> Date: Wed, 20 Jan 2010 19:25:11 +0100 > From: Dan Kaminsky <d...@doxpara.com> > Subject: Re: [Full-disclosure] Two MSIE 6.0/7.0 NULL pointer crashes > To: valdis.kletni...@vt.edu > Cc: Full-disclosure <full-disclosure@lists.grok.org.uk> > Message-ID: > <f26cd0911001201025g7085cfe0t7b3fa4cb055ec...@mail.gmail.com> > Content-Type: text/plain; charset=ISO-8859-1 > > On Wed, Jan 20, 2010 at 7:00 PM, <valdis.kletni...@vt.edu> wrote: > > On Wed, 20 Jan 2010 10:38:34 EST, James Matthews said: > > > >> Why doesn't microsoft throw some of it's weight behind Mozilla and ditch > IE > >> forever. It doesn't suit their image. > > > > Unfortunately, the PR doesn't work that way. ?Do you really want to be > buying > > an entire operating system from somebody who just admitted they can't > even > > produce a workable browser with all their resources? > > > > (Note this works differently in the Linux world, where the kernel crew > doesn't > > even pretend to write browsers, and the Firefox crew *just* does > browsers, and > > somebody else *just* does OpenOffice, and distros (for the most part) > just worry > > about integration issues, and everybody only claims to do their little > part > > well) > > Seriously. I mean, just look at Linux, Firefox, and OpenOffice. > Pristine code, not a single security vulnerability between them :) >
Well, there are vulnerabilities in Linux, FF and OpenOffice but these are not much covered in media compared to MS products. One main reason for this is that unless it is in kernel or a default suid application etc, -eventought it is open source- it will require significant amount of skills (more than you need on win) to exploit these vulns for beneficial purposes due to solid architecture of unix and variants.I am not saying open-source folks are doing a bad job (actually I believe they rock) but your comment leaves an impression like they have flawless quality of code and this is the only reason there are less vulnerabilities in these platforms. There are undisclosed vulnerabilities in the latest kernel and also in Firefox but they are *most likely* not used in criminal activities and etc - which is keeping them low/medium profile (even if they go public, statistical data)
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
