The “secure software” dilemma



It’s quite a dilemma when a software product is billed as more secure than another…. several days back when Mozilla Firefox released v. 1.5.0.4 which fixed a number of security issues, I saw someone comment “I thought firefox was supposed to be secure.” I think there’s a misunderstanding when it comes to software. I think the misunderstanding is that one piece of software can be secure and another not. Out of the box. Let’s take a stab at clarifying…. Security is not a product, it’s not a feature, it’s a way of doing things. Along those lines….


Someone points out that linux is insecure. The point is very good, well taken and well done. The writer drives home the point by using cars as analogy. They say, linux is more secure than windows, (from the article) “If we were talking cars, Linux would be a Volvo S80 and Windows would be a Ford “Hit here to blow up” Pinto.”

The point though is that ANY car can be involved in a wreck, so a “secure” car doesn’t immunize you against a wreck. Driving practices CAN protect against a wreck though. The same is true with computers, secure PRACTICES can prevent security breaches. The same is true in the development of software such as firefox. Being responsive to security disclosures is one way that a software product can be considered “more secure” than another. From what I’ve seen, mozilla seems to be fairly responsive when they’re advised of security issues with firefox. I’ve seen anectdotal reports of a very sluggish response at Microsoft with similar issues. Some areas of the web seem to be filled with stories of “I reported xyz vulnerability to Microsoft xxxx months ago and they’re still investigating, so I’m disclosing publicly to “increase pressure” on them to react”.

Just because software is considered more secure, it’s not bullet proof, it will need updates and other safe working habits.

Related Posts

Blog Traffic Exchange Related Posts
  • Using screen to connect multiple users to a shell session I NEVER knew you could use screen for this.... Let multiple users connect to the same Console (command shell/bash shell) session simultaneously. I've looked at screen before. It's a great *nix utility that's available for most linux distributions. The primary use I've seen for it is to be able to......
  • Zotob update There was an update at Incidents.org on the Zotob worm and specifically an advisory related to Cisco products. From their site.... **snipped from NISCC** "Affected Products ================= If the software versions or configuration information are provided, then only those combinations are vulnerable. This is a list of appliance software that......
  • Google Toolbar evil? Boy, that would bring in comments.... Googling Google highlighted some behaviour of the Google toolbar that seems a bit fishy. It appears that it blocks attempts to modify the default search provider in Internet Explorer. This was first reported over at Google blogoscoped and appears to be a bug (after......
Blog Traffic Exchange Related Websites
  • What Features to Look for in High Quality Security and Surveillance Systems If you find yourself at the point where you need to find a reliable and effective security and surveillance system for home or business, then be prepared to be overwhelmed. The diverse technologies, quantity of brands available on the market, furthermore the mystifying selection of aspects and choices is unbelievable.......
  • Microsoft Warns of SQL Attack SQL stands for Structured Query Language. SQL Attack is kind of Hacking attack. Just days after patching a critical flaw in its Internet Explorer browser, Microsoft is now warning users of a serious bug in its SQL Server database software. Microsoft issued a security advisory late Monday, saying that the......
  • A Strong Week in Tennis for Champion Players This week, there were a few different kinds of games going on throughout the world. These different matches pitted some of the top ranked players in the world against one another to be able to earn the title. While these smaller tournaments might be dwarfed in the shadow of the......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site