Anthony wrote: >Here is one that I keep seeing mentioned. > >http://news.zdnet.com/2100-1009_22-5873273.html > > > > It looks like more M$ spin to me by a company that would cease to exist if M$ Windows were secure. I have faith that bugs and vulnerabilities will be found and fixed quickly with Firefox. These comments on slashdot sum it up nicely: > *Questions* (Score:4, Insightful) > by daveschroeder (516195) * > > on Tuesday September 20, @11:11AM > (#13604277 ) > (http://das.doit.wisc.edu/) How many of these vulnerabilities were > discovered or aided because of the very fact that the Mozilla family > of products are open source, open to the intense peer scrutiny of the > community, one of the core, fundamental facets of the Mozilla > products, and open source projects in general, that will help quickly > /make/ them more secure? Do they even grasp this concept? > > How quickly and effectively were the Mozilla/Firefox vulnerabilities > patched in comparison to IE? > > Is there any consideration given to the fact that Internet Explorer is > a decade old and integral to the OS, and STILL routinely has extremely > critical vulnerabilities, and may have an untold number of > yet-to-be-discovered critical vulnerabilities? > > Assuming customer choice is important, a customer can elect to not use > Firefox and remove it from their system. Can the customer remove IE? > Can the customer even elect to not use IE, or does the OS still force > them to use IE for some tasks? > > I could go on, but I think it goes without saying that at best this > "report" uses extremely flawed logic to draw its conclusions, and at > worst, Symantec is shilling for Microsoft. > > Or both. > *Re:How many?* (Score:5, Interesting) > by minginqunt (225413) on Tuesday > September 20, @11:16AM (#13604360 > ) > What drivel. > > There are several massive logical ballsups here, made by the linker > and the linkee. > > 1) Not all exploits are created equal. Look at the number of those Moz > exploits rated by Secunia as 'Extremely Severe' or 'Critical' compared > to those for IE. > > 2) Mozilla Firefox is not bug free. No piece of software is bug free, > and only a mentally retarded moron would believe otherwise. What is > important is not that security flaws get found, but (a) how open the > organisation is about the flaw [full disclosure] and (b) timeliness of > fixes. > > 3) Mozilla believes in full disclosure, Microsoft does not. > > 4) The average time taken to patch a flaw in Firefox is two days. IE > has unpatched vulnerabilities going back SIX YEARS. > > 5) Critical components of Firefox run in an sandboxed unprivileged > space. When Firefox flaws are discovered, the damage done is > minimised. IE runs everything with administrator privileges. When IE > is exploited (regularly), a full-on system-rape inevitably follows. > > 6) ActiveX. The unsafe system by which 90% of spyware, adware, > trojans, porn diallers etc. enter your system. Guess which browser has > ActiveX turned on by default? Yes, IE. Firefox doesn't support ActiveX > because it's just too bloody dangerous. > > The security arguments being made about IE vs Firefox in that argument > are unreconstructed luddite ballacks. -- JD Austin Twin Geckos Technology Services LLC email: jd@twingeckos.com http://www.twingeckos.com phone/fax: 480.288.8195