back to article Opera and Firefox downloads soar after IE alerts

After Microsoft confirmed that a hole in its Internet Explorer browser was used in the December cyber attacks on Google and at least 33 other outfits, a trio of security-conscious nations - Germany, France, and Australia - went so far as to warn their citizens against the use of IE. And that led to a very good week for the likes …

COMMENTS

This topic is closed for new posts.
  1. divinci
    Pirate

    MSoft Credibility Hacking

    -- unfounded conspiracy theory alert --

    So some *chinese* hackers attack google..

    So

    Google blame IE

    Then

    Google releases details of win16 vulnerability...

    While

    Chrome adverts appearing all over my local town...

    Has the Big G taken a leaf out of Bills 'How to build an empire at all costs' book?

    1. blackworx
      Thumb Up

      Exactly

      What I was about to say

  2. Anonymous Coward
    Thumb Up

    Final nail in the coffin of IE

    I'm setting people up with Firefox + AdBlock pretty much everywhere I can. They are really surprised you can avoid ads so effectively and are made happy when I tell them that they are getting a faster and safer browser.

    1. Francis Fish
      Unhappy

      Faster?

      When it doesn't freeze, maybe. I've half-switched to chrome, but don't want to give the big G everything.

      1. Anonymous Coward
        Anonymous Coward

        As MS's source code is...

        closed source, we'll never be sure why FF might, and I stress might, be slower on Windows than IE. It's certainly a smaller footprint, so you would think that it would faster.

        Makes you wonder how MS slows it down.

    2. Bob Gateaux
      FAIL

      Eh?

      Where you get this mad idea?

      Faster? It take much longer to load.

      Safer? Where you get that crazy from? Much less safe - just because they say "safe" you fall for it ha ha!

      1. heyrick Silver badge
        Stop

        Hang on a mo...

        Firstly, I think speed is highly subjective. There's more to life and the web tan how fast a JavaScript interpreter can run the Sieve of Eratosthenes. I'll hand it to you, with about:blank as the default page, MSIE8 is damn quick at loading. Note, and pay attention. AT LOADING.

        It's afterwards that you will experience other browsers doing things faster. It's the whole package, not just certain parts. And, frankly, I'm not _that_ bothered how fast it loads. I expect to load and go, not load...load...load...load... see?

        FWIW, you may remember I complained about FF running out of memory and then crashing. I pared down to the essential plugins (Lazarus, NoScript, WebMail notifier, ABP, TACO, and DownloadHelper, FlagFox, extended statusbar, and FDM integration. I no longer have a cute little weather forecast on the status bar and I no longer have some other cruft, but I appear to also no longer have a prone-to-crash browser. That's a worthwhile trade-off, no?

        Now the real argument:

        Let's look at your "Much less safe" assertion.

        Prove it.

        Let's have a list of URLs of serious exploits affecting FireFox and Opera [qualification - in order to count it HAS to have been exploited, something a security researcher found does not count if the hole was plugged before any damage was done; I expect my browser to be safe, not perfect].

        In return, I can state that it shouldn't be too hard to rip MSIE apart, from the horrible abortion that is ActiveX (probably why some companies are still flogging the long-dead IE6 horse), right up to... well... this debacle.

        Oh, and dont quote me that piece of crap study that says how much better MSIE8 is at detecting malware than anything else. You might want to consider http://my.opera.com/haavard/blog/2009/03/26/malware-report-from-nss-labs-manipulates-statistics

        [nutshell version: it's a MS sponsored study, it doesn't define the test algorithm, there's plenty of dodgy maths, and to top it all off they claimed to have tested a version of Opera before it was even released; oh and a new FF was not allowed but an IE8 beta was... the results are therefore to be counted as having the words "ADVERTISEMENT" across the top of the page]

        I'm not trying to be a FF fanboi. I like FF for its customisation potential and the useful add-ins (some of which help "safety" in a different sense). There will be a serious exploit using Firefox. It is only a matter of time. And if Opera ever gets enough market share, there will be an exploit there too, especially given us FF users are best at keeping the browser up to date, while Opera users are tragically poor at doing so. [http://mashable.com/2009/05/06/browser-innocence/]

        One final link that puts the results into context: http://www.itworld.com/endpoint-security/75006/whats-really-safest-web-browser?page=0%2C1

  3. Anonymous Coward
    Anonymous Coward

    Good

    I don't really care if people use FF, Opera, Safari, Konqueror or even Lynx; heck, even IE is OK, just so long as there is a good mix. Why?

