On Fri, 2004-11-12 at 09:41, Eric McCarty wrote: > [...] IE is just > as secure as Firefox. Why?, because we don't click on fake citibank > adds, It is my understanding that some flaws, for example the recent IFRAME overflow issue, do not require a user to click on anything. Am I mistaken? > [...] Don't sleep with hookers if you don't want AIDS, it's as simple as that. I agree. But I'd say that IE *is* the hooker. :) In all fairness, though, pretty much all the other browsers are whor^H^H^H^H faulty too. (As Michal Zalewski has shown recently) The difference between them and IE is that they require a patch for the browser application, whereas IE often requires fixes that reach far deeper into the system (thanks to tight integration into the OS). And that means that sometimes IE fixes and OS fixes step on each others toes (erm, DLLs?) and creating conflicts or even invalidate each other. Wasn't there a recent IE flaw that was fixed long ago and then surfaced again? How did that happen? The browser-wars are over, and they all lost. The question is how much impact a faulty browser has on the remainder of the system. The question that we should be asking ourselves is not "Is IE as safe as Firefox" but "Does a faulty IE have a larger impact on the system than a faulty Firefox". Regards, Frank -- * It is easier to fix simple systems than it is to fix complex systems. * Fixes should modify core components. They should not be bolted onto core components.
Attachment:
signature.asc
Description: This is a digitally signed message part