At least according to Chapin Information Services, all your password are belong to us.  (That is to say, all web browsers fail at protecting your passwords.)

In their latest test of web browser password protection they ran Opera 9.62, Firefox 3.0.4, Internet Explorer 7.0, Safari 3.2, and Google Chrome 1.0.  And they all sucked.  Of the twenty one password tasks tested, Opera and Firefox (no surprises there at either) did the best, passing a whole seven tasks each.  That’s right, one third.  In school terms that would be 33%, which is a very right depressing solid F.

Oh, but it gets better.  Those were the best scorers.  From there we have Microsoft’s IE7 succeeding at a whole five of the twenty one tasks.

And then the real failures: Google Chrome and Apple Safari, only passing a mere two out of twenty one tasks.  Two.  Two!

(For more detailed information on which browser fails which task, visit http://www.info-svc.com/news/2008/12-12/.)

The moral of the story?  As you shop around online this Christmas season, really really really don’t trust your web browser, even the best of them, to protect your passwords.  Don’t let your browsers save your passwords.  You’ve got better security just writing the passwords on a Post-it and sticking it to your monitor than you are letting your web browser remember your passwords for you.

The weather outside is frightful.  And so is security on an old Microsoft PC.  I know, that’s old news really.  Unpatched Microsoft PCs are honeypots.  Still, if one message could be gotten across to computer owners, it’s to patch their PCs!

So let’s start with what should be fairly obvious news.  Microsoft isn’t patching Internet Explorer 6 anymore.  They want you to use IE7 instead.  They support IE7.  (Even if IE6 was so much better in so many ways.)  So if you’re for some odd reason still using IE6, then you’re really wearing a big target that says, “Hack me!” See, you really are…

Okay, so that was the obvious.

Now let’s look at, say, Microsoft’s latest Patch Tuesday.  Specifically, let’s look at what it didn’t contain: A patch to fix a zero day vulnerability in IE7.  And this vulnerability is in the latest Windows Vista SP1 and Windows XP SP3.  It’s a security hole just waiting to be exploited.  …If you use IE.  If you use, say, Firefox, or Opera, then you’re safe from it.  But that pretty much goes without saying anyway.

Here’s one you might not expect though, and, again, goes to show that keeping yourself updated means a lot.  WordPad is a security risk.  Yes, that’s right.  WordPad has an unpatched hole it’s Word 97 document text converter which can be used to hack you silly.  Okay, so it requires you opening up an infected Word 97 file.  In WordPad.  (Does anyone even still use WordPad when OpenOffice is free?)  The thing is, if you have Windows XP Service Pack 3 or Windows Vista (or Windows Server 2008) then you’re safe.  It’s only older service packs (or lack thereof) of Windows XP or Windows 2000 that are at risk.  Have an up-to-date PC and you’re safe.  But still … WordPad.  WordPad!  Why the heck doesn’t Microsoft fix that little gem?

So, you see, security doesn’t just happen.  To be secure you have to do your own part.  You have to make sure that you’re getting your updates.  And with Windows Update set to automatic, I don’t think it’s ever been easier.  Staying up to date saves you from a lot of malicious evil nasty do-badders out there.  But even then, it doesn’t protect you from everything, just most things.  Surf safe.  Surf smart.  And keep up to date.

And, though I hate to say it, keep as much away from Microsoft as you can manage.

So Firefox has released some much-needed fixes.  From memory corruption to privilege escalation.

While it’s nice to see such high priority fixes being worked on, one can’t help but wonder what “Forced mouse drag” was doing in the lot with them.  Still, any security hole that gets boarded up is one less attack route.

What I’m personally really hoping to see is that Firefox 3 can finally address its incredible slowness in closing.  Since Firefox 2 didn’t suffer from such a horrible fate, I know it must be possible to resolve.  Just as the spell checker being suddenly dumber than a brick in Firefox 3 when it was actually useful in Firefox 2.  Can we please just revert that code if nothing else?

Anywho, so at least Mozilla is trying.  They are fixing the turd that is Firefox 3.  Maybe it’ll even eventually, one day, be as useful as Firefox 2 was.

Now if they’d only design it so that you can turn off and hide features that you don’t want…

And why is Firefox 3’s spell checker so awful compared to Firefox 2’s?  It’s like the dictionary has a mere fraction of the words.  It’s awful!  What the heck?!

Okay, so I’ve been using Mozilla Firefox 3 for a couple of days now.  And’s here’s my basic impression: Mozilla is full of crap.

There are supposedly all sorts of new and improved features.  Safer?  Maybe, though I’ve never really had a problem with that in Firefox 2.  Smarter?  More annoying so far as I can tell.  It’s full of new bookmark features that I don’t want and wish there was a way to turn off.  The only thing smarter as far as I’m concerned are the new icons which look smarter, as in snazzier, not more intelligent.

But one thing that Firefox 3 most definitely is on my computer, is slower.  Everything I do is slower.  Not faster, like Mozilla claims, but slower. S - L - O - W - E - R.  Slower.

The most annoying thing of all is that now is that it’s so slow to close that when I close it and open a new session, I keep getting this error message:

And so I wait.  And try again.  And sometimes it eventually works.  And sometimes I have to wait more.  Eventually it finishes closing, and eventually I can open a new session.  But I’ve never even remotely had this problem with Firefox 2.  This is most assuredly a Firefox 3 “feature” to be this very slow to close.  The error simply is, Firefox 3 is slow.

(For those of you wondering why I do this, I have a  1920×1200 resolution.  I thought it would be nice to put some of my various web-mail and forum links on the desktop, grouped next to Mozilla Thunderbird, since I have so much unused real estate.  So as I check each, I close each one when I’m done and open the next.  Perhaps strange behavior, I know, but when you have more bookmarks than you know what to do with, you start looking for interesting new ways to make the important ones stand out from the general mish-mash.  It worked absolutely fine with Firefox 2.  But the “faster” Firefox 3 is so much slower that it no longer works so well.)

This is just one example.  As I said, everything in Firefox 3 seems to be slower.  Firefox 3 takes noticably longer to start up.  Pages take easily twice the time to load.  It’s like my hard drive got downgraded.  But it’s not my hard drive.  It’s Firefox 3.

And for what?  A bunch of gimmicky features that I’d rather remove.  What I’d rather have is a Firefox Lite.  If I want stupid features that make my browser crap I’ll use Internet Explorer, thanks.

Honestly, after “upgrading” to Firefox 3, I’m seriously considering switching to Opera.  Firefox 3 is just that bad.  (And no, I’m never going back to IE until Microsoft learns from their mistakes.  You do not force the menu bar to be the second bar from the top.  It’s the first.  It’s always the first.  And the GUI bloopers just get worse.  It’s like Microsoft forgot what a GUI is even there for, which is to be intuitive.)

My advice?  If you haven’t made the mistake of upgrading to Firefox 3 yet, then don’t.  Stick with Firefox 2.  It’s faster.  It’s just as functional.  And it’s not as cluttered with features.