Posted on 09/17/2004 4:02:07 PM PDT by Stoat
|
|
|
Uh, no. Whether one can plug in additional features to software is completely different from the core code that contains vulnerabilities.
Now let me make this one last case too you, because after this I am iggying this thread.
That's convenient.
The reason why IE has more problems is because it is bigger, simple but not accepted by you, fine.
By me and by much of the security community. The concept of "used more = hacked more" is provably false, and while you can continue to ignore that fact, it doesn't make your argument acceptable.
This argument is over and is quickly going go down to the level of apes tossing shit at each other.
Like most of the trolls that I swat on the tech threads, I have no interest in changing your mind. Rather, my purpose is to keep you from spreading FUD and poisoning the minds of other readers.
If you want to slink back under your bridge that's perfectly fine by me, but don't expect me to stop posting simply because you've painted yourself into a logic corner.
If you are a security expert I weep for our security.
I've been in computer security since 1989 and computers in general since 1982.
I currently work for one of the largest backbone providers in the world as a security professional, monitoring for intrusions.
As such, I can state as a fact that you have no idea what you are talking about.
Whatever. Keep calling me troll, keep making claims. I personally dont care. I personally have ran into a plethora of problems with this "stable" browser called firefox, from its cookie management to freezing upon certain web elements, ones that have never caused me problems before.
And you seem to be forgetting that I have never defended IE other than to take on the issue you raised in a argument back towards me on security and the availability of a program. Anecdotal evidence and other opinions cannot stray from fact.
Oh and BTW if the US Govt doesnt recommend IE, then why is it supplied on all Army computers? Seems to me if it is such a threat they wouldn't even allow its distribution to such places as my s-3 and s-1 shops.
BTW since we are going on history here, when I was 12 I was kicked out of school because I hacked into the schools computer and changed my grades and about 12 others and was banned from the usage of computers until I was 18, I know longer peruse down the darker side other than to read whats up at various hacker places to read about whats new and vurnerable.
bump for later
Very well, put your money where your mouth is.
Please provide a reference that indicates that a larger user base of a program will cause more successful exploits.
We await your facts.
Oh and BTW if the US Govt doesnt recommend IE, then why is it supplied on all Army computers?
The government doesn't supply IE, Microsoft does. And Microsoft supplies IE with Windows whether you want it or not and in such a way that you can't remove it.
The government recommends using something other than IE.
Scroll down, it's about 2/3 of the way down, under the other solutions, most of which aren't effective.
BTW since we are going on history here, when I was 12 I was kicked out of school because I hacked into the schools computer and changed my grades and about 12 others and was banned from the usage of computers until I was 18, I know longer peruse down the darker side other than to read whats up at various hacker places to read about whats new and vurnerable.
Thanks for adding that. Now the other readers can decide whom to listen to, a security professional or a criminal.
I did my time.And I have more than made it up through my deeds.You insensitive pr***. To call me a criminal is rather ignorant and insulting, I did not referrence my lurid past to highlight any of my failings but rather to give you and any other readers here knowledge of where I am coming from, if you wish to insult rather than to debate then go ahead and do that, you just wont find an answer in return.
Very well, put your money where your mouth is. Please provide a reference that indicates that a larger user base of a program will cause more successful exploits. We await your facts.
If all my reasons explained before doesnt convince you nothing will. If you are so naive to believe that even if we had thousands of vendors out there adapting themselves to work with the differences in Firefox or Opera and that if you were a hacker or a insidious individual who may design programs to take advantage of your computer by selling mal-ware designed to increase awareness of your site by attacking not the least used programs but the most used programs, then I simply cant help you, I could probably go out and find articles on this or official documentation. You are arguing security I am arguing availability, your bull headedness on this issue is obviously corrupting your vision on this.
So I will try and make this one last attempt.
Have you ever tried counting cards at a black jack table? Card counting uses the law of large numbers, its not what people think it is when you count cards. You are simply guessing at what comes next in the count if say the dealer has dealt 5 cards under ten previously than it is likely that a ten will be dealt next. In the short run you are likely to come up even at a blackjack table doing this or maybe even slightly ahead, if you multiply the participants you increase your chances at a profit when you multiply that by numerous sessions over numerous days you will most likely beat the house with a 5% edge, which is huge in gambling terms. The same law applies to a largely distributed program.
An even simpler way is to say that the number one car in the world is a VW, a VW will probably have more numerical accidents than any other vehicle, forget its survivabilty rate or casualty rate, greater number=greater number of accidents.
That is simply all I have been saying. If you prefer to throw math out the window, which I highly doubt you will then it should stand.
