> -----Original Message----- > From: Marlon Moyer [mailto:[EMAIL PROTECTED] > Sent: Tuesday, September 20, 2005 10:58 AM > To: CF-Community > Subject: Re: firefox honeymoon over? > > I think the real comparison is the amount of potential exploits in the > browser. I think that a lot of these are being fleshed out now with > firefox given that the code is open and being looked at by the general > public (general public developers that is). Meanwhile, IE remains the > blackbox and we have no idea how many more exploits are there.
I'm not sure if access to the source is at all required for secure software. It may help, but the real issue is vulnerability to attack - and you don't need source to detect a vulnerability. > I've alse read an article that claims these studies are only > considering "verified" exploits. At the time of the study, firefox > had 3 unverified and IE had about 19 or somewhere around that number. > That's something that could really skew the results. It could... but if they're unverified it would be questionable at best to add them. (If they're unverified... why? Are they so esoteric that it's that hard to actually prove them?) > Regardless of how much safer they say they are, I "feel" safer using > firefox because of the extensions that I've been able to install. I > surf with JavaScript disabled by default. With the noscript > extension, I can right click on a site that's not working and enable > JavaScript for individual domains. Ever since installing it, I'm > amazed at how many sites have scripts that come from multiple domains. Well... for what it's worth that feature's encompassed as part of IE security zones for years. It's a different implementation, of course, but you can do the same thing. I'm also not that comfortable claiming that a core piece of software is "better" because an add-in offers some security benefit. If so we're on a slippery slope. I use AvantBrowser, for example, an IE wrapper. It offers many, many "one-button" security features not present in the core IE... but can I claim it as an IE "feature" because it's free and easy to add? But your main point is valid: a "sense" of security is very important. I think Firefox has been able to build that while IE has found it very difficult. I do think that MS is addressing this well however. Their focus on security is admirable and they seem to be spending resources on issues important to the end-user (phishing for example). If a product or a company makes you feel safe that's very, very important. But in the end you can't let a company's impression of security sway you from mistrusting them. I still say you should always mistrust your software. Owning software is like raising kids: you love them and know they don't mean actual harm, but dammit don't turn your back on them. > I think in the end for me it comes down to whether or not you want to > be in the platoon that wears the bright red uniforms (IE) or the ones > that used to were camouflage, but just replaced it with dark blue > (firefox). I'm not sure of the metaphor... if it references exposure then Firefox is definitely moving up in the world - that's the whole point of the original article. As it gets more use it will be attacked more - this says nothing about the quality of the product just the ingenuity of the assholes. Jim Davis ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Purchase RoboHelp from House of Fusion, a Macromedia Authorized Affiliate and support the CF community. http://www.houseoffusion.com/banners/view.cfm?bannerid=59 Message: http://www.houseoffusion.com/lists.cfm/link=i:5:174409 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/5 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:5 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.5 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
