of his identity but the journalists have released some early photos over the internet.

Instead of photos what they got was a Trojan.

Defenses
Many Trojans are recognized by the major anti-virus programs. However, not all Trojans have characteristics that trigger anti-virus programs so additional software is recommended. The spyware programs discussed on the next page should be considered as well as the references in the sidebar.

It is essential in the present conditions to have a firewall. The Internet is a two-way street. Unless your computer is properly protected, it is all too easy for unwanted visitors to gain access to your computer while you are on-line. Once into your system, a cracker can plant a Trojan or worm or do other harm. Good firewall software can make your computer invisible to all except the most determined cracker. Further, most firewalls will warn you if programs on your computer try to connect to the Internet without telling you. That will help to warn you if you get an infection. Note, however, that some Trojans may hide by piggybacking on essential services like your email client.

Unless they had a broadband Internet connection, I used to tell people that they probably did not need a firewall. However, hacking has reached the point where everyone, even those with dial-up connections, needs a firewall. My firewall keeps a log of the attempts that are made to probe my computer and once in a while I check it out of curiosity. The attempts are unceasing and come from all over the world. (I know because I look up some of the IPs.) Even my wife's dial-up AOL account is probed all the time. Many of these probes are not malicious but I see no reason to take chances on the good will of all these strangers.

The present version of Windows XP has half a firewall built in. Unfortunately, it monitors only incoming traffic and therefore is of no help in warning about programs on your computer that call up Internet sites without telling you. Also, note that that you have to specifically enable it. (Service Pack 2 turns it on by default.). I recommend a more robust program. If you want to, you can go for one of the commercial suites that include a firewall together with a variety of other programs. However, there are several very good free programs. The sidebar contains references.

Spyware and Adware
These types of pest are related to Trojans but are a little less destructive. They are discussed on the next page.

WHAT ARE SPYWARE AND ADWARE

SPYWARE AND ADWARE


The incidence of problem programs called "spyware" (or in their more benign forms "adware") has reached the point where Congress is even considering a law about it. Here's some facts about spyware and adware and ways to defend your computer.




--------------------------------------------------------------------------------

What are Spyware and Adware?
Spyware, adware and their variations are programs or applets that get installed on your computer by a download from the Internet. (You could also get them on a disk from somebody but that is less common.). There are basically three scenarios where problems arise:

1. You knowingly download and install something but do not understand all the functions of the program.

2. You download and install one thing but other things are installed along with it that you do not know about.

3. Something is downloaded and installed without your knowledge.

There are many software downloads available on the Internet that call themselves freeware. Quite a few of these are, in fact, free and come without strings. In the end, however, the cost of any software has to paid for by somebody, somehow. One way to support the cost of software is through advertising that is downloaded and displayed on the user’s computer along with the software. Many useful and reputable programs are now distributed this way. Often they come both in a version that is “free” (but with ads) and in a version that has no ads but has to be paid for. As long as the user is told up-front about the ads and about any tracking that might be going on, this form of adware has a perfectly legitimate role. For example, I use the adware version of the Opera browser. I do not use the browser very often and I wouldn’t pay for it but I am willing to have small ads running when I do use it. Actually, they are unobtrusive and I pay them no attention. [Note added later: Opera is now free.]

Note that I said that I was willing for ads to run while I was using the program. Less scrupulous software distributors may have pop-up windows showing ads whether you are using their program or not. Even worse offenders graduate to “spyware” and contain a component running all the time in the background to track your viewing habits on the Internet (and possibly other things). Your preferences are relayed to advertisers so that ads may be targeted specifically to what is perceived to be your interests. For example, if you visit a lot of sports sites on the Web, you may find ads for athletic equipment showing up on your computer.

Legitimate programs are straightforward in alerting you that advertising banners or pages will be downloaded to your computer and shown to you whenever you try to use that program. Others are less up front and bury the notice about ads and other actions in the EULA (End User License Agreement). Having seen this type of turgid legalese innumerable times when using Microsoft applications, most of us just click the “I agree” button without reading the stuff. If you do read the EULA thoroughly, you may find that you have signed away all your rights to privacy. How legally binding this really is, I am not competent to say, but personally I find the implications disconcerting. Still other software packages do not even bother with hiding details in the legalese but simply carry out surreptitious actions on your system without notifying you beforehand.

Drive-by Downloads or Foistware
Not content to entice you into using their spyware by providing some useful function, some firms download stuff to your computer whether you want it or not. Many Web sites have ad banners that contain download links. If you accidentally click on the ad, you may initiate a download. Some of these ads contain messages that your system "may" be infected with a virus or otherwise impaired in order to lure you into clicking on something. Depending on your browser security settings, you may then receive some unwanted software automatically or get the standard Windows pop-up message asking, "Do you accept this download?" If you click "Yes," spyware is installed. Note that the presence of a security certificate is no guarantee that something is not spyware. An example of a download window for a well-known problem program is shown in the figure below.


