At Pwn2Own, Chrome Is First, IE Last In Browser Security

Page 2 - Seeking answers? Join the Tom's Hardware community: where nearly two million members share solutions and discuss the latest tech.
Toggle sidebar Toggle sidebar
Status
Not open for further replies.
It's the stupid people who get viruses, not their browsers. Sure, your choice of browser might affect things, but ultimately if you are a moron you will get viruses.

I like Chrome, but I've used all three - the best antivirus is common sense.
 
My argument was against silverblue saying that many websites "only work with IE" - I have yet to see some of these. I do know that Microsoft pays websites at times to say you have to use Internet Explorer for it to work properly - I even saw this on a .gov website before which is all total bull.
Click to expand...

Well probably not websites you visit.

I work pretty closely with a lot of different customers (goverments, health care, schools) and there are quite a few of them which are built entirely around Internet Explorer.

For instance, at a local car dealership they run ADP software and integration. We can't use any other browser or version other then IE9. It just flat out breaks the program.
 
Canadianvice is not exactly right. I have family that works for the government online, and use my pc to do it, so I have to be extra careful about virus's, Trojans, malware etc, and I'm not exactly what you would call stupid. Needless to say, I've still picked up my fair share of all 3, simply due to the amount of websites visited that are not covered by every protection available. The older stuff sure, but there's new stuff every day and not even heuristics are enough to snag them all.

The problem is that often the hackers are smarter than the ppl coming up with the fixes.
 


+1 to that. I am currently developing a website and am taking a lot of precautions against hackers, not limited to bots registering, SQL injection, etc. For one to know security he or she has to know to hack (they work side by side).
 
"Since the days of Windows95 A, Microsoft has pretty much had the monopoly on Web browsers, and even moving from DOS base to NTSC didn't change things much. What all that means is hackers, virus-techs, exploiters etc have all grown up with Microsoft. Who hacked compu-serve? No one, cuz no one really used it. Netscape same deal. So what was known? IE, be it 6 or 7 or 11 or whatever.
Also to consider is IE is integrated into Windows itself, so once it's exploited, you are in Windows OS. Chrome, Firefox etc are add on apps, crack them and you still have another step to go to mess with the OS.

And let's face it, there are many who simply chose to concentrate on IE simply because they get a kick out of screwing over Microsoft in general. "

Who used CompuServe ? How about all the banking institutions.... Compuserve was the backbone banks used for example to handle ATM transactions. Include also most everyone online before Netscape arrived (via Csi to my house / office) and continued after. CSi prohibited online handles, you were required to use you actual name and people were held responsible for what they wrote. AoL came along with the "unlimited usage model" which peeps went for in droves except it was "unlimited non-usage" since you could never get on. AoL didn't really become viable until they turned around and bought CSi's network and then their customers were finally able to actually get on line on a consistent basis.
 
Agreed jack, banks used compuserve, hell, I even had a go at it, netscape too, but neither was as easy to get online as AOL, point and click, and since online hacking was really just being born as an industry, hacking AOL was much easier than trying to break a banks firewalls and encryption. To be sure, there were some who tried and probably succeeded, but the masses of regular Joes were on AOL and it's splinters like yahoo etc.
The biggest difference between AOL and compuserve was AOL wasn't monitored by an FBI team of hackers, like compuserve was, so breaking into a home pc was much less likely to be noticed and have the fuzz show up at your house.
But still, look at your basic choices in OS, Microsoft Windows, Apple Windows or Linux. Very few people used Linux, Apple was a pain, and Microsoft DOS based Windows was on every home pc other than macs. And everybody knew DOS. And everybody had that included AOL free trial. It was a no brainer, for a Hacker.
 
I used CSi cause I could get on easier than AoL.... I managed forums for both ... quickly abandoned AoL and if i was to look, I might even be listed on a few forum staff lists tho it's gotta be 10 years since I logged in.

CSi had rules, that's what made it it different. Before releasing library files, they had to be scanned by 2 AV programs. Staffers knew ya real name and where you were from. Security was a primary task, not an after thought. I did government consulting back then and one of the things we put in our proposals was "We do not use Microsoft Office.

Yes Bill thought it was cool to click on a attachment and have it download and open in MS Word, but.... that took away the opportunity to scan for Concept Viruses before opening the file..... it wasn't because AoL was free (CSi had free trial too) it was because the Office, the focal point was form over substance.

"Gee I don't have to click my downloads to open a file".... turned into "gee, I saved a click and now I got infected".
 
