The Inside Track on Firefox Development.
« November 2004 | Main | January 2005 »
December 28, 2004
The Unsung Security Hole
After numerous attempts to save my personal email address ben at bengoodger dot com (after my initial posting last month), it finally became too much of a burden on Pair's servers and my time and it was disabled.
I've set up a new personal email address, and as soon as I can figure out how, I will make it so that it cannot receive email from Microsoft Outlook users. Why? Because Microsoft Outlook and Outlook Express are the unsung security hole in most people's systems.
Surrounding the Thunderbird 1.0 release, many media outlets said that there seemed little reason to switch to Thunderbird given the lack of a security threat like there has been affecting IE this year. This analysis unfortunately shows a lack of appreciation of the type of problems affecting the Internet today.
Every few months a new worm makes the rounds, Sobig, Sober (the 77KB worm which ultimately destroyed my email account) and others. These worms usually travel using Microsoft Outlook as the hook onto people's systems. Creating an email with an attachment that appears inocuous and beckons the user to open it but which is really a malicious piece of executable code, these emails scan addressbooks and propagate rapidly. Sophisticated worms like Sober even contain their own SMTP engine.
People get infected with these worms because they are a) do not understand internet security (probably an impossible problem to solve) and b) their email client software makes it too easy to execute such attachments.
Antivirus companies are quick to advise corporate users how to their clean systems of worms, but enough people (probably home users) don't do this and since the worms don't necessarily have a noticable effect on infected systems, they don't have any motivation to do so. There is nothing that can be done for people (like myself with ben@bengoodger.com) whose email addresses are discovered by these virus programs during their operation. The only solution appears to be to use a large ISP for email (such as AOL) which has its own problems, or invest in a corporate grade email filtering solution, which is not really an option for the independent me@mydomain.com user.
So this is what I consider to be the unsung security hole. I hope that by blogging about this other people might pick up on it. One of the reasons people should consider email solutions like Thunderbird is that like all Mozilla software, it is designed not to allow one click execution of potentially hazardous code.
It's only a matter of time. Microsoft would like you to continue not to think about your software and continue to use theirs, paying what amounts to extortion fees on ISP filtering solutions. Much of Microsoft's marketing and propaganda is based on encouraging people not to think, both through the use of FUD - ranging from subtle manipulations to bald faced lies. The sad thing is that much of the MCSE trained world is too lazy to care.
Well, I do. I'm a victim of Microsoft's poor quality software without actually having used it. I'm glad we have talented and concerned people like Scott and David working on Thunderbird, and the Mozilla Security Group. Thanks guys, your work may not be as widely appreciated, but you have a fan in me.
Posted by ben at 7:43 PM
December 22, 2004
Prefwindow V
For the past week I've been working on a new Preferences window for Firefox - one which will solve a number of the problems present in the current one, such as the fact that it's a modal sheet on OS X and GNOME.
The current Preferences window (aka "Prefwindow IV") dates back to April of 2000, and so is among the oldest XUL/JavaScript code in Firefox. I wrote it before the advent of XBL, and so the new version utilizes a XBL tagset to simplify the content of the preferences panels.
I'm developing this on Windows, since that's where the good debuggers and editors are, the modality/instant-apply-ness of the window will be controlled by a hidden pref. Much is left for me to do, but here's a sneak peek of what's coming:
Posted by ben at 11:52 PM
December 15, 2004
Development Under Way
I'm still working on a product plan for 1.5/2.0, but while that progresses I've also begun a lot of development work for 1.1. I really need to buckle down and finish off the various patches that I have in motion at the moment, before I lose any or they become out of date. What I'm doing right now:
- Mac Browser Profile Migration (Safari, MacIE done, Camino in progress, todo: OmniWeb)
- Mac Shell Service for Default Browser, etc.
- New Options Window, so that it works properly on OS X, GNOME (non modal, instant-apply settings) etc.
And some ancilliary patches that pave the way for 1.5 and 2.0 features, like a patch that improves the look of tabs on Windows.
Posted by ben at 5:09 PM
December 10, 2004
Mo' Marketshare
W3Schools - 21.2% - up roughly 2% for the last two months (technical audience).
As IE's slide continues, I'm hoping to get closer to 50% usage by tech-types by the end of next year.
Posted by ben at 3:27 AM
December 9, 2004
Mozilla Reporter UI Feedback
Robert Accettura has been working on a "broken website" tool to allow people to easily file reports of broken websites without over-burdening Bugzilla. Henrik Gemal posted some screenshots of the Firefox extension in action, and the web query interface.
I have some suggested improvements to the web query interface and the
extension.
Posted by ben at 2:04 AM
December 7, 2004
Get Thunderbird
Thunderbird 1.0 is now available! Many congratulations to Scott, David and the team that made this happen. Mail applications are such complicated beasts and these guys make it look easy. Go download Thunderbird and say goodbye to nasty Outlook worms and reclaim your inbox!
Posted by ben at 12:10 PM
December 1, 2004
Thunderbird 1.0RC
adot's notblog*: thunderbird 1.0 release candidate
The testing candidate for Thunderbird 1.0 is now available. If you test Firefox candiates and want to try an email client that'll put an end to all those Outlook macroviruses and other such nonsense, I highly encourage you to give Thunderbird a shot. Scott, David and the team have been doing a great job over the past couple of years and Thunderbird is too often overlooked.
Posted by ben at 3:54 PM
Branch Landing Complete
The Firefox trunk is now more or less synced with the last 7 months of Firefox development. Various small and not so small regressions abound, but we'll be catching those in the coming week. Once we've got a good fresh slate to work with, we'll be well on our way to 1.1!
Posted by ben at 12:49 AM
©1997-2006 Ben Goodger. All Rights Reserved.
Opinions expressed here are my own, and not those of any organization that I may be affiliated with.
Reload icon is © Stephen Horlander;
Firefox logo is by
Jon Hicks, and is a
trademark of The Mozilla Foundation.
GetFirefox buttons are from rakaz