Past behavior is indicative of future actions. If you've done your time and reformed then I'm happy for you, but as a security professional I'm not inclined to trust your judgment in security matters any more than a bank president would trust a convicted embezzler. Sorry if that sucks for you, but that's life.
To call me a criminal is rather ignorant and insulting,...
Actually, it's completely accurate. You committed a crime therefore you are a criminal. Stop me if that's too complicated for you to follow.
... I could probably go out and find articles on this or official documentation.
Which is what I asked for, but you have provided a lot of fluff and allegations, but no proof.
...The same law applies to a largely distributed program.
No it doesn't. Sezeniquote...
The Law of Large Numbers: In repeated, independent trials with the same probability p of success in each trial, the chance that the percentage of successes differs from the probability p by more than a fixed positive amount, e > 0, converges to zero as the number of trials n goes to infinity, for every positive e. (bold is mine)
You have made the assumption that the probability of the success of an exploit is constant between IE and Mozilla. That's a bad assumption, and that's where your confusion comes from.
Mozilla code, for reasons listed earlier in this thread, will have a lower exploit rate, thus a lower number of exploits as the number of installations increases.
As the number of installations approaches the number of installations of IE (and I must point out that since IE in integrated into the Windows OS, the number of IE installations will not decrease until the number of Windows installations begins to decrease.) the relative number of exploits will be lower by an increasing factor.
There are many factors which make IE and Mozilla different, including (but not limited to) quality and age of code, complexity, permissions in the OS, speed of patching, number of bug fixers, and so forth.
I still await any documentation that says otherwise.
I actually didnt make that assumption. What I said was, and very simply in fact was that the more of something, the more trouble, that is why I specifically negated rates you know, like 100/1 or a ratio of 100 to 1 from my conclusions. Can you argue with the fact that since more people use farber ware knives, they have more accidents attributed to them? I simply cant be more clearer.
I cant predict the variables anymore clearer than you or any other net security guru, that is why I have specifically stayed away from that or tried to make a parallel of progression between IE and Mozilla, that is mathematical stupidity.
Past behavior is indicative of future actions. If you've done your time and reformed then I'm happy for you, but as a security professional I'm not inclined to trust your judgment in security matters any more than a bank president would trust a convicted embezzler. Sorry if that sucks for you, but that's life.
Tell that to the US Army and the US Govt, they were well aware of my past and seem to have no problem with it.
Actually, it's completely accurate. You committed a crime therefore you are a criminal. Stop me if that's too complicated for you to follow.
Seeing as I never was convicted of a crime, just banned from usage in the school system for 6 years and at home via my parents, I fail to make the connection. I mean is Bush a criminal to you? He commited the crime of DUI, so according to you then in fact he is a criminal and therefore not capable of weighing in on certain subjects. Thats a terrible conclusion you come to and it shows us your narrow mind.
I have yet to question Mozillas security, yet you continue to think I have or say I have. SO you keep going on these sidebar tangents that are not in disagreement. Although what can be created by man can be destroyed by man, even with open sourcing which allows a more fluid ability to correct secuirty problems you still will have problems, I have a sensation that you believe that open sourcing is to you the end all be all of code. I dont think it is, I think the truth lies somewhere in the middle
You must have made that assumption if you believe that the Law of Large Numbers applies.
Tell that to the US Army and the US Govt, they were well aware of my past and seem to have no problem with it.
Somehow I don't think they let you work in information security. I know that the organization that I work for wouldn't hire someone with your background.
Seeing as I never was convicted of a crime, just banned from usage in the school system for 6 years and at home via my parents, I fail to make the connection. I mean is Bush a criminal to you? He commited the crime of DUI, so according to you then in fact he is a criminal and therefore not capable of weighing in on certain subjects. Thats a terrible conclusion you come to and it shows us your narrow mind.
Please go look up "straw-man argument" and then reflect on the concept that using it is not a valid argument.
And by the way, it's not about whether or not you are convicted, it's whether or not you committed the crime.
I have yet to question Mozillas security, yet you continue to think I have or say I have.
Let's reflect, shall we?
Post 13: Sorry but the fact remains that if Mozilla was the number one software we would all be bitching about security problems, popups and other annoyances. Not to mention since Mozilla is open source, its hard not to argue that since the coding is open that it is easier to crack and infect. So tell me again why its safer other than it has fewer users?
Post 26: Firefox was the number one browser with 95% of the market would it or would it not have as many issues as IE when it comes to ceratain security problems ie; pop-ups, spy-ware,mal-ware,hijack-ware?
You were saying?
Although what can be created by man can be destroyed by man,...
Agreed.
...even with open sourcing which allows a more fluid ability to correct secuirty problems you still will have problems,...