    1) It reinforces standards and reduces the potential for lock-in, leading to greater competition, increased quality and better value for money.

    2) It forces software makers to ensure their product is more manageable. For example, FF is often criticised for not being easy to centrally manage, perhaps increased demand for this will get Mozilla to address it.

    3) It encourages OS vendors to provide tools for managing same. Linux shows one way this can be done (one integrated system keeping the OS and all apps up-to-date automatically - something Windows users can only dream of).

    4) It massively increases security. In a homogeneous environment a single-point failure can rip the entire system open as the exploit will work across all systems. In a heterogeneous environment it is much harder to get a full system break as you can only ever attack a certain sub-set at a time.

    5) Sustainability. With a heterogeneous system it is also much more likely that some kind of service can be maintained, all be it reduced, should an attack or failure bring down one system type. In a homogeneous environment a single virus could bring the entire thing crashing down.

    Although there are some costs involved (e.g. trickier initial set-up, training, extra staff) these can be offset by savings in other areas (e.g. reduced license costs, increase up-time, reduced maintenance).

    I am not having a dig at MS (yet), *any* homogeneous system be it Apple, *nix or whatever is ill-advised for the reasons above. It is only hard to have a heterogeneous environment due to the deliberate actions of the current monopoly player, it's time customers struck back (there you go).

    1. ElReg!comments!Pierre
      Thumb Up

      You forgot one

      6) Privacy. Using different browsers for different tasks reduces the risk of information leaks (history hacking, cookie checking, etc). Without the need to worry about erasing all personal info (which is not really possible when simultaneously performing different tasks).

      1. Bob Gateaux

        @You forgot one

        For this we read: you use Firfox for your pornographics but keep it not default so wife never see history when she click to browse?

        1. ElReg!comments!Pierre

          Nah

          "you use Firfox for your pornographics but keep it not default so wife never see history when she click to browse?"

          Nah, that's what different _accounts_ are for.

          I meant I use FF (well, on most of my system it's called Iceweasel, but same/diff...) for general purpose, w3m or Lynx for anything potentially harmful, hv3 or Dillo for FreeNet, and Konqueror for TOR and banking (spot the errors... but you get the idea).

      2. Bob Gateaux
        Happy

        You forgot one

        Opps - then I forget to even comment on how you do "different tasks" "simultaneously". I think left hand knows what right hands does ha ha!

  4. Anonymous Coward
    Anonymous Coward

    correction

    "Given the significant level of attention this issue has generated"

    should read

    "Given the significant level of downloads of our competitors' browsers this issue has generated"

  5. vegister

    uk.fail

    typically we hear nothing from the UK.gov

    1. Test Man
      FAIL

      Re: uk.fail

      Who cares? This isn't something that needs the government commenting on it. The French, German and Australian government clearly have nothing better to do.

      1. Bilgepipe

        Wrong

        Of course it needs government attention, the government is supposed to look out for it's citizens - that's why the UK government has been so silent on the issue.

        As for Microsoft, I love how they have a Trustworthy Computing group. Now there's irony.

        1. Anonymous Coward
          Anonymous Coward

          Fnord!

          Nope irony is making comments about irony without actualy understanding the inherent contrdictions of your statements.

    2. Magnus_Pym

      No centre ground then?

      Just choose 'nanny state' or 'criminally unconcerned government' to go with any news story you care to comment on.

    3. Steve Evans

      Probably quite good too...

      The last thing we need is the population starting to think uk.gov has a single clue about IT.

  6. Charles Calthrop
    Go

    And here come the browser beaters

    For some reason I love stories like this, if only to get a sort of sad pleasure from reading posts from people who believe they are superior humans because they use a different brand of browser.

    I am sure the germans have a word for this

    1. Anonymous Coward
      Anonymous Coward

      Schadenbrowser?

