New
#51
It's hard subject,
As Both of them can be hardened and secured with additional things.
As you said firefox with addons.
But Internet Exlorer 8 can be hardened aswell by GPO (Group Policy)
And Internet explorer's advantage out of box are:
cross site scripting protection
good phising philter
Smart filter which checks website or downloads.
But browser comparison difficult topic.
I personally use Google Chrome. Advantages:
Speed
Simplicity
Internal sandbox
And just because I like it
Norton Internet Security 2010 ( just testing this one at the present time...it may or may not stay ) Sandboxie runs your browser in an isolated environment separate from your OS/System....[/QUOTE]
thanks so much, I'm reviewing sandboxie!!!!
Sandboxie - Video Reviews
He was talking about this article: SophosLabs Sets Out to Prove Windows 7 Has Some Vulnerabilities | Maximum PC
I haven't used an AV in three years and still have not been infected, Vista's and 7's additions to the group and local security policy's made it possible for you to null the attack surface of Windows down to your preferences.
Firefox will be my primary browser while they keep nightly-builds as it helps stop drive-by-download exploits, nightly builds help make it near impossible for anyone to find/exploit a flaw and figure out a way to infect your machine before a new build is released all while without you knowing about it.
If UAC had a configuration wizard (like everything else ) that allowed us to specify our own execution level for an application and instead hash checked the program and the dll's it loaded against the preferences we set if indeed we set one for that program, it would then have some real teeth against a huge range of infections or attacks. Vista and Windows 7 include CardSpace in Control Panel and its a secure digitial 'wallet' thats more than capable of acting like a while-list for UAC but has yet been utilized
The current implementation of only checking the executable for a requestedExecutionLevel flag set by the developer and willy-nilly allowing dlls to load into an elevated application and execute code is unacceptable, this is a known limitation since Vista RC1 and I have yet to hear a reason why it hasn't been fixed in two OS releases.
I have read the entire thread and I agree with posts from both sides...
Urbanbounca I agree with you on the need for common sense on the internet. It does wonders for protection against viruses and other malicious software.
...BUT pparks and our resident MVPs on Consumer Security (Jacee and Corrine) are also correct. I was sitting here trying to remember this good quote I found but I couldn't so I will blankly put it out there: No one is perfect...if we were, tech sites like SF, tech support in general, hell nothing in the world would go wrong or need to be fixed. I understand that your common sense has fared you well...mine has just the same BUT I also realize that my abilities are not perfect and at any time something might "sneak in"
With this in mind I always run a low resource, very low maintenance anti-virus such as avast or MSE. They are non obtrusive, extremely low resources (especially Avast), and I always forget about them in the end. With that in mind...I have no reason NOT to run them as they are my fall back guys...
Anti-virus doesn't have to be your shields: for me Common Sense 99%...anti-virus 1%
Why you are worried about Drive-by-download exploits if you use group and local security policies.
They can be configured to deal with Drive-by-downloads. And with the help of SRP it can be denied to execute even if downloaded somehow.
About your next statement.
Maybe AppLocker?
Enforcing rules too all files including DLLs.
I do agree with you that with AppLocker or SRP added with group and local security policies, there is not much need for resident real-time AV.
Just on demand scanner to scan downloads.