True, just fewer of them.
I have a sensation that you believe that open sourcing is to you the end all be all of code.
Nope. But I'd rather see Open Source used unless a good technical or business argument be made against it. Open Source, like open government, allows users to have some control of what's going on. Even a user that has no coding experience could hire someone to audit open code, something that is not allowed under closed source licenses.
Here's an essay (with a bevy of links) as to why.
Call this assuming things. But I am going to assume that many people, not all,or even most, but many, people in the information security business got started with childhood curiosity. Probably much like mine, even fewer but I guarantee they exist even go so far as to test site security on there own through illegal means, the only difference between them and me is I actually admitted it and got caught, although unless you are looking through school records in 1986 you wouldnt find it.You also would not find a history of similar behavior, no thievery nothing to the negative a simple childhood mistake that unless someone dug deep enough would not find
I cant go into exactly all of my job details in the military, but I will tell you this I had more than fair access to classified documents and programs and my actual first PMOS even put me in charge of data collection of certain aspects, of which I am still obliged not to release until they become public.
I have yet to question Mozillas security, yet you continue to think I have or say I have. Let's reflect, shall we? Post 13: Sorry but the fact remains that if Mozilla was the number one software we would all be bitching about security problems, popups and other annoyances. Not to mention since Mozilla is open source, its hard not to argue that since the coding is open that it is easier to crack and infect. So tell me again why its safer other than it has fewer users? Post 26: Firefox was the number one browser with 95% of the market would it or would it not have as many issues as IE when it comes to ceratain security problems ie; pop-ups, spy-ware,mal-ware,hijack-ware? You were saying?
You are assuming that I was implying that I was questioning Mozillas security. Other than bad spelling I am not guilty of implying that to which you are assuming. If you read and used comprehension of the totallity of the posts it all comes back to my original assumption that if it was reversed and FireFox was numero uno, we would be discussing its security problems, not whether or not its less secure than IE or more secure than IE, other than me questioning open source itself, which is the only instance I directly questioned the security of Firefox(and it was more of a question, and a side argument).
Here is a good argument from a pro-open source site
dwheeler
Here is another from big blue itself:
ibm
SO I personally believe there is a good argument on the ground s that open source is more secure or not, but the overall thrust of my argument really hasnt been that at all.
Both are incorrect. As Mozilla becomes more popular, it will have approximately the same number of issues. This is due to the open source model. It will never have as many issues as IE, nor will they be as serious. This is also due to the open source model.
I can state this because similiar projects in the open source world have demonstrated similiar patterns. The development environment that the Mozilla team operates under will sack the lead developers if they trend toward more buggy code. This is not true with closed source. Developers get sacked for missing deadlines, not for bugs.
Secondly, IE and Mozilla are entirely different products under the surface. Mozilla is a web browser. IE is part of Windows. When a flaw is found in Mozilla, it affects web browsing. When a flaw is found in IE, it affects web browsing, email, file browsing and more. Since Mozilla is less involved with the operating system, it will never have as many security issues as IE, simply because it doesn't have the ability to affect as much.
I understand what you are saying, finally. I didnt mean to mislead or imply that if Mozilla was as big as IE in users that it would have similar problems as IE or equal problems. I am just saying that if Mozilla was as big as IE in users we would be talking about its security issues, not whether or not its issues would be worse or more frequent or silly as IE's. We could extrapolate from what we know now about FireFox and say it is better, and we would be right. But on the other hand it has not become such an integral part of society where the internet universe circles it yet, so comparisons really cant be made. It in effect has different problems all its own, be they good bad or indifferent.
So we will just have to leave it here. Its a good argument though heated at times.
I do think FireFox is a superior product though and has so far only had very minor glitches that were easy for me to fix, save one but its not important, it will be fixed in time.
You've been rather silent about the DHS recommending that no one use IE. What's your spin on that?
Or haven't you gotten your FUD sheet from Redmond yet?
And on topic: Please provide your "current evidence" or a link to the same.
Or do you figure that since you were so accurate in predicting that SCO actually had a case that we can just take you at your word? Do you do fact checking for CBS in your spare time?
We'll be here waiting to see if you can back up your FUD or if your just spewing your normal Nothing But Microsoft garbage.
The "study" is almost entirely unproven theory, based on numerous assumptions that have yet to be validated.
However, the paper has yet to be peer-reviewed, and errors in his assumptions could undermine his theory. Furthermore, he acknowledged that real-world considerations could easily skew his conclusions.
So for those of you that live in a fantasy world, I'm sure this kind of thing is perfectly acceptible.
Those of us that live in the real world figure this is just another puff of vapor.
Are you really sure you aren't a CBS fact checker?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.