[121610] in North American Network Operators' Group
Re: Anyone see a game changer here?
daemon@ATHENA.MIT.EDU (Steven Bellovin)
Fri Jan 22 23:09:29 2010
From: Steven Bellovin <smb@cs.columbia.edu>
In-Reply-To: <1264217839.6239.16.camel@petrie>
Date: Fri, 22 Jan 2010 23:08:55 -0500
To: William Pitcock <nenolod@systeminplace.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jan 22, 2010, at 10:37 PM, William Pitcock wrote:
> On Fri, 2010-01-22 at 22:16 -0500, Steven Bellovin wrote:
>> On Jan 22, 2010, at 12:26 AM, Bruce Williams wrote:
>>=20
>>> The problem with IE is the same problem as Windows, the basic design
>>> is fundementally insecure and "timely updates" can't fix that.
>>=20
>> You do realize, of course, that IE is recording less than half the
>> security flaw rate of Firefox? (See
>> =
http://prosecure.netgear.com/community/security-blog/2009/11/web-browser-v=
ulnerability-report---firefox-leads-the-pack-at-44.php)
>=20
> Consider for a moment that both Firefox and Safari are built on
> open-source code where the code can be audited. As a result, it is
> clear why Firefox and Safari are more "insecure" than IE, it is simply
> because the code is there to be audited.
>=20
> Frankly, they are all about the same security-wise.
>=20
I think that that's wishful thinking. IE has fewer security problems =
because Microsoft has put a tremendous amount of effort -- and often =
fought its own developers -- in a disciplined software development =
environment with careful, structured security reviews by people who have =
the power to say "no, you can't ship this". They've also put a lot of =
effort into building and using security tools. (For earlier comments by =
me on this subject, see =
http://www.cs.columbia.edu/~smb/blog/2009-04/2009-04-29.html)
I'm not a fan of Windows. I think it's ugly and bloated, and I don't =
like it as a user environment. I'm typing this on a Mac (which I like =
for its JFW properties, not its security; I do not think it is more =
secure than Vista or Windows 7); I'm also a heavy user -- and a =
developer -- of NetBSD. If the world suddenly switched its OS of choice =
away from Windows, I wouldn't weep. But I also would and do hope that =
the other platforms, be they open or closed source, would learn from =
what Bill Gates has done well.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
