On 1/22/10 8:37 PM, William Pitcock wrote:
On Fri, 2010-01-22 at 22:16 -0500, Steven Bellovin wrote:
On Jan 22, 2010, at 12:26 AM, Bruce Williams wrote:
The problem with IE is the same problem as Windows, the basic design
is fundementally insecure and "timely updates" can't fix that.
You do realize, of course, that IE is recording less than half the
security flaw rate of Firefox? (See
http://prosecure.netgear.com/community/security-blog/2009/11/web-browser-vulnerability-report---firefox-leads-the-pack-at-44.php)
Consider for a moment that both Firefox and Safari are built on
open-source code where the code can be audited. As a result, it is
clear why Firefox and Safari are more "insecure" than IE, it is simply
because the code is there to be audited.
Frankly, they are all about the same security-wise.
William
I have a feeling that most of the 'security' problems with firefox is
related to extensions/addons/plugins, rather then the firefox
application itself. You can't fault the devs for unsupported
addons/extensions/plugins that are made by a third party with
questionable levels of programming skills.
M$ tried this same thing, comparing Linux to Windows vulns, neglecting
to mention that the only reason why there was more Linux exploits was
because they were including things other then the kernel and base system.
--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org / http://www.ahbl.org
