Internet Explorer 7

[jeremyhfht]

Last I heard Mozilla's global market share was like 15%. Need I say more?

[Cap'n Refsmmat]

That doesn't really enter into the security question at all, anyway. Mozilla has a history of fixing security bugs faster than Microsoft does. Regardless of the number of problems (about equivalent), you're exposed to them for a shorter period of time if you use Firefox.

[jeremyhfht]

Now that part is true. The Mozilla team seems much more dedicated than Microsoft's.

 

However, if you were a blackhat which would you rather do? Attempt to exploit a browser around 15% of the internet population use, or infect a browser most of the world uses?

 

http://en.wikipedia.org/wiki/Security_through_obscurity

 

In case anyone wants to know the cryptography definition. I think that's proof enough that, yes, it DOES enter into the security question.

[Klaynos]

I note that arguments against is much much longer than arguments for.

 

Security by obscurity is not security at all...

[Sayonara]

I note that arguments against is much much longer than arguments for.

Security by obscurity is not security at all...

 

But keep in mind that this alone is not a very good argument against using Firefox (or Linux, for that matter), because "obscurity" is not its only line of defence.

 

[Dak]

However, if you were a blackhat which would you rather do? Attempt to exploit a browser around 15% of the internet population use, or infect a browser most of the world uses?

 

'installing a non-ie browser' tends to be a standard part of the reccomendations on how to secure windows, so you can reasonably assume that someone running firefox is more likely to also be running an anti-virus/firewall/etc than someone running ie.

 

there are a few viruses that seem to specifically target secure machines (able to install and run in a limited account, kill anti-viruses, etc), presumably with the intent of grabbing the best secured boxes all to themselves, rather than having to share them with every other infection on the web, which would be a specific reason to target ff.

 

anyhoo, you can set a server up to use one exploit when visited by ie, and another when visited by firefox, thus allowing for greater numbers of infection, tho i've no doubt ie is still the more attractive target due (mainly) to market share.

 

I note that arguments against is much much longer than arguments for.

 

Security by obscurity is not security at all...

 

really? try breaking into my house

 

obviously i'm going to lock the door aswell, but still...

 

also, (afaik) most OSS bug-trackers have a way of marking a bug as a security issue and thus hiding it from most people whilst it's fixed, thus at least partially relying on security-through-obscurity over the short-term to protect vulnerable OSs whilst the exploit is patched.

[Mr Skeptic]

Security by obscurity is not security at all...

 

Mind telling me your password?

[iNow]

The bigger point is that obscurity should not be your primary defense. Any technie who says otherwise is an idiot.

[insane_alien]

my password:********

 

yeah, obscurity does not always last. proper security should be aimed for.

[Psyber]

I read somewhere that most German government departments are using a Linux based OS.

 

Hospitals here are abandoning M$ Office for Open Office.

 

IE7?? I have not used any version of IE in years, in fact I have it totally locked down so it can't open. IE and an MSN web site - the optimum mix for a guaranteed instant crop of malware.

 

I use Opera for email and browsing usually, but keep Firefox on hand for those sites that are so M$ orientated they cannot run in Opera, which demands international standards be upheld.