[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Most secure internet exploration tool?

To: Valdis.Kletnieks@xxxxxx
Subject: Re: [Full-disclosure] Most secure internet exploration tool?
From: T Biehn <tbiehn@xxxxxxxxx>
Date: Tue, 3 Mar 2009 22:33:09 -0500

Obviously Internet Explorer on Windows, because it's developed by good
paid developers, not long bearded unix nerds.

On Tue, Mar 3, 2009 at 7:56 PM,  <Valdis.Kletnieks@xxxxxx> wrote:
> On Tue, 03 Mar 2009 19:31:35 EST, bobby.mugabe@xxxxxxxxxxxx said:
>
>> code execution power hacks, etc).  I would like to start a
>> discussion, weighing in every expert opinion on what the most
>> secure web browser is and why.
>
> Does 'telnet www.example.com 80' or 'netcat' count as a browser?  Do
> ascii-only things that only render static html count?  Does a mainstream
> browser with javascript and/or plugins disabled count?
>
> You then get to do a similar analysis defining "secure".  It isn't a binary
> yes/no - it's a continuum of different issues and relative importance, and
> different people may rank things in different orders.  Somebody who is
> responsible for regulatory compliance probably cares more about data exposure
> and identity theft issues - but a browser crash resulting in no data loss
> isn't an issue.  Meanwhile, the guy who has to run the help desk cares
> if an issue crashes browsers and generates phone calls (anybody who was 
> working
> in a NOC when Nachi came around knows how fast the costs of an outage can
> pile up, even if no data is permanently lost).
>
> Gotta draw a boundary box if you want reasonable answers.
>
>>                                Also whether or not the underlying
>> operating system matters - is firefox more secure under BeOS than
>> mosaic under IBM's dos?
>
> Again, you have to make a decision - if an exploit *did* manage to abuse
> a browser's code, but was then foiled by an OS security feature (ACLs, ASLR,
> SELinux, or whatever), does that count as "a secure browser", or "a secure 
> OS"?
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Most secure internet exploration tool?
  - From: Valdis . Kletnieks

References:
- [Full-disclosure] Most secure internet exploration tool?
  - From: bobby . mugabe
- Re: [Full-disclosure] Most secure internet exploration tool?
  - From: Valdis . Kletnieks

Prev by Date: Re: [Full-disclosure] Most secure internet exploration tool?
Next by Date: Re: [Full-disclosure] Most secure internet exploration tool?
Previous by thread: Re: [Full-disclosure] Most secure internet exploration tool?
Next by thread: Re: [Full-disclosure] Most secure internet exploration tool?
Index(es):
- Date
- Thread