Lol, yeah, I abandoned AOL when I discovered mIRC, I was AOL on 1 server and Sop in a couple of chat rooms, custom mIRC scripts and scripted bots for age breakers. That was a good time. So had no time for net surfing as it was
 
This is interesting, the browser that is the worse for privacy is the best for security by having the least amount of exploits. Is that a trade off? I use Chrome for various reasons and I am not to worried about privacy. But it is good to know that it has the least amount of vulnerabilities. I have never had a problem with Chrome and security. I follow safe browsing practices but I have had a few viruses here and there that infected Chrome but they also infected IE. These were because of not paying attention to what software was being installed with the primary program. But I have learned. To me Chrome is the best for what I want. I've had Firefox and had problems with it. IE I simply don't like or use. There is no one browser or software of any kind that is completely safe from malware. The important part is not only knowing safe browsing practices but also knowing how to fight and remove viruses/malware. Any of the browsers can work for you and it depends on what you like. You just have to know how to fight the vulnerabilities each one possesses.
 
But that's the gimmick, knowing the vulnerabilities. Your bios even has defenses against malicious software attacks, has since XP. There are only 3 kinds of ppl, in this case, the vast majority who are clueless about browser vulnerabilities, the few who are trying to fix the ones they know, and the fewer who helping the former by exploiting the ones they know.
 
That's very weird considering all the Ad Injectors I've had seem to have a particular affinity for chrome and have never infected Firefox.

Firefox crashes sometimes, I'll admit to that. But it has one killer feature that make it my go to browser. When you open your browsing session. It only loads the tabs when you switch to them. Unlike Chrome which loads everything. As long as chrome doesn't have that feature. I'll be using Chrome when needing to check something on the fly but my main browser will be Firefox. Another thing is that downloading videos using IDM seems to be broken on chrome no matter what I do.
 
Well Firefox has been around for quite a few years, and really hasn't changed as much as IE has, so they've had the time to work the kinks out and create a decent, sorta private, reliable browser.

Since Bill has pretty much abandoned Microsoft to its own devices, much of the onus has gone, it seems so anyways, and Microsoft just isn't quite so much the 'Big Bad Guy' on the block anymore. That's been taken over by Google, so I'm not surprised, with the recent explosion in popularity of Chrome, that more and more exploits, like the ad-injectors, are coming to the surface.

Wonder how much Chrome will resemble IE, when it's been around for 20+ years worth of cracks, hacks and exploits.
 
I'm used to the little ads on the bottom of my phone, they don't bother me nowadays, except for the ones by scroll-MO, where you literally loose the screen till you scroll it up/down/off. And it comes back with every new page. Metro-PCS will never see my family's business.
 
Does this include the various back doors and whatnot that Google slips into Chrome? I suppose Google is a bit too clever to let that happen.
 
IMHO It isn't so much legacy code that brought IE down ... it's all the undocumented backdoor crap M$ leaves in place in all its software which they use to exploit the "power" of their program (ie, avoiding the spaghetti code) while publishing weaker, slower links (that go through the spaghetti code) to non-M$ programmers resulting in 3rd party programs that aren't as fast/efficient/whatever thus "proving" the superiority of M$ programming. Then, when some smart guy comes along and finds some of these backdoors, M$ runs around screaming, "Virus, virus, the sky is falling, oh woe woe woe!!" Gimmie a break. With M$ it will always be about being "superior" (ie, more profitable to M$). There wouldn't be any alternatives today if the hardcore amongst us hadn't been willing to swim uphill against the corporate sheeple (tied to IE by fiat and force) to support actual standard-compliant browsers like Firefox/Chrome/etc..

"Everyone likes to rip on IE, but IE 11 is actually not all that bad." ~ Spac3nerd

LOL Now, if M$ hadn't bound IE11 so closely to the operating system (or is IE the next WOS? hmmm... 3:) ), perhaps it would run on earlier operating systems (like a normal standalone program). LOL If M$ were actually serious about supporting the standard, it could have easily "read the book, implement the code, read the book, implement the code" better than anyone. Could have. The real solution to the issue is to:

<!DOCTYPE html>
<html lang="en"> /* sue me I'm biased */
<head>
<meta charset="utf-8">
...
<title></title>
<style type="text/css">
<!--
body {
...
}
-->
</style>
<!--[if IE]>
<script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
<![endif]-->
</head>
<body>
...
</body>
</html>

thus letting someone else deal with the IE headache.

@firefoxx04: I'm with you dude(ette?). If the customer doesn't have paid-subscription-based anti-bugware installed and up-to-date, I have no compunction at all taking their money to reformat the hard drive and re-install their software.

