Security with Open source browsers ...

Discussion in 'NZ Computing' started by Big-Dog, Apr 21, 2005.

  1. Big-Dog

    Big-Dog Guest

    Some 6 - 9 odd months ago the linux advocates claimed that the open source
    browsers had much better security than any CS browser could ever hope to
    provide.
    Microsoft counter claim was that the people using the OS browsers were
    such a small % of market, and therefore had little appeal to the hackers,
    which the OS avocates dismissed as utter crap.

    Then i stumbled upon this article yesterday.

    http://news.com.com/Mozilla flaws could allow attacks
    %2C+data+access/2100-1002_3-5674883.html?tag=nefd.top

    Details of the nine flaws were published on Mozilla's security Web site
    over the weekend.

    So now with a market share of around 5 % in the browser market there were
    9 security flaws in one weekend...
    Yikes my smug feeling of having used a OS browser for the last 12 months
    went up in a puff of smoke.


    So i guess market share does indeed motivate people to look for holes and
    bugs
     
    Big-Dog, Apr 21, 2005
    #1
    1. Advertising

  2. Big-Dog wrote:
    > So i guess market share does indeed motivate people to look for holes and
    > bugs


    Wait until it hits the magic 15% which is supposedly when normal people
    have to start paying attention to the browser, and it gets a lot more
    "mind share"
     
    Dave - Dave.net.nz, Apr 21, 2005
    #2
    1. Advertising

  3. Big-Dog wrote:
    > So i guess market share does indeed motivate people to look for holes and
    > bugs


    BTW big-dog, it's not nice to use someone elses domain when posting to
    usenet, I'm pretty sure that "somewhere.com" exists, and that you're not
    the owner.
     
    Dave - Dave.net.nz, Apr 21, 2005
    #3
  4. Big-Dog

    Big-Dog Guest

    On Thu, 21 Apr 2005 11:27:29 +1200, Dave - Dave.net.nz wrote:

    > Big-Dog wrote:
    >> So i guess market share does indeed motivate people to look for holes and
    >> bugs

    >
    > Wait until it hits the magic 15% which is supposedly when normal people
    > have to start paying attention to the browser, and it gets a lot more
    > "mind share"


    OS browsers got the attention of non geeks when micorsoft announced the
    end of IE6 ..

    cheers
     
    Big-Dog, Apr 21, 2005
    #4
  5. Big-Dog wrote:
    >>>So i guess market share does indeed motivate people to look for holes and
    >>>bugs


    >>Wait until it hits the magic 15% which is supposedly when normal people
    >>have to start paying attention to the browser, and it gets a lot more
    >>"mind share"


    > OS browsers got the attention of non geeks when micorsoft announced the
    > end of IE6 ..


    it can't have been very good at keeping attention if the browser stats
    are anything to go by then.

    flash in the pan then?
     
    Dave - Dave.net.nz, Apr 21, 2005
    #5
  6. Big-Dog

    steve Guest

    Big-Dog wrote:

    > Some 6 - 9 odd months ago the linux advocates claimed that the open source
    > browsers had much better security than any CS browser could ever hope to
    > provide.
    > Microsoft counter claim was that the people using the OS browsers were
    > such a small % of market, and therefore had little appeal to the hackers,
    > which the OS avocates dismissed as utter crap.
    >
    > Then i stumbled upon this article yesterday.
    >
    > http://news.com.com/Mozilla flaws could allow attacks
    > %2C+data+access/2100-1002_3-5674883.html?tag=nefd.top
    >
    > Details of the nine flaws were published on Mozilla's security Web site
    > over the weekend.
    >
    > So now with a market share of around 5 % in the browser market there were
    > 9 security flaws in one weekend...
    > Yikes my smug feeling of having used a OS browser for the last 12 months
    > went up in a puff of smoke.


    Why?

    > So i guess market share does indeed motivate people to look for holes and
    > bugs


    A flaw isn't a virus....though the one does take advantage of the other.

    People - most often researchers - are always looking for security flaws in
    popular software.

    It's a good thing. The flaws get fixed and we all move on.