Sometimes, just viewing a page is sufficient. Many of these downloads take advantage of ActiveX controls in Internet Explorer (IE). The settings for Internet security zones in IE can be configured to prevent this. Also, Windows XP Service Pack 2 increases the security in this area of IE. Other browsers generally are not susceptible to ActiveX downloads. However, most browsers with insecure settings can be made to run Javascript or certain other types of code.

Lists of these types of spyware are available at the spyware database references given in the sidebar. Unless you are sure about a program, check it out on these lists before installing.

Other Problems
One issue is to how much of your privacy is invaded by the ad tracking. To some degree, it is the nature of an individual’s personal psychology that decides what is private. Some people are unconcerned while others react violently to the notion of being tracked. Privacy is a large subject and beyond the scope of this article but several references are given in the sidebar.

However you may feel about the privacy issues, the practical matter is that spyware uses your computer resources and bandwidth and often causes sluggish behavior or even crashes. Some spyware like the very popular file-sharing program Kazaa may even use your idle CPU time for whatever computational purposes they see fit. Many PC users have suffered significant degradation or worse for their system from the presence of spyware.

The most severe cases where the spyware is actually malicious and either causes deliberate damage to your system or uses your system for some nefarious purpose is usually considered a Trojan horse and is considered on the previous page.

Defenses
Because of the proliferation of spyware, many programs are now available for detecting spyware and cleaning it out. Anti-virus programs do not detect most spyware because the programs do not have the characteristics of a virus. Thus a separate application is needed that specifically targets spyware. Links to two free programs, "AdAware" and "SpyBot Search & Destroy" are given in the sidebar along with references for others. Unlike ant-virus programs, where installing more than one program is not recommended, it is a good idea to clean your system with consecutive application of two or more spyware removers. According to PC Magazine , the commercial programs Spy Sweeper and Spyware Doctor are the two best anti-spyware programs. PC World also chooses Spy Sweeper as its top ranked program.

Firewalls that monitor programs on your system that attempt to connect to the Internet will give you warning of the presence of spyware. The Windows XP firewall does not have this capability so one of the firewalls mentioned in the references in the sidebar is recommended. If another firewall is installed, turn off the Windows XP version. The update SP2 automatically enables the Windows XP firewall.

It's a good idea to check what programs run automatically at startup. Windows 98/Me systems can use MSConfig and Windows XP systems can use the services console to see what is running in the background. Unwanted programs can be detected and disabled. Any spyware can then be removed.

Avoiding spyware in the first place is the best defense. Use common sense in installing software. Check out any potential download with the spyware databases given in the references in the sidebar. Exercise caution when visiting strange Web sites.

Some references recommend disabling ActiveX entirely. While this will prevent many unwanted controls from installing, it will also break useful applications. A less drastic procedure is outlined on another page. Using the Firefox or other non-Microsoft browser is another recommendation for those who wish to avoid ActiveX problems. However, any commonly used browser is still susceptible to other types of script and the security settings for scripting should be consulted.

WHAT IS VIRUS & WORM

VIRUSES AND WORMS

It seems to be inherent in human nature that any activity involving large numbers of people will include some who behave in a harmful, anti-social way. Thus on the Internet there is a constant threat from malicious software or "malware." Two common types of malware are "viruses" and "worms."


--------------------------------------------------------------------------------



What a virus is
A virus is a self-replicating program that spreads by inserting copies of itself into programs or documents that already exist on a computer. The name comes from an analogy with biological viruses. These cannot reproduce by themselves but make use of the functions of infected cells to spread. Similarly, a computer virus makes use of the executable code in legitimate programs to carry out its purposes. A virus may be designed to be destructive to a system or to be a prank. In either case, the virus will rapidly reproduce itself until the system may be overwhelmed. Viruses spread to other systems when infected programs are copied to another machine. Documents with executable code like Word macros can also be vectors of infection. A very common method of spreading viruses is by attachments to email . Today a variant of a virus known as a worm is more often used.

What a worm is
Viruses and worms are often lumped together in the single category of virus but there is technical distinction. A worm differs from a virus in that it contains all the code it needs to carry out its purposes and does not depend on using other programs. Most recent instances of malware have been worms, spread primarily by email. Worms are designed to replicate rapidly and to use the Internet or other networks to spread with great facility. They may contain code to damage or erase files or may carry other malicious payloads. On a number of occasions, large numbers of computer systems have been brought down by worms. In addition to the damage from whatever payload they carry, the sheer number of worm copies can bring systems to a halt.

A very common method of spreading is by use of any email addresses on an infected computer. The worm searches address books, temporary Internet caches and other possible sources of email addresses. The worm then mails out random infected fake messages. It may use the addresses it finds not only as recipients but also may spoof mail to show them as senders. It may also combine random pieces of addresses into new fake addresses. All the messages will contain an attachment that is infected. None of this activity may be known by the owner of the infected machine and may go on for weeks or months. A single infected machine can send out thousands of worm-carrying messages.

