E
F
Fuzzy Logic
elaich said:
ScanIT is making the claims yet their browser checker says my IE is 100%
secure (I ran all tests). What should I believe?
http://webtest.scanit.be/bcheck/index.php
R
Richard Steven Hack
IE has NEVER been "safe" and never will be "safe". Dump it - it sucks
for a ton of other reasons as well - speed if nothing else.
NO browser is "100% secure" but until Firefox gets a lot bigger, it will
be much more secure than IE. And it will probably stay more secure for
the simple reason that it is OSS. Billy Boy is not making any money off
his "free" browser - so it's not going to be upgraded seriously unless
and until Firefox starts cleaning his clock. And THAT - 25 million
downloads of Firefox in a few months - is why he announced a Version 7
of IE - which will STILL not support current Web standards because MS
says CSS2 is a "flawed" standard (meaning "MS doesn't own it".)
Saying a browser is "100% secure" is like the AVG "certification" which
everybody criticized (perhaps harshly) - so they changed it to say
merely that AVG didn't find any viruses in the outgoing or incoming
email - not that AVG "certified" it as being "virus-free". There's a
difference between saying you didn't find a virus and saying there ARE
no viruses.
?
=?ISO-8859-1?Q?=BBQ=AB?=
Richard Steven Hack <[email protected]>
Just for the record, the ScanIT test results page does /not/ make
the claim that a browser is 100% secure if all the tests there are
passed.
In the AV industry, there's a long history of vendors making
unreasonable claims, and IMO if harsh criticism of those claims were
not forthcoming there would be a lot more of them. And I kinda like
the "snake oil!" threads in a.c.v.
wrote in said:
Just for the record, the ScanIT test results page does /not/ make
the claim that a browser is 100% secure if all the tests there are
passed.
In the AV industry, there's a long history of vendors making
unreasonable claims, and IMO if harsh criticism of those claims were
not forthcoming there would be a lot more of them. And I kinda like
the "snake oil!" threads in a.c.v.
D
Doc
So what do I use ?? Appears to me that in 2005 Firefox has had more
vulnerabilties patched than IE. And FF is only just becoming a (minor)
target.
H
Harvey Van Sickle
On 31 Mar 2005, Doc wrote
FF's record of patching vulnerabilities is a plus for me, rather than
a worry: the patches are issued efficiently and pretty well as soon as
a vulnerability is identified.
Roughly speaking, the absence of patches for IE is often not an
indication that no patches were needed, but rather an indication that
vulnerabilities were remaining unpatched for some time.
As you imply, FF will inevitably become more of a target. Unlike the
rather lackadaisical approach to patching which IE formerly had --
they've improved a lot, because they've had to -- the holes in FF are
likely to be closed very quickly.
FF's record of patching vulnerabilities is a plus for me, rather than
a worry: the patches are issued efficiently and pretty well as soon as
a vulnerability is identified.
Roughly speaking, the absence of patches for IE is often not an
indication that no patches were needed, but rather an indication that
vulnerabilities were remaining unpatched for some time.
As you imply, FF will inevitably become more of a target. Unlike the
rather lackadaisical approach to patching which IE formerly had --
they've improved a lot, because they've had to -- the holes in FF are
likely to be closed very quickly.
D
Doc
Which could be interpreted as ....
Roughly speaking, the absence of patches for FF is not an indication that
no patches were needed, but rather an indication that (due to lack of
targeting) vulnerabilities haven't been exploited yet.
H
Harvey Van Sickle
On 31 Mar 2005, Doc wrote
That would be true if the worry I was addressing was an apparent
absence of patches for FF.
But that wasn't the concern that was expressed: I was responding to a
worry that FF apparently has had a large number of patches -- a
plethora rather than a dearth -- compared to IE over the same period.
That would be true if the worry I was addressing was an apparent
absence of patches for FF.
But that wasn't the concern that was expressed: I was responding to a
worry that FF apparently has had a large number of patches -- a
plethora rather than a dearth -- compared to IE over the same period.
E
elaich
Which is exactly why it's safer. FF patches exploits immediately. The last
one was patched before the exploit was even published.
How anybody can think this is a bad thing is beyond me.
F
Fuzzy Logic
elaich said:
The three vulnerabities patched in Firefox 1.0.2 were known by many people
(just not most Firefox users) well before the alerts were posted. As you can
see from the links below these vulnerabilities were discovered in early
March and fixed on March 23.
https://bugzilla.mozilla.org/show_bug.cgi?id=284627 (March 3)
https://bugzilla.mozilla.org/show_bug.cgi?id=285595 (March 10)
https://bugzilla.mozilla.org/show_bug.cgi?id=285438 (March 11)
So for close to 3 weeks you were vulnerable but just didn't know it.
This ploy get's Microsoft in hot water but apparently it's ok for Firefox.
The added bonus is Firefox appears to be doing a great job becuase the
vulnerabilities and patches are posted the same day making it look like they
are ahead of the game.
S
Sweet Andy Licious
elaich said:
Heh Heh! One man's safe is anothers unsafe, I guess.