firefox insecurity?

[Craig White]

On Tue, 2005-09-20 at 14:10 -0700, der.hans wrote:
> A quick question for those who use m$ desktops but don't use eXploder
> and
> LookOut: do you still have to run anti-spyware and anti-virus stuff
> all
> the time? If you do run them, do you constantly find stuff that needs
> to
> be removed?
> 
> Outlook and IE are so insecure that even my grandma knows how to run
> anti-spyware and anti-virus programs!
----
you can't connect to the Internet and run Windows without them...that's
a fact.

Open source bugs get documented and fixed. Proprietary source software
doesn't necessarily admit or fix anything except what they have
acknowledged and fixed or not fixed as it were (but they wouldn't likely
acknowledge stuff that they don't fix).

Try installing the latest service packs on Win2K server or Win2K3 server
and see if you can actually use IE without compromising security...it's
not possible. It's one of the funniest things I have seen in a while.
This is Microsoft's way of telling you that you can't run IE without
compromising security.

Of course there is little reason to logon to Win2K or Win2K3 server as
something other than superuser (not including terminal services) whereas
you should NEVER log in to GUI as root on Linux.

For that matter, I don't run as superuser on my own WinXP system but
that is something I have learned over time...most Windows users never
get this concept.

the dark dirty secret, Microsoft understands this little detail...
<http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/windows_security_whynot_admin.mspx>
but of course, default setup would ignore this and in fact, you have to
do a bunch of extra work to achieve this.

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.