Criminals running websites that push drive-by exploits overwhelmingly prefer the Firefox browser, according to a researcher who spent the past three months surveilling their browsing habits. Mozilla's Firefox was used by 46 per cent of the exploit kit operators who were tracked in the study, according to Paul Royal, principal …
can we get a link to the report/source article?
1) code injection to a hackers system.
<tab> possible id? forward to authorities? pipe all his interwebs through "upside-down-ternet"? Yes, the legalities would be questionable, but the researchers have already crossed a very definate line by running code on the remote (skiddie) system
2)assumtion that miscreant isnt using a proxy?
3)id be interested to know whether the info leak was from a http header, as these can be forged (opera uses this legitimately to stop sites claiming they are imcompatible)
4) erm perhaps this should be 1) isnt executing code in a log file a pretty serious vuln?
<tab> see also 2) ("low hanging fruit")
darn it stream of consciousnes post!!!one
Might this story be better summarised as 'exploit site operators not quite dumb enough to use entirely insecure browsers'?
So 6.9 of the 15 operators use Firefox and a whopping 1.95 of them use version 3.5.
As a fan of Opera, I feel somewhat obliged to give kudos to the 3.9 ops who share my browser preference.
What browser(s) do the other 4.2 miscreants use? I would be oddly pleased to hear that it's IE5.5, but somehow I doubt it.
Has Mr Royal heard of the law of small numbers perchance? 15 sites really isn't enough to draw any valid conclusions whatsoever.
I for one welcome our statistically inept, "SaaS-based secure Web gateway"(*) punting principal researchers...no, wait - the other thing...
(*) - source: www.purewire.com
Breaking news: Tech savvy users like firefox!
Stay tuned for the weather at 10.
The security-through-obscurity excuse doesn't wash. The fact is that their main choice is Firefox and that is a mainstream browser.
They're choosing Opera simply because, by definition, they're more technically savvy users who make more informed decisions about their choice of browser than the average clueless 'blue e' user or herd-follower, about which browser is best for them.
I'm sure burglars choose specific locks for their own windows and doors for the same reasons - they want the ones they know to work, not the ones they know no the average home owner has heard of.
Also is there a geographic angle to this? is a notable proportion of those surveyed from Russia or Eastern Europe? I'd expect a higher proportion of Opera users in the general population there, so it's bound to be reflected in the stats for 1337 h4x0r5 too.
Bear hygiene and Vatican religious habits
A particular sub-population of tech-savvy people don't fall for the blue e.
Rather obvious aint it?
In other news, " most firefighters don't throw lit matches in the paper bin"
wait....this study is based on a sample size of 15?
c'mon. they couldn't find more than 15 of these exploit kits? I'd hardly call that enough information to draw meaningful conclusions.
Is getting slower every time.
And after updating it informs me that my plugins are not going to work with the new version.
It would have been nice to inform me upfront so I could choose not to update.
ah guess I have to figure out a way to get the old version back on my pc.
ie for me, see?
There is nothing [much] wrong with IE security if you set it up properly.
The problem is just that it is configured out-of-the-box with mediocre security settings, and too many people install every useless plugin that pops up a prompt on their screen.
Tweak up the default security level, add your pr0n domains into the restricted sites zone, kill [disable] the useless plugins, run your user account as standard user, ...
One thing I wish MS would do with IE's right-click "Open in new tab/window" is add "Open in new tab in restricted zone".
Regarding the other browsers, FF is my second. GC is just too thin. And O simply runs horrible on my Atom surfing system.
Garbage in garbage out
You cant disguise a polished turd. This just goes to show that there are varying levels of stupidity on the net. The one dispensing the report of those stupid enough not to cover their tracks, and the register for buying into this pile of steaming rubbish.
@By Wim & Firefox
You could have checked that your plugins were supported BEFORE you upgraded. The versions of the browser they support is there on the plugin site.
Mines the one with 'Stating the Obvious' on the back.
"46 per cent of the exploit kit operators who were tracked in the study"
What I want to know is, what browser were the people that couldn't be tracked using?
To all those who are saying that they're tech savvy haxors
Any mal-ware author worth their salt would:
1) Write their own exploits and avoid using a pre-made kit (Or are the ones writing the kits)
2) Will write their own browser
3) Have their browsers report the wrong version info anyway to prevent infection
Is that a statistically meaningful sample? My fuzzy memory of the joy of confidence tests and the like says "No".
Anyway, Firefox is mainstream these days. I these l33t h4x0r5 really are tech savvy they'll be using more obscure browsers (e.g. Konqueror), agent switching, proxies yadda-yadda-yadda. All which render these "stats" thoroughly useless.
I can't believe it's not Internet Explorer.
Can anybody explain in more detail?
Firefox doesn't auto-cripple you
What's so difficult about this?
Options > Advanced > Update
When updates to Firefox are found:
( ) Ask me what I want to do
(*) Automatically download and install the update
[x] Warn me if this will disable any of my add-ons
All previous versions are available for download from the Mozilla site.
Not a small sample
@2FishInATank I was at first confused as you are - but the researchers were reading the *logs* of 15 sites; as a bonus, they got some info about the how the site admin was accessing the log (hence the country info).
"When the webmasters viewed the logs, their browsers secretly visited a website under his control."
Very little chance of this unless they were idiots! Most people I know download the logs and view them as text files or logon to the server and loo, at them in vi. I've never come across a log analyser which would get tripped over by this either.
Actually, they were *all* using IE5.5, but some of them were l33t enough to hack the browser ID string.........
Browsers all a mixed bag
I've used IE, FIrefox and Opera fairly extensively. They all have good and bad points. As far as security goes, I believe the problem with IE is the more about numbers of hackers targetting it than about innate security of the software.
I want to like Opera, they have been so innovative, but it seems to poop out on some very complex websites like Facebook -- which says something about the browser and about FB.
"or logon to the server and loo, at them in vi."
Firstly, only the truly clueless use vi, it is the suckiest text editor on the planet, bar none.
Secondly, an _editor_ is not the correct tool for viewing log files.
Thirdly, if you analyse your log files using your eyeballs, you've missed almost everything they have to tell you.
The data for this study was obtained by hacking, right?
I think that guy should be prosecuted,
Simple reason for Opera . . .
Half the operators are from Russia. It's equally popular with other browsers there, or perhaps moreso.
Re: Browsers all a mixed bag
“Firefox is slow”
It's generally fast enough, I find.
“And it looks worse than any other browser with its crappy FreeType fonts, often selecting the wrong fonts, and rendering with aliasing ("jaggies").”
font.antialias.min=1 fixes the jaggies, though why this option exists at all I don't know (it should implicitly be 0). As for the rest, that _should_ be a matter of what fonts are installed.
This is news?
And in other news, computer hackers are known to use Linux...
- Game Theory The agony and ecstasy of SteamOS: WHERE ARE MY GAMES?
- Review Is it an iPad? Is it a MacBook Air? No, it's a Surface Pro 3
- Hello, police, El Reg here. Are we a bunch of terrorists now?
- Intel's Raspberry Pi rival Galileo can now run Windows
- Microsoft and HTC are M8s again: New One mobe sports WinPhone