[Cialug] Security and the browser

[Matthew Nuzum]

On Mon, Oct 20, 2008 at 10:53 AM, Nathan C. Smith
<nathan.smith at ipmvs.com> wrote:
>
> I've heard people say Firefox is "More Secure" than Internet Explorer, and while it seems to make sense at first, I do not believe that claim can be substantiated.  Firefox may have "less inherent risk" than I.E., and that is where my question comes in.
>
> At work we use I.E. but we are looking at Firefox.  I have some reservations about manageability.  Our philosophy right now is that the single browser, I.E., is probably heavily targeted and has lots of problems but it easily updated and attacks will become quickly known via different communities.  It is also "protected" through antivirus and anti-malware software.  If we were to allow Firefox and perhaps  Chrome, there would be three very different vectors of risk all with different types of potential security holes/weaknesses.  We would in fact be "casting a wider risk net" by using all three or two broswers.
>

Chrome is not ready for this type of deployment, being beta and
relatively untried.

> Some of the risk elements might include plug-ins, types of plug-ins, rendering engines, open-source v. closed source and whether a code review is possible, and the track record of the company supplying the product.  One unfortunate truth is that other products that contain the Internet Explorer engine are probably going to be subject to the same risks I.E. is when that product is running.
>

Your concern about plugins is absolutely valid for both IE and firefox.

-- 
Matthew Nuzum
newz2000 on freenode