Full Disclosure mailing list archives
Re: IE is just as safe as FireFox
From: Danny <nocmonkey () gmail com>
Date: Fri, 12 Nov 2004 16:55:19 -0500
On Fri, 12 Nov 2004 22:15:31 +0100, nicolas vigier <boklm () mars-attacks org> wrote:
On Thu, 11 Nov 2004, Danny wrote:Yes, IE security needs work. Yes, Firefox is a great web browser. However, if Firefox or any other browser had the same market share as IE, would it really be that much more secure? There sure would be a lot more people trying to find holes in Firefox if it had the same user base.Yes, IIS security needs work. Yes, Apache is a great web server.
A properly setup IIS 6.0 server is no less secure than a properly setup Apache server (with the latest patches). Show me how/where a properly setup IIS 6.0 server needs security work? If you can't hack it, find someone who can or has, and show me evidence that it was setup properly. When I say properly, I mean, based on the recommendations stated on Microsoft's website for securing IIS 6.0. Likewise for setting up Apache.
However, if Apache or any other web server had the same market share as IIS, would it really be that much more secure ? There sure would be a lot more people trying to find holes in Apache if it had the same user base.
I didn't ask for a comparison for web SERVERS. We are talking about clients; we are talking about Internet Exploiter and any other web browser with more than 1000 users, say for example Firefox.
Wooops. Netcraft tells us that 67% webservers are running Apache while 21% running IIS. Why are there so much worms targeting IIS and not so much for Apache ?
1) Because Microsoft did not have any useful security in-mind when they put out IIS 4 & 5. IIS 6 is a much different story; http://secunia.com/product/1438/ 2) I would say over 3/4 of them were not setup properly. You know, if you want your Microsoft product on the Internet, you do, unfortunately, have to set it up properly. However, it's actually not a lot of work. The problem is, most people don't do the work. They just plug it into the network and say "Alright, we gots our fackin' websiiite up dare boys. Cletus, upload that fantiastic websiite with you shaggin' your mom's sisters goat that you made dare in FrontPage. Riiiight on little buddy! Shes alive!" 3) Most MS admins are lazy and know very little about security. It's catch 23... why bother securing a product that does not have security built-in.
The truth is that some programs have a bad design for security while some others have a better one.
I agree. Microsoft is obviously the worst for this. See my last few posts. Believe it or not, I prefer Firefox over IE, Apache over IIS, FreeBSD over Windows, etc. The difference is, I have an open mind and try to keep all aspects of the debate in mind. ...D _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: IE is just as safe as FireFox, (continued)
- Re: IE is just as safe as FireFox Scott Leff (Nov 11)
- Re: IE is just as safe as FireFox Danny (Nov 12)
- Re: IE is just as safe as FireFox Frank Knobbe (Nov 11)
- Re: IE is just as safe as FireFox stilist (Nov 11)
- Re: IE is just as safe as FireFox Danny (Nov 12)
- Re: IE is just as safe as FireFox David B Harris (Nov 11)
- RE: IE is just as safe as FireFox Poof (Nov 12)
- Re: IE is just as safe as FireFox Borja Marcos (Nov 18)
- Re: IE is just as safe as FireFox Danny (Nov 12)
- Re: IE is just as safe as FireFox Scott Leff (Nov 11)
- Re: IE is just as safe as FireFox nicolas vigier (Nov 12)
- Re: IE is just as safe as FireFox Danny (Nov 12)
- Re: IE is just as safe as FireFox Martin Mkrtchian (Nov 11)
- Re: IE is just as safe as FireFox nicolas vigier (Nov 12)
- RE: [in] Re: IE is just as safe as FireFox Curt Purdy (Nov 14)
- Re: [in] Re: IE is just as safe as FireFox john morris (Nov 14)
- Re: [in] Re: IE is just as safe as FireFox Rafel Ivgi, The-Insider (Nov 14)
- Re: [in] Re: IE is just as safe as FireFox Ag. System Administrator (Nov 14)
- Re: [in] Re: IE is just as safe as FireFox Barrie Dempster (Nov 14)
- Re: [in] Re: IE is just as safe as FireFox bkfsec (Nov 15)
- Re: [in] Re: IE is just as safe as FireFox Heikki Toivonen (Nov 15)
- Re: [in] Re: IE is just as safe as FireFox Borja Marcos (Nov 18)
- RE: [in] Re: IE is just as safe as FireFox Curt Purdy (Nov 14)