    Because the source for Open source browsers is publicly available, I'm
    betting the turnaround time between detection and fixing is pretty
    short.....
     
    steve, Apr 21, 2005
    #6
  7. Big-Dog

    thing Guest

    Big-Dog wrote:
    > Some 6 - 9 odd months ago the linux advocates claimed that the open source
    > browsers had much better security than any CS browser could ever hope to
    > provide.
    > Microsoft counter claim was that the people using the OS browsers were
    > such a small % of market, and therefore had little appeal to the hackers,
    > which the OS avocates dismissed as utter crap.
    >
    > Then i stumbled upon this article yesterday.
    >
    > http://news.com.com/Mozilla flaws could allow attacks
    > %2C+data+access/2100-1002_3-5674883.html?tag=nefd.top
    >
    > Details of the nine flaws were published on Mozilla's security Web site
    > over the weekend.
    >
    > So now with a market share of around 5 % in the browser market there were
    > 9 security flaws in one weekend...
    > Yikes my smug feeling of having used a OS browser for the last 12 months
    > went up in a puff of smoke.
    >
    >
    > So i guess market share does indeed motivate people to look for holes and
    > bugs


    A bug is not an active exploit, plus an exploit on IE seems to go right
    into the OS and causes mayhem unlike say Mozilla.

    Then add that bugs within OSS are reported with a totally open process,
    you see all of them.

    With IE how many are fixed without being reported publically?

    Compare apples with apples.

    By the same defination Apache which has 68% of the web server v IIS's 20
    something % should show 3 times the attacks and vunerabilities, it does
    not.

    While yes I can see there is an argument that market share == mind
    share, I cannot see any justification extrapolating this hypothese into
    the seriousness of the exploit. Saying that given an equal share OSS's
    problems would be as bad just does not hold up IMHO.

    regards

    Thing
     
    thing, Apr 21, 2005
    #7
  8. Big-Dog

    thing Guest

    Big-Dog wrote:
    > Some 6 - 9 odd months ago the linux advocates claimed that the open source
    > browsers had much better security than any CS browser could ever hope to
    > provide.
    > Microsoft counter claim was that the people using the OS browsers were
    > such a small % of market, and therefore had little appeal to the hackers,
    > which the OS avocates dismissed as utter crap.
    >
    > Then i stumbled upon this article yesterday.
    >
    > http://news.com.com/Mozilla flaws could allow attacks
    > %2C+data+access/2100-1002_3-5674883.html?tag=nefd.top
    >
    > Details of the nine flaws were published on Mozilla's security Web site
    > over the weekend.
    >
    > So now with a market share of around 5 % in the browser market there were
    > 9 security flaws in one weekend...
    > Yikes my smug feeling of having used a OS browser for the last 12 months
    > went up in a puff of smoke.
    >
    >
    > So i guess market share does indeed motivate people to look for holes and
    > bugs


    I would also add that what ever the share maybe in 1,2 or 5 years, at
    present running an OS browser on a MS OS or even totally OSS gives you a
    substantial security improvement now and probably for 1~2 years. So even
    if the worst comes to the worst and 2 years from now you are no better
    off, you have gained real security benefits for that 2 years.

    regards

    Thing
     
    thing, Apr 21, 2005
    #8
  9. Big-Dog

    Gordon Guest

    On Thu, 21 Apr 2005 14:50:38 +1200, thing wrote:

    > I would also add that what ever the share maybe in 1,2 or 5 years, at
    > present running an OS browser on a MS OS or even totally OSS gives you a
    > substantial security improvement now and probably for 1~2 years. So even
    > if the worst comes to the worst and 2 years from now you are no better
    > off, you have gained real security benefits for that 2 years.


    Look all software has bugs in it. Only a fool says otherwise.

    The point is that people have to take on the responsibilty of
    patching/updating.

    Now that the hounds have discovered the Fox it is taking notice of any
    holes it has and slaming the door shut before the hounds get near.

    It seems to me that the Fox is telling people to get the new and patched
    version. Its as free as a download.

