Whole article here

I kinda doubt that it will be up this year though and I think that if it will come it will be hard for those guys to create. And as the article says: When/if spyware comes, we will react!

lets wait 'n' watch

I don't know - personally the main argument this article seems to make is that as the Firefox market share increases, that fact alone will prompt malware writers to attack it. On the surface this seems somewhat plausible, and I'd agree that if you were trying to do damage, you'd pick the biggest target, but there seem to be a couple of key factors that the article overlooks. First, although I am certainly not an expert on this topic, due to Firefox being a true standalone app, I would say it has far less ability to make modifications to OS files, which in turn diminishes the likelihood that simply using Firefox would result in the installation of a variety of new programs (as the article says Yes, it may be possible, but it seems unlikely). In contrast, because Microsoft has so heavily integrated IE into Windows, it has become the default tool to access _all_ files, regardless of whether they are the safe, clean files on your local drive, or unknown files of dubious origin found on the Internet. As a result, simply using IE and visiting the wrong websites can result in a variety of programs being installed and/or OS files being changed, without either the knowledge or permission of the user. While being able to use just one tool for many tasks may be "convenient", it isn't necessarily the best idea. (Would you want to use your toothbrush to brush your teeth as well as to scrub your fingernails after working in the garden?)

Second, I would argue that while increased market share might make Firefox a more appealing target, that fact has no bearing on the ease or difficulty of exploiting it. A good security design is a good security design no matter how widely it is used, just as a bad security design will remain a bad security design, regardless of whether it has a 0.01% market share or a 99.9% market share.

As always this is just my 2 cents -- J.W.

I agree completely. One thing the aggravates me in "Windows vs Linux" or "IE vs Firefox" kinds of discussions is people critical of the "alternative" or maybe people defending the "popular" entity claim it's the popularity of the entity that attracts the hackers who then find and exploit the holes, which does have some merit but clearly ignores the fact that software design is a factor that must also be taken into consideration. Your quote, as higlighed above, addresses this eloquently.

Peace...

Personally I am hoping that Mozilla, Apache, and Linux do become major targets for exploits, so that people can see once and for all whether or not our belief is fact. I'll be disappointed if we're wrong, but I'll have a lot of gloating to do if we're right =o)

Funny enough I was reading a similar article though in relation to Linux in the latest edition of Linux Format (issue 64), where someone argued that Linux would be a target of viruses and Malware once it becomes very popular. Anyway it turned out the author was selling some security products for Linux, so there was some bias I think. Anyway getting back to Firefox, if the Mozilla Foundation make security an essential part of their development model for Firefox etc, then I personally think instances of spyware, malware etc affecting Windows through Firefox will be negligible. Also as mentioned by J.W., Firefox is not coupled to the Windows system as a whole so it can't do as much damage as say IE, if any spyware were to indeed use loopholes in Firefox.

Absolutely. In Windows, a vulnerability or threat to an application (IE) equates to a vulnerability/threat to the entire machine. Not so in Linux -- J.W.

Let's not forget there are no active-x features for firefox. a GOOD thing.

When was the last major upgrade for MSIE?

When was the last major upgrade for Firefox/Mozilla/Netscape?

Which browser(platform/family) is quicker to respond with bug fixes?

Which browser(platform/family) correctly renders PNG alpha blending without forcing web developers to resort to awkward ActiveX, Javacript, or CSS hacks?

Which browser introduced a GREAT feature allowing unprecedented integration with your PC, only to realize too late that it is FAR too easy for people to abuse the brilliant-yet-poorly-implemented innovation?

I partially agree with the article in the fact that as it becomes more popular, it'll increase as a target of the black hats. On the other hand, other developers/testers will feel motivated to join in and strengthen the code.

Sorry to be the bearer of bad news,
However, on one of my computers ,that had some nasty malware on it already, the first appearances of spyware has... appeared!(grumble)

In fact, it was pretty ironic... since I had been showing my girlfriend how nice firefox is and that there isn't any spyware on it... when all of the sudden I was hijacked to a porno site hawking Jenna Jameson videos...

Ah well... the computer was due for a reformat nehoot.

Are you sure its a Firefox issue or it was probably due to some other spyware already installed on your system.

Or more likely that's the story he told his girlfriend, and he's posting that here just in case she's looking over his shoulder.

(I'm KIDDING. Relax!)

If you, Juggerr, already had alot of malware on the computer, as you said IMO it's more likely that it is the malware and not firefox that messed things up. It's kinda easy to write a program that spreads via a flaw in the operatingsystem and then is able to make you visit porno sites, at least easier then writing a malware that spreads via firefox, since it does not allow as much as IE does. Was that Firefox 1.0 or 1.0.1 btw, Juggerr?

Also, Firefox on Linux is likely to be more free from malware then Firefox on Windows, or am I wrong?

About the article, it's just stating the obvious. Now the interesting thing to watch is whether any of these efforts will succeed in large scale infectation