More secure?

[sharan]

Well, there are a lot of people out there who will smugly proclaim "Well my (insert non-Microsoft product name here) is so much more secure than (insert Microsoft product name here)." I've known for years that the ONLY reason there aren't more bugs found is because it's too small an audience to be a target for hackers.

Well, today, on my Mac here at work they asked me to download a critical update. And then I saw this:

http://www.internetnews.com/security/article.php/3624071

Yes, I am using Firefox (it's a better browser) and I've used Eudora for years and it is nice to know I'm immune to the Outlook exploits, but that's not WHY I use it. When I first registered Eudora Pro 3 Outlook didn't allow multiple pop accounts, and at this point I'm used to it and have way too much e-mail built up to want to transfer it to anything else.

Yeah, you're safer from the hackers as long as you're in the minority, but that doesn't necessarily mean it's any less buggy or has any less possible exploits.

Comments

[jcholewa.livejournal.com]

I'm sure there are real Firefox exploits (in fact I know they are, but that's not the primary reason why I use Opera), but this particular one has an attack vector involving running an executable file completely independently of using Firefox. Once the user is tricked into running malevolate binaries, nothing in the system modifiable to the user's acount can be considered secure. That's an OS issue, not a browser issue.

Incidentally, Eudora rocks. I paid for and used it for many years and only stopped using it because I have a dedicated in-bedroom IMAP server and Eudora's IMAP implementation is comparatively lacking. But the search feature was unparalled, and I love any program that can keep tabs/windows open between sessions.

[sharan.livejournal.com]

Yeah. It's not so much what the exploit is, but the very fact that the hackers have finally decided there are enough Firefox users to be worth targetting it:). You have to be stupid enough to open an e-mail attachment to get it, and after years of those types of exploits and viruses you'd think most people would know better by now anyway!:)

Yeah, Eudora's great. I've never used IMAP, so I've never had any problems with it. There are a few things lately where it would be nice if they were better (like when my roommate sent me an e-mail with HTML from Outlook and when I turned around and forwarded it the html was completely screwed up), but there haven't been enough problems to make me switch. I probably overuse the whole keeping windows open thing, since I usually have a LOT of mailboxes open (I keep everything open with unread messages and I'm on a LOT of mailing lists and I tend to be WAY behind on reading anything from them). But Eudora's holding up pretty well considering my Eudora folder is over a gig now, and I just filtered out a lot of my inbox after I realized it was close to hitting 100mb. I'm even using Eudora on the Mac at work:).

[danielmedic.livejournal.com]

"Not 100% secure" != "Equally insecure". The idea that there is one (1) Firefox exploit in the wild does not mean that it is suddenly, magically as vulnerable as IE. Ditto for OS X or Linux vs. Windows, Apache vs. IIS, Oracle vs. SQL Server, etc. It is true that being in the minority does not mean that a product is more secure, but in all these particular cases, it is demonstrably true that the first product is more secure than the second.

[sharan.livejournal.com]

Hmm. Well, I still think that if people spent nearly as much as much time searching for bugs and exploits in the non-Microsoft products as they do for the Microsoft ones there probably would be a lot more of them than people realize. No program except for a tiny one can ever be completely bug free, and if you look long and hard enough you'll find something. I guess we'll never know for sure unless Firefox (or any other product) turns into the one with the 90% market share that every hacker hates and goes out of their way to target. Until then we won't know if it's REALLY more secure or if the exploits just haven't been found due to lack of interest on hackers parts.

Having seen a lot of code by people who THINK they can program I have an especially hard time thinking any open source program that allows anyone to work on it is really going to be as secure as the programmers think it is, not unless they have someone really managing that code and making sure it is good before it's checked in. I've seen code created by actual computer science students or people working as programmers with computer science degrees, and I have to say some of it's not pretty. I've had to deal with it or clean it up (if I'm lucky enough to have that luxury), or watch other people deal with it. There's more to being a good programmer than a degree, even from a good school.

They might very well be more secure, and the fact that people are more aware of security vulnerabilities now means a lot of them probably are just because they took that into account more from the beginning (Microsoft probably weren't expecting IE to be a target for exploits when they originally created it, so they probably weren't programming from the start with avoiding them as a major goal) but there are some people who seem to act like Microsoft are the only company in the world to ever have a bug in their code, and considering how difficult it is to have something that complex be bug free (as a programmer I know that's pretty much impossible) I think some people take that a little too far.

Having said that, IE has gotten so bad lately it's become the new Netscape 4 (a nightmare for web developers everywhere), IE for Mac was a lousy piece of junk that never should have been allowed to escape from Microsoft, and yes, they do have insecurities. At least they are working on that problem now.:)

Well, this is one of those stupid religious subjects that can go back and forth forever, and I'm not saying Microsoft is totally blameless, but I'm saying maybe they're not completely to blame for all the world's ills either:).