| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.58.0407080318280.2003@suse.bluegenesis.com> From: todd at hostopia.com (Todd Burroughs) Subject: IE Web Browser: "Sitting Duck" My thinking and experience shows that in the real world, Linux, OSX, etc. is more secure. Some of that is by obscurity, which isn't real security, but does work in the real world. Most of it is due to peer review. Having said that, when you cannot look at the source code, it is really obscure. When a problem is found in Open/Free software, many people look into it and often when the exploit is announced, a patch is included (which may or may not fix the problem). Because it is openly displayed with source code, many people look at it and it seems to get fixed quite quickly. "Closed source" companies, for the most part seem to take a lot longer in fixing things (some exceptions) and they do not have the same number of people looking over the code. One major thing with UNIX-like systems is that things are not so closely tied together as in Windows. Sure, you have the kernel and libc that are realy tied, but you don't have 100 of them that will break multiple things when you update one. I think this is one of the major problems with Windows, it has way too many dependancies. A simple browser update is like updating libc in UNIX (which is nasty). I can't even imagine trying to write a patch for a system like that, I really hope that MS fixes their security issues or something else that is more easily maintained takes over. Todd
Powered by blists - more mailing lists