    When the red cicle with a triangle in appears at the right hand side of
    the top window frame, then please do something, ie upgrade. Click on it
    and take it from there.
     
    Gordon, Apr 21, 2005
    #9
  10. Big-Dog

    Gordon Guest

    On Thu, 21 Apr 2005 13:11:44 +1200, steve wrote:

    > Because the source for Open source browsers is publicly available, I'm
    > betting the turnaround time between detection and fixing is pretty
    > short.....


    History shows this to be true. With no money in the equation, all that
    left is the determination to fix the problem. With the source code
    avaliable to all the best fix is found.
     
    Gordon, Apr 21, 2005
    #10
  11. Big-Dog

    Gordon Guest

    On Thu, 21 Apr 2005 11:37:16 +1200, Big-Dog wrote:

    > OS browsers got the attention of non geeks when micorsoft announced the
    > end of IE6 ..


    Oh dear, OS browsers got the attention of MS, then MS decided to end
    MSIE6SP1

    Is that more correct?
     
    Gordon, Apr 21, 2005
    #11
  12. Big-Dog

    Tim Guest

    So, if there is a buffer overflow vulnerability in FF, are you saying it is
    not as likely to be as damaging as a buffer overflow in IE?

    Clearly, you do not understand the issues.

    A buffer overflow is a buffer overflow. If it exploitable, it is
    exploitable. If the overflow exploit exists in say a PNG graphics lib in FF
    and the same lib is used in IE (it was, past tense), then you have more or
    less the same exploit in 2 different browsers due to the same coding error.

    Now, if two people are silly enough to log on as Admin- one runs FF, the
    other IE then they are equally vulnerable and the impact is equal and is
    entirely up to the coder of the exploit.

    Your choice of browser will not save you. Not logging in as Admin or Root
    will help greatly. Keeping your browser and OS up to date regardless of type
    will help greatly.

    Security is determined by the system administrator, not the OS. Installing
    Linux (or Windows) in a legal office then walking off with a Job Well Done
    without an on-going plan for keeping the OS and apps secure equates to an
    open door for future exploits. It also represents blatent stupidity. Post
    back and I might tell you why.

    - Tim
     
    Tim, Apr 21, 2005
    #12
  13. On Thu, 21 Apr 2005 11:27:03 +1200, Big-Dog <>
    wrote:

    >Some 6 - 9 odd months ago the linux advocates claimed that the open source
    >browsers had much better security than any CS browser could ever hope to
    >provide.
    >Microsoft counter claim was that the people using the OS browsers were
    >such a small % of market, and therefore had little appeal to the hackers,
    >which the OS avocates dismissed as utter crap.
    >
    >Then i stumbled upon this article yesterday.
    >
    >http://news.com.com/Mozilla flaws could allow attacks
    >%2C+data+access/2100-1002_3-5674883.html?tag=nefd.top
    >
    > Details of the nine flaws were published on Mozilla's security Web site
    > over the weekend.
    >
    >So now with a market share of around 5 % in the browser market there were
    >9 security flaws in one weekend...
    >Yikes my smug feeling of having used a OS browser for the last 12 months
    >went up in a puff of smoke.
    >
    >
    >So i guess market share does indeed motivate people to look for holes and
    >bugs


    Put it this way
    I have seen many hacks attempted on one of my PCs visiting sites that
    try to install trojans diallers and all kinds of hacks
    Not one ofthem succeeeded... using Mozilla

    Before that IE was getting hacked all the time, homepage changed,
    search page, favourits being created

    Mozialla may not be perfect but it is hugely better than IE
     
    FreedomChooser, Apr 21, 2005
    #13
  14. Big-Dog

    Mr Scebe Guest

    "steve" <> wrote in message
    news:...

    > It's a good thing. The flaws get fixed and we all move on.


    If only you could accept that Microsoft has the same strategy.

    --
    Mr Scebe
    "Pershonally i think you're a fucking idiot"
    ~Sean Connery in "The Rock"
     
    Mr Scebe, Apr 21, 2005
    #14
  15. Big-Dog

    Mr Scebe Guest

    "Gordon" <> wrote in message
    news:p...
    > On Thu, 21 Apr 2005 13:11:44 +1200, steve wrote:
    >
    >> Because the source for Open source browsers is publicly available, I'm
    >> betting the turnaround time between detection and fixing is pretty
    >> short.....

