On Thu, Jul 26, 2007 at 10:52:07PM +0200, Erik Persson wrote: > Anyhow, the basic fact that there is fewer security alerts in Konq makes > this a more secure browser, whether this maybe is because only of a smaller > user base or not. I'm sorry, and i hate to argue with people, but this last statement just doesn't fly with me. security alerts are the result of someone finding a security problem and reporting it. The fact that fewer security alerts exist does _NOT_ mean that konq is more secure. It only means it has fewer reported security problems. Now it _could_ be that this is because there actually _are_ fewer security problems, but it could _also_ be because no one has _found_ or reported problems. There's an important distinction there. WARNING! CAR ANALOGY! if we have two cars parked side-by-side and mine is stolen (I'll take the fall for this analogy ;) and yours is not, does that mean that your car is more secure? no. it means someone looked for a way into my car and exploited it. maybe they never even looked at your car. maybe they don't like your car. There are any number of reasons why your car was not stolen. it could be that they looked at your car and decided it was too hard to steal because it had an alarm, in which case it would be more secure, but that isn't necessarily why it wasn't stolen. END CAR ANALOGY! a more pertinent fake example. programmer X finds a security hole in konq that when visiting a carefully crafted website, allows remote execution of code, privilege escalation and ultimately results in a box getting rooted. okay. that's obviously a security problem. but programmer X doesn't report this problem and no security alert is issued. programmer Y finds a security hole in mozilla that allows an already installed plugin at a certain version to escalate its own privileges and as a result download and save a piece of code to disk with the name "execute_me". Now if the user happens to see that file and thinks, hmmm... I wonder what that is and executes it (after chmod +x) it does a rm -rf on their home. programmer y reports this security hole and a security alert is made detailing the problem. now, clearly, the konq vulnerability is *much* more of a security risk than the mozilla error, right? the mozilla one requires the plugin be already installed and the right version and then requires the user to actually chmod and execute the thing. the konq one just requires the user to visit a carefully crafted website. but based on what you've written above, because the mozilla one was reported, then mozilla is less secure than konq. that doesn't add up. And in fact, in my fake example above, the lack of security alert makes konq even more of a security problem because 1) the right devs might not know about the problem to issue a patch and 2) the public doesn't know about the problem to avoid it until a patch comes along. A
Attachment:
signature.asc
Description: Digital signature