On mySimon: Nike SB Eugene Backpack
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 22 of 33:
Next »
« Previous
Successful Exploits
Hi, NonZealot.

You said:

If Firefox has critical vulnerabilities and IE has critical vulnerabilities, the only possible explanation for the proliferation of successful IE exploits has nothing to do with the code and everything to do with the users.

I think you're not thinking about this the right way. You also have to think about the security models of Firefox and IE. When FireFox runs, it runs as a separate application, agnostic in terms of the OS. (i.e., it runs the same way in Linux as it does in Windows as it does on the Mac). On the other hand, IE is hard-coded into Windows, so whatever flaws the OS has, IE picks up, and vice versa.

Then, there's the issue of corporate accountability. In the open source model that Firefox follows, there's no real reason to hold back on releasing a fix. As soon as it's developed, it goes out the door (whether the door in question belongs to one of the developers or one of the many contributors). On the other hand, when IE has a bug, there's lots of money and corporate reputation at stake, so the fixes are much slower in coming, and Microsoft isn't very eager to let people know about it until there is one.

Finally, you have to realize that some of IE's exploits are self-proliferating, in the sense that you can get attacked through IE and have your Outlook slam other users. That doesn't happen in Firefox, because Firefox doesn't have the same hooks into Windows.
Posted by: bhartman36   Posted on: 12/14/05 You are currently: a Guest | Members login | Terms of Use
Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

No problems here  Tim Patterson | 12/13/05
Fixed in Firefox 1.0.5?? That was about a year ago.  wackoae | 12/13/05
Your point is irrelevant...  toadlife | 12/13/05
Good  Jeff Spicoli | 12/13/05
It would be irrelevant for IE users  wackoae | 12/13/05
If they are so smart...  toadlife | 12/13/05
Because they are arrogant and naive, like most Linux users.  itanal | 12/14/05
Actually  georgep_z | 12/14/05
True, Mozilla needs to get the auto-update working for sure.  DonnieBoy | 12/14/05
Actually  nECrO_z | 12/13/05
let them get hacked  Jeff Spicoli | 12/13/05
You are forgeting that ...  wackoae | 12/13/05
right  Real World | 12/14/05
MOST  nECrO_z | 12/14/05
Don't assume their level of knowledge.  Grayson Peddie | 12/14/05
Fixed in Firefox 1.0.5?? That was about a year ago.  wackoae | 12/13/05
More like six months ago  zmud | 12/14/05
Whats the point exactly?  JoeMama_z | 12/13/05
Interesting how the Mozilla team downplayed this vulnerabilty  toadlife | 12/13/05
Most Firefox users  SQLServer | 12/14/05
Leads me to a question  NonZealot | 12/14/05
Successful Exploits  bhartman36 | 12/14/05
You're wrong  toadlife | 12/14/05
Wrong (corrected post - hopefully)  toadlife | 12/14/05
(nt)looks like they finally decided to update the vulerability to critical  toadlife | 12/14/05
Microsoft says so  georgep_z | 12/14/05
It doesn't matter georgie  toadlife | 12/14/05
Everyone is on 1.0.7 if not 1.5 by now!!!  xunil skcor | 12/14/05
Actually, I'm still running 1.04  worknman | 12/14/05
Advances in 1.5  nucrash | 12/14/05
How to get old extentions to work with FF1.5 Here we go: 1) change  wexwimpy@... | 12/15/05
No probably, everybody updates as soon as a point  Boot_Agnostic | 12/14/05
memory handling bug in FF 1.5?  davagain | 12/15/05

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
advertisement

Enterprise Applications

  • Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
  • New Online Dashboard
  • Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline