News

Wednesday, June 18, 2008

Firefox 3: A Long Time Coming and Worth the Wait

WIN_SECURITY UPDATE_
A Penton Media Property
June 18, 2008


If you want to view this on the web go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-9392-803-202-62923-954747-0-0-0-1-2-207

----------------------------------------
ADVERTISEMENT
VeriSign, Inc/ SSL

Increase confidence on your site

Offer strong encryption to your site visitors with VeriSign Server-Gated
Cryptography (SGC) SSL to enable every site visitor to connect with the
strongest encryption available to them. Learn about the benefits of
strong encryption in this free white paper.

http://ct.email.windowsitpro.com/rd/cts?d=33-9392-803-202-62923-954748-0-0-0-1-2-207
----------------------------------------

IN FOCUS

--Firefox 3: A Long Time Coming and Worth the Wait
by Mark Joseph Edwards, News Editor
On June 17, Mozilla Foundation released the long-awaited Firefox 3.0.
The new version makes Firefox better than ever and arguably the best
browser available.

As is usually the case with new versions, this latest release contains
considerable performance improvements, mostly due to upgrades in the
Gecko rendering engine. One thing that bothers me about a few Web sites
is their massive use of JavaScript, which in some cases slows down
interactivity to the point that simple tasks take forever and a day -
sometimes I feel like I might have to go shave while waiting. OK, I'm
exaggerating but hopefully you get the gist. One of the big performance
improvements in Firefox 3.0 is that, according to Mozilla, JavaScript
now runs nearly twice as fast as it does in Firefox 2.x, which means
that a lot of Web 2.0 applications are going to be much more pleasant to
use.

Another thing that formerly bothered me pertains to Firefox itself:
Previous versions contained significant memory leaks. That's a big
problem for those of us who keep numerous tabs open over long periods of
time. To give you an example, I've run Firefox 2.x on a system with 2GB
of RAM and had very little if anything else running on the desktop. Over
a period of several days I might wind up having well over a dozen tabs
open constantly. When I checked memory usage it wasn't unusual to see
Firefox using 1GB of RAM or more! Fortunately Mozilla says that they've
fixed "hundreds of memory leaks" in Firefox 3.0.

Mozilla also integrated a new "garbage collector" called XPCOM Cycle
Collector, which helps release memory when it is no longer needed by
various components. Third-party developers must integrate a bit of code
into their modules for them to participate in garbage collection. For
details on that process see the URL below.

http://ct.email.windowsitpro.com/rd/cts?d=33-9392-803-202-62923-954749-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-9392-803-202-62923-954750-0-0-0-1-2-207)

Aside from better performance and hopefully better memory usage, there
are of course a number of significant security improvements. First
there's a new site information window that pops up when you click the
site name in the location bar. The window can display which site you're
really connected to and whether the connection is encrypted using SSL.
There's also new malware protection that gives the user a stern warning
if they land on a known malware distribution site.

As you know, third-party plug-ins are a mainstay of Firefox and can be
used to add untold amounts of very useful functionality. Like previous
versions, Firefox 3.0 automatically checks to see if your plug-ins are
up to date and can automatically install new versions; however, Firefox
3.0 will automatically disable plug-ins that are not delivered in a
secure manner.

There is a significant security problem in Firefox 2.x (as well as other
browsers) pertaining to JavaScript Object Notation (JSON), which is
widely used as a sort of language-independent way of writing code.
Earlier this year some security issues with JSON were discovered that
might let intruders use JavaScript to perform malicious actions. This
problem is now fixed with JavaScript 1.8 in Firefox 3.0. If you're
interested in details of the vulnerability, go to the URL below, select
JavaScript in the left pane, then Encapsulation, then JavaScript
Hijacking: Ad Hoc Ajax.

http://ct.email.windowsitpro.com/rd/cts?d=33-9392-803-202-62923-954751-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-9392-803-202-62923-954752-0-0-0-1-2-207)

Other security improvements include antivirus software integration,
parental controls, and better handling of cookies. And as is usually the
case, there are numerous other non-security improvements that you'll
probably enjoy.

