[Cialug] Security and the browser
Nathan C. Smith
nathan.smith at ipmvs.com
Mon Oct 20 10:53:38 CDT 2008
I've heard people say Firefox is "More Secure" than Internet Explorer, and while it seems to make sense at first, I do not believe that claim can be substantiated. Firefox may have "less inherent risk" than I.E., and that is where my question comes in.
At work we use I.E. but we are looking at Firefox. I have some reservations about manageability. Our philosophy right now is that the single browser, I.E., is probably heavily targeted and has lots of problems but it easily updated and attacks will become quickly known via different communities. It is also "protected" through antivirus and anti-malware software. If we were to allow Firefox and perhaps Chrome, there would be three very different vectors of risk all with different types of potential security holes/weaknesses. We would in fact be "casting a wider risk net" by using all three or two broswers.
I'm not looking to start a flame war, but rather an intelligent (and perhaps spirited) discussion of the weaknesses of different browsers and ways we can look at the risks involved to somehow compare the elements of risk between browsers.
Some of the risk elements might include plug-ins, types of plug-ins, rendering engines, open-source v. closed source and whether a code review is possible, and the track record of the company supplying the product. One unfortunate truth is that other products that contain the Internet Explorer engine are probably going to be subject to the same risks I.E. is when that product is running.
-Nate
More information about the Cialug
mailing list