      <sound of empty stomach rumbling>

  7. irish donkey
    Megaphone

    I smell a conspiracy

    This is just a ruse to get everyone to switch from IE to Firefox so they are distracted and forget that Obama wants to give everybody free healthcare.

    Or am I reading too much into this.

    I always have a tin hat

  8. MarkOne
    FAIL

    Why Firefox?

    As surely it's got it' own continual security issues... It seems every week there is a Firefox patch. Opera rarely needs OOB security updates, and it's inherently secure, not contunally patched to be secure like IE and Firefox and to a lesser extent Safari/Chrome/Webkit base browsers.

    1. the_madman

      Obviously don't know how FOSS projects work

      I should bloody well hope Firefox is patched - and more than once every week. Same with Google Chrome and other open browsers. That's kinda the point.

      On the other hand, how often they release the changes is a different matter... I find the time between upgrades (on Windows) is closer to months than every week.

    2. MacroRodent
      Boffin

      Re: Why Firefox

      "Opera rarely needs OOB security updates, and it's inherently secure,"

      Any justification for this statement? I use both Opera and Firefox on Linux, and Opera does not feel any more stable. In fact, it crashes a bit more on this particular setup, but the comparison is not entirely fair, since the Firefox is what the conservative CentOS 5 distribution supplies, and is thus an older patched version (3.0.14), whereas Opera is the very newest (10.10). So I would just say that they appear to be about on par wrt quality. The lack of security updates could be because Opera receives less critical scrutiny (It is both closed-source, and less common than FF).

      I would love to see someone create a full-featured browser in some safer language than C or C++, like Java. While that would not solve all security problems, it could eliminate some common classes of them, like injection of malicious code via buffer overflows.

      1. Anonymous Coward
        Anonymous Coward

        I bet it would be rubbish

        really rubbish.

      2. Alan Mac

        Java Browser Exists

        I haven't used it myself to see if it's "fully featured" but there is an open source Java browser called Lobo if you're interested: http://lobobrowser.org

        1. Bob Gateaux
          FAIL

          @Java Browser Exists

          As if we not have enough problems with Java in the Firfox!

  9. Magnus_Pym

    Java Browser

    Sun did release a java browser as a proof of concept. It generated no support in the open source world and went into a coma.

  10. jon 77

    MacroRodent...

    you do not realise the *stupidity* of the market... If people would use the 'most standards compliant', safest, browser, they would be using Opera...

    But NO, they use the 'most shouted about' , 'geek supported, open source', 'most companies like netscape, mozilla is the same' (FF is as similar to netscape, as a ford anglia is to a Volvo.. check who owns what!!)

    Opera is intrinsically more secure, as it does not accept the malformed code, that enables these exploits to happen!!

    Only thought is, either opera has an 'attitude problem' with google and similar non-standard webcode, wont pay them enough for 'source code help' due to its 'principles', while FF gets NO problems with the frequent mods that google, yahoo, hotmail, etc make...

    It make me wonder that they are letting 'bad' code through for cash, and hoping users wont notice.....

  11. regadpellagru
    Thumb Up

    Drop it, FFS

    "Opera was quite clear on how it sees the matter: "Security issues continue to plague Internet Explorer users, and the latest recommendations from the German and French governments against using the browser are in line with what the security experts have been saying for years." "

    Indeed, what to say on top of this ? It's been written all over the place, in El Reg and elsewhere: Drop the *darn thing* !

  12. jon 77

    I wish you luck in browser creation!!!

    If it was *that* easy, there would be *hundreds* about !!! It is NOT security that *most* people want, it is either something to do facebook, myspace, etc, etc, and also look very fancy, have pleny of gadgets and widgets on, do their flashy website without worrying how *awfully* it is written, etc, etc...

    It is no wonder that there are only a few browsers actually used... many do not even realise that their 'super-yahoo browser' is actually a heavily disguised IE...

  13. randomhuman
    WTF?

    Who's confused?

    "confusion about what customers can do to protect themselves"

    Seems to me everybody has a fairly clear idea of what they can do. Maybe they are referring to their own willful confusion.

  14. Jamie 27

    Google use IE? They weren't using Chrome...?

    Nuff said.

