Linked by Thom Holwerda on Fri 21st Mar 2008 22:21 UTC
Mozilla & Gecko clones A new version of Mozilla's popular Firefox Web browser is ready for download with improved security and memory use as the tiny company takes a stab at Microsoft's dominant Internet Explorer. The program's creators told Reuters on Thursday that the privately-held company's trial version of Firefox 3 browser is ready for the masses to use after months of development.
Thread beginning with comment 306035
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Se-ku-ree-tee
by lemur2 on Fri 21st Mar 2008 23:27 UTC in reply to "Se-ku-ree-tee"
lemur2
Member since:
2007-02-17

Firefox is great and all but all the time we read things like: "Additions boost security..."

As usual, this will have to be proven, not stated. I mean after reading "improved security" in every article about a new browser that has been comming up for a few years now, we'd have to feel so secure we shouldn't be even able to handle it ;-)

And yet, Bruce Schneier still says the state of security isn't getting any better. I guess he doesn't use firefox... or he's right :-D


This is only partly correct.

It is possible to add a feature that by itself can be said to add to security, compared to the same browser compiled without that feature.

Anti-phishing provisions is one such feature that comes to mind.

Reply Parent Score: 5

RE[2]: Se-ku-ree-tee
by tomcat on Sat 22nd Mar 2008 00:53 in reply to "RE: Se-ku-ree-tee"
tomcat Member since:
2006-01-06

This is only partly correct.

It is possible to add a feature that by itself can be said to add to security, compared to the same browser compiled without that feature.

Anti-phishing provisions is one such feature that comes to mind.


Not true. Every bit of code that you add to a product increases the potential attack surface. The anti-phishing provisions are intended to prevent a particular problem; however, besides addressing that problem, they may open you up to other problems (ie. buffer overflows, privilege escalations, and so on).

Reply Parent Score: 1

RE[3]: Se-ku-ree-tee
by Ford Prefect on Sat 22nd Mar 2008 14:20 in reply to "RE[2]: Se-ku-ree-tee"
Ford Prefect Member since:
2006-01-16

Your statement doesn't disprove his'.

There are several kinds of security threads. If a feature is added to help on a specific thread (like phising), this adds to the overall security of the product usage.

It could be that this additional code opens security holes in other regards, but this is not mandatory.

Reply Parent Score: 3