by George Ou
“It is widely asserted as "fact" that Firefox is more secure, but does that assertion really hold up under intense scrutiny? Peter Torr of Microsoft doesn’t seem to think so. I can hear the howling now to the effect of "but the guy is just a Microsoft lackey on Bill Gate’s payroll". While it is certainly true that he works for Microsoft and is clearly giving a point of view favorable to Microsoft, no one can deny any of the serious criticisms that he lays on Firefox. Here is a list of Peter’s grievances that show a pretty flagrant disregard for the most basic of security principles.”
- Installing Firefox requires downloading an unsigned binary from a random web server
- Installing unsigned extensions is the default action in the Extensions dialog
- There is no way to check the signature on downloaded program files
- There is no obvious way to turn off plug-ins once they are installed
- There is an easy way to bypass the "This might be a virus" dialog
Since the initial posting and much "fanfare" from Slashdot, someone pointed how you can turn off plug-ins so Peter has since then conceded the fourth point. While there has been a huge firestorm of responses on the other points, I haven’t heard any acceptable explanations on any of the other four points that Peter has raised. The most serious issue is the first where Firefox might even send you to a raw IP address link (the favorite tactic of phishers) to download unsigned code.
http://blogs.zdnet.com/Ou/index.php?p=22&tag=nl.e539
Posts
No comments:
Post a Comment