For those of you seeking help in handling enterprise rollouts of
Firefox, be sure to read my article "Enterprise Rollout and Management
of Firefox," at the first URL below. To get an overview of other
features in Firefox 3.0, read Paul Thurrott's article at the second URL
below and Percy Cabello's review at the third URL below.

http://ct.email.windowsitpro.com/rd/cts?d=33-9392-803-202-62923-954753-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-9392-803-202-62923-954754-0-0-0-1-2-207)

http://ct.email.windowsitpro.com/rd/cts?d=33-9392-803-202-62923-954755-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-9392-803-202-62923-954756-0-0-0-1-2-207)

http://ct.email.windowsitpro.com/rd/cts?d=33-9392-803-202-62923-954757-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-9392-803-202-62923-954758-0-0-0-1-2-207)

Finally, keep in mind that some sites do render differently in Firefox
3.0. To determine how your sites look in Firefox 3.0 (as well as 72
other Web browsers!) go to the URL below, where you'll find one of the
most useful Web development tools available on the Internet today. The
site can grab screen shots of any site using any of the supported
browsers, so you get a direct look at your site that will immediately
reveal any rendering problems.

http://ct.email.windowsitpro.com/rd/cts?d=33-9392-803-202-62923-954759-0-0-0-1-2-207 (http://ct.email.windowsitpro.com/rd/cts?d=33-9392-803-202-62923-954760-0-0-0-1-2-207)

----------------------------------------
ADVERTISEMENT
Microsoft

Protect Your Data with System Center Data Protection Manager 2007

Reduce Costs and Improve the Agility of Your Business

Explore this demo to learn how Microsoft System Center Data Protection
Manager 2007 offers continuous data protection for Windows application
and file servers, rapid and reliable data recovery, and advanced
technology for enterprises of all sizes. Learn about the helpful new
features of Data Protection Manager 2007 and get your free evaluation
version after the demo.

http://ct.email.windowsitpro.com/rd/cts?d=33-9392-803-202-62923-954761-0-0-0-1-2-207
----------------------------------------


SECURITY NEWS AND FEATURES

--9 Out of 10 Security Breaches Preventable
According to a new study conducted by Verizon Business, 9 out of 10
security breaches could have been prevented. Furthermore, the vast
majority of breaches are perpetrated by company outsiders.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-9392-803-202-62923-954762-0-0-0-1-2-207

--Major ISPs Team to Block Child Porn
New York Attorney General Andrew M. Cuomo said that he's gotten
agreements from Verizon, Time Warner Cable (TWC), and Sprint to block
online access to child pornography in newsgroups and to expunge such
sites from their own networks.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-9392-803-202-62923-954763-0-0-0-1-2-207

--Tech Ed 2008: Neverfail Unveils ClusterProtector
Data protection, high availability, and disaster recovery are topics
that can give sleepless nights to many IT pros. Neverfail hopes to
alleviate that stress with Neverfail ClusterProtector, a new product
announced at Tech Ed IT Professionals 2008.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-9392-803-202-62923-954764-0-0-0-1-2-207

--Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security Alerts,
which inform you about recently discovered security vulnerabilities. You
can also find information about these discoveries at

http://ct.email.windowsitpro.com/rd/cts?d=33-9392-803-202-62923-954765-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-9392-803-202-62923-954766-0-0-0-1-2-207)


GIVE AND TAKE

--SECURITY MATTERS BLOG: MS08-030 Not A Big Deal Says Microsoft
by Mark Joseph Edwards
Microsoft released a patch for Bluetooth technology this month as part
of the company's monthly batch of patches. While on the surface it seems
like a significant risk, Microsoft says it's not really a big deal. But
if security is relative, then Microsoft's position is moot, isn't it?
Read the details in this blog article on our Web site.

http://ct.email.windowsitpro.com/rd/cts?d=33-9392-803-202-62923-954767-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-9392-803-202-62923-954768-0-0-0-1-2-207)

--FAQ: Run Some of Your Favorites Tools Live from the Web
by John Savill
Q: What is Sysinternals Live?

Find the answer at
http://ct.email.windowsitpro.com/rd/cts?d=33-9392-803-202-62923-954769-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-9392-803-202-62923-954770-0-0-0-1-2-207)

--SHARE YOUR SECURITY TIPS AND GET $100
Share your security-related tips, comments, or problems and solutions.
Email your contributions to r2r@windowsitpro.com
(mailto:r2r@windowsitpro.com). If we print your submission, you'll get
$100. We edit submissions for style, grammar, and length.


RESOURCES AND EVENTS

Tutorial--Two-Day DBA Course on Oracle Database 11g Release 1

This course provides detailed information about Oracle 11g, including
step-by-step instructions on
* installing Oracle and building the database
* configuring the network environment
* managing schema objects
* performing backup and recovery
* monitoring and tuning the database
Download this free course today.
http://ct.email.windowsitpro.com/rd/cts?d=33-9392-803-202-62923-954771-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-9392-803-202-62923-954772-0-0-0-1-2-207)

