Re: why do iceweasel et al have more frequent security issues?
Andrew Sackville-West wrote:
On Thu, Jul 26, 2007 at 10:52:07PM +0200, Erik Persson wrote:
Anyhow, the basic fact that there is fewer security alerts in Konq makes
this a more secure browser, whether this maybe is because only of a smaller
user base or not.
I'm sorry, and i hate to argue with people, but this last statement
just doesn't fly with me. security alerts are the result of someone
finding a security problem and reporting it. The fact that fewer
security alerts exist does _NOT_ mean that konq is more secure. It
only means it has fewer reported security problems. Now it _could_ be
that this is because there actually _are_ fewer security problems, but
it could _also_ be because no one has _found_ or reported
problems. There's an important distinction there.
The assumption is of course that there is no significant difference in
the ratio of reported security issues to discovered security issues, and
I can't see any reason those should differ.
Anyhow, it is more likely that a browser with more reported security
issues have more discovered security issues. And it is also more likely
that a browser with more discovered security issues have more security
issues. Both, of course, under the assumption that there is no
information that changes this.
WARNING! CAR ANALOGY!
if we have two cars parked side-by-side and mine is stolen (I'll
take the fall for this analogy ;) and yours is not, does that mean
that your car is more secure? no. it means someone looked for a way
into my car and exploited it. maybe they never even looked at your
It also mean that it is more likely that your car is less secure. It is
not much data to do reliable statistics on, but since we have some data
and it points towards your car being less secure, that would also be the
best guess. It may not be the correct guess, but it will be the best guess.
Let's say we have 10 cars of type A parked along 10 cars of type B, and
there is 8 stolen cars of type A and only one of type B. Then you should
guess, if no more information was available, that car type A was less
secure.
If you have 10 cars of type A and 5 of type B and 2 A cars, and one B
car was stolen, you should guess, if no more information was available,
that the cars were about equally secure. No, if you have 10 A cars, and
5 B cars, and 1 A car was stolen and 4 B cars, you should guess that the
B cars were less secure.
Now, if you have x A cars and y B cars and you don't know x and y, but
you know that more A cars are stolen, it is more likely that the A cars
are less secure, since there is no reason to believe that x
is larger than y, than believing the opposite.
END CAR ANALOGY!
a more pertinent fake example.
programmer X finds a security hole in konq that when visiting a
carefully crafted website, allows remote execution of code, privilege
escalation and ultimately results in a box getting
rooted. okay. that's obviously a security problem. but programmer X
doesn't report this problem and no security alert is issued.
programmer Y finds a security hole in mozilla that allows an already
installed plugin at a certain version to escalate its own privileges and as a result
download and save a piece of code to disk with the name
"execute_me". Now if the user happens to see that file and thinks,
hmmm... I wonder what that is and executes it (after chmod +x) it does
a rm -rf on their home. programmer y reports this security hole and a
security alert is made detailing the problem.
now, clearly, the konq vulnerability is *much* more of a security risk
than the mozilla error, right? the mozilla one requires the plugin be
already installed and the right version and then requires the user to
actually chmod and execute the thing. the konq one just requires the
user to visit a carefully crafted website.
If this would be the case in the mozilla vs konq situation, you have to
explain to me why:
1) konq security issues should be reported at a lower ratio
2) why security issues in konq are more severe
eg. why there should be reason to believe that there is a statistically
significant bias between the browsers in factors such as reporting
security issues and severity of security issues.
I can see no reason to believe one or the other. I just look at the
facts - there are less security issues reported for konq. The only
reasonable conclusion is that konq is more secure.
but based on what you've written above, because the mozilla one was
reported, then mozilla is less secure than konq. that doesn't add
up. And in fact, in my fake example above, the lack of security alert
makes konq even more of a security problem because 1) the right devs
might not know about the problem to issue a patch and 2) the public
doesn't know about the problem to avoid it until a patch comes along.
As I stated above, you have to explain how this constructed example
could have any impact at all on the real mozilla vs konq case.
Do you really mean that there is some sort of bias in how security
issues are reported and that this is to the advantage of firefox?
As I said, if it is a fact that there is fewer security alerts in konq,
the only reasonable conclusion is that konq has less security issues.
All other conclusions rely on some sort of asymmetry between the
browsers, for example when it comes to the severity of the reported
security issues, the presumed not found or not reported security issues,
in the the ratio of reported found security issues etc.
If you don't have any facts supporting such kind of asymmetry, you can't
argue that there exist such asymmetry, and especially you can't argue
that such asymmetry is to the advantage of Firefox (it could just as
likely be to the advantage of konq - if it existed).
A
/erik
Reply to: