Tuesday, September 25, 2007

Revisiting the "Firefox Myths" Part 8

Please read my earlier post "Revisiting the "Firefox Myths" Part 2, the Tangent" for background information on where these quotes came from and what the heck is going on.

This post represents a return to the comment Andrew K posted on September 18, 2007 1:49 PM. He had a lot to say, and I haven't replied to all of it yet.
Myth - "Firefox Vulnerabilities are Quickly Patched"

This clearly proves that Firefox vulnerabilities are not quickly patched thus this Myth is debunked. IE is irrelevant to this Myth and another excuse as you seem to like to make many of them
Statements about the speed with which a bug is fixed requires a context, specifically the context of how quickly other browsers fix their security problems.

Most of Firefox's reputation for fixing bugs faster than IE comes from Microsoft's bungled handling of the createTextRange() Vulnerability. Few people can name the vulnerability, but many remember that their web browsers can be hijacked by hackers just by visiting a web site. They'd never even get a confirmation dialog before hostile software was installed.

Please see my comments on Brian Krebs article "Internet Explorer Unsafe for 284 Days in 2006" below.
Myth - "Firefox is More Secure because it is not integrated into the OS"

The examples are not the sources of the MYTHS!! I know you failed to read that but it is getting old. Mozilla clearly stated what they said. The Myth was debunked by Microsoft.
Andrew is partially right. The browser is not made more secure by not being integrated into the Operating System. The Operating System itself is more secure when a web browser isn't integrated.

This is another example of Andrew attacking my initial write-up even though I agreed with his final conclusion. I used the myth as a starting point to discuss a separate issue, but Andrew has chosen to reassert his original debunking as if it somehow debunked my points about OS security.

Andrew seems a bit confused regarding my intent in responding to his Firefox myths page. I was using his article as a jumping off point to discuss other issues. Yes, I went off on a few tangents, but no, those tangents were no necessarily intended to debunk Andrew's Debunking.

The bottom line is, I've personally seen instances of an Operating System being compromised because some idiot decided to integrate the Web Browser into the File Browser. A single Zero-Day Drive-By exploit was all that was needed to infect several machines.

If Internet Explorer was not integrated into Windows Explorer, I wouldn't have had to clean up several virus infected PCs.
Myth - "Firefox is More Secure because it does not use ActiveX"

Again debunked by Microsoft
To be fair, it WAS true at the time the claim was circulating. Andrew seems to enjoy playing with time frames to his advantage. For example, when discussing the system requirements for web browsers, he happily compares IE 6 to Firefox 2, and ignores IE 7, claiming that since the myth was about IE 6, IE 7 is "irrelevant."

On the ActiveX Myth, Andrew ignores the fact that ActiveX was a major security hole at the time the claim was circulating. He relies upon the fact that most those problems have been fixed to debunk the myth.

Wouldn't it be more honest to admit "Yes, ActiveX was a problem in the past but if you're running IE 7, it isn't a real issue now"?

Just do a Google Search for activex vulnerability and you'll get a whole list of major security holes that Firefox never had to contend with.

Microsoft Security Bulletin MS05-013
Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (8917http://www.blogger.com/img/gl.link.gif81)

National Cyber Alert System Cyber Security Alert SA06-258A
A vulnerability in ActiveX and Internet Explorer could allow an attacker to take control of your computer.

Microsoft Internet Explorer WebViewFolderIcon ActiveX Vulnerability
The Microsoft Windows WebViewFolderIcon ActiveX control contains an integer overflow vulnerability that could allow a remote attacker to execute arbitrary code.

Microsoft XMLHTTP ActiveX Control Code Execution Vulnerability
A vulnerability has been discovered in Microsoft XML Core Services, which can be exploited by malicious people to compromise a user's system.

New Active-X Vulnerability Discovered

ActiveX Vulnerability
Myth - "Firefox Extensions are Safe"

It is proven that they can clearly not be safe, thus debunked.
Again, I agreed with Andrew on this one. I mused about the vulnerability of extensions for other browsers but that's as close as I came to disagreeing with him on this myth. Entirely too much trust is put on Extensions just because you find them through the "Get Extensions" link in Firefox.

Myth - "Firefox is a Solution to Spyware"
The nonsense about drive-by infections are from those who run unpatched versions of IE and has nothing to do with IE fully patched. I have used IE since it came out and have never been infected by "drive-by" installs and neither do my clients. You can do the same using this guide:


All for free. But Firefox is clearly not a solution to Spyware and thus debunked.
I'm really questioning Andrew's Research skills here. Several times in these threads I've mentioned the createTextRange() Vulnerability, which remained unpatched for weeks and allowed drive by infections.

Andrew's claim that a fully patched IE install will be immune to Drive-By exploits is dangerous and misleading lie. I encourage readers to do a quick online search for phrases like "Drive-by" and "Internet Explorer." Andrew's irrational denial of reality is confusing to say the least.

Brian Krebs wrote an excellent article entitled "Internet Explorer Unsafe for 284 Days in 2006" in which he exhaustively researched the security flaws in Internet Explorer and the time taken to patch them. He even submitted his information to Microsoft to give them a chance to respond.

The following quotes are from that article.
For a total 284 days in 2006 (or more than nine months out of the year), exploit code for known, unpatched critical flaws in pre-IE7 versions of the browser was publicly available on the Internet. Likewise, there were at least 98 days last year in which no software fixes from Microsoft were available to fix IE flaws that criminals were actively using to steal personal and financial data from users.

In a total of ten cases last year, instructions detailing how to leverage "critical" vulnerabilities in IE were published online before Microsoft had a patch to fix them.

Since this whole thing is about Firefox Myths, I'd like to also quote something Krebs had to say about Firefox:
Mozilla's Firefox browser -- experienced a single period lasting just nine days last year in which exploit code for a serious security hole was posted online before Mozilla shipped a patch to remedy the problem.
He even has a chart of Internet Explorer vulnerabilities in 2006.

I encourage Andrew to read the article above. I suspect he'll have difficulty dealing with information from someone who did actual research, and he'll be further enraged by something that contradicts his dogma about a fully patched Internet Explorer, but he needs the information in the article.
Myth - "Firefox 2's Phishing Protection is better than Internet Explorer 7"

No I did no lie. The Google Anti-phishing tech was built right into Firefox 2, regardless I added more sources and the myth is still debunked.
One of Andrew's new sources is Ed Bott's article IE7 or Firefox 2: Which browser is more secure? Testing was done with Firefox 2 Beta 1, not a production release.

The recent information paints an interesting picture for Firefox's anti-phishing features. On one hand, you have a Mozilla sponsored report that gives a glowing review and people claiming that Firefox caught all the phishing sites listed on dslreports.com

On the other hand, we have things like Ed Bott's article that raises some concerns about the Phishing filter. Specifically, he found two sites that IE caught but Firefox didn't and he wants more information on the false positives from the test where Firefox caught more Phishing sites.

While Ed Bott does say:
The two “live” sites I visited in each browser hardly constitute a scientific sample, but it’s still worth noting that IE7 flagged both pages as confirmed phishing sites, while Firefox 2 missed them both
He later states:
I haven’t spent enough time with the Firefox/Google code to form an opinion.
Interesting enough, he also reports that
Update 4-August, 3:40PM PDT: A representative of Mozilla's PR agency contacted me and says that the anti-phishing feature in Firefox 2 Beta 1 "was intended to test the core Phishing Protection framework within the browser, not to provide a full list of suspected scam sites."
Remember, his tests were done with a beta. Would the results change if the tests were repeated with Firefox

I did some more digging, wondering why IE would appear to perform so much better than Firefox. Then I found my answer.

Firefox processes URLs locally, on your own machine while IE7 sends URLS to a Microsoft server for checking.

The IE blog gives some more detail on how this works:
So, for example, if you were to visit http://www.msn.com, nothing will be checked on the Microsoft server because "msn.com" and other major websites are on the client-side list of OK sites. However, let’s say the URL looked like this:’sPassword, in this scenario phishing filter will remove the query string to help protect my privacy but it will send "" to be checked by the Microsoft Server because is not on the allow list of OK sites. As it turns out, is just the IP address of MSN.com server, so its not a phishing site but this example should help you understand more about how Phishing Filter checks sites on the server.
IE7 has a local cache of "OK" sites, and if you visit a site that isn't on that approved list, the URL, minus URL data, is sent to a Microsoft server for further evaluation.

The advantage is that the server side analysis can be changed in a matter of minutes. The down side is if you visit a site that Microsoft hasn't deemed "OK" then the URL is sent to Microsoft. In addition to the latency of waiting for the approval to come back from the Microsoft server, This means a lot of your web browsing is likely to end up logged on a Microsoft server.

Microsoft has its own take on the Privacy issues involved.

In terms of the myth as stated by Andrew, it does look like IE 7 has better anti-phishing than Firefox. However, they both suck.

The article "Firefox 2 vs. IE 7 Anti-Phishing: Who Cares? Use Multiple Layers" points out that even the pro-Firefox test "puts it at 460 sites missed by one browser or the other. Which means neither one is really good enough." The article goes on to recommend a variety of anti-phishing technologies to help improve your odds of escaping scammers.

The more I dug into this issue, the more I realized that when it comes to anti-Phishing technology IE7 and Firefox 2 are fighting for dregs. Both anti-phishing technologies suck, but at the moment, it looks like IE's implementation sucks a little less, assuming you're OK with the privacy issues raised.
Myth - "Firefox supports Extensions and Internet Explorer does not"

You excuses are meaningless, this is not about which is better which is an opinion, the Myth is clearly debunked.
Yet again, I didn't disagree with Andrew on this. I went so far as to explain how the myth came to be. Yes, I took a pot shot at IE's Add-On support, largely because I've written add-ons for both Browsers, and found Firefox far easier to work with.

Why did he feel compelled to refer to me making "excuses" when I didn't even disagree with him?
Myth - "Firefox supports an Inline Search Feature and Internet Explorer does not"

Don't put words in my mouth and stop making excuses, this myth is clearly debunked. Tweaking tutorials? WTF? Are you insane?
Fact: A default install of Firefox supports Inline Search.

Fact: You have to install an add-on to get the same feature in Internet Explorer 7.

Fact: Andrew provided no sources for this "myth" on his web site, so I had to find some of my own.

Internet Explorer 7 Review

There are also a number of features I miss from Firefox, such as inline find, which opens a handy and less obtrusive Find toolbar instead of the annoying IE Find dialog. This concern is partially offset by the IE Addons Web site and a new generation of small downloads that improve IE's functionality...

Internet Explorer Not A Monster Anymore

He thinks IE7 has its issues - what he calls "interface gaffs", along with features that Firefox has that he can't live without (such as inline search). But in terms of standards compliance Thurrott says IE7 is an improvement.

Suddenly, I see why Andrew included no sources for the myth. Several times in his replies to my site, he's made a big deal of addressing the myth as he found it in the wild. The discussion about his not including IE 7 in the "System Requirements" myth is a prime example. He refuses to include IE 7 in part because he didn't find examples of people claiming Firefox 2 had lower requirements than IE 7. (The source he links tof ro the myth doens't actually mention browser versions AT ALL, but that's a different issue)

The "Inline Search" myth does not appear to exist in the wild in the way Andrew describes. The complaints I found are that the feature is missing from the base install, or that you have to install an add-on to get Inline Search in IE. Every site that mentions the lack of Inline Search in IE seems to mention an add-on that adds inline search.

I wonder how Andrew would react if I countered one of his other debunkings with a link to a Firefox Extension that fixed the problem? Would he accuse me of making "excuses" for Firefox? Would he rely upon the exact working of the myth as it's stated in his Source?

My main issue with this myth is not if it's true, but that the debunking Andrew uses violates his own rules. If the tables were turned I don't think Andrew would concede that a Firefox Extension that resolved the issue would be sufficient to change his conclusion about the myth.
"Opera also introduced tabbed browsing. I'm surprised Andrew didn't mention this"

Um I did mention Opera invented Tab Browsing under the myth labeled: TABBED BROWSING! It is now clear to me that people read what they want and not what is there.
Funny, I did a keyword search on the page before I wrote that line. It wasn't there. Perhaps I was tired and just missed it, but since I've already seen an example of Andrew editing firefoxmyths and pretending the statements were there before, I'm inclined to suspect my search was valid, and that Andrew edited the page after reading my original post.

In Comic Book terms, it looks like he retconned the article.
Myth - "Firefox had Pop-up Blocking before Internet Explorer"

No this is a Myth and debunked, Firefox is NOT the Mozilla Suite. The only thing misleading is stating it any other way.
I'll grant that, in terms of the Myth as written, Andrew debunks it. However, His debunking makes it sound like Internet Explorer was the first to introduce the feature. Mozilla based browsers had pop-up blocking way back in 2002, two years before IE introduced the feature. There was even some anger over the fact that Netscape 7, based on the Mozilla core, removed the feature in order to coddle AOL popups.
Myth - "Firefox Blocks all Pop-ups"

I am not going to go over this again. The sources and examples are NOT the same ect... Myth debunked.
I should point out here that I never claimed that Firefox blocked all pop-ups. In terms of Andrew's debunking of the Myth, he's right. Firefox does not block all pop-ups.

My issue is that I've never heard the claim that "Firefox Blocks all Pop-ups." Andrew can disperse this concern by linking to a few more sources for the myth, something he has failed to do.

Show me the references.
Clearly you read nothing on my page as my sources for the Myths were multiple locations none of which were the examples.
I'm going to give Andrew the benefit of the doubt and assume he was tired when he wrote that line as it's very poorly worded.

He seems to be claiming that he listed multiple sources for his myths. However, the "Firefox blocks all Pop-ups" myth only lists one source, and that source is a graphic on Andrew's own web site.

The "Firefox has lower System Requirements than Internet Explorer" myth is also nothing but a link to a graphic on his site. I noticed that there's no mention of the browser version in the linked graphic, but Andrew made a BIG deal out of the browser version when rationalizing his exclusion of IE 7 from discussion of the myth.

The following "Myths" have a graphic on firefoxmyths.com as their only "Example" of the myth.

"Firefox's Memory Leak is a Bug"
"Firefox Blocks all Pop-ups"
"Firefox was the first Web Browser to include Tabbed Browsing"
"Firefox fully supports W3C Standards"
"Firefox has lower System Requirements than Internet Explorer"

I believe Andrew needs to do a better job of finding, and linking to, examples for his myths.
I didn't "massage" any data and it is all clearly sourced. I also did not try to hide anything as this page came out in 2005 and is clearly SOURCED!!!!
I encourage anyone reading this little flamewar to go back and review what Andrew and I have written. Decide for yourselves if Andrew is massaging his data or not. Don't take my word for it, and don't take his. Read the arguments and counter-arguments and decide for yourself.
"Ironically, he fails to mention the fact that the free Opera browser is no longer ad supported."

Really? "Opera (now 100% Ad free)"

Give me a break, try reading my page completely next time and not make assumptions or jump to ridiculous conclusions.
Again, this is another example of Andrew editing the page and then claiming that the modified version is what was there when I first read it. When I wrote my original post, I searched for the word "Free" on firefoxmyths.com, both by scanning the page and by using my browser's "search" feature. I didn't see the mention of Opera being Ad Free, and I believe Andrew added it after reading my article.


Anonymous said...

Goddamn it MATT. The SOURCES are labeled 'SOURCE' not EXAMPLES! The SOURCES debunk the Myth. The EXAMPLES are simply search engine located examples of the Myths. They are NOT were I originally saw them. This is all stated in the Myth Origins section which you apparently did not read! This is really getting tiring you seem to not want to read what I have on the page.

angel said...

wow. unbelievable.

FLAME ON! thats all I got to say.
energy has been thus wasted....

Matthew Miller said...


It's a shame I didn't have a bag of marshmallows handy when this all started.


I'm sorry, I misused some terminology.

You need to find more Examples of the Myths. Happy now?

angel said...

should made some smores. delicious! :) good thing im chobits on here...ah. good anime stuff. although to your credit its the first comment you've replied too. LOL!

you also realize that you will never appease some people. and it aint worth da effort. otherwise u gets all streesin out!

Anonymous said...

Myth - "All IE users are pedophiles"

Reality - Only some IE users are pedophiles while others prefer animals, corpses or their own relatives.
Make no mistake, though: all IE users are sick perverts.

Anonymous said...

No Matt the Myth that Firefox quickly patches vulnerabilities does not have to be compared to other browsers, it simply has to be time frame. I have clearly proven they are not quickly patched. Vulnerabilities not patched from 2004 is not "Quick" by any stretch of the imagination.

Firefox's Mythical status of quickly patched bugs has existed from the day it was released. It is obvious you have never been following the browser hype.

Microsoft clearly stated that browser integration is irrelevant to the security of the OS, if you want to dispute this take it up with Microsoft, they clearly explain why this is a Myth.

I attack your excuses you add to each Myth.

I am confused? You call your blog post "Debunking the 'Firefox Myths' page" - tell me another one.

Give me a break. You clearly had no intention of simply discussing beyond the Myths, you attempted to (unsuccessfully like all the others) dispute my page. Otherwise you would have called it, "Discussions Beyond Firefox Myths"

Browser integration has nothing to do with Security, this is clearly debunked and sourced to the Microsoft article on the subject.

ActixeX has always asked for permission to execute with the default settings in IE, with Windows XP SP2 in 2004 the warning was made much more obvious then a simply dialog box.

ActiveX was always an imagined problem. Actual problems people had came from patched security vulnerabilities that people did not apply patches to and of course people clicking yes to everything and installing every infected toolbar and infected screensaver they could find. Microsoft in turn had to protect people from themselves and effectively did that with Windows XP SP2 by including a pop-up blocker, a clear and VERY obvious download warning system (including for ActiveX controls), updated and enabled the XP Firewall, set Windows updates to automatic and a Security Center to let them know if they had an AV program and if the firewall was on.

A fully patched IE is not vulnerable to "drive-by" downloads. This is elementary to disprove me on, simply provide a URL that I can reproduce the vulnerability.

Brian Krebs is not a security expert, he is a journalist for the Washington Post. His article is misleading propaganda because all those vulnerabilities existed prior to them being publicly exposed thus the time frames are useless and irrelevant to actual security. I read the article when it came out and it is useless.

"In terms of the myth as stated by Andrew, it does look like IE 7 has better anti-phishing than Firefox."

Exactly, Myth debunked. Your "however" is irrelevant.

I state you make excuses because you do. To a layman this would appear as if you disputed something when all you did was make an excuse for it. "Yes this is true but..."

I repeat, I have heard all of these Myth before in various locations, including in the real world.

I have not violated any rules. What I stated was clear but you continue to not read what is on the page.

You are a proven liar and have only demonstrated your lack of reading comprehension. I have pointed that out as I have with all Fanboys, you are no different. You failed to read what existed on the page then lie it did not exist. Both the tabbed browsing section and the mention of the Firefox being stable were there in their exact form the first time you read it. Here is proof of the Tabbed Browsing section being there:


By demonstrating that you have consistently not read the page you have proven my point about everyone who tries to dispute it. Thank you for this.

I make not claim IE was the first to introduce pop-up blocking. It is not my problem if you cannot read what is clearly written and jump to nonsensical conclusions.

Mozilla is not Firefox as is debunked earlier in the page and irrelevant to that Myth. Opera was the first with pop-up blocking which is also noted in debunking another Myth on the page.

I DON'T CARE WHAT YOU HAVE HEARD! This is such a stupid argument fanboys like to use, they either state I have never heard that or why would anyone believe that. Hello! Not everyone thinks like you and you have not heard everything.

I already explained the examples vs sources point and you have still failed to update your blog post correctly.

You fucking liar, you are a goddamn fucking liar. I never edited the page to add in the Opera mention! Why are you lying? You know you fanboys never cease to amaze me with your lies. It is utterly unbelievable. I prove you wrong and then you have no defense so you lie about it.


Your next post better be an apology for your fucking lies. Fucking bastard. If I saw you in person and you attempted to lie like this to my face I would absolutely fuck you up.

angel said...

master andrew/andrew k=one and the same.

hrm. more fuel to the fire i suppose.

but it shore it fun. cheer on!
im getting the feeling someone lives for this otherwise it wouldnt be worth anyones time.

must be right. blah blah blah

Anonymous said...

quote: "master andrew/andrew k=one and the same"

chobits, you are basically suggesting that I am the same person as that fat bald 40+ guy that works in local hardware store as an assistant to salesman, who lives in him mother's basement with no education, no girlfriend/wife, no chance of promotion an generally no life, and whose only purpose in life is to insult and attack people online.
Sir, I am honoured and feel very fortunate to be identified with such person. All I can say in response is: thank you for being such a 'fanboy' of me/andrew/mastertech/vincent/general ares/thor/david dobsen/andrew k/realist/...

MasterAndrew (www.trolls-and-spammers.org)

Anonymous said...

I think Andrew may have some unresolved anger-management issues, but I think he's right about not having changed his page. Firefox Fables pokes fun at the obvious plug for Opera, and that page hasn't changed for a year or so.

Regarding patch times: one of the vulnerabilities Andrew mentions does not apply to the current version of Firefox, so to use the present perfect to imply it still affects Firefox is disingenuous; the other vulnerability is one that affects all browsers except Opera. The solution adopted by Opera has not been taken up by other browsers because it may prevent a few legitimate web sites from functioning correctly. To take this one very tricky and complex vulnerability and say it proves Firefox vulnerabilities are not patched quickly is a gross distortion.

Claims of absolute security in fully patched IE6 have been proved untrue by history. A simple Google search for "IE zero-day exploits" provides ample evidence.

Claims that ActiveX was not a security risk in IE6 have also been proved by history to be false. See my last post in this discussion:


Once again the only answer Mr Angry has is to wield the tired old "fanboy" label.

Anonymous said...

Yes please see www.FirefoxFables.com

There is no obvious plug for Opera, use whatever browser you want. If you actually go to the Freeware Browsers page you will see I actually recommend IE7 and Opera.

I have since added two more vulnerabilities (one over a year old) that are still unpatched further debunking the Myth.

You can take any vulnerability that a Browser has unpatched since 2004 and say that they are not quickly patched. It is simple logic, your excuses are just that.

I am still waiting for the drive-by download link. You have my email address whenever you wish to send it to me.

Proof that ActiveX is a security risk are unsubstantiated outside of you parroting it.

But who would listen to a fanboy pot smoker anyway?

Anonymous said...

"I am still waiting for the drive-by download link."

You REALLY That stupid boy or are you just pretending?

He's given half a dozen links and you're too dumb to read any of them. What about that "Unsafe for over 200 days" article he's linked to about three times?

He gave damn examples of the security holes in older versions of IE6 and you still insist that they never existed?

How God Damn Dense are you boy?

Are you a retard or just an asshole trying to be contrary?

Damn Window Licker.

Anonymous said...

"I am still waiting for the drive-by download link. You have my email address whenever you wish to send it to me."

I think I'd have just about as much chance of trying to convince Danny Carlton that the earth is not 5000 years old. You share the creationists' ability to ignore any evidence that doesn't fit your case.

I love the irony that it was Danny that gave Firefox Myths the new publicity. Stand proud together and proclaim your creeds- wanton denial in the face of the facts.

Anonymous said...

In related news: linux stops global warming!, MasterSpam expected to write another myths page.

Anonymous said...

What, you haven't seen The Anti "Man-Made" Global Warming Resource, MasterSpam's latest "myth" page?

Pride of place goes to 'The Great Global Warming Swindle', widely criticised for ignoring the evidence from the last twenty years. (Although the graphs in the film gave the impression that data used were up to date.)

Scientists have been queuing up to rubbish the film, yet once again Andrew ignores the evidence.

The page gains a strangely similar response to that given to Firefox Myths:

"And reposting the same assertions, without taking into account any of the information presented to you, only makes you a troll, it doesn't make you right."

denialism blog

"When we talk of "consensus" we're talking of people in agreement based on the fucking evidence, you dumb bastard.

OK, I'm spent. It's hard work and tiring to deal with this idiocy."

Oliver Willis

"Like your fellow cretins you believe that somehow all the climatologists, weather experts, scientists, etc have somehow failed to see something that is obvious to you, that maybe they forgot to take the sun into account or past trends. You liars and deniers really are THICK."


Even on NewsBusters, a critical voice appears:

"You're citing discredited articles or twisting the conclusions of other articles to support an unsupportable position. No wonder you guys are such jokes in the scientific community."


Seems denialism is becoming a theme for Andrew.

Anonymous said...

I have never seen more crazy nonsense in my life. Global Warming? How is that related to Firefox? Are you guys insane? I don't have a Global Warming page! I mean anyone with half a brain can see this. Please get a grip on reality.

I am still waiting for a link to an infection that can be reproducible on a fully patched version of IE. I checked those links and they have no such thing. They talk about it but I see no evidence. This is elementary, give me a link and stop spreading hysterical nonsense.

Prove it!

Anonymous said...

Are you reading the site at all?

You claimed that there were never drive-by infections for Internet Explorer.

People pointed to links about Drive By infections that existed for weeks or months at a time in 2006, proving you were wrong.

Now you'll only accept something that will infect a fully patched IE as "proof" that Drive by infections ONCE existed?

Isn't that like claiming no one ever died from a bacterial infection because antibiotics exist now?

Anonymous said...

If IE never suffered from Drive By downloads, why does Microsoft have a page about it where they ADMIT Drive By infections have happened to IE users and that Drive-By infections are STILL a threat to IE 7 users?


By the way, nice trick there demanding a live site that will infect your PC, since most of those infected sites get taken down pretty damn fast once they're found. Refusing to accept an article ABOUT such an infection as proof means all you have to do is lollygag about a day after being e-mailed a URL before visiting it so you can then post a prissy "You sent me a 404 moron" reply.

Anonymous said...

Hey Andy, Weren't you also asking for proof of ActiveX vulnerabilities?

I know this is an unpatched IE 6 ActiveX problem, but after all you said about IE 7 being irrelevant, you have to accept a fully patched copy of IE 6 as proof of problems just as readily as IE 7. Insisting that it had to be an IE7 vulnerability would negate ALL your pissing and moaning about why you won't include IE 7 when talking about system requirements.

"Input passed to the method parameter in the "open()" function in the "Microsoft.XMLHTTP" ActiveX control isn't properly sanitised before being used in a HTTP request."

Anonymous said...

Well, this unpatched vulnerability will let a hacker install "arbitrary files" on a PC if the user clicks and drags on a malicious web site.


Not quite a "Drive by" download, but you never get any kind of an install or download prompt.

Andy, are you REALLY claiming that in 2006 there was never a period where IE 6 users were vulnerable to a drive by infection on a fully patched system?

If you are, then Microsoft disagrees with you.

The myth is "Firefox 1.x is more Secure than Internet Explorer 6"

The proof is:

For a total 284 days in 2006 (or more than nine months out of the year), exploit code for known, unpatched critical flaws in pre-IE7 versions of the browser was publicly available on the Internet. Likewise, there were at least 98 days last year in which no software fixes from Microsoft were available to fix IE flaws that criminals were actively using to steal personal and financial data from users.

In a total of ten cases last year, instructions detailing how to leverage "critical" vulnerabilities in IE were published online before Microsoft had a patch to fix them.

In contrast, Internet Explorer's closest competitor in terms of market share -- Mozilla's Firefox browser -- experienced a single period lasting just nine days last year in which exploit code for a serious security hole was posted online before Mozilla shipped a patch to remedy the problem.

Refute THAT motherfucker. You can cry all you want about "Fanboys." For 9 months of 2006 Internet Explorer was a sieve for hackers and Firefox had an open door for 9 days.

9 months of massive, gaping holes vs 9 days, and your pathetic miserable little brain can't accept that.

Anonymous said...

"Get the facts, not the hype"

PopularTech = Andrew, on digg:

Google cache

"Get the facts not the hype."

Mastertech = Andrew on:

Beta News

"I have never seen more crazy nonsense in my life. Global Warming? How is that related to Firefox?"

You refuse to listen to rational arguments in discussions of both pages, in an attempt to drive sane people up the wall.

Anonymous said...

MasterTroll exposed:
Andrew K. of XP Myths is a fraud and a Internet Troll
Trolling is getting out of hand
Gathering Andrew K.'s IPs
his ip
The myth of “Firefox Myths”

Anonymous said...

Still no URL? Fascinating.

BTW why do you fools continue to respond here, nothing is changing on the page because of it. All I have done is further strengthen my points with more sources.

Brian Krebbs is a journalist and his propaganda page is just that. Only fools would fall for something so obviously distorted. All vulnerabilities exist prior to their detection this is simple logic.

Anonymous said...

Andy, your poor reading skills are depressing. I had no idea you were really so stupid as to be unable to read a simple article.

So Andy, I'm waiting for links disproving the Washington Post article you little Opera Fanboy.

I find it fascinating you still can't produce any links proving the Washington Post article wrong.

Anonymous said...

A surgeon went to check on Andrew K after an operation. He was awake, so he examined the lad.

"You'll be fine," he said.

Andrew K asked, "How long will it be before I am able to have a normal sex life again doctor?"

The surgeon seemed to pause, which alarmed the boy.

"What's the matter Doctor? I will be all right, won't I?" Andrew K asked, frightened.

He replied, "Yes, you'll be fine. It's just that no one has ever asked me that after having their tonsils out."

Anonymous said...

Awww, look at the little Opera fangirl. Isn't that cute? Look at how the little girl babbles about Opera like it matters. I'm sure all those web developers out there care about the 1% market share.

Oh, wait, they don't. They don't care about a web browser that has FEWER users than Internet Explorer 4.

Anonymous said...

Looks like Andrew got bored with this site. I wonder who he's abusing now?

angel said...

meh. no one responds to him. simple as that. hope your wknd is better than your TH commute.

Anonymous said...

"Looks like Andrew got bored with this site. I wonder who he's abusing now?"

The religious right:

Are you retarted? (PopularTech, Popular Technology.)

For comparison:

Are you retarted? (Andrew, Popular Technology.)

Are you retarted? (Mastertech, OptimizeXP, Firefox Myths.)