Au79 <> wrote in news:QSmMh.3132$:
> Fuzzy Logic wrote:
>
>> Au79 <> wrote in news:S6dMh.3035$:
>>
>>> Fuzzy Logic wrote:
>>>
>>>> Au79 <> wrote in news:ZMIKh.2248$_:
>>>>
>>>>> heise Security - London,UK
>>>>>
>>>>> ... Internet Explorer 7 under Vista and XP is affected. Until there is
>>>>> a solution ...
>>>>>
>>>>> Switch to Firefox!
>>>>>
>>>>><http://www.heise-security.co.uk/news/86851>
>>>>>
>>>>
>>>> Switching is NOT a solution to security.
>>>
>>> Yes it is.
>>>
>>> As a consumer, I want the most secure product available. IE is a
>>> grab-bag of bugs and holes.
>>
>> As a consumer I want choices. I will choose a product that best meets MY
>> needs. Security is only one of many requirements in a web browser. FWIW I
>> don't use IE or FF as neither of them meet MY needs.
>>
>>>> Learning the security basics is.
>>>
>>> Part of learning the basics of good security is knowing what products
>>> are more secure by design. Clearly Firefox is MORE secure than IE6-7.
For an interesting read:
http://en.wikipedia.org/wiki/Computer_security
I love this quote:
The early Multics operating system was notable for its early emphasis on computer security by design, and
Multics was possibly the very first operating system to be designed as a secure system from the ground up. In
spite of this, Multics' security was broken, not once, but repeatedly.
>>>> Firefox has recently been updated to address it's many security issues:
>>>>
>>>> http://www.mozilla.org/projects/secu...abilities.html
>>>>
>>> Good, all the more reason to switch. In the mean time IE has not been
>>> patched.
>>>
>>>> No browser is 100% safe
>>>
>>> But some ARE safer than others. Select wisely.
>>>
>>>> so find a browser YOU like
>>>
>>> Funny thing, IE7 ripped off just about all the features of Firefox 1.0
>>> but I still like Firefox better.
>>
>> And Firefox ripped of Opera.
>>
>>>> , learn and use it's
>>>> security features, keep it and your OS patched and practice safe
>>>> computing and you are likely as safe as you can be.
>>>
>>> You are not as secure as you can be with windos and IE.
>>
>> There are always tradeoffs between security and functionality. What's best
>> for you may be useless to me and vice versa.
>>
>> If we were to say that Firefox is 98.5% secure and IE is 97.5%
>
> To insinuate that Firefox is only slightly more secure is missleading, I
> understand that these are only hypothetical numbers and that you are a big
> microserv, but lets not give the wrong impression. We can say that Firefox
> advantages over IE can be quantified and be considered significant.
Not even Window Snyder (head of security at Mozilla) will state that Firefox is 'more secure' than IE:
Is Firefox more secure than Microsoft's Internet Explorer?
Snyder: This gets into how you measure security. I think one of the most important metrics of security is days
of risk: How long does it take for a vendor to get a patch out to its customers? Then, once the patch is
available, how long does it take to deploy it?
I think Mozilla has made the number of days between the time a vulnerability is identified and a patch is available
incredibly small, and it is shrinking.
Source <http://news.com.com/2102-7355_3-6117896.html?tag=st.util.print>
Whenever I see 'more secure' I think marketing ploy. Paranoia sells, especially since 9-11. It worked for George
Bush and it also works for software companies. Unfortunately it's very difficult to quantify security. There are
numerous metrics but in the end they don't mean much. This is similar to the days when stereos were sold
based on how many watts they produced. While this is important to a minor degree it has very little to do with
how well the amplifier will sound. Why would you buy an amplifier that made 60 watts when for the same price
you could get one that made 100 watts? Then there is the fiasco with the kryptonite bike locks that were
obviously 'more secure' until someone found a simple hack they suddenly transformed them into junk
(reference <http://www.wired.com/news/culture/0,1284,64987,00.html>). Simply installing one bad extension
in Firefox can defeat any security that the browser has as there is zero validation for Firefox extensions
(references <http://news.zdnet.co.uk/security/0,1000000189,39210075,00.htm>
<http://www.rietta.com/firefox/Tutorial/security.html>)
So I agree with Window that it's very difficult to say which is 'more secure'. Browser security (as well as OS
security) is a moving target as flaws are discovered and patched and if you bring in other factors to the mix
(extensions, OS version and patch level) it's very difficult to say at any given time which is 'more secure'. On
top of this almost all security can be rendered useless with a little social engineering. So ulitimately your
security depends more on you than the software you use.
Here are some interesting metrics from Symantic's most recent Internet Security Threat Report:
Between January 1 and June 30, 2006, the home user sector was the most highly targeted sector, accounting
for 86% of all targeted attacks. As computers in the home users sector are less likely to have well established
security measures and practices in place than other sectors, they are much more vulnerable to targeted
attacks.
Mozilla browsers had the most vulnerabilities, 47, compared to 38 in Microsoft Internet Explorer.
Internet Explorer had an average window of exposure of nine days, the largest of any Web browser. Apple
Safari averaged five days, followed by Opera with two days and Mozilla with one day.
Source <http://www.symantec.com/enterprise/theme.jsp?themeid=threatreport>
If we were to use just one metric to say which browser is 'more secure' and we choose number of
vulnerabilities IE is more secure. If we choose days of exposure it would be FF. IMO they are both very secure
and what ulitimately makes one 'more secure' over the other is the user. If they keep their systems patched and
practice safe computing they are likely as secure as they can be. That's why Symantec talks about security
measures and practices as the major factor affecting home users and not the software they use. So once
again I saying switching browsers/OS's will NOT help these people. They need to learn the basics of security
first.
>> secure but
>> renders all the pages that I visit properly
>
> Any page that is W3C standards compliant will render properly. Pages
> designed with proprietary IE extentions should be considered suspect and
> not worth the risk.
That's one way to look at it. In the real world many of these are valid business sites that people need to use on
a regular basis.
>> and I don't need to install
>> any software and if I can avoid the 2.5% of bad things by simply
>> practicing safe surfing why should I used Firefox?
>
> 2.5%?? Boy are you a dreamer.
Since I started with fictional numbers of 98.5% for FF and 97.5% for IE the left over for IE is 2.5%. It's just math.
Similar Threads
