What is Digg?Sponsored by Travelzoo
Take Advantage of Ridiculously Low Holiday Airfares view!
travelzoo.com - Flights $52 and up for Thanksgiving, Christmas & New Year. But move on it now.
62 Comments
- mcwattersm, on 12/15/2008, -11/+62I highly doubt that IE is safer than Firefox.
- gmuslera, on 12/15/2008, -8/+41Lets see... the only place where is Microsoft named on that list is in 12th place, with Microsoft's Live Messenger. So any version of internet explorer is safer than Firefox 2.x and 3.x?
Why dont they publish a "top ten science discoveries" starting with "earth is flat" and "all that says the bible is word by word true"? I bet that way they would get more respect from scientists than with that list from security people. - Hodor, on 12/14/2008, -14/+41that list is sorta misleading, how is it sorted (by popularity? by number of threats?)
- neodude237, on 12/15/2008, -10/+33Where is Internet Explorer?
- blitz718, on 12/15/2008, -9/+27this article is trash
- Octanus, on 12/15/2008, -2/+17Windows Live Messenger 4.7 & 5.1?
Seriously? The current version is 8.5, and there is an open beta for 9... - 4321234, on 12/15/2008, -2/+14You can take all the security precautions you want, but if you keep being a dumbass, one day your gonna wind up ducking a flying shoe.
- 4321234, on 12/15/2008, -4/+15According to secunia.com, Firefox 3.x currently has 1 unpatched vulnerability, rated "not critical".
http://secunia.com/advisories/product/19089/
Internet Explorer 7 has 10 unpatched vulnerabilities, the worst being "extremely critical".
http://secunia.com/advisories/product/12366/ - inactive, on 12/15/2008, -4/+14IE7 (70 vulnerabilities): http://secunia.com/advisories/product/12366/
IE8 is not counted yet.
IE6 is no longer relevant, I assume.
Firefox 2 (144 vulnerabilities): http://secunia.com/advisories/product/12434/
Firefox 3 (28 vulnerabilities): http://secunia.com/advisories/product/19089/ - PsychoBrat, on 12/15/2008, -2/+12Which is still pretty misleading -- the causal user is bound to read this as roughly "the least secure apps go at the top", and the author is sure to know this.
There are a few obvious flaws in the ranking that I can see:
- It's based on *disclosed* vulnerabilities. Many companies, for example Microsoft, are known to privately buy security analyses of produces they have in the field (sometimes these analyses come in the form of a "ransom", where details of the vulnerability are sold to the highest bidder). Whether or not they later disclose these vulnerabilities to the public is an entirely different matter. Open source projects inherently disclose all vulnerabilities to the public eventually, so the count is almost guaranteed to be higher.
- It doesn't take into account the severity of the flaw. For example, one product might have several flaws of fairly low significance (open a pop-up when it shouldn't be able to -- which IS considered a security flaw), which will rank it higher than a product with one flaw that gives attackers access to all your files.
- It doesn't take into account turnaround time for a patch (after disclosure). The likelihood of a known flaw being exploited increases steadily over time, so this is crucial. Also important is the -availability- of a patch. Many companies stop offering security patches surprisingly soon after the release of a new version of their product, leaving the user unprotected, or requiring them to pay a lot of money for an upgrade that they otherwise would not need. Some of the products listed have new FREE upgrades that resolve solve at least some of the flaws in question.
The list may well say (mostly) what it claims, but it's not very useful for making any kind of practical decision. - DivisibleByZero, on 12/15/2008, -2/+11Yeah, I guess going by "number of security holes" is different than going by things like "number of exploited security holes", "severity of security holes", or "speed of fixing security holes".
- BUrAph, on 12/15/2008, -1/+9This list twists everything out of context. In order for an application to make the list, "the application cannot be automatically and centrally updated via free Enterprise tools such as Microsoft SMS & WSUS."
The list is meant for large organizations/corporations that want to control everything that runs on employees computers' and push patches out in a centralized and controllable way. Microsoft programs aren't on the list because they can be centrally updated by the IT department. In contrast, if an employee installs Firefox on his/her computer, the IT department can't control what version/update he/she is running, thus making it a security threat and an IT "nightmare."
For more information on what the study is actually trying to measure, read the press release from the company that is actually conducting the ranking:
http://www.bit9.com/news-events/press-release-deta ... - inactive, on 12/15/2008, -1/+9GTFO
- craeyon, on 12/15/2008, -2/+9You blithering idiot
- inactive, on 12/15/2008, -5/+11RTFA:
"The rankings -- ordered by number of vulnerabilities -- " - mrBitch, on 12/15/2008, -1/+7It's actually worse for IE7 since the number of vulnerabilities are only those that Microsoft choose to own up to.
