Dangerous Web browsing - 23 unpatched security holes in Internet Explorer

[Gandalf]

This is a worry - browsing the internet with Internet Explorer leaves one open to the planting of back doors and viruses.
see:
http://www.pivx.com/larholm/unpatched/

I notice that latest versions of Netscape & Mozilla are OK.
The latest problem in Mozilla being fixed in under 24 hours.

Microsoft employs thousands of programmers and should be able to fix these issues quickly .

[SHoNKY]

This is nothing out of the ordinary, everyone knows Windows is made primarily from swiss cheese...

[hast]

Quote:

Originally posted by Gandalf

The latest problem in Mozilla being fixed in under 24 hours.

kinda makes you wonder how well they properly tested the fix doesnt it

[Gandalf]

Quote:

Originally posted by hast


kinda makes you wonder how well they properly tested the fix doesnt it

The history of software fixes over the last 5 years that I've been doing Linux is that fixes come out within hours - and are solid. Whereas many fixes that come from MS need still more fixes. Checkout the vulnerability details on the web page quoted and you'll find that some of them still exist because the fix from MS didn't work.

Or try this page,
http://www.trustworthycomputing.com
And follow some of the 500,000 + links and you'll find many fixes from MS that didn't work or introduced new problems.

[hast]

Quote:

Originally posted by Gandalf

Or try this page,
http://www.trustworthycomputing.com
And follow some of the 500,000 + links and you'll find many fixes from MS that didn't work or introduced new problems.

your joking right?
"microsoft security OR privacy flaw OR flaws OR hole OR holes"

i propose a more objective search

"linux security advisories" - 159,000
"microsoft security advisories" - 127,000

[Gandalf]

Quote:

Originally posted by hast


your joking right?
"microsoft security OR privacy flaw OR flaws OR hole OR holes"

i propose a more objective search

"linux security advisories" - 159,000
"microsoft security advisories" - 127,000

Well, when Bill Gates first mentioned Trustworthy Computing that site was registered - and there where less then 400,000 results at that time, only months ago, Since then the number has grown by almost 200,000.

MS doesn't give out security advisories about the problems they dont fix - and the unpatched known problems in IE are only the tip of the Iceberg. I don't think it would be possible for any one person to keep track of the unpatched known problems in all of the MS product range. Whereas at any one time the number of known unpatched vulnerabilities in the total range of Open Source software is mostly nil or can be counted on the fingers.

And with respect to your figures security advisories are issued for evry problem found in every version of Linux - so a problem in say Samba is notified by every Linux distribution that uses Samba - and there are dozens of Linux distros that would issue a security advisory for the same problem. So to get an even playing field you should divide the Linux advisories by a factor of 10, and you'd still be overstating the case.

[PersianImmortal]

<sarcasm> Oh dear lord, I'm living on the razor's edge using IE!! </sarcasm>

As I keep arguing, IE is used by literally millions of people, hence new security flaws are more likely to be found and exploited every day. Also IE is used by a great many non-technical, non-geeks who don't know how to maintain their systems.

Linux on the other hand is far less predominant on home PCs, and more importantly, people who use Linux are more likely to be computer geeks and hence their systems are likely to have better security through proper maintenance (proper virus and trojan scanning and email handling).

Hence the comparision between IE in Windows and Linux is not a proper one.

[Gandalf]

true, IE because it's used by less technical people should have beter security than it does.

As for more people using IE therefore more people finding bugs, you've just said that they aren't computer geeks so how would they find bugs.

And as for bugs in Open Source software - they are easier to find as anyone can scan the source code and look for them, and as the users of such software are computer geeks they are more likely to find them.

It evens out - fewer but more technical people will find as many bugs in their software a masses of non-technical people in their software.

All jokes aside, how do you explain the slow bug fixes from MS for the bugs that are found?
e.g.
http://online.securityfocus.com/archive/1/267561
a serious and easily exploited problem, that can allow someone to run programs on your computer, and that was found on April 14th, 2002. Why can't MS fix serious problems as fast as the open source volunteers and the writers of Opera and Netscape?

And todays total is down to 19 vulnerabilites.

The answer of course for any security minded person is to do your general web browsing using the latest versions of Mozilla, Opera or Netscape and avoid the problems.

[PersianImmortal]

Quote:

Originally posted by Gandalf
As for more people using IE therefore more people finding bugs, you've just said that they aren't computer geeks so how would they find bugs.

The average user isn't the one who often finds the bugs. It's mostly security-based IT firms looking for a high profile who go through and try to find holes.

Not to say IE couldn't be tighter, but I assume due to compatibility issues and the sheer number of other software being run on Windows-based systems, it's difficult to create a bulletproof patch quickly.

MS has no incentive to make their software appear lax on the security front, so I don't think they're purposely dragging their feet releasing patches.

And yes, if security is a big worry for you (and it's not for me) then try another browser. I like IE for it's balance of features, compatibility and security.