  15. Anonymous Coward
    Paris Hilton

    microsoft losing ground in many areas..

    Microsoft are *finally* getting the attention deserved for their lack of - hmm - open partnership.

    For years, they've blithley forged a path as the "trend setters", creating competing standards (I know they aren't alone in this, but are the main protagonists), with a "we're too big to co-operate" attitude.

    Take any web tech you can think of and Microsoft will have created an alternative - sometimes this succeeds, sometimes not. Think 'Silverlight vs Flash' or microsoft trying to create an alternative to PDF, or way before that, creating Internet Explorer only markup and scripting. (which so many corporate intranets and extranets still rely on, hence the current security debacle)

    Instead of embracing the current platform leader and striving for open standards, they use mighty marketing muscle and many 'bums on seats' to churn out thier version of how things should be, attempting to control the internet and other technologies in the same way they've controlled the desktop for decades.

    In recent years, they've started failing - or at least, failing to achieve the kinds of success they once had in most areas. Zune was a flop, Silverlight has failed to gain significant inroads, Vista was an unmitigated disaster - the list goes on.

    There's nothing specifically wrong with trying to forge your own path, until you start ignoring better ideas, or buying them out, or squashing them - a typical microsoft tactic.

    With balmer at the helm, blundering around like an embodiment of the legendary '800lb gorilla', we're seeing the stiching start to unravel.

    Witness this oaf of a man in a recent 'Click' interview, at CES in Las Vegas - denial and FUD just trip out of his mouth - you get the impression that he'll use violence to get his own way, to push his point home. "I'm right, always right, if you don't like it, I'll squash you"

    But the reality is, the behemoth is struggling to shrug off it's legacy - the crumbling facade of XP and Internet Explorer, sitting on a technology base that's way past it's sell by date.

    Is it any wonder the cracks are starting to widen? - no amount of plaster is going to stop the inevitable collapse, as leaner, meaner, smarter organisations leap ahead.

    It's going to be a long, painful, protracted demise, unless microsoft can shed some of it's heft and ditch Balmer.

    ...er, or something like that, ramble ramble... too much coffee... what was the article about again?

    Paris, because as a classy dame of legendary intellect, she likes a bit of Opera and because I've had another cup of coffee..

    1. Anonymous Coward
      Anonymous Coward

      It's worse than that...

      "In recent years, they've started failing - or at least, failing to achieve the kinds of success they once had in most areas. Zune was a flop, Silverlight has failed to gain significant inroads, Vista was an unmitigated disaster - the list goes on."

      They're losing so much ground that their grip on "mindshare" (sorry) is slipping. They were smart enough to see that this was happening over Vista, and swallow a bit of their hubris- getting something sleeker and nicer out in record time. However, cracks were starting to show..

      What was happening is that Jo Public- ordinary people, not picky geeks like me and thee, were starting to realise that they had a choice, that "computer" and "windows" didn't mean the same thing. Linux-based machines, a lot of shiny Macs.. and people were amazed to find that they were, in many cases, more useful, less stressful and less egregiously paternalistic.

      That was a wakeup call, Redmond had too many years of "all your base are belong to us", and thought they could get away with any old crap, and managed to fail to ram a version of Windows itself down throats, despite the most enormous advertising push yet. Fair dos to them for being clever enough to notice and adapt, though.

      However, in a small way, genie's out of the bottle now. MS will, in a small way, have to bear this in mind and compete on something more than just strongarming and think - amazingly - about quality sometimes.

      This is before we consider Google, of course, who are a new kind of threat- faster-moving and more tricksy than the stodgy outfits of yore. They twist and turn more like smoke than an oil tanker- unlike a lot of those vanquished by MS in the past, and they are every bit as ruthless. Make no mistake about that. Platforms are diversifying at the same time, too- so it's really hard to call.

      I'm not sure that I even have an axe to grind- I'd like to see a hetrogenous technological ecosystem where no-one has the ability to write the entire script for themselves. This may well include Microsoft, if it can keep it together, and Ubcle Fester doesn't drive it into the ground with his plodding, charmless, bullying ways. If he does drive it into the ground, there are plenty of candidates for the top spot now.

