firefox insecurity?

[JD Austin]

Anthony wrote:

>Here is one that I keep seeing mentioned.
>
>http://news.zdnet.com/2100-1009_22-5873273.html
>
>
>  
>
It looks like more M$ spin to me by a company that would cease to exist 
if M$ Windows were secure.
I have faith that bugs and vulnerabilities will be found and fixed 
quickly with Firefox.

These comments on slashdot sum it up nicely:

> *Questions* (Score:4, Insightful)
> by daveschroeder (516195) <http://slashdot.org/%7Edaveschroeder> * 
> <http://it.slashdot.org/faq/com-mod.shtml#cm2600> <das&doit,wisc,edu 
> <mailto:das%26doit%2Cwisc%2Cedu>> on Tuesday September 20, @11:11AM 
> (#13604277 <http://it.slashdot.org/comments.pl?sid=162802&cid=13604277>)
> (http://das.doit.wisc.edu/) How many of these vulnerabilities were 
> discovered or aided because of the very fact that the Mozilla family 
> of products are open source, open to the intense peer scrutiny of the 
> community, one of the core, fundamental facets of the Mozilla 
> products, and open source projects in general, that will help quickly 
> /make/ them more secure? Do they even grasp this concept?
>
> How quickly and effectively were the Mozilla/Firefox vulnerabilities 
> patched in comparison to IE?
>
> Is there any consideration given to the fact that Internet Explorer is 
> a decade old and integral to the OS, and STILL routinely has extremely 
> critical vulnerabilities, and may have an untold number of 
> yet-to-be-discovered critical vulnerabilities?
>
> Assuming customer choice is important, a customer can elect to not use 
> Firefox and remove it from their system. Can the customer remove IE? 
> Can the customer even elect to not use IE, or does the OS still force 
> them to use IE for some tasks?
>
> I could go on, but I think it goes without saying that at best this 
> "report" uses extremely flawed logic to draw its conclusions, and at 
> worst, Symantec is shilling for Microsoft.
>
> Or both.



> *Re:How many?* (Score:5, Interesting)
> by minginqunt (225413) <http://slashdot.org/%7Eminginqunt> on Tuesday 
> September 20, @11:16AM (#13604360 
> <http://it.slashdot.org/comments.pl?sid=162802&cid=13604360>)
> What drivel.
>
> There are several massive logical ballsups here, made by the linker 
> and the linkee.
>
> 1) Not all exploits are created equal. Look at the number of those Moz 
> exploits rated by Secunia as 'Extremely Severe' or 'Critical' compared 
> to those for IE.
>
> 2) Mozilla Firefox is not bug free. No piece of software is bug free, 
> and only a mentally retarded moron would believe otherwise. What is 
> important is not that security flaws get found, but (a) how open the 
> organisation is about the flaw [full disclosure] and (b) timeliness of 
> fixes.
>
> 3) Mozilla believes in full disclosure, Microsoft does not.
>
> 4) The average time taken to patch a flaw in Firefox is two days. IE 
> has unpatched vulnerabilities going back SIX YEARS.
>
> 5) Critical components of Firefox run in an sandboxed unprivileged 
> space. When Firefox flaws are discovered, the damage done is 
> minimised. IE runs everything with administrator privileges. When IE 
> is exploited (regularly), a full-on system-rape inevitably follows.
>
> 6) ActiveX. The unsafe system by which 90% of spyware, adware, 
> trojans, porn diallers etc. enter your system. Guess which browser has 
> ActiveX turned on by default? Yes, IE. Firefox doesn't support ActiveX 
> because it's just too bloody dangerous.
>
> The security arguments being made about IE vs Firefox in that argument 
> are unreconstructed luddite ballacks.



-- 
JD Austin
Twin Geckos Technology Services LLC
email: jd at twingeckos.com
http://www.twingeckos.com
phone/fax: 480.288.8195 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.plug.phoenix.az.us/pipermail/plug-discuss/attachments/20050920/124be8cc/attachment.htm