Re: fog of cyberwar

[Rich Kulawiec <rsk () gsp org>]

On Fri, Jan 22, 2010 at 04:45:03PM +0100, Dan Kaminsky wrote:
> So which browser exactly is the secure one?

w3m in text-only mode...on OpenBSD...on Sparc? ;-)

More seriously, there is no secure one, any more than there's a "safe"
car.  Just some that are more so, or less so.  I think Firefox + NoScript
+ AdBlock + TACO is a pretty good move in the direction of "more so".
(Certainly not the only such possibly move, nor necessarily the optimal
move, just one of many.)  I think IE is a very large move in the direction
of "less so", to the point where nobody should be making it: I'm not
sure how it's possible to do any worse.

Meanwhile, Microsoft has essentially unlimited personnel and financial
resources.  They could hire 500 top-notch staff tomorrow, pay them
out of petty cash, and completely rewrite IE with security as the
overarching design goal -- if they wanted to.  They could have done
so years ago -- if they wanted to.

That they haven't speaks volumes about their disinterest in making
it secure.  Oh, they'll make nice noises and patch it and whatnot,
but that's just more "We Take This Matter Very Seriously" corporate BS.
Meanwhile, they're plowing enormous resources into what I'll loosely
term The Placate Big Content Effort.

---Rsk
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.