On 1/22/10 8:37 PM, William Pitcock wrote:
On Fri, 2010-01-22 at 22:16 -0500, Steven Bellovin wrote:
On Jan 22, 2010, at 12:26 AM, Bruce Williams wrote:
The problem with IE is the same problem as Windows, the basic design is fundementally insecure and "timely updates" can't fix that.
You do realize, of course, that IE is recording less than half the security flaw rate of Firefox? (See http://prosecure.netgear.com/community/security-blog/2009/11/web-browser-vul...)
Consider for a moment that both Firefox and Safari are built on open-source code where the code can be audited. As a result, it is clear why Firefox and Safari are more "insecure" than IE, it is simply because the code is there to be audited.
Frankly, they are all about the same security-wise.
William
I have a feeling that most of the 'security' problems with firefox is related to extensions/addons/plugins, rather then the firefox application itself. You can't fault the devs for unsupported addons/extensions/plugins that are made by a third party with questionable levels of programming skills. M$ tried this same thing, comparing Linux to Windows vulns, neglecting to mention that the only reason why there was more Linux exploits was because they were including things other then the kernel and base system. -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org / http://www.ahbl.org