The problem with this comparison is that the number of IE 7 vulnerabilities DISCLOSED are always less than those that ACTUALLY EXIST.
This is one of the areas where Microsoft's "closed source" will always make MS products "look" more secure, when the reality is that an open source project will ALWAYS disclose known vulnerabilities... and will be patched faster. - coldkill3r, on 12/15/2008, -0/+5At least use tinyurl.
- PsychoBrat, on 12/15/2008, -1/+6There's no guarantee that IE flaws will be disclosed to the public unless there's a known exploit in the wild.
Why would Microsoft publish vulnerabilities they don't have to? IE already has a bad enough track record with security; they don't need even more bad press.
Also, IE may well have fewer (known) flaws that those other products. It's just that they don't get patched for months on end, and often result in an attacker gaining access to all your files, death of the family dog, etc. The article doesn't take into account severity of a flaw, or turnaround time for a patch. - benologist, on 12/15/2008, -2/+7wow you should totally call Amnesty International.
- LordMalak, on 12/15/2008, -0/+5I think he's trying to lazyroll us.
- klco, on 12/15/2008, -7/+12I wonder if that has anything to do with the fact that FireFox is open source so they actually tell you when something is vulnerable rather than covering it up until/if they get a fix.
- Shogi, on 12/15/2008, -1/+5It took so long to load that it was omitted from the results.
- bjornski, on 12/15/2008, -0/+4Why? They've thrown the "Do no evil" mantra right out the window.
http://digg.com/tech_news/Google_ditching_net_neut ... - mrBitch, on 12/15/2008, -2/+6@klco RE: " I wonder if that has anything to do with the fact that FireFox is open source "
Correct, and, as PsychoBrat said :
" ... There are a few obvious flaws in the ranking that I can see:
- It's based on *disclosed* vulnerabilities. Many companies, for example Microsoft, are known to privately buy security analyses of produces they have in the field (sometimes these analyses come in the form of a "ransom", where details of the vulnerability are sold to the highest bidder). Whether or not they later disclose these vulnerabilities to the public is an entirely different matter.
Open source projects inherently disclose all vulnerabilities to the public eventually, so the count is almost guaranteed to be higher. " - savagemind, on 12/15/2008, -3/+6old
who still using messenger 4.7 and 5.1 - raydeen, on 12/15/2008, -8/+11Exactly. Buried.
- SniperZero, on 12/15/2008, -2/+4***** your a retard
- mrBitch, on 12/15/2008, -3/+5/watches SecureXec, the only known example of an IE fanboy in the wild...
- icabodane, on 12/15/2008, -1/+3I'm sorry but that ***** is still funny.
- inactive, on 12/15/2008, -2/+4I use Opera.
- Hewbie, on 12/15/2008, -1/+3wow no sign of MSIE (T_T) lies lies lies.
- smotpoker, on 12/15/2008, -7/+9What those links fail to mention is how the vulnerabilities were discovered, their overall impact and how quickly they were patched.
Due to the open nature of Firefox, most vulnerabilities are discovered, analyzed and reported by Firefox contributors rather than discovered by users *after* malicious attackers have used them to exploit thousands of systems. This info also results in patches/updates being released much quicker than IE. Number of vulnerabilities alone doesn't mean much. Severity, obviousness and patch-time are primarily responsible for IE's (and MS's) rep of insecurity. - Khaine, on 12/15/2008, -2/+4If you looked where the research came from you would see that:
Bit9, Inc., the pioneer and leader in Enterprise Application Whitelisting, unveiled its annual ranking of popular consumer applications with known security vulnerabilities. Often running outside of the IT department’s knowledge or control, these applications can be difficult to detect; they create data leakage risk in endpoints that are otherwise secure; and cause compliance breaches that can result in costly fines. The list, published in a research brief entitled “2008’s Popular Applications with Critical Vulnerabilities,” is designed to highlight the need for greater visibility and control over organizations’ endpoints, including laptops, PCs servers and Point-of-Sale systems.
each application on the list has the following characteristics:
• Runs on Microsoft Windows.
• Is well-known in the consumer space and frequently downloaded by individuals.
• Is not classified as malicious by enterprise IT organizations or security vendors.
