PDA

View Full Version : Firefox has more security flaws than IE!!!



Billy T
18-04-2005, 08:53 PM
From the Langa List, a fairly authoritative source in anybody's language:


US-CERT (United States Computer Emergency Readiness Team), a partnership between the Department of Homeland Security and the public and private sectors that impartially tracks all manner of security issues in operating systems and major applications, shows that the list of IE's current vulnerabilities is shorter than those for FireFox, Mozilla, and the other alternate browsers.

Likewise, it also lists fewer Windows' vulnerabilities than for the other OSes. :eek:

The last time I mentioned a similar US-CERT finding, by the way, Linux partisans leapt up to tell me that US-CERT didn't know what it was doing. Linux *couldn't* have more security flaws than Windows! Everyone *knows* that Open Source software is so much better than anything from Microsoft--- right?

Well, to the dismay the more rabid anti-Microsoft partisans, reports from other independent observers corroborated CERT's findings.

For example, between July 1 and December 31, 2004, Symantec documented 13 serious vulnerabilities affecting Microsoft Internet Explorer, but found 21 vulnerabilities affecting each of the Mozilla-based browsers.

But don't take my word for it--- read the reports for yourself, see the methodologies for yourself, and decide for yourself: The article posted now (free!) at http://www.informationweek.com/story/showArticle.jhtml?articleID=160900911 has all the details and links you'll need.

Please don't shoot the messenger :horrified

Cheers

Billy 8-{) :D

TonyF
18-04-2005, 09:10 PM
Hi Billy T. See an earlier thread from me - Metla did not think much of Fred L !!!

b1naryb0y
18-04-2005, 09:12 PM
In Security terms it's the Quality not Quantity of the exploit that counts.

Would your rather have your front door left wide open, or have several tiny holes in the wall?

Poppa John
18-04-2005, 09:21 PM
Hi Billy t.
All computer programs, operating systems are created by humans. It is not logical to blame a Windows or Linux program as flawed etc. It is probable that one of the future generations of computers with "Artificial Intelligence" will correct such flaws by itself. Is it possible to "Make" a comp program absolutely faultless? I doubt it very much. A lot of people bemoan the shortcomings of the Microsoft Programmers, yet those same people cannot "write program". I cannot thats for sure.

I read today that "Non Windows" programmes are more prone to Bugs etc than Windows .. It would be no fun for a virus designing idiot to try & cause trouble for any other than Windows. Where is the challenge.

There is NO viable alternative to Windows. Linux buffs will disagree with that statement, & that is their right to do so. I cannot see any change to that in my lifetime. Therefore I have to accept what I have got, a stable XP Home, & get on with it. Yes BILL needs to be told when HIS OS gives us trouble. But consider, if all Windows OS disappeared at midnight to night, would the computing world come to a grinding halt ?? A horrible thought dont you think.?

Just my 2 cents worth PJ :2cents: :2cents:

johnd
18-04-2005, 09:35 PM
"But on the flip side, the "everything else being equal" argument also breaks down for Linux and other open-source software because, as small-share players, they've gained a reputation for security that's at least partly undeserved: Low numbers of problems is not the same as a low percentage of problems. (We'll come back to this in a moment.)"

There is to my mind something fundamentally wrong in the big picture with a statement like this when you are talking about the internet. Sure, the majority of desktop PCs run MS Windows. But about 69% of web servers run Apache and most of that would be on some variant of UNIX or Linux. That's alot of servers. If this platform was as easy to hack as they say - why isn't it happening in a big way? It would be much more productive to hack a server than a home PC!

Just a thought!

johnd
18-04-2005, 09:38 PM
There is NO viable alternative to Windows.

