Announcement

Collapse
No announcement yet.

'Moderately Critical' Vulnerability in Firefox

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Originally posted by Raz Meister
    If you really care about security, you should quit Windows
    Lol, are you people too busy with your anti-Microsoft crusade that you fail to understand why it is that hackers and other people target Microsfot so much?
    Do you honestly not get why so many holes and security issues are found with Windows and less so with other OS'?

    Try being number one, and at the top for years and years. Try being the most popular and most widely OS/software throught the world, and you'll see this will happen with anything.

    Common sense people, common sense.
    Webmaster / Administrator
    www.MegaGames.com
    www.MGForums.com

    Comment


    • #17
      Vile, its more complicated than just being popular; Microsofts new "Trustworthy computing" and SP2 which is based around security features is testament to microsoft realising they need to raise their game level on security, whether you think they need to or not.

      Of course, if 95% of people used linux my guess is there would be some more security holes found, but generally if their is a gaping linux security hole its going to be found quite quickly because its visible source; in the same way if there is a hole found in vbulletin it wont take that long for it to be found so I wonder if it being more popular would mean that that many more are found; I am sure there are enough people reading or have read most of the source code already.

      I think one of the bigger problems Microsoft faces is all the newbies use Microsoft, linux dosen't even try to cater for them (bar maybe lindows). That is where part of the problem is; how do you balance security with ease of use. If you want a newbie to set up their own wireless network for example, do you make it very easy with less security or harder (so they might not be able to do it) but more secure? I think MS has opted for easy over security in the past but are moving now a bit in the other direction - this is probably a good thing.

      The security for IE is another matter; I don't really know what MS browser product plan is, but in my mind its in microsoft interests to destory the browser; MS makes money selling an OS so they want applications to remain on the OS. Improving the browser so that more and more applications can be run in it is probably not good for their business plan, as it makes the app OS independant.
      Christopher Padfield
      Web Based Helpdesk
      DeskPRO v3.0.3 Released - Download Demo Now!

      Comment


      • #18
        Originally posted by chrispadfield
        Vile, its more complicated than just being popular; Microsofts new "Trustworthy computing" and SP2 which is based around security features is testament to microsoft realising they need to raise their game level on security, whether you think they need to or not.

        Of course, if 95% of people used linux my guess is there would be some more security holes found, but generally if their is a gaping linux security hole its going to be found quite quickly because its visible source; in the same way if there is a hole found in vbulletin it wont take that long for it to be found so I wonder if it being more popular would mean that that many more are found; I am sure there are enough people reading or have read most of the source code already.

        I think one of the bigger problems Microsoft faces is all the newbies use Microsoft, linux dosen't even try to cater for them (bar maybe lindows). That is where part of the problem is; how do you balance security with ease of use. If you want a newbie to set up their own wireless network for example, do you make it very easy with less security or harder (so they might not be able to do it) but more secure? I think MS has opted for easy over security in the past but are moving now a bit in the other direction - this is probably a good thing.

        The security for IE is another matter; I don't really know what MS browser product plan is, but in my mind its in microsoft interests to destory the browser; MS makes money selling an OS so they want applications to remain on the OS. Improving the browser so that more and more applications can be run in it is probably not good for their business plan, as it makes the app OS independant.
        Very good points indeed.

        I'm quite certain though there is a direct relationship between "popularity" and that resulting in the number of bugs/holes which are to be found.

        I also think that one would not necessarily have to sacrifice security for ease of use. Both are possible, and people are trying to do just this.
        I think the problem comes down to the users not taking time to learn to take proper measures for security.
        Webmaster / Administrator
        www.MegaGames.com
        www.MGForums.com

        Comment


        • #19
          I definitely agree with popularity affecting bugs found, but think that probably affects invisible source more. Why? because its harder to find bugs in hidden source; you have to hack at the system in lots of different ways that I certainly don't understand. Thus the more people you have doing it, clearly the more bugs found. However, with visible source, bugs (security problems) are so much easier to find, because you can just read the source code. So it requires a lot less good people to read the source code to find those bugs.

          Security by obfuscation (perhaps the old MS mantra) works if you don't have everyone and their dog trying to find the hole. Visible source security is based around the lack of security by obfuscation meaning bugs are just found that much easier; and hopefully fixed that much quicker.
          Christopher Padfield
          Web Based Helpdesk
          DeskPRO v3.0.3 Released - Download Demo Now!

          Comment


          • #20
            Note this istn't some "open source" philosophy on security, the security question here is about the source being visible, nothing to do with the license its under. I guess my major point is trippled, or multiple by ten times the number of people using linux and I am not sure security issues will be found that much easier, there is likely already the critical mass of people reading the source code looking for them, and because finding a security issue is that much easier you don't need to many people looking.
            Christopher Padfield
            Web Based Helpdesk
            DeskPRO v3.0.3 Released - Download Demo Now!

            Comment


            • #21
              Originally posted by Vile
              Lol, are you people too busy with your anti-Microsoft crusade that you fail to understand why it is that hackers and other people target Microsfot so much?
              Do you honestly not get why so many holes and security issues are found with Windows and less so with other OS'?

              Try being number one, and at the top for years and years. Try being the most popular and most widely OS/software throught the world, and you'll see this will happen with anything.

