RE: [Full-Disclosure] IE Web Browser: "Sitting Duck"

[Todd Burroughs <todd@xxxxxxxxxxxx>]

My thinking and experience shows that in the real world, Linux, OSX,
etc. is more secure.  Some of that is by obscurity, which isn't real
security, but does work in the real world.  Most of it is due to peer
review.  Having said that, when you cannot look at the source code,
it is really obscure.

When a problem is found in Open/Free software, many people look into it
and often when the exploit is announced, a patch is included (which may
or may not fix the problem).  Because it is openly displayed with source
code, many people look at it and it seems to get fixed quite quickly.
"Closed source" companies, for the most part seem to take a lot longer
in fixing things (some exceptions) and they do not have the same number
of people looking over the code.

One major thing with UNIX-like systems is that things are not so closely
tied together as in Windows.  Sure, you have the kernel and libc that
are realy tied, but you don't have 100 of them that will break multiple
things when you update one.  I think this is one of the major problems
with Windows, it has way too many dependancies.  A simple browser update
is like updating libc in UNIX (which is nasty).  I can't even imagine
trying to write a patch for a system like that,

I really hope that MS fixes their security issues or something else
that is more easily maintained takes over.

Todd

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html