Linked by Thom Holwerda on Fri 21st Mar 2008 22:21 UTC
Mozilla & Gecko clones A new version of Mozilla's popular Firefox Web browser is ready for download with improved security and memory use as the tiny company takes a stab at Microsoft's dominant Internet Explorer. The program's creators told Reuters on Thursday that the privately-held company's trial version of Firefox 3 browser is ready for the masses to use after months of development.
Thread beginning with comment 306052
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Se-ku-ree-tee
by tomcat on Sat 22nd Mar 2008 00:53 UTC in reply to "RE: Se-ku-ree-tee"
tomcat
Member since:
2006-01-06

This is only partly correct.

It is possible to add a feature that by itself can be said to add to security, compared to the same browser compiled without that feature.

Anti-phishing provisions is one such feature that comes to mind.


Not true. Every bit of code that you add to a product increases the potential attack surface. The anti-phishing provisions are intended to prevent a particular problem; however, besides addressing that problem, they may open you up to other problems (ie. buffer overflows, privilege escalations, and so on).

Reply Parent Score: 1

RE[3]: Se-ku-ree-tee
by Ford Prefect on Sat 22nd Mar 2008 14:20 in reply to "RE[2]: Se-ku-ree-tee"
Ford Prefect Member since:
2006-01-16

Your statement doesn't disprove his'.

There are several kinds of security threads. If a feature is added to help on a specific thread (like phising), this adds to the overall security of the product usage.

It could be that this additional code opens security holes in other regards, but this is not mandatory.

Reply Parent Score: 3

RE[4]: Se-ku-ree-tee
by tomcat on Wed 26th Mar 2008 09:01 in reply to "RE[3]: Se-ku-ree-tee"
tomcat Member since:
2006-01-06

There are several kinds of security threads. If a feature is added to help on a specific thread (like phising), this adds to the overall security of the product usage.

It could be that this additional code opens security holes in other regards, but this is not mandatory.


I never said it was mandatory. What I said was that that more code increases the attack surface. Which means a higher probability of vulnerability.

Reply Parent Score: 2