?

Log in

Oct. 3rd, 2005 @ 10:20 am the fox and the hound
About this Entry
[User Picture Icon]
From:rjs
Date:October 3rd, 2005 07:40 pm (UTC)

Re: At least you aren't promoting security

(Permanent Link)
Yes, one hole can be worse than 1000. However, in this case, the holes in Firefox have been as bad as the ones in IE. As evaluated by Symantec Security, twice the number of holes have been found in Mozilla-based browsers as in IE in 2005. 72% of those flaws were considered high-severity, compared to 62% of the IE holes (from sans.org). I do not have enough knowledge of the specific flaws to elaborate further.

My point is that in my opinion (and that's the best I can say with my knowledge), there is not a significant security advantage to using Firefox over IE. I do agree that there is a significant functional advantage.
[User Picture Icon]
From:skeller23
Date:October 3rd, 2005 08:05 pm (UTC)

Re: At least you aren't promoting security

(Permanent Link)
I do not have enough knowledge of the specific flaws to elaborate further.

Followed by...

My point is that in my opinion (and that's the best I can say with my knowledge), there is not a significant security advantage to using Firefox over IE.

Maybe the fact that you don't know anything about the bugs other than what a Symantec summary has to say is a clue that you are not in a particularly good position to talk about browser security risks...
[User Picture Icon]
From:rjs
Date:October 3rd, 2005 08:35 pm (UTC)

Re: At least you aren't promoting security

(Permanent Link)
I am a systems administrator (including email-security systems) and I do regularly read IT security newsletters. The fact that I know about Symantec's report is probably more than most people. So even though I haven't read in detail about the 25 Mozilla vulnerabilites or the 13 IE vulnerabilities, I am still offering a somewhat educated opinion.

I just don't want people to think that since they're not running IE, they are safe from harm. Both browsers have important security concerns.

Here is a link if you want to read more:
Mozilla's popularity stressing its security image
From:paulb010101
Date:October 3rd, 2005 09:21 pm (UTC)

Re: At least you aren't promoting security

(Permanent Link)
Well, there's your problem right there, those vulnerabilities are on the Windows version.

Take a dab of "there will probably always be vulnerabilities, that's the nature of the beast" with a pinch of "it takes a long time for an exploit to be fixed in IE" with a healthy spoonful of "Gee, those mozilla bugs tend to get fixed really quick, and if I can't wait the two days, I have the ability to go in and try and fix it myself" and you have the recipe for making an informed decision. You seem to be saying that since Firefox is not perfect, that IE is a perfectly acceptable alternative (this is how it is coming across) which mirrors the evolution vs ID debate.

Simply being *aware* that there are 25 Mozilla and 13 IE vulnerabilities means not a heck of a lot. Is the vulnerability a denial of service, a proof of concept, a stack overflow, a remote command shell? Simply putting up numbers without even superficial analysis does not lend much support to your "somewhat educated opinion".
From:ford0067
Date:October 4th, 2005 05:34 pm (UTC)

Re: At least you aren't promoting security

(Permanent Link)
Take a dab of "there will probably always be vulnerabilities, that's the nature of the beast" with a pinch of "it takes a long time for an exploit to be fixed in IE" with a healthy spoonful of "Gee, those mozilla bugs tend to get fixed really quick, and if I can't wait the two days, I have the ability to go in and try and fix it myself" and you have the recipe for making an informed decision.

You know because the vast majority of the web browsing public pays attention to all the latest bug fixes and patches right away. And when they do not come out fastest enough they whip out their editors.

Sorry for the sarcasm but this is a stupid way to look at things. The educated among us can use IE, Firefox ... Name any browser ... and not have a problem. Why? We are educated and know how to protect ourselves. The vast majority of people, whose only concern is to find porn or read whatever nonsense CNN,MSNBC or Fox is spewing, don't know and don't care. I can already see the viruses and other malicious apps being built up through the extensions capability. The mindless drones will simply click accept and move on never having a second thought. The larger the target audience gets the more likely someone will decide to attack that population of Internet Users.