Re: Microsoft announce most secure OS on the planet

[der Mouse <mouse () rodents-montreal org>]

> [...] to date [Firefox] has not been subjected to anything like the
> same level of scrutiny for exploitable holes by the bad guys (or
> anyone else) largely because of its market share (and a misguided
> belief that because OSS code _can_ be scrutinized by millions of
> eyeballs, it is almost necessarily better scrutinized than non-OSS
> code).  Thus, FF's market share means the (mostly) monetizable value
> of finding and exploiting vulnerabilities in FF makes doing so orders
> of magnitude less attractive to the bad guys

That's actually not the only reason.  Another is that Firefox has a
greater variety of underlying OSes, some of which go to substantially
greater lengths than Windows does to make certain common classes of
vulnerability (eg, classic smash-the-stack-frame overflows) harder to
exploit.  This means that even if you find such a bug, your exploit
will work only on some indeterminate (but probably, at most, moderate)
fraction of Firefox installs: even if the rest are theoretically
vulnerable, you have to guess right about various things to make it
work, some of which may change from invocation to invocation.

> In a couple of years, as a greater and greater proportion of Windows
> users are forced to "better" versions of IE, these economics will
> likely change,

True - but then one place where open source _does_ have an advantage
will show itself: the turnaround time on fixes can be _much_ shorter.
I have trouble imagining Microsoft releasing an IE fix in less than a
week - heck, it's often hard enough to get them to admit a problem
_exists_ that fast.  But I've seen fixes to OSS appear within as little
as a few hours on some occasions.

Not that that makes it any easier to get fixes installed....

> but the next low-hanging fruit will then probably be the third-party
> add-ons that are common _across browsers_ and typically exploitable
> across browsers too (and yes, we have been seeing this for a while
> now), rather than "the browser with next largest market share".

There's that, too.  One of the best things you can do for the security
of your systems is probably to run a non-x86 CPU architecture - a
lower-level version of the "Windows 3.1" security I mentioned upthread.
Of course, this works only as long as the CPU you choose is chosen for
only a small fraction of the machines out there.  (Another reason I
find the current trend to CPU monoculture depressing.)

/~\ The ASCII                             Mouse
\ / Ribbon Campaign
 X  Against HTML                mouse () rodents-montreal org
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.