Anti-virus programs
Most people know that anti-virus software is a necessity and most computers come with some form of anti-virus program already installed. (Note that anti-virus is a catchall term that refers to a variety of malware.) All the major programs check email as well as scanning your system. However, new viruses appear every day and anti-virus programs are only as good as their database or definitions of viruses. A program can't recognize a new virus unless it has been kept up to date. Anti-virus programs contain update features and these are automatic in the newer major programs. However, the big vendors like Symantec and McAfee no longer give unlimited free updates but start to charge after some initial period ranging from 3 months to 1 year. Very often people do not subscribe to the new updates and let their protection lapse. This leaves the computer open to any new virus that comes along. Actually, it may be better to periodically buy a whole new version of whatever anti-virus program you use. I have often found rebate offers that make the new program cheaper than the update subscription.

Personally, I find both the Norton and McAfee programs to be very heavy users of system resources. An alternative is one of the free programs like Grisoft AVG. In the past, Symantec's Norton has always seemed to get much better reviews for efficacy against infection than the freebies but a recent review by the magazine PC World indicates that there are several free programs that now provide acceptable levels of protection. Tech Support Alert gives a critique of the various free programs and describes an effective computer defense that uses free programs.

Firewalls
Worms have also been spread by intruders planting them directly on unprotected computers connected to the Internet. A firewall is essential to guard against such occurrences and is discussed in more detail on the next page.

Trojan horses
Another form of malware is the "Trojan horse" and we consider that on the next page.

How to Remove a virus

Virus

Usually every virus has two aspects – a finder and a replicator.

The finder searches for the new uninfected files and the replicator actually targets these files and infects it by multiplying itself.

How a Virus Affects a System

· It corrupts files

· It slows down the speed of the computer system

· It causes the system to hang frequently

It deletes various files

Sources of Virus Infection

A virus can enter the system and infect it through various sources. Some of the sources are

· Infected CDs, DVDs, pen drives, etc

· E-mail

· Browsing infected sites

Downloading files from the internet

How to Remove Viruses

Removing viruses, though technical, is yet a very simple process if all the required steps are properly followed.

The basic steps are:

· Buy or download an antivirus software

· Install the antivirus software

Update antivirus software with the latest virus definitions

· Do a complete system scan

A safe way to remove viruses is to use a bootable antivirus CD (containing the latest definitions) to scan the drive. Alternatively, you can attach the drive to a friend's computer that has an antivirus installed (with the latest updates) and perform a full disk scan.

However, if you cannot do any of the above options, you may want to try the following steps:

Steps to Remove a Virus from the System

Step 1
Install an Antivirus Program in the System

What is Antivirus program? An antivirus is a program that searches for, identifies and removes potential viruses existing in the computer system.

Antivirus software: Some of the commonly available antivirus programs in the market are -

· Symantec Norton antivirus

· AVG antivirus

· McAfee Scan

· Microsoft Antivirus

The antivirus software should be updated regularly to retain its effectiveness.

Before installing the antivirus, close all open applications and terminate any suspicious processes using Task Manager. Sometimes, you may need to boot into safe mode or safe mode with command prompt to delete suspicious programs and references to them in the Windows Registry (run regedit from the command prompt to open the registry editor).

Search engines are excellent tools to find out whether a certain process is harmful or not. You can also get steps on how to remove a specific virus manually.

Removing the virus beforehand might be necessary, as some viruses will not allow an antivirus to operate. However, if you are not successful, you may still continue with the installation.

Step 2
Scan the System to Identify and Locate the Virus

Usually, the antivirus will run automatically when the system reboots after the installation.

Therefore, it might identify the virus automatically.

Moreover, you may want to run a quick system scan to locate the virus.

Step 3
Troubleshooting the Virus Infected Areas

After the antivirus identifies the infected areas, the next step is to rectify those areas.

Methods of Eliminating Viruses

Generally, the antivirus adopts one of two methods to eliminate the virus:

· Removing the virus – When the virus can be easily identified and can be removed without affecting other files, then the antivirus removes it from the host place.

Quarantine – This is done when the virus cannot be easily identified removed from the file and the removal of virus means the removal of the complete file. In this method, although the virus is not eliminated, it is rendered inactive by moving the file into "quarantine" and renaming it.

Step 4
Perform a Full System Scan

Even after the virus is removed from the system, the next step is to scan the whole system to ensure that no infected files remain.

What if the Antivirus Fails?

It may happen that your antivirus fails to detect and get rid of the virus. In such a case, you can follow the steps given below:

· Take a backup of the entire data.

· Format the infected disk partition.

· In case the entire system is infected, the system will have to be reinstalled.

· Install the antivirus and the latest updates.

· Restore the backup.