Experts predict Firefox spyware will show up this year
Linux - NewsThis forum is for original Linux News. If you'd like to write content for LQ, feel free to contact us.
All threads in the forum need to be approved before they will appear.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Experts predict Firefox spyware will show up this year
Quote:
"However, spyware experts indicate that with its increased
popularity, Firefox itself will become a target for spyware
creators, who are already poking at the open source browser
alternative..."
I kinda doubt that it will be up this year though and I think that if it will come it will be hard for those guys to create. And as the article says: When/if spyware comes, we will react!
I don't know - personally the main argument this article seems to make is that as the Firefox market share increases, that fact alone will prompt malware writers to attack it. On the surface this seems somewhat plausible, and I'd agree that if you were trying to do damage, you'd pick the biggest target, but there seem to be a couple of key factors that the article overlooks. First, although I am certainly not an expert on this topic, due to Firefox being a true standalone app, I would say it has far less ability to make modifications to OS files, which in turn diminishes the likelihood that simply using Firefox would result in the installation of a variety of new programs (as the article says Yes, it may be possible, but it seems unlikely). In contrast, because Microsoft has so heavily integrated IE into Windows, it has become the default tool to access _all_ files, regardless of whether they are the safe, clean files on your local drive, or unknown files of dubious origin found on the Internet. As a result, simply using IE and visiting the wrong websites can result in a variety of programs being installed and/or OS files being changed, without either the knowledge or permission of the user. While being able to use just one tool for many tasks may be "convenient", it isn't necessarily the best idea. (Would you want to use your toothbrush to brush your teeth as well as to scrub your fingernails after working in the garden?)
Second, I would argue that while increased market share might make Firefox a more appealing target, that fact has no bearing on the ease or difficulty of exploiting it. A good security design is a good security design no matter how widely it is used, just as a bad security design will remain a bad security design, regardless of whether it has a 0.01% market share or a 99.9% market share.
Originally posted by J.W. Second, I would argue that while increased market share might make Firefox a more appealing target, that fact has no bearing on the ease or difficulty of exploiting it. A good security design is a good security design no matter how widely it is used, just as a bad security design will remain a bad security design, regardless of whether it has a 0.01% market share or a 99.9% market share.
I agree completely. One thing the aggravates me in "Windows vs Linux" or "IE vs Firefox" kinds of discussions is people critical of the "alternative" or maybe people defending the "popular" entity claim it's the popularity of the entity that attracts the hackers who then find and exploit the holes, which does have some merit but clearly ignores the fact that software design is a factor that must also be taken into consideration. Your quote, as higlighed above, addresses this eloquently.
Personally I am hoping that Mozilla, Apache, and Linux do become major targets for exploits, so that people can see once and for all whether or not our belief is fact. I'll be disappointed if we're wrong, but I'll have a lot of gloating to do if we're right =o)
Funny enough I was reading a similar article though in relation to Linux in the latest edition of Linux Format (issue 64), where someone argued that Linux would be a target of viruses and Malware once it becomes very popular. Anyway it turned out the author was selling some security products for Linux, so there was some bias I think. Anyway getting back to Firefox, if the Mozilla Foundation make security an essential part of their development model for Firefox etc, then I personally think instances of spyware, malware etc affecting Windows through Firefox will be negligible. Also as mentioned by J.W., Firefox is not coupled to the Windows system as a whole so it can't do as much damage as say IE, if any spyware were to indeed use loopholes in Firefox.
Originally posted by reddazz I personally think instances of spyware, malware etc affecting Windows through Firefox will be negligible.
Absolutely. In Windows, a vulnerability or threat to an application (IE) equates to a vulnerability/threat to the entire machine. Not so in Linux -- J.W.
When was the last major upgrade for Firefox/Mozilla/Netscape?
Which browser(platform/family) is quicker to respond with bug fixes?
Which browser(platform/family) correctly renders PNG alpha blending without forcing web developers to resort to awkward ActiveX, Javacript, or CSS hacks?
Which browser introduced a GREAT feature allowing unprecedented integration with your PC, only to realize too late that it is FAR too easy for people to abuse the brilliant-yet-poorly-implemented innovation?
Distribution: Xubuntu (too scared to install FreeBSD)
Posts: 34
Rep:
I partially agree with the article in the fact that as it becomes more popular, it'll increase as a target of the black hats. On the other hand, other developers/testers will feel motivated to join in and strengthen the code.
Sorry to be the bearer of bad news,
However, on one of my computers ,that had some nasty malware on it already, the first appearances of spyware has... appeared!(grumble)
In fact, it was pretty ironic... since I had been showing my girlfriend how nice firefox is and that there isn't any spyware on it... when all of the sudden I was hijacked to a porno site hawking Jenna Jameson videos...
Ah well... the computer was due for a reformat nehoot.
If you, Juggerr, already had alot of malware on the computer, as you said IMO it's more likely that it is the malware and not firefox that messed things up. It's kinda easy to write a program that spreads via a flaw in the operatingsystem and then is able to make you visit porno sites, at least easier then writing a malware that spreads via firefox, since it does not allow as much as IE does. Was that Firefox 1.0 or 1.0.1 btw, Juggerr?
Also, Firefox on Linux is likely to be more free from malware then Firefox on Windows, or am I wrong?
About the article, it's just stating the obvious. Now the interesting thing to watch is whether any of these efforts will succeed in large scale infectation
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.