How browser security exploits hinder exploration of the web

It’s important to be able to feel safe while browsing the web, both in terms of what your software protects you against and what your own “web street smarts” protect you against. Users who don’t feel safe will restrict themselves to big sites by recognizable companies and other sites that they already visit regularly — still a useful use of the web, sure, but one of the quirky charms of the web is all of that weird stuff that can exist only in this medium, and if you aren’t browsing them, you’re missing out. An even worse category of user is one who feels safe but isn’t, thus exposing themselves to viruses, malware, and even identity theft. Unfortunately, it appears that everyone who uses Internet Explorer is in this category.

In the latest in a long line of Microsoft failings, another Internet Explorer bug has been discovered that pretty much allows arbitrary malicious control over your computer simply by viewing an infecting website. This critical vulnerability was patched recently, but keep in mind that millions of computer users patch their software on an irregular basis, and further millions never patch at all. The number of computer users vulnerable to this one exploit thus remains in the tens of millions, at least. Using Internet Explorer simply isn’t safe, and the majority of people know this. The worse knock-on effect of this is that it causes people to adjust their browsing accordingly, treating the web as a shady inner city neighborhood to be avoided rather than a beautiful vista that demands exploration.

Switching to Mozilla Firefox is a no-brainer. But even with Firefox, as long as you’re still running Windows, you’re still quite vulnerable. It’s possible for even the experienced web user to get caught by what appears to be a trial download of a legitimate piece of software that is actually a virus. This is one of the many reasons why I choose GNU/Linux as my operating system. I browse the web with impunity, journeying where most others dare not, because I have taken the necessary steps to truly protect myself. And the view from way up here is amazing.

10 Responses to “How browser security exploits hinder exploration of the web”

  1. T2A` Says:

    Oh, fuck off with the smug Linux bullshit.

  2. Knacker Says:

    I don’t like linux. So many user interface issues…

    I much prefer Mac OS X. At least every program you install doesn’t leave nondescript resource files with impenetrable names in no less than ten places all across your system.

    What’s the difference between /etc/bin and /usr/bin? Damned if I know and damned if I feel like finding out.

  3. Cyde Weys Says:

    Jesus, what a tough crowd.

    T2A`: I wouldn’t have cause to be smug if the underlying premise wasn’t true. I also have a Windows desktop for playing games, but I use a GNU/Linux computer as my primary desktop because it doesn’t leave me with a vulnerable feeling when I’m surfing the web. Your hostility is unwarranted. You could’ve just said “I’ll keep using Windows because those issues are important to me.” But the extreme reaction suggests something else is going on. Care to explain?

    Knacker: Have you used package managers before? They come standard with all big distros of GNU/Linux (for instance, in Ubuntu, it’s apt). They keep track of every file that is installed with a package and remove all of them when a package is uninstalled. In practice, you don’t need to know the difference between /usr/bin/ and /usr/local/bin/ because the package manager handles all of that transparently.

  4. Knacker Says:

    I don’t like the idea. I much prefer the Mac OS X system, where you just drag the app into the Applications directory. Programs are self-contained, and contain their own config resources that the OS can read to find out what their capabilities are and how it should make use of them. No need to go all over the system to edit tons of config files or scatter them where the OS expects them to be. No entanglements. Intuitive install/uninstall.

    Package managers may do the job, but they’re only really feasible in the open source community, where someone can centralize a software database with no legal implications. Also, what if the PM uninstall script has a bug and doesn’t get everything?

    Windows has the absolute worst system though… Every program is supposed to have its own uninstaller… but that’s disastrous. Almost no program cleans itself up completely, and it’s not always in the program publisher’s best interests to do that. Some programs leave behind spyware and data miners when they’re done. Almost 100% of them don’t clean all their registry entries, and what the hell’s the deal with the registry anyway? Sometimes, a program’s uninstaller becomes corrupt, and removing the program then becomes nigh impossible because it has registered about 10,000 DLLs that hook into windows’ Explorer.

