Re: Browsers and OS's

[Eric Brewer <ebrewer () EMAIL SMITH EDU>]

While more vulnerabilities may now be reported for Firefox than for IE, you 
also need to look at the mean time that the vulnerability is unpatched.  For 
IE, a vulnerability can be unpatched for months, even years, while the Firefox 
team has reacted quickly in virtually all cases.

Eric Brewer
Smith College

> > > lbrooks () CS FSU EDU 10/4/2005 11:25 AM >>>
Firefox allows for notification of when new updates are available and will
down load and install the updates with some prompting by the user. It will
not force users to install and updates though like Windows automatic update,
so user interaction is still required. 

The integration with the OS of IE is one of the roots of its security
problems over the years. Having said that, the use of Firefox is not a
security panacea. As the use of Firefox reaches critical mass, more and more
vulnerabilities are being reported for the product. I think I remember
seeing a report that more security flaws have been discovered in the past
six months for Firefox than IE. 

I use Firefox myself, but more because I like the product than for security
issues. 

Thanks,

Louis Brooks
SAIT Labs
Florida State University


-----Original Message-----
From: Justin Sipher [mailto:jsipher () SKIDMORE EDU] 
Sent: Tuesday, October 04, 2005 10:49 AM
To: SECURITY () LISTSERV EDUCAUSE EDU 
Subject: [SECURITY] Browsers and OS's

Folks,

Hello.  I would welcome feedback/insight on an issue we are  
discussing.  It relates to browser world and *potential* security  
concerns.  In a nutshell, there is a belief that a browser tied to an  
OS (IE for Windows, Safari for MacOS) allow for better security  
because of the ability through the OS to let the users  (a) know when  
there is an update to the browser and (b) assist with the download/ 
install.  The challenges is that we also want to use Firefox for a  
variety of purposes and there doesn't appear to be a way (on Firefox  
for any OS) to have similar functionality.  So, the **real** concern  
is someone downloads Firefox and is using it.  Then after time new  
versions come out, the end user doesn't (a) know about it and (b)  
doesn't actually do the upgrade and then we have a potential security  
hole.  Firefox for "techies" isn't the concern, it is the use by the  
common person that has some concerned.

Has anyone else on other campuses talked about this and have insight  
as to how you have or have not addressed the issue.  Are there ways/ 
systems out there to aid in this process?

Thanks,
...Justin

_______________________________________________________
   Justin Sipher
   Chief Technology Officer
   Skidmore College
   Saratoga Springs, NY
   jsipher () skidmore edu 
   518-580-5909
_______________________________________________________