PDA

View Full Version : IE or not or back to telnet



operator
2007-06-06, 20:29
Hi people,
can somebody tell me how is that firefox is more secure than IE.
This is printout from my sytem when i'm offline:
these 3001 and 18350 pairs are av resident,1025 term services,3001/2/3/4.
icf.
//
>Welcome>c:\netstat -a

Active Connections

Proto Local Address Foreign Address State
TCP secop:1025 0.0.0.0:0 LISTENING
TCP secop:3001 0.0.0.0:0 LISTENING
TCP secop:18350 0.0.0.0:0 LISTENING
TCP secop:3001 localhost:18350 ESTABLISHED
TCP secop:3002 0.0.0.0:0 LISTENING
TCP secop:3003 0.0.0.0:0 LISTENING
TCP secop:3004 0.0.0.0:0 LISTENING
TCP secop:18350 localhost:3001 ESTABLISHED
UDP secop:isakmp *:*

>Welcome Operator>c:\
//

This is when i use IE
//
>Welcome>c:\netstat -a

Active Connections

Proto Local Address Foreign Address State
TCP secop:1025 secop:0 LISTENING
TCP secop:3001 secop:0 LISTENING
TCP secop:3013 secop:0 LISTENING
TCP secop:3014 secop:0 LISTENING
TCP secop:18350 secop:0 LISTENING
TCP secop:3001 localhost:18350 ESTABLISHED
TCP secop:3002 secop:0 LISTENING
TCP secop:3003 secop:0 LISTENING
TCP secop:3004 secop:0 LISTENING
TCP secop:18350 localhost:3001 ESTABLISHED
TCP secop:3013 old.ccrdude.net:http ESTABLISHED
TCP secop:3014 old.ccrdude.net:http ESTABLISHED
UDP secop:isakmp *:*
UDP secop:3006 *:*
UDP secop:3005 *:*

>Welcome Operator>c:\
//

And this is with Firefox
//
>Welcome>c:\netstat-a

Active Connections

Proto Local Address Foreign Address State
TCP secop:1025 secop:0 LISTENING
TCP secop:3001 secop:0 LISTENING
TCP secop:3016 secop:0 LISTENING
TCP secop:3018 secop:0 LISTENING
TCP secop:3026 secop:0 LISTENING
TCP secop:3028 secop:0 LISTENING
TCP secop:3029 secop:0 LISTENING
TCP secop:18350 secop:0 LISTENING
TCP secop:3001 localhost:18350 ESTABLISHED
TCP secop:3002 secop:0 LISTENING
TCP secop:3003 secop:0 LISTENING
TCP secop:3004 secop:0 LISTENING
TCP secop:3015 secop:0 LISTENING
TCP secop:3015 localhost:3016 ESTABLISHED
TCP secop:3016 localhost:3015 ESTABLISHED
TCP secop:3017 secop:0 LISTENING
TCP secop:3017 localhost:3018 ESTABLISHED
TCP secop:3018 localhost:3017 ESTABLISHED
TCP secop:18350 localhost:3001 ESTABLISHED
TCP secop:3019 static-fxfeeds.nllb.nl.mozilla.com:http TIME_WAIT
TCP secop:3020 static-fxfeeds.nllb.nl.mozilla.com:http TIME_WAIT
TCP secop:3026 old.ccrdude.net:http ESTABLISHED
TCP secop:3028 ug-in-f95.google.com:http SYN_SENT
TCP secop:3029 old.ccrdude.net:http ESTABLISHED
UDP secop:isakmp *:*
UDP secop:3006 *:*

>Welcome>c:\

So,according to information that i read all the time more ports you have open more are the posibilities for you to get hacked.You are behind firewall but anyway...
If we disable(or at least configure it to prompt for) scripts,active x,plugins,can it than be considered more secure than other browsers?Put aside buffer overflows,afaik they will not occur if you know what you're doing and where you go on the net.Ok i know everything is a challenge but i dont want to examine every packet from open ports(at least while im surfing).
I'm asking all this because not a single browser i tried is doing better job for my needs than IE(that is,for normal surfing).
I tried Opera,Netscape,Firefox and some less known,computer manufacturer browsers.
They all seem to fail after some time(short time)or theyre so slow i have no nerves to wait them.
Any feedback is most welcomed and appreciated.
thanks

tashi
2007-06-06, 21:27
Hi people,
can somebody tell me how is that firefox is more secure than IE.

Personally I no longer believe it is, and watch out for the extensions.
A New Vector For Hackers -- Firefox Add-Ons:
http://blog.washingtonpost.com/securityfix/2007/05/bungled_addon_updates_endanger.html


Amazing how fast popularity catches the attention of exploiters. ;)

http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox

operator
2007-06-07, 00:15
Hi tashi
I guess i'll continue with IE then.To lose data is bad but i guess nerves are more important.
Thank you for the linx and your time

:)

tashi
2007-06-07, 01:00
In the end it boils down to the browser/s you are comfortable with.

I happily move between Opera, IE7 and Firefox. ;)

:greeting:

shelf life
2007-06-07, 01:02
IE is more exploited (targeted) because its the most common browser. firefox has vulnerabilites but they beat ms in the patches/updates. best bet: keep them updated

its probably a good idea to disable window services that arent needed. but a app listening or established is only a possible risk if it has a know vulnerability that can be exploited. or of course if its malware, trojan etc.

shelf life

operator
2007-06-07, 12:07
Thank you guys for helping to solve my dilema.Like i said then i will rather use most exploited browser knowing that it works fine untill attacked.
When that occurs i guess it doesnt matter what you are surfing with any more.
Thanks

Rednose
2007-06-08, 18:00
In the end it boils down to the browser/s you are comfortable with.

I happily move between Opera, IE7 and Firefox. ;)

:greeting:

I also move between those 3 :) Opera is charming, Firefox is tough, and IE7 will always be my 3rd choice ;)

Greetz, Red.

operator
2007-07-02, 18:54
Hi guys,
I got an interesting trouble this time.While i was on one of those "hacking sites"
i got sptd.sys("SCSI pass through direct host").The file has its signature and all looks legit but...
I ran rootkit revealer and it was in the results with RR saying Access Denied.According to documentation it should never report this.
File deletion goes without problem but when i try to remove it from the registry
again,access denied.I tried exporting the value and then modifying the .reg file
to upload empty key.Regedit sez that "branch dont exist" and wont export!!!
Now all i can think of is to extract complete hive,delete manually and upload clean hive back.But i guess its sledge hammer technique and would like to try something else.And guess what,i was surfing with IE.Now in front of every url i have this cute letter M icon.
One other thing.
I was reading article from w3c about browser security.
They say there "WAS" a shortcut bug in IE.Means that if you create a shortcut on your computer to lets say tlntsvr and upload that shortcut to web
anybody clicking on that would be opening telnet server on THEIR LOCAL COMPUTER.
They also say its fixed up from version 3.01.I'm running IE 6.0 and i can still do this.
Any help would be appreciated.
Bye

tashi
2007-07-02, 20:04
Hello.

Please explain,

While i was on one of those "hacking sites"

operator
2007-07-02, 23:48
Which part IE and this driver or shortcut?And yes one more weird thing about IE.I set up IE to ask me for running ActiveX.Seconds prior to install i got a msgbox titled "Internet Explorer" telling me that activex is marked as safe.I didn't click on that window.
After two seconds i got another one on the top of the other titled "Microsoft Internet Explorer" telling that ActiveX is NOT safe.I closed the browser itself.
What concerns me here is that although this file have digital signature is its strange behavior in the registry and Rootkit revealer.There was no setup of any kind for this file and there is no easy removal i guess.But there is always sledge hammer i guess he he ...

tashi
2007-07-03, 00:20
Hello.

I am at a loss as to what you are asking. :scratch:

Do you need help with malware removal?