Answer any way you please.
I personally believe that either browser can be made very secure or
insecure depending on how it's configured. Without giving very specific
criteria on how the browser is configured, the OS used, plugins installed
etc. it's pretty much impossible to state which is "more secure".
Thank you. I'm sure any person with any common sense, would conclude
that a browser that has less critical exploits, less easily accessed and
has faster patches to solve the problem is the more secure browser.
Or do you subcribe to the "count the number of exploits" school?
I subscribe to the "it's not that simple" school. It's not just number of
vulnerabilities, or their criticality. A key metric that is missing is the
likelihood of the occurance. How serious is a critical vulnerability in a
browser that has never been exploited because the exploit is too difficult
to implement in the real world? Anti-virus vendors rate virus threats not
just on the damage they can do but on their actual infections. I would
like to see groups like Secunia do risk assessments similar to what McAfee
is doing with viruses and factor in the "prevelance rate":
http://www.networkassociates.com/us/security/resources/risk_assessment.htm
http://mast.mcafee.com/
As an analogy my house is vulnerable to a meteorite. Should I be
concerned? Should I try to correct this problem? Is this a design flaw?
Maybe I should live in a bunker?
Yes, and you can conclude a large scale investigation into all these
factors, while the rest of us wait
Or just take interested parties word for it?
The funny thing is, while I agree with you on principle, in many ways,
you are using this as a philisophical excuse to avoid saying what any
common sense reading of the situtation would say that is firefox is
safer.
Only according to popular press and interested parties. Here Symantec and
Mozilla quibble over what makes a browser "more secure":
http://www.techweb.com/wire/security/159905537
Note the mention of "no known real world exploits". Apparently that's
important as the Firefox spokesman used it to say the critical
vulnerability really wasn't.
Your post above where firefox "wins" is as much an admission than
anything. It seems to me that you are so deseperate to defend IE, that
you prefer to confess that you don't know anything about which is more
secure plus pleading about uncertainty of the future.
I am not desperate to defend IE or put down Firefox. I am desperate for
people to realize that the "more secure" issue is mostly smoke and
mirrors. Security is the new hot topic and not just in browsers.
Fear-mongering has worked very well in the past for Microsoft, more
recently by George Bush and now by Firefox supporters.
By simply stating your product is "more secure" than the competition you
can quickly gain market share and it's often difficult to dispute as the
average person apparently has a hard time processing anything bigger than
a sound bite while the popular press simply regurgitates press releases.
A good dose of skepticism might be the best security!