  16. Fr. Ted Crilly Silver badge
    Thumb Up

    Hoop-la

    About bloody time too

  17. Chris 40
    FAIL

    Missing the point

    "For some reason I love stories like this, if only to get a sort of sad pleasure from reading posts from people who believe they are superior humans because they use a different brand of browser."

    Tell you what, mate, try developing web-sites for the wretched piece of crap, and then suppress your smirk when government is telling people to use something else. IE is a nightmare for us web developers - no superiority complex required.

    1. Anonymous Coward
      Anonymous Coward

      Agreed

      If you develop a site on (say) Opera, you can be 99.99% sure it will work on Firefox, Konqueror etc. You can also be 99.99% sure than any rendering differences are going to be so minor that unless you have two different browsers open side-by-side, you won't notice them.

      The you try it in IE (any version) and this...this...vomit just lands on the page. IE8 might render something which might have the same content somewhere on the page, but you'll be lucky if it's usable. You can forget IE7 and IE6.

      For this reason, when doing web work, I will state "XYZ will be coded for a modern, standards compliant browser (e.g. Firefox, Opera etc)." This, of course, gets push-back from the customer (internal or external) and gives me that chance to inform them that IE can be supported, but at additional cost. They then ask why, so I show them a few basic examples. Cue much spluttering, shock, head-shaking and a small shift in their world-view.

      Hell, if the page is small enough the browser on your average mobile can load it. Try that with your ActiveX crap and proprietary tags/calls .

  18. Neil 7
    Dead Vulture

    @jon 77

    "Opera is intrinsically more secure, as it does not accept the malformed code, that enables these exploits to happen!!"

    http://www.vupen.com/english/advisories/2009/3297

    http://www.vupen.com/english/advisories/2009/3073

    http://www.vupen.com/english/advisories/2009/2500

    http://www.vupen.com/english/advisories/2009/0720

    http://www.vupen.com/english/advisories/2009/0586

    Oooh looks - security exploits and errors in Opera! Fancy that. Your comment is utter cr@p.

    Face it, all browsers have errors and security exploits - that is beyond dispute. It's not a problem or concern that they exist (most haven't even been found or publicised yet), but it is a concern when the exploits are not fixed ASAP.

    All browser vendors - excluding Microsoft - tend to fix security related issues much sooner than later. Just because Mozilla Foundation roll out security updates every few weeks isn't a reason for criticism, it's something to be applauded - how many security patches are Opera/Google/Apple sitting on that would benefit you today?

  19. Lord Lien
    Pint

    Beer....

    Does anyone know if beer is effected by this latest earth shattering ground breaking news?

  20. Tachikoma1373

    Sombunall

    1. Why do so many so called "intelligent people" fail to recognise that thinking in aristotelian absolutes is so limiting. If (and thats is obviously a big IF in so many cases) you have an IQ use it, don't waste it!

    2. Is it me or is sombunall of the Register's content written by and for Daily Mail readers? How about some more objective journalism or does 1. refer to you?

    3. Sombunall of you will be upset by my comments. Sombunall of me gives a shit.

    Kill all Extremists! F**k 'em if they can't take a joke! Fnord.

    1. John Sanders
      Megaphone

      HERESY!!!

      ***2. Is it me or is sombunall of the Register's content written by and for Daily Mail readers? How about some more objective journalism or does 1. refer to you?****

      Don't you dare to badmouth my beloved register young man!

      Even if it doesn't look like, this is an intellectual temple!

    2. Anonymous Coward
      WTF?

      What the fck are you talking about?!

      What's this sombunall? Is it at all like a "husjghkwe"?

      1. Tachikoma1373

        Way to prove a point.

        Sombunall - A term meaning 'Some but not all', as defined by Robert Anton Wilson in his book Quantum Psychology

        For example:

        Sombunall people are capable of finding things out for themselves.

        Sombunall people will take this comment with a pinch of salt.

        IMHO possible the single most important word missing from the english language, but hey.

