> -----Original Message----- > From: Derek Vinyard [mailto:[EMAIL PROTECTED] > Sent: Tuesday, September 20, 2005 9:40 AM > To: CF-Community > Subject: Re: firefox honeymoon over? > > hmm let's see... v6x vs v1x > > yeah ok.
So, Firefox 1.0 should be compared to IE 1.0? If so then it still has more security problems. ;^) In this arena it's perfectly fine to compare the two: Firefox developers have been vocal that they'll be producing a browser "better" than IE 6.x. In that sense alone comparisons between the two are valid. Now, that being said, I'm not sure if THIS comparison is valid. I'm definitely in the camp that says all software is buggy and the most popular software will be attacked more often. Firefox is assuming the mantle, and the problems, of success. However it's still true that IE is more feature-rich than Firefox (activeX, client-side hooks, security zones, etc)... more features mean more potential issues, more avenues of attack. In this sense it's impressive that the comparison shows so few issues for IE. But comparison of instances is simplistic. An esoteric buffer overrun that allows a malicious page to crash the browser vrs a default setting which allows a script kiddie to install a root kit. Looking at the articles source material from Securia.com shows that, indeed, the "criticality" of IE exploits trends higher over the past two years. However it's also true that the recent trend (the past year) shows the two browsers much closer in this respect (it seems like most of IE's truly critical flaws were found earlier). In the end the situation doesn't change: you can't trust a piece of software to be bug-free. Whichever browser you choose you should assume that it's flawed. Protect it via a layered approach (Firewall, anti-virus, privacy, etc) and keep it up to date. Both companies respond with alacrity in my opinion. Both provide automated means of informing users of updates. Both attempt (although MS is much better at this in my opinion) to inform general users of issues and things to look out for. (I will say however that I feel strongly that Firefox needs to embrace this. Their current system of "patching" is atrocious (since it doesn't actually exist - you have to download a new build).) But it still falls on the shoulders of the end user to ensure that they essentially mistrust their software and take control of that mistrust. Jim Davis ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:5:174401 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/5 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:5 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.5 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
