I usually don’t worry about PC viruses, but last week’s Scob attack snapped me awake. The clever multi-stage assault, carried out by alleged Russian spam crime lords, infiltrated corporate Web servers and then used them to infect home computers. The software that Scob (also known as Download.ject) attempted to install on its victims’ machines included a keystroke logger.
In less than a day, Internet administrators sterilized the infection by shutting down the Russian server that hosted the spyware. But not before a barrage of scary reports had circled the world. “Users are being told to avoid using Internet Explorer until Microsoft patches a serious security hole,” the BBC warned. (Disclosure: Microsoft owns Slate.) CNET reporter Robert Lemos zeroed in on why the attack was so scary. “This time,” he wrote, “the flaws affect every user of Internet Explorer.” That’s about 95 percent of all Net users. No matter how well they had protected themselves against viruses, spyware, and everything else in the past, they were still vulnerable to yet another flaw in Microsoft’s browser.
Scob didn’t get me, but it was enough to make me ditch Explorer in favor of the much less vulnerable Firefox browser. Firefox is built and distributed free by the Mozilla Organization, a small nonprofit corporation spun off last year from the fast-fading remnants of Netscape, which was absorbed by AOL in 1999. Firefox development and testing are mostly done by about a dozen Mozilla employees, plus a few dozen others at companies like IBM, Sun, and Red Hat. I’ve been using it for a week now, and I’ve all but forgotten about Explorer.
You’ve probably been told to dump Internet Explorer for a Mozilla browser before, by the same propeller-head geek who wants you to delete Windows from your hard drive and install Linux. You’ve ignored him, and good for you. Microsoft wiped out Netscape in the Browser Wars of the late 1990s not only because the company’s management pushed the bounds of business ethics, but also because its engineers built a better browser. When Netscape CEO Jim Barksdale approved the Mozilla project—an open-source browser based on Netscape’s code—in 1998, it seemed like a futile act of desperation.
But six years later, the surviving members of the Mozilla insurgency are staging a comeback. The latest version of Firefox, released this Monday, has a more professional look, online help, and a tool that automatically imports your bookmarks, history, site passwords, and other settings from Explorer. Meanwhile, all-conquering Internet Explorer has been stuck in the mud for the past year, as Microsoft stopped delivering new versions. The company now rolls out only an occasional fix as part of its Windows updates. Gates and company won the browser war, so why keep fighting it?
The problem is that hackers continue to find and exploit security holes in Explorer. Many of them take advantage of Explorer’s ActiveX system, which lets Web sites download and install software onto visitors’ computers, sometimes without users’ knowledge. ActiveX was meant to make it easy to add the latest interactive multimedia and other features to sites, but instead it’s become a tool for sneaking spyware onto unsuspecting PCs. That’s why the U.S. Computer Emergency Readiness Team, a partnership between the tech industry and Homeland Security, recently took the unusual step of advising people to consider switching browsers. Whether or not you do, US-CERT advises increasing your Internet Explorer security settings, per Microsoft’s instructions. (Alas, the higher setting disables parts of Slate’s interface.) Even if you stop using Explorer, other programs on your computer may still automatically launch it to connect to sites.
Firefox eschews ActiveX and other well-known infection paths. You can configure it to automatically download most files when you click on them, but not .exe files, which are runnable programs. I thought this was a bug before I realized Firefox was saving me from myself, since .exe files could be viruses or stealth installers.
For actual Web surfing, Firefox’s interface is familiar enough to Explorer users. There’s hardly anything to say about it, which is a compliment. Some interactive features designed exclusively for Internet Explorer won’t appear, such as the pop-up menus on Slate’s table of contents. A few sites don’t display properly, but they’re pretty rare. More common are those that stupidly turn non-Explorer browsers away by claiming they’re “unsupported.” Trusty, useful ActiveX-powered sites such as Windows Update don’t load at all, but that’s the idea. You can always launch Internet Explorer for those when you need to.
Firefox also adds a productivity feature that Explorer has never gotten around to: tabbed browsing. You can open several Web pages in the same window and flip through them as tabs, similar to those used in some of Windows’ dialog boxes. It’s tough to understand why tabbed browsing is such an improvement until you’ve tried it.But if you’re in the habit of opening a barrage of news and blog links every morning and then reading them afterward, or clicking on several Google results from the same search, tabbed browsing is an order of magnitude more efficient and organized than popping up a whole new window for each link.
That said, be aware that getting started with Firefox isn’t a one-click operation. After installing the browser, you’ll need to reinstall plug-ins for some programs, as well as Sun’s Java engine for any Java-powered pages. Let me save you an hour of head-scratching here: Save Sun’s Java installation file to your desktop, then go back to Firefox’s menus and select File -> Open File to install the downloaded .xpi file into the browser. That’ll work where other methods fail without explanation.
Once you’re set up, it still takes a day or two to get used to the interface and feature differences between Explorer and Firefox, as well as the fact that your favorite sites may look a little different. That’s why I left it out of Slate’s 20-minute anti-virus plan. But if you’ve got time to make the switch, the peace of mind is worth it. Mozilla also makes a free e-mail program called Thunderbird and a calendar tool called Sunbird, if you want to avoid using Outlook and Outlook Express, two other virus carriers. They’re nowhere near as feature-packed as Outlook, but the e-mail client includes a spam filter that works pretty well after you train it on four or five thousand messages—in my case, one week’s mail.
Will Firefox make your computer hackproof? Even Mozilla’s spokespeople stress that no software can be guaranteed to be safe, and that Firefox’s XPInstall system could conceivably be tricked into installing a keystroke logger instead of Sun’s Java engine. But for now, there’s safety in numbers—the lack of them, that is. Internet Explorer is used by 95 percent of the world. Firefox’s fan base adds up to 2 or 3 percent at most. Which browser do you think the Russian hackers are busily trying to break into again?