Full Disclosure mailing list archives
RE: IE Web Browser: "Sitting Duck"
From: Todd Burroughs <todd () hostopia com>
Date: Thu, 8 Jul 2004 03:42:43 -0400 (EDT)
My thinking and experience shows that in the real world, Linux, OSX, etc. is more secure. Some of that is by obscurity, which isn't real security, but does work in the real world. Most of it is due to peer review. Having said that, when you cannot look at the source code, it is really obscure. When a problem is found in Open/Free software, many people look into it and often when the exploit is announced, a patch is included (which may or may not fix the problem). Because it is openly displayed with source code, many people look at it and it seems to get fixed quite quickly. "Closed source" companies, for the most part seem to take a lot longer in fixing things (some exceptions) and they do not have the same number of people looking over the code. One major thing with UNIX-like systems is that things are not so closely tied together as in Windows. Sure, you have the kernel and libc that are realy tied, but you don't have 100 of them that will break multiple things when you update one. I think this is one of the major problems with Windows, it has way too many dependancies. A simple browser update is like updating libc in UNIX (which is nasty). I can't even imagine trying to write a patch for a system like that, I really hope that MS fixes their security issues or something else that is more easily maintained takes over. Todd _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: IE Web Browser: "Sitting Duck", (continued)
- Re: IE Web Browser: "Sitting Duck" Barry Fitzgerald (Jul 06)
- Re: IE Web Browser: "Sitting Duck" Frank Knobbe (Jul 06)
- Re: IE Web Browser: "Sitting Duck" Barry Fitzgerald (Jul 06)
- Re: IE Web Browser: "Sitting Duck" Frank Knobbe (Jul 06)
- Re: IE Web Browser: 'Sitting Duck' Eric Paynter (Jul 06)
- Re: IE Web Browser: "Sitting Duck" Frank Knobbe (Jul 06)
- RE: IE Web Browser: "Sitting Duck" joe (Jul 06)
- RE: IE Web Browser: "Sitting Duck" Dave Horsfall (Jul 06)
- RE: IE Web Browser: "Sitting Duck" joe (Jul 07)
- RE: IE Web Browser: "Sitting Duck" Bruce Ediger (Jul 07)
- RE: IE Web Browser: "Sitting Duck" joe (Jul 07)
- RE: IE Web Browser: "Sitting Duck" Todd Burroughs (Jul 08)
- Re: IE Web Browser: "Sitting Duck" Barry Fitzgerald (Jul 06)
- Re: IE Web Browser: "Sitting Duck" Barry Fitzgerald (Jul 07)
- RE: IE Web Browser: "Sitting Duck" joe (Jul 07)
- RE: IE Web Browser: "Sitting Duck" joe (Jul 07)
- RE: IE Web Browser: "Sitting Duck" joe (Jul 04)