  21. Boris the Cockroach Silver badge
    Linux

    Re: Neil 7

    Its not the point if other browsers have security flaws

    Heck I'm using firefox 2.whatever on a linux box to create this knowing full well it has security holes , flaws, and cracks

    But if it get pwned by a russian crime gang all I have to do is delete the user directory (/home/BorisTR/ )and create a new one

    (the chances of me running a browser as 'root' are naff all)

    In the case of windows xp and IE, its wipe the entire OS because of the stupid design of the OS and browser

    1. AndrueC Silver badge

      Learn to use the OS or upgrade

      If you were serious about security you:

      * Would be using a limited user account for day to day operations.

      * Would have upgraded to Windows 7 to take advantage of UAC to remove most of the hassle of being a limited user.

      That would get you pretty close to the security of Linux give or take holes in the OS.

      FWIW as others have pointed out:Windows NT was designed with security right the way through. Everything is an object and everything has access rights. Unfortunately the result was a bit too strict and unfriendly so the UI that MS bolted on worked around and glossed over most of it.

      Underneath the Windows UI and legacy API support there is a very strict, very competent OS trying to get out :)

  22. Chris iverson
    Alert

    excuse me just a minute ladies and gentlemen

    I just wish to point out that users dont care about standards compliant, open source, etc. It's more "can I watch my porn/hulu, check my email in a non-annoying way, and does it f*ck up all the time." Now I more or less care to an extent, been using FF since 1.5 and have dabbled with Opera a bit. Also I have taken care to block ads and whatnot at the hosts file.

    So the point is if you want to move someone away from something you do it with cheerful gentle prodding in the direction you want not with ZOMG!!!!! internet ending scenarios. That just drives people to be recalcitrant.

    ok Im off, need more coffee, tea, and nicotine

  23. Lewis Mettler 1
    Stop

    unbundle IE and see how fast it drops off

    All consumers that buy any Microsoft product have to also purchase IE.

    IE is not free. Unless you one of the few fools that think that BurgerKing's advertisements mean that the chips are free but you pay for the coke and burger. Or, that the burger is free but you pay for the chips and coke. Or, that they are all free if just pay $2 for nothing.

    Microsoft just lies about the true cost of IE so that fools do not think about what they are forced to buy. And by fools I also mean the EU Commission and the US DOJ which also insist that all consumers be forced to purchase IE. Not a choice. But, forced to purchase IE. There is a huge difference.

  24. vincent himpe

    browser tracing

    does anyone know if there is a browser out there that can show a tracelog of what it is accessing, and that you can single step ?

    i would love to have a browser where you can click a button and it would go in single step mode. It should show what file it is now going to load and what domain it is coming from.

    along the lines of :

    opening index.html :

    parsing html

    request image.gif

    request sheet.css

    request banner.fls

    request news.txt

    etc

    In trace mode it would show you each individual sub file that is being accesses when opening a web page. The tracing mode whould have an option where you can answer yes or no. That way you, if you see some funky file beeing grabbed : stop it. just block that one file. ( simple box yes,no,add to block list for this domain)

    And then of course it should have a filter built in. so that you can say : do not download this file , or do not download this extention.

    And last thing :being able to distribute such block-lists and attach them to a specific web domain.

    That way if there is a funky site out there ; put browser in trace mode , block the nasty , distribute block list. A centralised block-list repository could do wonders.

    If the browser then would have an auto-update feature (than can be turned on and turned off) so that , before opening a webpage , it pings the block-list server for the block list going with the site it tries to open ....

    Call it community based filtering.

    It shouldn't be too hard to put that in a browser. After all the browser already does all of it. All there has to be, is one additional check to pop up a box showing filename , path , origin and an yes no , add to block list. selection.

    1. Steve Roper

      That might be useful

      if you're debugging a website, but as a means of selectively blocking content I can tell you now it would suck. Most websites, even if the front page looks fairly simple, often assemble the graphical layout from dozens of tiny image files arranged in divs or tables (ugh!), and often use component files for common parts of the site; e.g. the header, navigation bar, sidebar, footer, promo boxout, and main content sections are fetched separately as component HTML files.

      For example, our company website, on its home page alone, fetches 78 images (most of which are only a few hundred bytes here and there), 8 CSS files, 14 Javascripts and 6 HTML component files on page load. Were you to visit our home page using the system you describe, you'd be looking at 106 yes/no/block clicks before you were done. And that's just the home page. And our site is conservative compared to some of the sites I've seen!

      So, nice idea, but would be incredibly annoying to use in practice.

      1. vincent himpe

        of course

        You could toggle tracing and and off. The traces should have the possibilty for block and filter lists. like :

        You would only turn on tracing if you suspect something going on. if the html being parsed all of a sudden grasps files that come from a totally different domain -warning-

        At least it would make life a lot easier thatn having to read the code ( by then it's too late )

        i see this as a right click menu item. instead of clicking on a link you right click the link you don't trust and select 'trace' or 'trace with blocklist'.

        Of course the tracer popup menus could be made a bit smart. if it wants to download a jpeg file you can click yes, no, yes to all jpg for this site, yes to all for this and linked sites.

        JPEg files are relaitvely safe. So are PNG files. If i see that thing all of a sudden grab a java file from a totally different domain , that would be a red flag.

        The filter should NOT look at extensions but analyse what is going on. also when it hits embedded snippets of javascript in html it should pop a warning with an option to execute, block instance , block always for this site.

        Anything you click during a trace session is logged to the block-list. blocklists are saved.

        whenever you open a webaddress, and a blocklist for that address exists in your blocklist folder : pick up the blocklist. anything new that comes up and is not handled by the blocklist : popup.

        That would be one hell of a tool to find out what websites are really throwing at you when you open them. add the capabaility to share blocklists from a pool ( for example blocklists handed out by antivirus companies for known web nasties. ) there could be a blocklist 'for-any'. that is in effect if you have no specific blocklist.

        And it is very easy to implement. All you have to do is modify the html parser so that it triggers this popup menu ( when tracing is enabled) whenever it goes off and grabs something from the site. In essence if the html instructs to grab other documents while still parsing : trigger. it would be a simple if then else clause (if tracing=enabled then if msgbox "site will access" & object" from "&domain &""allow yes ,no"=yes then ...procees. else next.) popup in the handler to retrieve a file from a web address.

        And it would be a very welcome tool to debug websites too. You could snare any cross site scripting crap with this thing too.

    2. Wibble

      Activity monitor

      Safari's activity window shows all the files which are being downloaded. Quite interesting to see the activity of sites like foxbusiness.com. Then add these domains to adblock to see them gone forever. Then sit back and enjoy your dramatically improved browsing experience.

      1. I'm Brian and so's my wife
        Thumb Down

        @Activity monitor

        Of course, you could avoid anything by Fox & dramatically improve your browsing experience...

  25. jon 77

    @Neil 7..

    why are you looking at *ancient* opera versions???? V1010 working fine here....

    maybe you should READ those reports!!! quote" solution: Upgrade to Opera version 10.10" ..

  26. Neil Greatorex
    Pint

    @ Lord Lien

    "Does anyone know if beer is effected"

    Yes, beer is effectively affected.

  27. Anonymous Coward
    Paris Hilton

    @Neil 7

    I have to say that all of your links about bugs in Opera are obsolete, and only two of them affected Opera 10.0. The current version is 10.1, which isn't affected by any of those bugs.

    It's a bit like pointing people to bugs in Firefox 1.5 or 3.0 in order to bash 3.5.

    Your icon's rumours of El Reg's demise are greatly exaggerated.

  28. Neil 7

    @jon 77

    The point is Opera is just like every other browser - it isn't perfect. Your comments seem to imply that Opera IS perfect and has never needed patches for security issues yet a 5 second search confirms that, shock horror, most versions of Opera have been blighted by some form of exploitable bug so it really is just like every other browser - it is no better and no worse.

    I'm sure if I tried searching for a few seconds longer I could find evidence of current exploits in the latest version of Opera, but then the imaginary world you seem to inhabit would start to come apart at the seams... :)

  29. Winkypop Silver badge
    Thumb Down

    A day at the Opera

    Bah, give me back my Firefox any day.

    1. Anonymous Coward
      FAIL

      Why?

      Want to tell us exactly? Opera is far more memory efficient than Firefox, it's faster too, has all the useful features that Firefox needs extensions to do, built right it (althogh perhaps not so easy to find).

      Certainly a day is far from enough time to evaluate something as comprehensive as Opera.

