Re: The Pros and Cons of Firefox
From: Fuzzy Logic (bob_at_arc.ab.caREMOVETHIS)
Date: 04/26/05
- Next message: TC: "Re: What is a Certificate?"
- Previous message: Todd Knarr: "Re: The Pros and Cons of Firefox"
- In reply to: Todd Knarr: "Re: The Pros and Cons of Firefox"
- Next in thread: Fuzzy Logic: "Re: The Pros and Cons of Firefox"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 26 Apr 2005 20:34:20 GMT
Todd Knarr <tknarr@silverglass.org> wrote in
news:p4wbe.3738$Zi.2742@fed1read04:
> In comp.security.misc <Xns96447E8E96CF6bobarcabca@198.161.157.145> Fuzzy
> Logic <bob@arc.ab.caremovethis> wrote:
>> So basically Mozilla knew of 3 critical vulnerabilities but didn't
>> bother to make this general knowledge for a few weeks until they had
>> the patches to address them. As and added bonus Mozilla comes up
>> smelling like roses when people do stats on vulnerable days (time
>> between the announced vulnerability and it's patch).
>
>> Now if this was Microsoft you can be sure there would be a ton of
>> enraged people screaming about this. Apparently because it's Mozilla
>> it's alright?
>
> It's a difference in attitude. When the bugs were reported to Mozilla,
> the response was to aknowledge them, look into them, and tell the
> reporter "Yeah, we see them. We'll have a patch out for them in 2 weeks.
> Can you keep the details quiet until then? The kiddies don't seem to
> know about these yet, no sense tipping them off if we don't have to.".
> If there were active exploits seen, Mozilla would've put out a notice
> and work-around until a true fix was available.
You are certainly right that it's a different attitude. If these were IE
security holes (and they were classified as HIGHLY CRITICAL) we both know
there is no way it would be kept under wraps. The exploits were readily
available on the bugzilla website well before any patch was available. If I
was a Firefox user (tried it, didn't like it...I use Avant) I would be
fuming. Microsoft got slammed numerous times for pulling stunts like this
but if you are the "can't do anything wrong" alternative to the "evil
empire's" product apparently it's fine. If mozilla is truly the secure
alternative they should be forthright about any vulnerabilites they know
about and making the information available as soon as they have it as well
as any workarounds until it's patched.
Why doesn't mozilla have to live up to the same standards that are
regularily expected of Microsoft? I would argue that they are trying to
protect their 'more secure' image. They are hoping to get more market share
from Microsoft before people realize that regardless of what browser they
use they are going to have security problems and the 'more secure'
designation is a fallacy. Security is a moving target and what is secure one
day can be highly insecure the next.
> Contrast this with the Microsoft attitude. When a security problem is
> reported, they don't acknowledge the report. When prodded, they deny
> that the problem exists. When confronted with a demonstration, they
> claim that there's no real exploits. When confronted with hundreds of
> exploits of the problem in the wild, they claim the person who reported
> the problem is to blame. In short, they do everything they can to avoid
> actually fixing the problem, and finally fix it only when all other
> options have been exhausted.
True to some degree in the past but Micrsoft appears to realize this is no
longer the case.
- Next message: TC: "Re: What is a Certificate?"
- Previous message: Todd Knarr: "Re: The Pros and Cons of Firefox"
- In reply to: Todd Knarr: "Re: The Pros and Cons of Firefox"
- Next in thread: Fuzzy Logic: "Re: The Pros and Cons of Firefox"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
