> [...] to date [Firefox] has not been subjected to anything like the > same level of scrutiny for exploitable holes by the bad guys (or > anyone else) largely because of its market share (and a misguided > belief that because OSS code _can_ be scrutinized by millions of > eyeballs, it is almost necessarily better scrutinized than non-OSS > code). Thus, FF's market share means the (mostly) monetizable value > of finding and exploiting vulnerabilities in FF makes doing so orders > of magnitude less attractive to the bad guys
That's actually not the only reason. Another is that Firefox has a greater variety of underlying OSes, some of which go to substantially greater lengths than Windows does to make certain common classes of vulnerability (eg, classic smash-the-stack-frame overflows) harder to exploit. This means that even if you find such a bug, your exploit will work only on some indeterminate (but probably, at most, moderate) fraction of Firefox installs: even if the rest are theoretically vulnerable, you have to guess right about various things to make it work, some of which may change from invocation to invocation. > In a couple of years, as a greater and greater proportion of Windows > users are forced to "better" versions of IE, these economics will > likely change, True - but then one place where open source _does_ have an advantage will show itself: the turnaround time on fixes can be _much_ shorter. I have trouble imagining Microsoft releasing an IE fix in less than a week - heck, it's often hard enough to get them to admit a problem _exists_ that fast. But I've seen fixes to OSS appear within as little as a few hours on some occasions. Not that that makes it any easier to get fixes installed.... > but the next low-hanging fruit will then probably be the third-party > add-ons that are common _across browsers_ and typically exploitable > across browsers too (and yes, we have been seeing this for a while > now), rather than "the browser with next largest market share". There's that, too. One of the best things you can do for the security of your systems is probably to run a non-x86 CPU architecture - a lower-level version of the "Windows 3.1" security I mentioned upthread. Of course, this works only as long as the CPU you choose is chosen for only a small fraction of the machines out there. (Another reason I find the current trend to CPU monoculture depressing.) /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML [email protected] / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
