Is Spyware an IE-only problem?

  • Article

Recently, I had someone make the following comment on a post announcing IE 7:

Hahahaha....dude we don't need it! I'm a Microsoft person 100%, but creating something we already have is useless! We have Firefox! The FLAWLESS web suite. It's awesome enough. I can't imagine IE matching and beating it by 200%(that is the % required to warrent a switch). That's just not right. Reinvesting the wheel is actually a sin.

Well, according to the article below, the "flawless" web suite may soon be visited by spyware issues of its own:

https://internet.newsforge.com/internet/05/01/31/2121249.shtml

Part of the problem I see here is the assumption on the commenter's part that it's possible to make "flawless" software. As long as human beings are involved in the process, that's highly unlikely. We can make software that's more secure, and we should, hence the updates to IE with XP SP2, and the ongoing work in that area.

But the other problem I see is the lack of recognition that any time you provide the ability to run executable code in the context of a browser, you have a potential avenue for attack. So, sure, Firefox may not be vulnerable to attack via ActiveX, but in order to run Flash, Java, or any number of other embedded goodies that web surfers don't want to live without, there has to be the ability to run executable code, and that's where people will start looking for flaws. Will Firefox hold up better to this scrutiny than IE? Only time will tell. But it's a good bet, IMO, that those who claim Firefox is "flawless" will be proven wrong sooner rather than later.

Oh, and please don't bother flaming me about supposed FUD. It really doesn't ultimately matter to me which browser people use. But it does matter to me that we discuss browser security realistically, and not pretend that a 1.0 product that has not had to withstand a great deal of scrutiny is "flawless".

Lastly, no matter which browser you choose to use, it's a good idea to avoid running day-to-day with an admin account. Why give any malware you might accidentally run complete ownership of your machine if you don't have to?