I spent an unfortunately long amount of time, anymore than five minutes is more than required as far as I'm concerned, sanitizing a trojan/rootkit combination from one of my systems. This is largely one of the major reasons I'm happy with my (mostly) complete switch to Linux from Windows. The relative ease with which this trojan installed itself is shocking.

Now, Windows isn't entirely to blame here. The thing is, it installed through a browser scripting exploit. Not in Opera. Not in Firefox. Not even in Internet Explorer. No, this happened in the built in browser in Songbird. This is a serious problem.

Providing a full function Mozilla browser tied in to an application is only as good as the security in the browser. If it's not up to the standards of Firefox, which clearly it's not, then it's a severe hazard. Granted, it shouldn't be a replacement for the regular browsing habits but if it is intended to brave the wilds of the Internet then it should limit the amount of damage that can be done to a system.

Just disable JavaScript isn't a solution.

I really like Songbird. It's got a pretty solid layout, and while the audio quality isn't quite as good as some of the other apps I use I like that it's cross platform. As long as I keep my music on an external storage mediums I can make one change accessible to all my machines and operating systems. That's a huge bonus for me. Being worried that it's so easy to tank Windows through the browser might just be enough to push me away from it.

david shute - Jan 21, 2010 at 9:41 PM