              Common sense people, common sense.
              It's obvious, of course, that the more people that use and tinker with a program the more problems(both security and otherwise) will be found. 10,000 people will find fewer bugs than 10 Million. That's really obvious, imho. What's not obvious is what that means. Does it mean that the one with 10 Million will always have gaping security holes at every turn? Not necesarily.

              For a real life demonstration of this, look at the Apache server. According to Netcraft, Apache was at 67% and IIS has 21% in June, with July virtually unchanged so far.
              TheologyWeb. We debate theology. srsly.

              Comment


              • #22
                Originally posted by cirisme
                It's obvious, of course, that the more people that use and tinker with a program the more problems(both security and otherwise) will be found. 10,000 people will find fewer bugs than 10 Million. That's really obvious, imho. What's not obvious is what that means. Does it mean that the one with 10 Million will always have gaping security holes at every turn? Not necesarily.

                For a real life demonstration of this, look at the Apache server. According to Netcraft, Apache was at 67% and IIS has 21% in June, with July virtually unchanged so far.
                I mentioned this earlier, but the point I was trying to make is that, when it comes to Windows, hackers focus on it, (moreso than other OS') and try to find exploits, bugs, etc due to the fact that the majority of the population runs Windows. I'm saying it would be pointless to create hacks,viruses, etc for an OS that less people use, because that would defeat the entire purpose.
                Webmaster / Administrator
                www.MegaGames.com
                www.MGForums.com

                Comment


                • #23
                  I mentioned this earlier, but the point I was trying to make is that, when it comes to Windows, hackers focus on it, (moreso than other OS') and try to find exploits, bugs, etc due to the fact that the majority of the population runs Windows.
                  I'm not disputing the fact that attackers will focus on a product because it is popular. That's obvious, I agree with that. What I am disputing is that Windows is insecure merely because it's popular. A product can be #1 and remain more secure than the competition(see Apache) which means there are deeper issues with Windows than just popularity, whatever those issues might be.
                  TheologyWeb. We debate theology. srsly.

                  Comment


                  • #24
                    Originally Posted by Raz Meister
                    If you really care about security, you should quit Windows

                    LOL! Yeah I see that happening real soon...

                    Got a Boxer?
                    BoxerTalk

                    Comment


                    • #25
                      Originally posted by cirisme
                      I'm not disputing the fact that attackers will focus on a product because it is popular. That's obvious, I agree with that. What I am disputing is that Windows is insecure merely because it's popular. A product can be #1 and remain more secure than the competition(see Apache) which means there are deeper issues with Windows than just popularity, whatever those issues might be.
                      True, but the reality is Apache is far from perfect. It's had it's share of exploits in the past, just like everything else.
                      Webmaster / Administrator
                      www.MegaGames.com
                      www.MGForums.com

                      Comment


                      • #26
                        I dont know what your all arguing about... Linux IS more secure than Windows, thats a fact... And the main reason behind it is due to permissions. Think about it, if a virus writer for example wanted to target a windows box, hed make a virus that would execute and thats all, now when it comes to linux on the other hand, the virus writer has to find a way to bypass the permissions, because people will mostly be running in user mode rather than root mode, its just the way its setup....

                        Comment


                        • #27
                          Originally posted by Vile
                          True, but the reality is Apache is far from perfect. It's had it's share of exploits in the past, just like everything else.
                          Of course.

                          But if popularity determined who had worse security, Apache should be the most vulnerable out there yet it is one of the better ones, at least better than IIS. That at least shows the blanket statement, "X program is only vulnerable because it's popular" is silly.
                          TheologyWeb. We debate theology. srsly.

                          Comment


                          • #28
                            Originally posted by cirisme
                            Of course.

                            But if popularity determined who had worse security, Apache should be the most vulnerable out there yet it is one of the better ones, at least better than IIS.
                            Maybe that's one of the benfits of Unix / Open Source?

                            Originally posted by cirisme
                            That at least shows the blanket statement, "X program is only vulnerable because it's popular" is silly.
                            The main reason, not the only reason.
                            Webmaster / Administrator
                            www.MegaGames.com
                            www.MGForums.com

                            Comment


                            • #29
                              Maybe that's one of the benfits of Unix / Open Source?
                              I'd say a popular open source project(at least, only if it's popular with developers) is beneficial to the program more so than a closed source program. You have more eyes looking at the code and finding holes, whereas a closed program always has a set number of people watching the code and looking for holes and only the really dedicated people will try to reverse engineer it and try to find memory leaks, flaws in communication, etc.

                              My theory anyway.

                              The main reason, not the only reason.
                              Either way, it's silly. The cause of vulnerabilities is not people using your program, it's because, for whatever reason, exploits have slipped in. If Windows was used by just a few thousand users, it would be exactly as exploitable as it is now...because all the exploits would still exist.
                              Last edited by cirisme; Sun 11 Jul '04, 4:08pm.
                              TheologyWeb. We debate theology. srsly.

                              Comment


                              • #30
                                Originally posted by Scott MacVicar
                                ftp://ftp.mozilla.org/pub/mozilla.or...shellblock.xpi fixes it or you could upgrade to 0.9.2 / 1.7.1
                                How do you run that file?

                                Comment

                                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                                Working...
                                X