The Evolution of SQL Server

SQL Server has come a long way in the past 10 years. This white paper
gives an overview of the database engine's enhancements and discusses
SQL Server's suite of services and tools for the relational database
engine and business intelligence (BI). In addition to focusing on
ongoing improvements, this paper mentions some unfortunate features,
including some that have been or will be abandoned. Understand the SQL
Server evolution today--download this free white paper today!
http://ct.email.windowsitpro.com/rd/cts?d=33-9392-803-202-62923-954773-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-9392-803-202-62923-954774-0-0-0-1-2-207)

Virtualization Essentials

How much are you saving from virtualization? Join Windows IT Pro for
Virtualization Essentials--an interactive online conference with
networking tools, staffed sponsor booths, and educational chats. Learn
how to avoid common pitfalls such as virtual sprawl and how to make
better decisions in the management of your virtualized IT environment.
This free online conference will help you better understand how
virtualization delivers energy savings while enabling agility. Register
today.

http://ct.email.windowsitpro.com/rd/cts?d=33-9392-803-202-62923-954775-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-9392-803-202-62923-954776-0-0-0-1-2-207)


FEATURED WHITE PAPER

Keep Your Exchange Server Healthy!
Fear of loss compels us to protect ourselves, our cars, our homes, our
families, and our friends. Although no one's life is in danger from his
or her messaging system, the welfare of your data could be. Read this
white paper to learn the bare and necessary facts you need to know in
order to proactively maintain your Exchange Server 2007 environment.
http://ct.email.windowsitpro.com/rd/cts?d=33-9392-803-202-62923-954777-0-0-0-1-2-207


ANNOUNCEMENTS

Get It All with Windows IT Pro VIP

Stock your IT toolbox with every solution ever printed in Windows IT Pro
and SQL Server Magazine, plus bonus Web-exclusive content on
fundamentals and hot topics. Order today to receive the VIP CD and a
subscription to your choice of Windows IT Pro or SQL Server Magazine!
http://ct.email.windowsitpro.com/rd/cts?d=33-9392-803-202-62923-954778-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-9392-803-202-62923-954779-0-0-0-1-2-207)

Rev Up Your IT Know-How with Our Recharged Magazine!

The improved Windows IT Pro is packed with trusted content and enhanced
with a fresh new look! Subscribe today to

--Stay ahead of industry trends with comprehensive coverage of topics
such as
Vista and virtualization

--Solve tough technical problems with advice from veteran IT experts
such as Guido Grillenmeier and Mark Minasi

--Find real-world solutions easily with fast facts and quick tips

store.pentontech.com/index.cfm?s=1&promocode=EU2085R1&
(http://ct.email.windowsitpro.com/rd/cts?d=33-9392-803-202-62923-954780-0-0-0-1-2-207)

Windows IT Pro Is Your Definitive Source for BI Tools

--Learn from the top BI experts such as Derek Comingore, Dan Holme,
Michelle A. Poolet, and Rodney Landrum.

--Build the best platforms and reports with help from SQL Server
Magazine.

--Master data-delivery with front-end solutions in Windows IT Pro.

--Get how-to information, industry trends, and commentary by experts:
Subscribe to the Essential BI UPDATE e-newsletter.

Choose the resource that's right for you at

http://ct.email.windowsitpro.com/rd/cts?d=33-9392-803-202-62923-954781-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-9392-803-202-62923-954782-0-0-0-1-2-207)


CONTACT US
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).

http://ct.email.windowsitpro.com/rd/cts?d=33-9392-803-202-62923-954783-0-0-0-1-2-207

http://ct.email.windowsitpro.com/rd/cts?d=33-9392-803-202-62923-954784-0-0-0-1-2-207

You are subscribed to this newsletter as boy.blogger@gmail.com

Manage your Security UPDATE subscription at
http://ct.email.windowsitpro.com/rd/cts?d=33-9392-803-202-62923-954785-0-0-0-1-2-207.

To unsubscribe:
http://ct.email.windowsitpro.com/rd/cts?d=33-9392-803-202-62923-954786-0-0-0-1-2-207&list_id=803&email=boy.blogger@gmail.com&message_id=9392

Be sure to add Security_UPDATE@email.windowsitpro.com
to your spam filter's list of allowed senders.

To contact us:
About Security UPDATE content -- mailto:letters@windowsitpro.com
About technical questions -- http://ct.email.windowsitpro.com/rd/cts?d=33-9392-803-202-62923-954787-0-0-0-1-2-207

About your product news -- mailto:products@windowsitpro.com
About your subscription -- mailto:windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- mailto:salesopps@windowsitpro.com

View the Windows IT Pro privacy policy at

http://ct.email.windowsitpro.com/rd/cts?d=33-9392-803-202-62923-954788-0-0-0-1-2-207

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2008, Penton Media, Inc. All rights reserved.

No comments:

Blog Archive