Download the Mozilla Browser: "Spyware Barely Touches Firefox"

DOWNLOAD - http://www.mozilla.com/firefox/

(...)

Yahoo! News

Spyware Barely Touches Firefox

By Gregg Keizer
TechWeb.com Thu Feb 9, 2:15 PM ET

Internet Explorer users can be as much as 21 times more likely to end up with a spyware-infected PC than people who go online with Mozilla's Firefox browser, academic researchers from Microsoft's backyard said in a recently published paper.

"We can't say whether Firefox is a safer browser or not," said Henry Levy, one of the two University of Washington professors who, along with a pair of graduate students, created Web crawlers to scour the Internet for spyware in several 2005 forays. "But we can say that users will have a safer experience [surfing] with Firefox."

In May and October, Levy and colleague Steven Gribble sent their crawlers to 45,000 Web sites, cataloged the executable files found, and tested malicious sites' effectiveness by exposing unpatched versions of Internet Explorer and Firefox to "drive-by downloads." That's the term for the hacker practice of using browser vulnerabilities to install software, sometimes surreptitiously, sometimes not.

"We can't say IE is any less safe," explained Levy, "because we choose to use an unpatched version [of each browser.] We were trying to understand the number of [spyware] threats, so if we used unpatched browsers then we would see more threats."

Levy and Gribble, along with graduate students Alexander Moshchuk and Tanya Bragin, set up IE in two configurations -- one where it behaved as if the user had given permission for all downloads, the other as if the user refused all download permission -- to track the number of successful spyware installations.

During Levy's and Gribble's most recent crawl of October 2005, 1.6 percent of the domains infected the first IE configuration, the one mimicking a na�ve user blithely clicking 'Yes;' about a third as many domains (0.6 percent) did drive-by downloads by planting spyware even when the user rejected the installations.

"These numbers may not sound like much," said Gribble, "but consider the number of domains on the Web."

"You definitely want to have all the patches [installed] for Internet Explorer," added Levy.

In the same kind of configurations, Firefox survived relatively unscathed. Only .09 percent of domains infected the Mozilla Corp. browser when it was set, like IE, to act as if the user clicked through security dialogs; no domain managed to infect the Firefox-equipped PC in a drive-by download attack.

Compare those figures, and it seems that IE users who haven't patched their browser are 21 times more likely to have a spyware attack executed -- if not necessarily succeed -- against their machine.

Most of the exploits that leveraged IE vulnerabilities to plant spyware were based on ActiveX and JavaScript, said Gribble. Those two technologies have taken the blame for many of IE problems. In fact, Firefox boosters often point to their browser's lack of support for ActiveX as a big reason why its security claims are legit.

Levy and Gribble didn't set out to verify that, but they did note that the few successful spyware attacks on Firefox were made by Java applets; all, however, required the user's consent to succeed.

Microsoft's made a point to stress that Internet Explorer 7, which just went into open beta for Windows XP, tightens up ActiveX controls by disabling nearly all those already installed. IE 7 then alerts the user and requires consent before it will run an in-place control.

Good thing, because one of the research's most startling conclusions was the number of spyware-infected sites. One out of every 20 executable files on Web sites is spyware, and 1 in 25 domains contain at least one piece of spyware waiting for victims.

"If these numbers are even close to representative for Web sites frequented by users," the paper concluded, "it is not surprising that spyware continues to be of major concern."

The moral, said Levy, is: "If you browse, you're eventually going to get hit with a spyware attack."

* Email Story
* IM Story
* Discuss
* Printable View

RECOMMEND THIS STORY

SOURCE - http://news.yahoo.com/s/cmp/20060210/tc_cmp/179102616


(...)

US President George W. Bush aboard the nuclear aircraft carrier USS Abraham Lincoln. A former CIA official who coordinated US intelligence on the Middle East has accused the Bush administration of "cherry-picking" intelligence on Iraq to justify a decision it had already reached to go to war, The Washington Post reports(AFP/File/Stephen Jaffe)

Yahoo! News

Bush waged Iraq war by "cherry-picking" intelligence: former CIA official

Fri Feb 10, 5:43 AM ET

WASHINGTON (AFP) - A former CIA official who coordinated US intelligence on the Middle East has accused the Bush administration of "cherry-picking" intelligence on Iraq to justify a decision it had already reached to go to war, The Washington Post reports.

The newspaper said Paul Pillar, who was the national intelligence officer for the Near East and South Asia from 2000 to 2005, also accused the administration of ignoring warnings that the country could easily fall into violence and chaos after an invasion to overthrow Saddam Hussein.

"Official intelligence on Iraqi weapons programs was flawed, but even with its flaws, it was not what led to the war," Pillar wrote in the upcoming issue of the journal Foreign Affairs.

Instead, he asserted, the administration "went to war without requesting -- and evidently without being influenced by -- any strategic-level intelligence assessments on any aspect of Iraq."

Pillar said mistakes made by US intelligence agencies in concluding that Hussein's government possessed weapons of mass destruction did not drive the administration's decision to invade, according to The Post.

"It has become clear that official intelligence was not relied on in making even the most significant national security decisions, that intelligence was misused publicly to justify decisions already made, that damaging ill will developed between policymakers and intelligence officers, and that the intelligence community's own work was politicized," Pillar wrote.

The paper said Pillar was an influential behind-the-scenes player and was considered the agency's leading counterterrorism analyst.

By the end of his career, he was responsible for coordinating assessments on Iraq from all 15 agencies in the intelligence community. He is now a professor in security studies at Georgetown University.

In his article, he said he believes that the "politicization" of intelligence on Iraq occurred "subtly" and in many forms, but almost never resulted from a policymaker directly asking an analyst to reshape his or her results, the report said.

Instead, Pillar describes a process in which the White House helped frame intelligence results by repeatedly posing questions aimed at bolstering its arguments about Iraq, The Post said.

The Bush administration, Pillar wrote, "repeatedly called on the intelligence community to uncover more material that would contribute to the case for war," including information on the "supposed connection" between Hussein and Al-Qaeda, which analysts had discounted.

* Email Story
* IM Story
* Discuss
* Printable View

RECOMMEND THIS STORY

SOURCE - http://news.yahoo.com/s/afp/20060210/ts_afp/usiraqpoliticscia_060210104328


(...)


Download a pair of documentaries for free to help Save The World...

911: the Road to Tyranny (2002)

http://www.archive.org/details/911theRoadtoTyranny

Martial Law 9/11: Rise Of The Police State (2005)

http://www.archive.org/details/MartialLaw911

Peace, (NOW!!!)
BK

_________________

...

Black Krishna Brand

Philosophy - http://blackkrishna.blogspot.com/

Music - http://www.soundclick.com/bands/0/blackkrishna.htm

...