Poppa John - I have to say that is a strange thing to say to people who are using Linux as an alternative to Windows - I have been since 2001 when I removed the dual boot option and have never looked back.

plod
18-04-2005, 09:57 PM
Ms biggest flaw is them continuing to support old OS's so there for never getting it right, every new os is just a fix to the previous.
Apple took a big risk when OS X came out, they stopped supporting old systems told there customers to catch up or get left behind, end result pissed off customers and a great safe OS , but still with its own faults not that i can name any...
Hopefully MS will take the same approach with Longhorn and start out fresh and not worry about compatibility issues with the previous OS

Poppa John
18-04-2005, 10:12 PM
Poppa John - I have to say that is a strange thing to say to people who are using Linux as an alternative to Windows - I have been since 2001 when I removed the dual boot option and have never looked back.


Hi johnd. I am probably talking out of the wronge end, seeing as I have not seriously tried any Linux. We correspond with a lot of people in the UK & some her in NZ. I need an OS that IS compatible with theirs in every way.. We have enough problemms Getting Docs sent from XP Home to open on older Windows OS.

Here is a challenge for you. Bring yourself to Wanganui & Install Linux & all its Bits free of charge, show me how it works & I can then offer an opinion, properly. I would have to get permission from Metla first tho as he has put a lot of effort into this "Tin Box" PJ :eek: :D

Codex
18-04-2005, 10:20 PM
yea but still firefox may be more venurable but ie is more targeted

johnd
18-04-2005, 10:29 PM
I need an OS that IS compatible with theirs in every way.. We have enough problemms Getting Docs sent from XP Home to open on older Windows OS.

The internet is a platform independant environment - it shouldn't matter what OS you are using. What does matter is the software you are using - unfortunately proprietory software keeps changing file formats - it is one of the ways that they continue to make money out of people by forcing you to upgrade. As an alternative, try OpenOffice - it is cross platform and is not dependant on the version you are using. It can even save as MS Word. Get it installed at both ends and I bet all of your file format version problems will disappear.




Here is a challenge for you. Bring yourself to Wanganui & Install Linux & all its Bits free of charge, show me how it works & I can then offer an opinion, properly. I would have to get permission from Metla first tho as he has put a lot of effort into this "Tin Box" PJ :eek: :D

Would love to -- but Timaru is too far away!

Metla
18-04-2005, 10:35 PM
I have a Linux box running in the shop at the moment if you want to sit down and see what its like (well,what the gui is like anyway) my experience with Linux is limited.

This one didn't like the video card,so the res is stuck at 640x480,it detected the network card correctly but it was unable to configure it properly so no net...

So far it has been used for a few games of connect 4....... :nerd: :eek:

beetle
18-04-2005, 11:18 PM
Your halo is slipping slipper boy..................... :eek: :lol:


beetle

vinref
18-04-2005, 11:47 PM
I actually bothered to read the informationweek article, and did look at the CERT site. The article is not useful at all to determine whether IE or FF is safer, because it is very general and the cited CERT papers do not back up the claims in the article very well.

Most of the CERT papers I skimmed say that Windows and has far more vulnerabilities than Linux/Unix. A better site to look at browser vulnerabilites is Secunia (http://www.secunia.com) as it summarises the findings very well for IE, Mozilla/FF and Opera.

Murray P
19-04-2005, 01:57 AM
Billy I have to say the that Fred Langa's write up is on the whole a load of twaddle. Not all mind, in fact there is a lot that is correct, it's just that it's irretrievably tainted by the spin and misinformation Fred has interpersed throughout.

The "Leap of Logic" analogy for eg, is exactly correct in one respect, it's a leap from talking % of disatisfied customers to instances of vulnerabilities found to numbers of vulnerabilities per application or OS. He then damns FF/Mozilla by faint praise, lists complaints about problems that are by and large of MS's proprieatary making if you relly want to look at it objectively. Fred then ladels on a bit more faint praise for good measure and pulls the partisan trick out. Helloooo Fred, getting your kettles and pots a bit confused are we?

Fred is, unfortunately, known for this type of writing particularly when it comes to defending or pitching on behalf of one of his favourites. If you took that type of logic, math and pure spin and used it as evidence, I'd suggest you'd get routed good and proper, you see what I mean.

No software is perfect, FF/Mozilla ceratinly has a way to go in that respect. Personally I'd rather struggle with the odd lousy website, or leave them off my list entirely, than be open to the documented severe vulnerabilities inherent in IE and therefore Windows. If you do not understand the differences in how the software is put together and how it interacts with the world and users, a bit more research might see you right. But, you must also be happy with where you're at and what your using, so long as no damage is done to others, all power to you.

Oh, BTW, I don't mind being sucked into a troll, especially a wee one which has some genuine thought behind it.

Chilling_Silence
19-04-2005, 10:20 AM
This has brought some very interesting feelings out.

There always has and always will be vulnerabilities in any software.

Linux definately wins on the server market (There's quite a few BSD boxes out there too), apache is incredibly common but has also had its share of vulnerabilities.

To be honest, I dont mind the exploits that come along occasionally.
I just saw a vulnerability (and the exploit code) for Firefox that would make and run a .bat file on the C: Drive.
Now I couldnt care less about that because .bat files mean precious little to me.

I like the idea of comparing leaving the door wide open to a few holes in the wall, however either way those holes are smaller and easier to overlook... shouldnt have been there in the first place either way.

Basically Im getting at: Linux and Open-Source programmers have developed a reputation they need to uphold.
There WILL be vulnerabilities and exploits, its part of programming, but the less the better, and having a much more secure base of an OS (in the instance of Linux) means that a lot less damage can be done even if something is r00ted.

Anybody tried the latest Ark Linux?

Chilling_Silence
19-04-2005, 10:23 AM
PJ, If I lived locally I would be at your place today :)

However you dont need me to install Ark Linux. Its a three click installation.

http://www.arklinux.org

You select your language & Timezone, then resize your Windows Partition (It doesnt lose any data) to leave room for it to install.

Couldnt be simpler!

I cant remember if you're on Broadband, but give it a whirl :) I'll start downloading it tonight, just to make sure they havent changed the install process since the beta releases.


Chill.

Chilling_Silence
19-04-2005, 04:13 PM
This may be of interest:
http://www.idm.net.au/story.asp?id=6301

Billy T
19-04-2005, 04:57 PM
I guess I ought to confess, my thread was a gentle "tongue in cheek" tease for the Firefox disciples.

My apologies to Tony, I did a quick check to see if the topic had been posted already but somehow I missed his post.

As for views about the credibility or bona fides of Fred Langa, he probably wouldn't think too much of the opinions of any of us either, and at the level he publishes, he is well respected by a wider audience than PF1 enjoys so it is each to his own I guess.

Cheers

Billy 8-{):p

Murray P
19-04-2005, 06:35 PM
I guess I ought to confess, my thread was a gentle "tongue in cheek" tease for the Firefox disciples.

My apologies to Tony, I did a quick check to see if the topic had been posted already but somehow I missed his post.

As for views about the credibility or bona fides of Fred Langa, he probably wouldn't think too much of the opinions of any of us either, and at the level he publishes, he is well respected by a wider audience than PF1 enjoys so it is each to his own I guess.

Cheers

Billy 8-{):p


Yes of course Billy, noticed it, but where there's smoke there's apt to be fire too eh! ;)

I think Freds published views are respected in some respected circles as much as some hardware site's reviews are respected in other circles, if you get my drift.

Despite that, I have Fred's website bookmarked and often head there for a browse. Much of Fred's purely technical writing is very informative but, like many of us, me included, he has his distinct biases which are reflected in his opinion pieces. The trouble with the opinion pieces is that, a lot of people look to Fred for technical leadership and confuse these pieces with objective technical articles.

Chilling_Silence
19-04-2005, 07:51 PM
Some points though, although said tongue in cheek, are quite valid!

ninja
19-04-2005, 08:29 PM
Linux definately wins on the server market (There's quite a few BSD boxes out there too), apache is incredibly common but has also had its share of vulnerabilities.3 machines died last week.

2 MS Servers.
1 *nix Servers.

2 MS Servers had to be reinstalled from the ground up, the hot swap drives wouldn't take in another platform, OS couldn't take it.

1 *nix server had to have it's hot swap drives pulled out, slammed into another machine and was operating within 10 minutes.