    >
    > History shows this to be true.


    Especially when the release of the exploit is choreographed to coincide with
    the fix. Which leaves you to wonder how long they'd *REALLY* known about it?

    --
    Mr Scebe
    Losersh always whine about their 'besht'.
    Winnersh go home and **** the prom queen".
    ~Sean Connery in "The Rock"
     
    Mr Scebe, Apr 21, 2005
    #15
  16. Gordon wrote:
    > When the red cicle with a triangle in appears at the right hand side of
    > the top window frame, then please do something, ie upgrade. Click on it
    > and take it from there.


    if it didn't keep breaking the extensions that it so badly needs, I'd
    upgrade.

    maybe even if they made the patches that, patches, not whole new
    versions it'd be decidedly easier to download 100k of updates rather
    than ~4MB whole program.
     
    Dave - Dave.net.nz, Apr 21, 2005
    #16
  17. Phstpok wrote:
    > Like your newsreader Dave.
    > Mario-zilla T-Bird shizzle dizzle Mnenhuy/0.7


    oh yeah, I forgot about that :)
     
    Dave - Dave.net.nz, Apr 21, 2005
    #17
  18. Dave - Dave.net.nz wrote:
    > Phstpok wrote:
    >
    >> Like your newsreader Dave.
    >> Mario-zilla T-Bird shizzle dizzle Mnenhuy/0.7

    >
    >
    > oh yeah, I forgot about that :)


    you should see what my web-browser is called :)

    I like to mess with peoples stats :)
     
    Dave - Dave.net.nz, Apr 21, 2005
    #18
  19. Big-Dog

    Shane Guest

    On Fri, 22 Apr 2005 08:27:01 -0700, Phstpok wrote:

    > Dave - Dave.net.nz wrote:
    >> Dave - Dave.net.nz wrote:
    >>
    >>> Phstpok wrote:
    >>>
    >>>> Like your newsreader Dave.
    >>>> Mario-zilla T-Bird shizzle dizzle Mnenhuy/0.7
    >>>
    >>>
    >>>
    >>> oh yeah, I forgot about that :)

    >>
    >>
    >> you should see what my web-browser is called :)
    >>
    >> I like to mess with peoples stats :)

    > You would probably come in the under 1% unknown stats.
    >
    > Rob


    use lynx!
    (not the deodorant... the browser)

    --

    Hardware, n.: The parts of a computer system that can be kicked
     
    Shane, Apr 21, 2005
    #19
  20. Phstpok wrote:
    > You would probably come in the under 1% unknown stats.


    BTW, you're time is off.
     
    Dave - Dave.net.nz, Apr 21, 2005
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. jimmie
    Replies:
    1
    Views:
    904
    The-Wisest-One
    Feb 26, 2006
  2. Lawrence D'Oliveiro

    Open-Source Good, Closed-Source Bad

    Lawrence D'Oliveiro, Oct 16, 2005, in forum: NZ Computing
    Replies:
    1
    Views:
    522
    Gordon
    Oct 16, 2005
  3. Have A Nice Cup of Tea

    Open Doors to Open Source

    Have A Nice Cup of Tea, Apr 9, 2006, in forum: NZ Computing
    Replies:
    12
    Views:
    546
    Jerry
    Apr 11, 2006
  4. Lawrence D'Oliveiro

    Closed-Source vs Open-Source Drivers

    Lawrence D'Oliveiro, May 4, 2009, in forum: NZ Computing
    Replies:
    2
    Views:
    562
    Lawrence D'Oliveiro
    May 5, 2009
  5. Lawrence D'Oliveiro

    Open Source vs Closed Source Security

    Lawrence D'Oliveiro, Mar 3, 2010, in forum: NZ Computing
    Replies:
    1
    Views:
    1,060
    Gordon
    Mar 4, 2010
Loading...

Share This Page