Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: [in] Re: IE is just as safe as FireFox
From: "Todd Towles" <toddtowles () brookshires com>
Date: Fri, 19 Nov 2004 14:04:59 -0600

Windows doesn't tell you about the Admin account and makes the default
user a Admin. That isn't best method as you know. 

RunAs is great..but that is only good once you create a normal user -
and then delete your new default user. Or you log in in Administrator
and take away the full control of the default user. Easy for the average
window user? Nope. If it was Microsoft would make the default user (note
USER) and then let you configure the Admin account on start. 

-----Original Message-----
From: full-disclosure-admin () lists netsys com 
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of 
Crotty, Edward
Sent: Friday, November 19, 2004 12:13 PM
To: full-disclosure () lists netsys com
Subject: RE: [in] Re: [Full-disclosure] IE is just as safe as FireFox

I'm not a Win based guy (troll?) - Un*x here - and even I was 
offended by #1.

There is such a thing as "runas" for Windows.

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com]On Behalf Of devis
Sent: Friday, November 19, 2004 11:10 AM
Cc: full-disclosure () lists netsys com
Subject: Re: [in] Re: [Full-disclosure] IE is just as safe as FireFox


This message is primarily destined to all MS trolls, no 
matter their levels, and i can see so many in this list that 
i am happy to target a large audience.

Please run some unix or at least read about the unix 
permission system, and lets pray god this sheds some light in 
your mono cultured brains. 
Here are the relevant points:

1) Despite recent ameliorations of MS ( multi user finally, 
permissions ... ) and some effort at making the system more 
secure, something very important is still left out: The first 
default user of the MS computer is made an administrator. 
This comes down to giving uid0 to ur first unix user. Unix 
does NOT do that. It requieres you to use su and become root 
( administrator ) after proper credentials submission ( password ). 
The first user is NOT and administrator, and any recent Unix 
documentation will insist on the danger of running as 
root(admin). Unix keeps the admin account well separated from 
the user account, which MS DOESN'T, despite all wrong 
arguments i read on this list. VERY BAD practice generally. 
So its user friendly, as the user has admin rights and can 
therefore install and remove software and change major 
configuration. Majority of users don't and will never know 
there is an 'administrator' user that hides from their eyes.
This little detail that apparently Ms people can't 
'understand' is  a huge step. Please install a proper unix, 
create 2 accounts and try to read the home directory of the 
second user from the first.

2) "After all, they don;t need to know" . " You're on a need 
to know basis job"
Do MS really think the users are stupid ? Do understanding 
different IDs/ roles / accounts on a computer that much of a 
tough message to pass to the end user ? Isn't security 
important and supposedly the goal of recent MS developpements 
? If they really did target security, their efforts will have 
been into making the user understand that he should be admin 
to install programs, and a non priviledged user to surf the web. 
IS that that hard to understand ? And that much hidden into 
high IT security professionnal unreachable knowledge ? I 
don;t think so. Doesn't a company such as MS has enough 
ressources to make that a priority and educate the users ? 
Off course it has. Just not very 'commercially' 
friendly as if user then understand roles, it might requires 
less Anti virus, personnal firewall and other bullshit FUD's 
scareware ( Yes its scareware, and it is the best selling 
software category OF ALL times of software history ).


This is why, Firefox being independant from this OS that 
carries 60 of its code base as being legacy code for older 
system hardware and backward compatibility, is likely more 
secure than the in house integrated application. Now if u are 
running Firefox as an administrator .....don't be surprised 
if something happens. Don;t blame the software, but your poor 
security practices.

Lets not hide from ourselves whats needed from MS to reach 
modern world
security:
a complete rewrite, and a ditch of old Dos base and the 20 
years old legacy code.

Hopes that clears things.



Rafel Ivgi, The-Insider wrote:

Firefox is not intgrated to the OS, because it doesn't have an OS.
Its just a trimmed Mozilla for windows..
However Mozilla in Linux is integrated at some level...so 
they are just 
the same as I.E.


Rafel Ivgi, The-Insider
Security Consultant
Malicious Code Research Center (MCRC)
Finjan Software LTD
E-mail: rivgi () Finjan com
---------------------------------
Prevention is the best cure!
----- Original Message -----
From: "john morris" <me.morris () gmail com>
To: <full-disclosure () lists netsys com>
Sent: Sunday, November 14, 2004 3:34 PM
Subject: Re: [in] Re: [Full-disclosure] IE is just as safe as FireFox


 

Firefox avoids several fundamental design flaws of IE, in that:

-Firefox is not integrated into Windows, and thus closes holes 
allowing access to the OS.

-Firefox does not support ActiveX JavaVM or VBScript, three 
Microsoft 
proprietary technologies that are responsible for many 
security holes.

-Firefox does not allow for the invasion of your system by 
adware and 
spyware just by visiting a website.

(FROM LINKS TO LINKS WE ARE ALL LINKED)

cheersssss.....

morris

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
   



-----------------------------------------------
This message was scanned for malicious content and viruses by Finjan 
Internet Vital Security 1Box(tm)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault