Firefox Flaws, Phishing

By Larry Seltzer  |  Posted 2004-12-24 Print this article Print

On a related point, we and others have been reporting that usage of the Firefox browser has been increasing rapidly. Im actually skeptical of the numbers, but lets take them for granted for the sake of argument. If theyre true, then Firefox and Mozilla are on track to reach the point of penetration where malware programmers will begin targeting them specifically.

I dont want to overstate things—Firefox has a long way to go before its problem list rivals that of Internet Explorer, but it does have problems, some of them serious. I pointed to a new one just above, and there are other fairly recent ones here, here, here and here.

Its not hard to imagine attacks on Mozilla and Firefox originating with spam messages aimed at them. "Subj: Attention Firefox Users - Sign Up for Update Notification" or something along those lines. What, you think only IE users are stupid enough to click through?

Speaking of user error, most of us pundits a year ago predicted an increase in phishing, but boy, was there an increase in phishing! Most of it is rather unimaginative stuff, simply trolling for Paypal account information. Ive seen an increase recently in the cleverness of these attacks and I think the attackers have barely scratched the surface of what is possible. So, look for another large increase in the volume of phishing attack e-mails, but look especially for an increase in the quality of the attack.

Spyware got annoying enough in 2004 for the mainstream security industry to start ramping up to attack it, either through their own products or through buying established anti-spyware/-adware companies (as Computer Associates did with PestPatrol). Look for the security industry to try to push new anti-spyware products, especially in the corporate market. In fact, this has already begun.

Click here to read about Microsofts acquisition of anti-spyware startup Giant Company Software. I hope, but wont predict, that buyers reject getting shafted on this anti-spyware scam. This is a function that the anti-virus companies should have taken on all along as part of what their products do. Ill dig further into this subject soon.

To quote Peter Coffee quoting Bill Gates, "There is a tendency to overestimate how much technology will change in the next two years, and a similar tendency to underestimate how much things will change in the next 10 years." Ten years ago, most of us barely had our feet wet in the Internet. Who would have thought it would be such a hostile place and that so much of our attention would be spend trying to protect ourselves from criminals running rampant? I cant predict that it will be a safer place a year from now, but it will have to be in 10 years; theres a limit to how much of this security stuff we can all tolerate.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. Check out eWEEK.coms Security Center at for security news, views and analysis.
Be sure to add our security news feed to your RSS newsreader or My Yahoo page:   More from Larry Seltzer

Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel