Security with Open source browsers ...

Discussion in 'NZ Computing' started by Big-Dog, Apr 21, 2005.

  1. Big-Dog

    Big-Dog Guest

    Some 6 - 9 odd months ago the linux advocates claimed that the open source
    browsers had much better security than any CS browser could ever hope to
    provide.
    Microsoft counter claim was that the people using the OS browsers were
    such a small % of market, and therefore had little appeal to the hackers,
    which the OS avocates dismissed as utter crap.

    Then i stumbled upon this article yesterday.

    http://news.com.com/Mozilla+flaws+could+allow+attacks
    %2C+data+access/2100-1002_3-5674883.html?tag=nefd.top

    Details of the nine flaws were published on Mozilla's security Web site
    over the weekend.

    So now with a market share of around 5 % in the browser market there were
    9 security flaws in one weekend...
    Yikes my smug feeling of having used a OS browser for the last 12 months
    went up in a puff of smoke.


    So i guess market share does indeed motivate people to look for holes and
    bugs
     
    Big-Dog, Apr 21, 2005
    #1
    1. Advertisements

  2. Wait until it hits the magic 15% which is supposedly when normal people
    have to start paying attention to the browser, and it gets a lot more
    "mind share"
     
    Dave - Dave.net.nz, Apr 21, 2005
    #2
    1. Advertisements

  3. BTW big-dog, it's not nice to use someone elses domain when posting to
    usenet, I'm pretty sure that "somewhere.com" exists, and that you're not
    the owner.
     
    Dave - Dave.net.nz, Apr 21, 2005
    #3
  4. Big-Dog

    Big-Dog Guest

    OS browsers got the attention of non geeks when micorsoft announced the
    end of IE6 ..

    cheers
     
    Big-Dog, Apr 21, 2005
    #4
  5. it can't have been very good at keeping attention if the browser stats
    are anything to go by then.

    flash in the pan then?
     
    Dave - Dave.net.nz, Apr 21, 2005
    #5
  6. Big-Dog

    steve Guest

    Why?
    A flaw isn't a virus....though the one does take advantage of the other.

    People - most often researchers - are always looking for security flaws in
    popular software.

    It's a good thing. The flaws get fixed and we all move on.

    Because the source for Open source browsers is publicly available, I'm
    betting the turnaround time between detection and fixing is pretty
    short.....
     
    steve, Apr 21, 2005
    #6
  7. Big-Dog

    thing Guest

    A bug is not an active exploit, plus an exploit on IE seems to go right
    into the OS and causes mayhem unlike say Mozilla.

    Then add that bugs within OSS are reported with a totally open process,
    you see all of them.

    With IE how many are fixed without being reported publically?

    Compare apples with apples.

    By the same defination Apache which has 68% of the web server v IIS's 20
    something % should show 3 times the attacks and vunerabilities, it does
    not.

    While yes I can see there is an argument that market share == mind
    share, I cannot see any justification extrapolating this hypothese into
    the seriousness of the exploit. Saying that given an equal share OSS's
    problems would be as bad just does not hold up IMHO.

    regards

    Thing
     
    thing, Apr 21, 2005
    #7
  8. Big-Dog

    thing Guest

    I would also add that what ever the share maybe in 1,2 or 5 years, at
    present running an OS browser on a MS OS or even totally OSS gives you a
    substantial security improvement now and probably for 1~2 years. So even
    if the worst comes to the worst and 2 years from now you are no better
    off, you have gained real security benefits for that 2 years.

    regards

    Thing
     
    thing, Apr 21, 2005
    #8
  9. Big-Dog

    Gordon Guest

    Look all software has bugs in it. Only a fool says otherwise.

    The point is that people have to take on the responsibilty of
    patching/updating.

    Now that the hounds have discovered the Fox it is taking notice of any
    holes it has and slaming the door shut before the hounds get near.

    It seems to me that the Fox is telling people to get the new and patched
    version. Its as free as a download.

    When the red cicle with a triangle in appears at the right hand side of
    the top window frame, then please do something, ie upgrade. Click on it
    and take it from there.
     
    Gordon, Apr 21, 2005
    #9
  10. Big-Dog

    Gordon Guest

    History shows this to be true. With no money in the equation, all that
    left is the determination to fix the problem. With the source code
    avaliable to all the best fix is found.
     
    Gordon, Apr 21, 2005
    #10
  11. Big-Dog

    Gordon Guest

    Oh dear, OS browsers got the attention of MS, then MS decided to end
    MSIE6SP1

    Is that more correct?
     
    Gordon, Apr 21, 2005
    #11
  12. Big-Dog

    Tim Guest

    So, if there is a buffer overflow vulnerability in FF, are you saying it is
    not as likely to be as damaging as a buffer overflow in IE?

    Clearly, you do not understand the issues.

    A buffer overflow is a buffer overflow. If it exploitable, it is
    exploitable. If the overflow exploit exists in say a PNG graphics lib in FF
    and the same lib is used in IE (it was, past tense), then you have more or
    less the same exploit in 2 different browsers due to the same coding error.

    Now, if two people are silly enough to log on as Admin- one runs FF, the
    other IE then they are equally vulnerable and the impact is equal and is
    entirely up to the coder of the exploit.

    Your choice of browser will not save you. Not logging in as Admin or Root
    will help greatly. Keeping your browser and OS up to date regardless of type
    will help greatly.

    Security is determined by the system administrator, not the OS. Installing
    Linux (or Windows) in a legal office then walking off with a Job Well Done
    without an on-going plan for keeping the OS and apps secure equates to an
    open door for future exploits. It also represents blatent stupidity. Post
    back and I might tell you why.

    - Tim
     
    Tim, Apr 21, 2005
    #12
  13. Put it this way
    I have seen many hacks attempted on one of my PCs visiting sites that
    try to install trojans diallers and all kinds of hacks
    Not one ofthem succeeeded... using Mozilla

    Before that IE was getting hacked all the time, homepage changed,
    search page, favourits being created

    Mozialla may not be perfect but it is hugely better than IE
     
    FreedomChooser, Apr 21, 2005
    #13
  14. if it didn't keep breaking the extensions that it so badly needs, I'd
    upgrade.

    maybe even if they made the patches that, patches, not whole new
    versions it'd be decidedly easier to download 100k of updates rather
    than ~4MB whole program.
     
    Dave - Dave.net.nz, Apr 21, 2005
    #14
  15. oh yeah, I forgot about that :)
     
    Dave - Dave.net.nz, Apr 21, 2005
    #15
  16. you should see what my web-browser is called :)

    I like to mess with peoples stats :)
     
    Dave - Dave.net.nz, Apr 21, 2005
    #16
  17. Big-Dog

    Shane Guest

    use lynx!
    (not the deodorant... the browser)
     
    Shane, Apr 21, 2005
    #17
  18. BTW, you're time is off.
     
    Dave - Dave.net.nz, Apr 21, 2005
    #18
  19. Big-Dog

    Shane Guest

    its yours rob
    might be your timezone setting
     
    Shane, Apr 21, 2005
    #19
  20. Big-Dog

    Phstpok Guest

    No idea how I got Tijuana time. Don't even like tequila.

    oops

    Rob
     
    Phstpok, Apr 21, 2005
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.