• Contains at least one critical vulnerability that was:
o first reported in January 2008 or after,
o registered in the U.S. National Institute of Standards and Technology’s (NIST) official vulnerability database at »nvd.nist.gov, and given a severity rating of high (between 7.0-10.0) on the Common Vulnerability Scoring System (CVSS).
["The biggies"]
• Relies on the end user, rather than a central IT administrator, to manually patch or upgrade the software to eliminate the vulnerability, if such a patch exists.
• The application cannot be automatically and centrally updated via free Enterprise tools such as Microsoft SMS & WSUS.
To read the full list of applications, which includes products from Symantec, Yahoo!, Trend Micro, Sun Microsystems and more, download the research report at: »bit9.com/landing/2008vulnerableapps.php. There, IT managers can learn more about the application vulnerabilities, along with the benefits of using application white listing, a proactive approach to endpoint security.
Hence IE is automatically excluded (as is most MS stuff) - ridestp, on 12/15/2008, -3/+5Why would Apple Quicktime, Safari & iTunes be grouped together?
- SmokenJoe, on 12/15/2008, -2/+3You get on the list by not playing well with the service they sell. They sell whitelisting. If any program is not centrally served it is blocked. That means you cant do anything at all on your computer until IT gets around to letting you do it.
People need to be a little hoist about why they are spouting crap like this. No need to lie just to make a buck.
- gilbes, on 12/15/2008, -0/+1Wow, more misleading half truths. Spread the ignorance. Its helping.
Look at the real facts:
http://secunia.com/advisories/product/12366/?task= ...
http://secunia.com/advisories/product/12366/?task= ...
From FireFox 3.0's release until now:
FireFox has had 7 vulnerabilities.
IE has had 4 during the same period.
7 > 4. 7 is almost double 4.
But I said the entire year of 2008 so far so we need to look at FireFox 2 also
http://secunia.com/advisories/product/12434/?task= ...
FireFox 2 beats IE 4 to 5.
So total for the year is:
FireFox 11
IE 10
It just so happens that IE got a high level threat a few days ago, but don't let that say you from the obvious truth here. Look at the severity and damage of the FireFox exploits. Given that data, it would be hard for anyone to say (based on fact) that FireFox is definatley more secure than IE. - inactive, on 12/19/2008, -0/+1Because having your average user who doesn't manually update is far better than your average user who has the default windows automatic updates enabled.
You make so much sense that you "stuck it up your own ass". - LordMalak, on 12/15/2008, -8/+9I really hope this is the onion in disguise.
- inactive, on 12/19/2008, -0/+1RTFA. IE is automatically updated, therefore it is excluded.
*facepalm* - inactive, on 12/19/2008, -0/+1"The most severe unpatched Secunia advisory affecting Microsoft Internet Explorer 7.x, with all vendor patches applied, is rated Moderately critical"
Oh what a day or two can change.
IE and FireFox are basically about the same in terms of security, with default set-ups. Leaving the majority of the responsibility on the user, as always. Opera is the fastest to patch vulnerabilities. - inactive, on 12/19/2008, -0/+1You called that one! Well done. Digg affect in action.
- Dancock, on 12/15/2008, -0/+1ah i love this song.
- smartassCanuck, on 12/15/2008, -0/+1As stated in an above thread:
According to secunia.com, Firefox 3.x currently has 1 unpatched vulnerability, rated "not critical".
http://secunia.com/advisories/product/19089/
Internet Explorer 7 has 10 unpatched vulnerabilities, the worst being "extremely critical".
http://secunia.com/advisories/product/12366/
Do your homework.. - mcwattersm, on 12/16/2008, -1/+1Okay Bill Gates.
- davidzilla, on 12/15/2008, -2/+2I prefer Windows and could go on, and on, about how ignorant that comment is. I'm tired of the self-righteous Mac/Linux users...
