funsec mailing list archives
Re: Microsoft announce most secure OS on the planet
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Tue, 21 Apr 2009 10:56:44 +1200
Larry Seltzer to der Mouse:
I know someone who until recently (~1yr ago?) was running Windows 3.1 For all its lack of inherent security, it was substantially stronger against today's carpet-bombed attacks than lots of more modern stuff, simply because most malware wouldn't run on it at all.Facinating. Think of how secure DOS and CP/M are by this standard.
That is "pragmatic security". It's the main reason I use Firefox rather than IE. It's a good bet that by objective coding quality standards, etc FF is much less secure than contemporary versions of IE, but to date FF has not been subjected to anything like the same level of scrutiny for exploitable holes by the bad guys (or anyone else) largely because of its market share (and a misguided belief that because OSS code _can_ be scrutinized by millions of eyeballs, it is almost necessarily better scrutinized than non-OSS code). Thus, FF's market share means the (mostly) monetizable value of finding and exploiting vulnerabilities in FF makes doing so orders of magnitude less attractive to the bad guys (and really bad karma to the white hats who should be auditing the code better). In a couple of years, as a greater and greater proportion of Windows users are forced to "better" versions of IE, these economics will likely change, but the next low-hanging fruit will then probably be the third-party add-ons that are common _across browsers_ and typically exploitable across browsers too (and yes, we have been seeing this for a while now), rather than "the browser with next largest market share". Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Microsoft announce most secure OS on the planet, (continued)
- Re: Microsoft announce most secure OS on the planet David Harley (Apr 20)
- Re: Microsoft announce most secure OS on the planet Larry Seltzer (Apr 20)
- Re: Microsoft announce most secure OS on the planet David Harley (Apr 20)
- Re: Microsoft announce most secure OS on the planet Gadi Evron (Apr 20)
- Re: Microsoft announce most secure OS on the planet David Harley (Apr 21)
- Re: Microsoft announce most secure OS on the planet Gadi Evron (Apr 20)
- Re: Microsoft announce most secure OS on the planet Valdis . Kletnieks (Apr 20)
- Re: Microsoft announce most secure OS on the planet der Mouse (Apr 20)
- Re: Microsoft announce most secure OS on the planet Rob, grandpa of Ryan, Trevor, Devon & Hannah (Apr 20)
- Re: Microsoft announce most secure OS on the planet Dragos Ruiu (Apr 20)
- Re: Microsoft announce most secure OS on the planet Nick FitzGerald (Apr 20)
- Re: Microsoft announce most secure OS on the planet der Mouse (Apr 20)
- Re: Microsoft announce most secure OS on the planet Larry Seltzer (Apr 20)
- Re: Microsoft announce most secure OS on the planet Valdis . Kletnieks (Apr 20)
- Re: Microsoft announce most secure OS on the planet David Harley (Apr 21)
- Re: Microsoft announce most secure OS on the planet Larry Seltzer (Apr 21)