Internet Explorer vs. FireFox
There were some comments on my "For those who hope and dream" post that as I began to address them, I quickly was filling up quite a bit of space, so I decided to just create an entire post to address them, so here we go.
How does .NET make for a secure experience?
Currently, there are very few ".NET components" that are used in Internet Explorer, though there is the ability to use them. I would expect to see more a big growth of .NET Components with the release of Internet Explorer 7 as well as Windows Vista. Windows Vista is where you will see the largest gain in the security, stability, and performance as Vista at it's core is a .NET environment (similar runtimes, though not exactly the same as the web server runtimes).
The Vista operating system will host the components and will give extensive customization (similar to web.config) on the users end, thereby securing the computer. Components also feature a "signature" called authenticode is a newer version of the digital certificates included in ActiveX components. This will help users to know who created and published the components that they are using.
I still highly advise the use of Anti-Virus and Anti-Spyware programs, even though .NET should provide a more stable and secure environment. It's sad but there will still be users that will create malicious components, and may exploit vulnerabilities currently unknown in the Windows operating system. With the advanced tracing features of .NET, patches for vulnerabilities will happen more quickly (and may be prevented through component configuration settings as mentioned earlier).
With the new Windows Vista operating system being significantly based on the .NET framework (if not completely), you will see great performance increases of .NET components over traditional ActiveX components as well. The Vista environment will stabilize both IE and the components (minimizing browser crashes :) ).
Wait, how is Firefox "subject to all of the security vulnerabilities as internet explorer" when it doesn't use ActiveX?
Another valid concern as Internet Explorer has until recently been plagued with rampid malicious ActiveX controls. That's true that FireFox does not allow ActiveX controls to be used (unless you count FireFox plugins, basically the same thing but browser specific), which poses 2 things: FireFox is not vulnerable to ActiveX controls and FireFox cannot be enhanced by ActiveX controls.
With the release of Service Pack 2 for Windows XP, ActiveX restrictions in Internet Explorer have been increased significantly, leading to the inability to automatically download ActiveX controls (without prior explicit permission). This means that ActiveX controls are shown to the user, but are not installed until the user gives the ok to install the ActiveX control (always check the signature!). This bridges the gap between significant insecurity and lack of third party integration.
This step that Microsoft has taken allows a rich user experience while protecting the safety of your computer. The great security vulnerability for both browsers is known as the Java Runtime Enviroment. As you can see from the image in the original post, this is the FireFox browser and the Java Runtime Enviroment is running. The problems came through .class files (parts of a .jar file that is the packager for the program) that had embedded trojan viruses.
Sun Microsystems is the creator of the Java Language and the Java Runtime Enviroment. Java is an alternative to ActiveX for browsers, as well as a platform to run build programs. I am happy that my Symantec Anti-Virus caught the pests and took care of them before they did any damage. Until Sun takes steps to secure this program, I fear that it will be a large security hole for computers.
Also keep in mind, I ended up at that site because I thought that on this computer I had set up a quick search to another site, and FireFox's default ability is to search Google, then use the "I'm feeling lucky" feature to send you to a site. I am sure you can disable this and would recommend you do so, as I would just use the Google search bar if you continue to use FireFox.
Internet Explorer and FireFox can only aid the user in security, they cannot completely protect them. Both browsers have advantages, though I believe that Internet Explorer has quite a few more.
Oh, btw, does your school's CS department use MS tools for its development environment?
I am unsure what you mean by this. I am not a developer for Weber State and am unsure what they use for their programs (if they develop their own). As a student I have noticed that the computers have the major developing enviroments (Microsoft, Sun, IBM, Oracle, etc). They run Microsoft, Linux, and Unix computers. I have personally used Visual Studio and Vi for classes thus far in my computer classes.
Thanks for your questions anonymous, feel free to ask more anytime.
posted by Darren Kopp at
4:36 PM
2 Comments:
How does "extensive customization (similar to web.config) on the users end" allow for security? If any anything, wouldn't less restrictions mean less security? From what I read, you didn't answer my question about how .NET will make for a more secure experience, a statement you ended your previous article with. From what I read, you mention the future use of .NET components in Vista. You do mention authenticode as a security feature for ActiveX controls, but that has been around for awhile, been subject to (successful?) exploitations, and has nothing to do with .NET (or does it?). So then, how does .NET really make for a more secure experience?
In your last article, you stated that Firefox is "subject to all of the security vulnerabilities as internet explorer". In this article you respond to that statement by noting that Service Pack 2 takes steps to lock down unauthorized ActiveX controls. Alright, but that still means Internet Explorer can use ActiveX (which we already agree can be used for malicious means), and Firefox does not. Therefore, Firefox is not subject to the security vulnerability of ActiveX that Internet Explorer is, right? Therefore, Firefox is not "subject to all of the security vulnerabilities of internet explorer", right?
In response to my last question about your school's CS department, I was wondering if you are taught to use Microsoft-based tools for your programming assignments. I see you do use Visual Studio and Vi. When (or if) you were taught C++, were you taught it using Visual Studio? Were you taught C# in any of your classes? Will you be taught any of the .NET languges in your courses?
Thanks for taking the time to respond to my questions. I hope next time your answers could be more specific.
By
Anonymous, at 8/13/2005 10:28:00 PM
Questions have been answered in a new post, you can find that here. Thanks for the questions/comments, I hope i answered them.
By
Darren Kopp, at 8/15/2005 09:15:00 PM
Post a Comment
<< Home