    Mac OS’s system is far from ideal, though, mostly because Apple doesn’t enforce software architechture… the publishers are used to living in a Windows world where they’re free to scatter crap all over creation. Why do important program files need to be in a user’s home directory for Adobe CS3 to function? Why can’t you just have the App package, maybe a user-level and system level plugins directory, and a config file in ~/Library?

    This has become more of a rant than a rebuttal, and I guess I should apologize but I don’t think I’ve ever said I’m sorry and meant it.

  5. Cyde Weys Says:

    Having applications being self-contained within their own directory is certainly one way to approach the problem, but keep in mind that it has its disadvantages, too. The major advantage of grouping parts of programs by type is that it simplifies backup procedures. For instance, in GNU/Linux, all I have to do is copy over the contents of /etc and my home directory (along with the list of programs installed) and I’m good to go on another system. If you reinstall, mess with, or recover operating systems a lot, this is a godsend.

    With Mac OS X, I suspect that saving all of your preferences isn’t nearly as easy. You could just copy over the entire Applications directory, sure, but DRM is going to prevent a bunch of those programs from working on a different system, necessitating reinstalls, and the size of all of that is going to be huge. I can fit my /etc and my home directory on a single CD; to copy the entire Applications folder under Mac OS X, you’d pretty much need an external hard drive, and all of that copying would take a lot longer.

    Anyway, no need to apologize. We’re having a productive discussion here. But it is curious to me that you’ve never said sorry and meant it? I say sorry whenever a situation merits it, which is surprisingly often. Sometimes the best way to mediate a situation is to get past it, and the best way to do that is to forgive rather than hold grudges.

  6. T2A` Says:

    Nothing is or was “going on.” I’d just come from Reddit after reading something about smug Linux geeks. Then I venture here and BAM — a perfect example of Linux geek smugness. It was like I was living that episode of South Park in which all the hybrid owners get up their own ass about the car they drive.

    It’s annoying, and no one really cares what you’re running. If Linux lets you wander around to the deepest depths of virus-infested kiddie porn sites, that’s cool. I don’t want to hear about it, though. D:

  7. Cyde Weys Says:

    Oh come on, that’s just a low blow. Kiddie porn? Please.

  8. asdf Says:

    have you thought about running your browser in limited user mode or how about a limited user account?

    http://www.codinghorror.com/blog/archives/000891.html

    better than learning a completely new OS.

  9. Cyde Weys Says:

    asdf: Unfortunately, Windows doesn’t really implement user accounts in a way that provides a boon to security, at least as far as Windows XP and prior versions of Windows go. I’m not so sure about Windows Vista though; it well may.

    Another alternative would be to run a browser inside of a virtual machine running Windows. That will provide very good encapsulation, at the expense of being a bit harder to set up. You’re right though, it is still easier than learning the ins and outs of an entirely different operating system.

    Still, anyone can download and try out a GNU/Linux LiveCD at no risk to their computers. You could just keep one around and use it for extended browsing sessions. As long as you’re just doing web browsing, the desktop environments in modern GNU/Linux distributions will make it just as easy as doing it in Windows.

  10. Knacker Says:

    Since I was a kid, I always had to say “I’m sorry” when someone forced me to. Since that’s the case, I associate saying I’m sorry without actually being sorry about anything. I wasn’t a great kid.

    Anyway, yes, all of that is true about mac OS X, except for the thing about preserving your preferences. As long as you save your home directory, you can move it around to other systems without any loss of functionality.

    One more thing; if linux had publishers who embedded DRM into their applications, you would have just as much trouble backing them up. As it stands, only open source and specialty software tends to thrive on the platform.

    And the only app suite I’ve had to reinstall every time is Adobe CS3. Even M$ Office politely asks you to reactivate on first launch when you directly copy it over. Q