Anthony wrote:
Here is one that I keep seeing mentioned.
http://news.zdnet.com/2100-1009_22-5873273.html
It looks like more M$ spin to me by a company that would cease to exist
if M$ Windows were secure.
I have faith that bugs and vulnerabilities will be found and fixed
quickly with Firefox.
These comments on slashdot sum it up nicely:
Questions (Score:4, Insightful)
by daveschroeder
(516195) *
<das&doit,wisc,edu>
on Tuesday September 20, @11:11AM (#13604277)
(http://das.doit.wisc.edu/)
How many of these vulnerabilities were discovered or aided because of
the very fact that the Mozilla family of products are open source, open
to the intense peer scrutiny of the community, one of the core,
fundamental facets of the Mozilla products, and open source projects in
general, that will help quickly make them more secure? Do they
even grasp this concept?
How quickly and effectively were the Mozilla/Firefox vulnerabilities
patched in comparison to IE?
Is
there any consideration given to the fact that Internet Explorer is a
decade old and integral to the OS, and STILL routinely has extremely
critical vulnerabilities, and may have an untold number of
yet-to-be-discovered critical vulnerabilities?
Assuming customer
choice is important, a customer can elect to not use Firefox and remove
it from their system. Can the customer remove IE? Can the customer even
elect to not use IE, or does the OS still force them to use IE for some
tasks?
I could go on, but I think it goes without saying that at
best this "report" uses extremely flawed logic to draw its conclusions,
and at worst, Symantec is shilling for Microsoft.
Or both.
Re:How many? (Score:5, Interesting)
by minginqunt (225413)
on Tuesday September 20, @11:16AM (#13604360)
What drivel.
There are several massive logical ballsups here, made by the linker and
the linkee.
1)
Not all exploits are created equal. Look at the number of those Moz
exploits rated by Secunia as 'Extremely Severe' or 'Critical' compared
to those for IE.
2) Mozilla Firefox is not bug free. No piece of
software is bug free, and only a mentally retarded moron would believe
otherwise. What is important is not that security flaws get found, but
(a) how open the organisation is about the flaw [full disclosure] and
(b) timeliness of fixes.
3) Mozilla believes in full disclosure, Microsoft does not.
4) The average time taken to patch a flaw in Firefox is two days. IE
has unpatched vulnerabilities going back SIX YEARS.
5)
Critical components of Firefox run in an sandboxed unprivileged space.
When Firefox flaws are discovered, the damage done is minimised. IE
runs everything with administrator privileges. When IE is exploited
(regularly), a full-on system-rape inevitably follows.
6)
ActiveX. The unsafe system by which 90% of spyware, adware, trojans,
porn diallers etc. enter your system. Guess which browser has ActiveX
turned on by default? Yes, IE. Firefox doesn't support ActiveX because
it's just too bloody dangerous.
The security arguments being made about IE vs Firefox in that argument
are unreconstructed luddite ballacks.
--
JD Austin
Twin Geckos Technology Services LLC
email: jd@twingeckos.com
http://www.twingeckos.com
phone/fax: 480.288.8195