nanog mailing list archives

Re: Anyone see a game changer here?

From: Steven Bellovin <smb () cs columbia edu>
Date: Fri, 22 Jan 2010 23:08:55 -0500


On Jan 22, 2010, at 10:37 PM, William Pitcock wrote:

On Fri, 2010-01-22 at 22:16 -0500, Steven Bellovin wrote:

On Jan 22, 2010, at 12:26 AM, Bruce Williams wrote:

The problem with IE is the same problem as Windows, the basic design
is fundementally insecure and "timely updates" can't fix that.


You do realize, of course, that IE is recording less than half the
security flaw rate of Firefox?  (See
http://prosecure.netgear.com/community/security-blog/2009/11/web-browser-vulnerability-report---firefox-leads-the-pack-at-44.php)


Consider for a moment that both Firefox and Safari are built on
open-source code where the code can be audited.  As a result, it is
clear why Firefox and Safari are more "insecure" than IE, it is simply
because the code is there to be audited.

Frankly, they are all about the same security-wise.

I think that that's wishful thinking.  IE has fewer security problems because Microsoft has put a tremendous amount of 
effort -- and often fought its own developers -- in a disciplined software development environment with careful, 
structured security reviews by people who have the power to say "no, you can't ship this".  They've also put a lot of 
effort into building and using security tools.  (For earlier comments by me on this subject, see 
http://www.cs.columbia.edu/~smb/blog/2009-04/2009-04-29.html)

I'm not a fan of Windows.  I think it's ugly and bloated, and I don't like it as a user environment.  I'm typing this 
on a Mac (which I like for its JFW properties, not its security; I do not think it is more secure than Vista or Windows 
7); I'm also a heavy user -- and a developer -- of NetBSD.  If the world suddenly switched its OS of choice away from 
Windows, I wouldn't weep.  But I also would and do hope that the other platforms, be they open or closed source, would 
learn from what Bill Gates has done well.

                --Steve Bellovin, http://www.cs.columbia.edu/~smb

Current thread:

Re: Anyone see a game changer here?, (continued)
- - - Re: Anyone see a game changer here? Fred Baker (Jan 15)
    - Re: Anyone see a game changer here? tvest (Jan 15)
    - Re: Anyone see a game changer here? Fred Baker (Jan 15)
    - RE: Anyone see a game changer here? Warren Bailey (Jan 15)
    - Re: Anyone see a game changer here? Gadi Evron (Jan 21)
    - Re: Anyone see a game changer here? James Hess (Jan 21)
    - Re: Anyone see a game changer here? Bruce Williams (Jan 21)
    - Re: Anyone see a game changer here? Steven Bellovin (Jan 22)
    - Re: Anyone see a game changer here? William Pitcock (Jan 22)
    - Re: Anyone see a game changer here? Brielle Bruns (Jan 22)
    - Re: Anyone see a game changer here? Steven Bellovin (Jan 22)
    - Re: Anyone see a game changer here? Gadi Evron (Jan 22)
    - Re: Anyone see a game changer here? gordon b slater (Jan 21)
    - Re: Anyone see a game changer here? Valdis . Kletnieks (Jan 22)
    - Re: Anyone see a game changer here? Damian Menscher (Jan 23)
    - Re: Anyone see a game changer here? Gadi Evron (Jan 23)
    - Re: Anyone see a game changer here? Gadi Evron (Jan 23)
    - Re: Anyone see a game changer here? Damian Menscher (Jan 23)
    - Re: Anyone see a game changer here? Gadi Evron (Jan 24)
    - RE: Anyone see a game changer here? Keith Medcalf (Jan 16)
- Re: Anyone see a game changer here? andrew.wallace (Jan 16)

(Thread continues...)