Originally posted by: JonnyBlaze
can someone explain to me what someone can do if im running ie or ff? iv ran both and never had any problems. is it all just a matter of what sites you visit?
d.u.h. Please tell me people KNEW that it was only a matter of time. Don't be naive.Originally posted by: STaSh
Originally posted by: MrChad
But whereas Firefox has only 14% of its vulnerabilities unpatched, IE has twice that number.
You miss the point of the article. Yes IE6 has some serious issues with security. The point is, FF has been made out to be the nirvana of web security, when it is clearly not.
Originally posted by: STaSh
Originally posted by: MrChad
But whereas Firefox has only 14% of its vulnerabilities unpatched, IE has twice that number.
You miss the point of the article. Yes IE6 has some serious issues with security. The point is, FF has been made out to be the nirvana of web security, when it is clearly not.
im not saying FF is perfect but its better than the alternative.
Yes, it is. This article is FUD.Originally posted by: STaSh
It really isn't any better than the alternative, if by alternative, you mean IE.
Originally posted by: P0ldy
Yes, it is. This article is FUD.Originally posted by: STaSh
It really isn't any better than the alternative, if by alternative, you mean IE.
Actually there was only one period in 2004 when there were no publicly known remote code execution bugs - between the 12th and the 19th of October - 7 days in total. That means that a fully patched Internet Explorer installation was known to be unsafe for 98% of 2004. And for 200 days (that is 54% of the time) in 2004 there was a worm or virus in the wild exploiting one of those unpatched vulnerabilities.
There were 56 days (15%) in 2004 when there was a publicly known remote code execution in Mozilla and no patched release.
The Gecko rendering engine and far superior conformity to web standards are by themselves enough to refute your "argument."
CTho9305 posted something here.
Originally posted by: STaSh
That's an interesting read. I wonder what it would look like for 2005. Also consider the state of Firefox's patch mechanism in 2004, which is to say, the lack thereof. Even today, FF's patching mechanism has some serious issues.
Supposedly it's getting a lot better with 1.5.
Clearly security is not all you're talking about when you say FF "really isn't any better than the alternative, if by alternative, you mean IE."Originally posted by: STaSh
The Gecko rendering engine and far superior conformity to web standards are by themselves enough to refute your "argument."
My argument is that Firefox is not more secure than IE. WTF does the rendering engine and web standards have to do with that?
Originally posted by: STaSh
But that's the point of the article. It really isn't any better than the alternative, if by alternative, you mean IE.im not saying FF is perfect but its better than the alternative.
Originally posted by: n0cmonkey
When I stop seeing code red, blaster, sasser, and zotob I'll start believing Microsoft is doing a good job with patches.
Clearly security is not all you're talking about when you say FF "really isn't any better than the alternative, if by alternative, you mean IE."
Originally posted by: STaSh
Originally posted by: n0cmonkey
When I stop seeing code red, blaster, sasser, and zotob I'll start believing Microsoft is doing a good job with patches.
Well, code red affects IIS4 (and 5) which runs on NT. No automatic updates for NT. Blaster also affects NT. Sasser affects NT and 9x. No AU for 9x.
Zotob only affects 2000 and higher, which do support AU. That said, I haven't heard/seen much about Zotob since that one week. And the patch was available through AU/WU in plenty of time for people to patch.
So if you can show me systems with AU enabled that are affected by any of these, I will be amazed.
Doesn't Win2k have IIS 5? So it's vulnerable to code red. Blaster and Sasser also affect win2k, IIRC. So there's another issue.
One problem is that there are a lot of servers out there that don't have automatic updates installed because people don't trust Microsoft's patches
There is no solution, except make better software.
Originally posted by: STaSh
Amen. And I think Microsoft has made significant steps with XP SP2, IIS6, Server 2003 SP1. I think IE7 and Vista will be even more significant.
Microsoft has invested a lot of time and money in the Trustworthy Computing initiative, which a lot of people scoff at.
But it takes time to do a complete overhaul of development with an eye for security, implementing processes like the SDL and training devs who maybe had one course in college about writing secure code. And I think those efforts are just begining (within the last year) to pay off.
Nevermind. You obviously can't distinguish between a blanket statement and what you meant to say.Originally posted by: STaSh
Clearly security is not all you're talking about when you say FF "really isn't any better than the alternative, if by alternative, you mean IE."
Clearly it is, if I start that sentence with "But that's the point of the article," which by the way, is exclusively discussing security. I see no mention of Gecko or web standards in said article.
By whom? The stupid fanboys?Originally posted by: STaSh
The point is, FF has been made out to be the nirvana of web security, when it is clearly not.
By whom? The stupid fanboys?