[Cialug] Security and the browser
Dave J. Hala Jr.
dave at 58ghz.net
Mon Oct 20 11:14:30 CDT 2008
On Mon, 2008-10-20 at 11:00 -0500, Jeffrey Ollie wrote:
> On Mon, Oct 20, 2008 at 10:53 AM, Nathan C. Smith
> <nathan.smith at ipmvs.com> wrote:
> >
> > Some of the risk elements might include plug-ins, types of plug-ins, rendering engines,
>
> The ActiveX plugins seem to be a favorite vector for attack because
> they don't run in any kind of "sandbox" once you let them onto your
> system.
I agree here.
>
> > open-source v. closed source and whether a code review is possible,
>
> Obviously open-source is a win here, as a code review of the FireFox
> source is possible (but perhaps not practical for a small company to
> do on it's own). Throw enough money at Microsoft and I'm sure they'll
> let you see the IE source code but that seems a bit silly.
>
This seems like a mute point to me. If you don't have the resources to
review the firefox code, you're probably not going to review the MS
code, even if they made it available.
My preference is to run Firefox on Linux. A fun idea might be to run a
XP/IE Virtual Machine on a Linux host.
> > and the track record of the company supplying the product.
>
> Microsoft. Need I say more?
>
--
___
Dave J. Hala Jr.
President OSIS, Inc.
www.osis.us
More information about the Cialug
mailing list