- mhmdkhamis, on 02/05/2009, -0/+0… … … … … … … … … … … … … … … ______
… … … … … … … … … … … … ..,,,--~~": : : : : :"'~~--,,
… … … … … … … … … … … ,,~": : : : : : : : : : : : : : : : :"~,
… … … … … … … … …__,,~": : : : : : : : : : : : : : : : : : (¯¯): "-,
… … … … … … … ..,,~": : : : : : : : : : : : : : : : : : : : : : : ¯¯: : : :'
… … … … … … .._,/,,,_: : : : : : : : : : : :,,--,,_: : : : : : : : : : :O: : :'
… … … … … ..,,-" : : : : : : : : : : : : : : : : : : : : "-: : : : : : : : : : : : : |
… … … … ...,," : : : : : : : : : : : : : : :--~~~--,, : : : : : : : : : : : : : : : |
… … … …,~": : : : : : : : : : : : : :___ : : : : : : ": : : : : : : : : : : : : : : |
… … …,,-"~~--,,,,_: : : : : :,,--~". . . "'~,,_: : : : : : : : : : : : : : : : : : /
… …,,-". . . . . . . . "-,"~,,,-". . . . . . . . . . ',"~-,,: : : : : : : : : : : : : /
… .,/. . . . . . . . . . . . . .,/. . . . . . . . . . . . .,. . |: : : : : : : : : : : : /
… .|. . . . . . . . . . ._,,"~",. . . . . . . . . . . . . .|. . |~--,,,_: : : : : : : /
… ..,. . . . . ,,,-~"': : : : : . . . . . . . . . . . . .,/. ./: : : : : :"'~~--,,,/_
… …"~,,_,-": : : : : : : : : :"-,,_. . . . . . . ,,-". .,/: : : : : : : :,,-~"`"~,"'~-,,
… … … ,/ : : : : : : : : : :"~,: : "~~----~"-----~": : : : : : : : : :,,-~: ,/… ..."
… … …/: : : : : : : : :__,,,-": : : : : : : :"'~~---: : : : : : : : : :/': ): :/
… … ..(_: : : _,,--~": : : : : : : : : : : : |: : : : : : : : : : : : : : : ,": /
… … … ,"-"" : : : : : : : : : : : : : : : : : ,: : : : : : : : : : : : : : |: /
..__,,-~"' : : : : : : : : : : : : : : : : : : : : : "~,,: : : : : : : : : :"~": | Good news, everyone!
.",,_ : : : : : : : : : : : : : : : : : : : : : : : : : : : ',: : : : : : : "-,_,,"
… ..¯¯"'~~~-----,,,_______,,,-~~-,,_: : : : : : ': : : : : : : :
… … … … … …,: : : : : : : : : : : : "-: :: : : : : : : : : : : :'¯¯"'~-,,
… … … … … … ."~--,,: : : : : : : : : :,,,-": : : :": : : : : : : : ',_. . . ."-,,
… … … … … … … … ,: : : : : : : : : : : : : : : : : : : : : : ',: :,. . . . .,,_
… … … … … … … … .."-,,_ : : : : : : : : : : : : : : : ',: : : |: :::::::::::. . . . . ,."~,,_
… … … … … … … … … ...,"-, : : : : : : : : : : : : : : :,: : "-,/:::::::::::. . . . . .. . . ."~,,
… … … … … … … …......_/. . ,: : : : : : : :-,: : : : : : :':,,-":::::::::::::. . . . . . .. . . . . ."'~,,
… … … … … … … … ,,-"./. . .|:"-,: : : : : : ::: : : : : :,,-"':::::::. . . . . . . . . . . . . . . "'~,,
… … … … … … … .,-". . .|. . . .,::"~,,_: : : ,_,,,-~"::::::::::::,-". . . . . . . .. . . . . . . . . . ."~-,,
… … … … … … …,/. . . . |. . . . .,::::::::"`"`"`":::::::::::::::::,,-"::l:. . . . . . . . .. . . . . . . . . . . . .
… … … … … … .,/. . . . . |. . . . . . ",-,,::::::::::::::::::::_,,~":::::::. . . . . . . . . |. . . . . . . . . . . . . . . '
… … … … … ...,/. . . . . . |. . . . . .,/:::::"'~~-------~~"::::::::::::::. . . . . . . . . .|. . . . . . . . . . . . . . .
… … … … ../. . . . |. . . . . . . . .|http://web.aarabladies.com/ . . . . . . . .|. . . . . . . . . . . . . .
… … … … … ,/. . . . . . . .|. . . . . .|http://g9g.biz/ . . . . . . . ,/. . . . . . . . . . . . . . .
… … … … … |. . . . . . . . .. . . . |http://xn----ymcabdc6dzce8hf.com/ . . . . . . . /. . . . . . . . . . . . . . . . - ZeroSum1975, on 12/15/2008, -3/+2Just buy a Mac and forget about all of this...
- mrBitch, on 12/16/2008, -2/+1I guess that's something... the fact that you're not QUITE dumb enough to use IE.
My humble suggestion : Try Chrome. -
Show 51 - 65 of 65 discussions
© Digg Inc. 2009
— Content created and posted by Digg users is