      Did you use OperaLink?

      Did you try Unite?

      Did you use the Mail/News/RSS/Chat stuff included?

      This page highlights some of the stuff:

      http://www.opera.com/browser/

      1. James Hughes 1

        Memory...in the corners of my mind

        Got to agree about FF memory issues - had to kill FF (v3.0.5 on Windoze) yesterday that was using 750MB according to task manager. When it restarted using same tabs it was about 100MB I think. Maybe a newer version will be better - not sure IT will let us upgrade.

        Although on my Linux box at home I have Opera, FF and Chrome, and now use Chrome almost all the time. It starts much faster than FF, the Flash works (which is flakey in Opera - never investigated why though), and does all that I want.

  30. Wibble
    Happy

    A good news story

    This story is nothing but good news. The fewer people using that festering IE browser, the better it is for the Internet. We need a heterogeneous Internet browsing experience based upon standards and consensus, not monkey-boy's flawed vision for total domination.

    The only good thing about any version of IE is that web developers get paid good money to create sites that work on all the common browsers. IE 6 and 7 being the worst offenders by far.

    Security on IE will always be inferior all the time it includes OLE^H^H^H AxtiveX and comes as part of the core "OS". I'm sure it would be more secure if MS had to release *nix and Mac versions.

    It's not as if this is new news. Microsoft have never listened. Reap what ye sow.

  31. Anonymous Coward
    FAIL

    Microsoft announcements

    I know that they're continually accused of talking a load of pish but this took the cake:

    "We take the decision to go out-of-band very seriously given the impact to customers, but we believe releasing an update out-of-band update is the right decision at this time."

    Duplication, lack of clairity, no mention of product. Surely "We'll be releasing a patch for the IE vulnerabilities asap, even though it's not patch day". It's shorter too.

    Looks like it's not just their code that's bloated and wonky...

  32. Robert Carnegie Silver badge

    This Opera user can restrict

    ...Javascript only when I want to allow a web site to use Javascript, on a permanent per-site basis. By default it is switched off for my browsing, by my choice. Likewise other content on web sites, even images: I control what the website is allowed to send to me. Moderate technical understanding is needed to configure this feature.

    So if there's a security bug in Opera's Javascript then I'll install the next download - although the concept of "out of band" doesn't apply as far as I know, because they don't seem to have enough security issues for a regular recurring release date, or enough business users - but in the meantime I won't be using Javascript anyway except on a few sites where I decided it was useful. (Yes, I have heard of "cross site scripting". I think some Opera alerts were XSS issues.)

    And some sites don't work with Opera's Javascript, oh well... basically scripts aren't allowed to rewrite the page while you read it, I think. Or not when I last looked.

    It is usually Javascript, isn't it?

  33. mhenriday

    Microsoft is said to be releasing a patch today.

    One can't hope wondering if those who try another browser will decide to go back to IE once this particular exploit has been patched or whether they will prefer to stay with their new Chrome, Firefox, Opera, or whatever browser. In any event, all the hullabaloo may bring some good in its train : users who never before realised that «Internet Explorer» isn't identical with «Internet» have been exposed to the fact that there does exist an alternative to a Microsoft product - who knows, there might even be some spillover from alternative browsers to alternative OS and/or alternative office suites !...

    Henri

  34. jon 77

    developers...

    I have found a LOT of sites that rewrite the page 'in browser' at many times - they all work ok for me on Opera...

    You can view the current page source at any time, and select your own viewer for this - I have mainly used this to track the URL of something I want to 'block content' of..

    there ARE some debugging tools in Opera - have you not seen Dragonfly at tools, advanced, developer tools?? but dont ask ME about it... you should be posting on the opera forum, so people who know about it can guide you...

    you can use 'customize' for the panel on the left to add an 'info' display, and if you add a status field to a toolbar, you will see loading pages as they go by...

    But if you know debugging well, you should be using a *proper* tool, and only using the browser to test it...

    @Neil 7: I defy you to find anything that is 'perfect' - stop making the wrong assumptions, and start making some posts in the RIGHT forum!

    But I guess you are just too lazy to do anything except moan...

This topic is closed for new posts.

Other stories you might like