Ron Johnson wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07/26/07 15:52, Erik Persson wrote:
Douglas Allan Tutty wrote:
It seems that the mozilla-derived browsers have security issues
requiring updates far more frequently than other browsers like Konqueror
or links2.
I'm curious as to why this is. Does anyone have any ideas?
I'm on dialup and switched to Konq for this very reason but sometimes I
have a website that doesn't work and its handy to see if iceweasel will
view it. (so far the only one is the adobe flashplayer test page).
Doug.
As you can see from the other answers, nobody has a clue if the
mozilla-based browsers are less secure than the konq or not. I haven't
inspected the code either, so I don't have any more facts than anyone
else. I do NOT agree with the other answers however.
If there are fewer security alerts with Konq the only reasonable
conclusion, if you don't have strong facts pointing the other way, is
that Konq is more secure, and that this is partly because of better
code. The larger userbase of Firefox is very likely to generate a larger
number of discovered security issues, but as far as I know, no one can
tell you how many more bugs are generated per user or per extra
programmer, and probably no one can tell you the how user base and
security issue rate correlate more precisely. From this, the most
reasonable conclusion is that Konq is more secure.
Anyhow, the basic fact that there is fewer security alerts in Konq makes
this a more secure browser, whether this maybe is because only of a
smaller user base or not.
That's just not logical.
For example, just because people didn't know about germs in 1825
didn't mean that they didn't exist.
That's just the point. You can't be sure about firefox being less secure
- there could be reasons that explains the assumed difference in
reported security issues and yet firefox being more secure.
However, if we don't know, we can't say. We can only say what we know,
and what this is likely to represent.
Exactly as it would have been very unwise to argue for the existence of
germs in 1825 without having some evidence of their existence.
As I said, we must have some strong evidence to argue that the assumed
larger rate of reported security issues in firefox is not because of
more security flaws.
If there are fewer reported security issues in konq, the most likely
explanation is that there are fewer found security issues in konq. If
there are fewer found security issues in konq, one likely explanation is
that there are fewer security issues in konq. There are however more
people using firefox and there are more developers(?) developing
firefox, but since we have no clue as to how this equates to the above,
we really can't say much about it other than that it will probably
decrease the difference to some extent (maybe all the way, maybe to the
degree that konq is less secure - but we don't know).
As long as nobody is interested in exploiting the konq bugs and everyone
wants to exploit the firefox bugs, I will be more secure using konq even
if there are more flaws in konq. Security when using a browser has to do
with the risk being attacked, not the number of presumed security flaws
in the code (even if this if one factor that influences the risk of
being attacked). Is there any reason to believe that people are more
interested in finding security problems in firefox? yes there is - more
bugs are found in firefox according to the OP.
What I'm saying here is that the larger user base probably will lead to
more security issues being found and corrected in firefox, but it will
also lead to firefox being more of a target, and this will to some
extent reduce the advantage of having more eyes on the code.
This sounds as if I advocate for security by obscurity, which is not the
case. In the long run, the code with the larger number of eyes on it
will be more secure and the better choice from a security standpoint.
In a situation in which one product seems to have more reported security
flaws than the other, but more users and developers looking at the code,
the situation is not as easy.
- --
Ron Johnson, Jr.
Jefferson LA USA
/Erik Persson.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