@silverblue in re to Firefox crashing ... yeah. They've become a modern example of bloatware but unfortunately it didn't include robust memory management. Under 32-Bit XP Pro with the requisite 3.5GB RAM, Firefox slows and then crashes about the time memory usage hits 6-7 GB (obviously by then the HD is singing like a canary). Same computer running Chrome will happily hit 10-12 GB (with the HD chatter) but it doesn't crash ... the system just runs slower and slower until one gets sick of waiting for the screen to re-paint and restarts the computer. Now, you say that had to be that screwed up old XP. Ehhh! Yes, I am an XP fan boy. No, nothing in Win7 or 8 has convinced me they are any better (and frankly from a power user POV they are orders of magnitude clumsier but that's another story). Next system was an i7-based Win7 Pro 64-Bit monster with 16 GB. LOL Firefox still dies about 6-7 GB (but at least the HD wasn't chewing up head-motion hours). And Chrome can still happily open a dozen windows (each with a dozen or so tabs open) -- 8-10 GB worth -- and keep on going. Let's face it, being able to court the best with a huge pocketbook will almost always trump any volunteer effort. That's just the way it is. That's why M$ is still the powerhouse that it is. Well, that and most corporate systems being held hostage by them as well. LOL
 
Since Windows 1.0 came out on a single 720KB floppy disc. LOL Still have that disc BTW. Works fine in that old first-gen "laptop" that also still works fine (tho not for anything currently useful LOL).

Anyhoo ...

tell me you doubt for a second that, given the choice of (1) sell once and support for a while, or (2) rent forever and support whenever, you would not select option 2. Of course you would. It's called guaranteed monthly cash flow and that's the "Holy Grail" of any business. IBM knew this from the beginning. They leased the hardware and rented the software. Made a fortune. Now M$, Adobe, Autodesk, etc., etc., etc. are aiming to get in on the "rental" model. We were always too smart to fall for that but the kids these days -- the Millennials I think they call them -- don't know any better. They rent their cars, their homes, their phones, their dates, pay monthly for utilities and water, etc., etc., etc.. They simply can't conceive of "owning" something. It's a perfect storm.
 


This pisses me off, I had a really good reply and I accidentally hit the tab key and now all is lost.....

A lot of that info is good to know but some of it is heresay, especially the part about what MS does on purpose or plans.
I do think the rental model is a horrible idea but it works in two ways. For the company it gives them a better cash flow for their product. For the consumer who is on a tight budget it gives them access to a program they otherwise couldn't afford or can't justify a $400 purchase of.

It is much easier to justify $30 a month for a few things on the Adobe cloud service than it is to pay an outright $300 to $400 for the software. Though in due time you past that initial cost for owning the software outright. This rental plan has a lot to do with the big companies way of fighting software pirating. Though pirating started partially because some of the big companies charge way to much for some of their software (also because some programmers wanted to show they were good enough to fight the big companies). It's a battle that will go on for ages and the end result will always be higher cost for the software...... Which to me equates to a little greed.

Right now MS is still offering a full ownership license instead of the monthly rental plan. I am not sure how long that will last because they bring in so much more from the rental plan than the purchase of the full license, and it is that much more difficult to hack a monthly subscription than a full software license.
 


I was referring to the fellow above, who seems to think MS is some NWO corporation seeking to mind control us all. As for subscription, it's more than confirmed at this point that it will not be a subscription after the first year and the upgrade will be free during the first year.

All subs do is push more people over to FOSS, imo.
 


I was also referring to that guy along with a few others who have posted somewhat the same things on this thread. There are legitimate reasons why they are trying the subscription module. But it is interesting to hear that MS may turn from that model. Is it possible you can provide me with a link to that info? I currently have MS office 2012 (or something like that) and I have a 1 free year for office 365 on my tablet (which I can also load onto my desktop for free).
 


I think you may misunderstand.
Windows 10 is completely confirmed to be very much a normal Windows distribution at this point. I've actually gone to some events run by MS as part of my work obligations, and they've confirmed the following information:
From 0-365 after release:
Users can opt to upgrade to Windows 10 at no charge. This upgrade will be good into perpetuity, with no subscription fees required during this period or after the year has passed.
Day 366-
Users will have to pay for an upgrade to Windows 10. MS may release a subscription option, but ultimately flat license will be available for sale as well.

As for MSO/365: Good luck. I've sold less than 20 copies of MSO365 in my work, and I sell office with virtually every laptop. People don't want the subscription version. I have no doubt they'll continue to offer it, but I doubt they will phase out their other offerings entirely.

As to the tinfoil hat stuff, I was just taken aback by his assumption that MS purposefully makes security problems in their browser and all number of other issues to somehow increase their market share/performance.
 
Status
Not open for further replies.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom