Slashdot Mirror

Take a look at SQL Server, compare its security record to any other database with a decent market share on the market.

Any other database with a decent market share? Alright, let's take one that has a larger market share than Microsoft SQL servers ever had.

http://secunia.com/advisories/product/6782/

verses

http://secunia.com/advisories/product/3827/

That was too easy.

Secunia PSI

(note: I do not work for Secunia; I just like that tool)

Ergo, there is no evidence that the latest patched version of Internet Explorer are less secure, since the officially "known" security features have been fixed.

What about this unpatched, known vulnerability: Internet Explorer Charset Inheritance Cross-Site Scripting Vulnerability - Secunia Advisories - Vulnerability Information - Secunia.com?

Firefox 3.5x - 48 vulnerabilities

IE 8 - 30 vulnerabilities

http://secunia.com/advisories/product/21625/?task=advisories

http://secunia.com/advisories/product/25800/?task=statistics

Firefox 3.5x - 48 vulnerabilities

IE 8 - 30 vulnerabilities

http://secunia.com/advisories/product/21625/?task=advisories

http://secunia.com/advisories/product/25800/?task=statistics

http://secunia.com/advisories/27213/2/

Yeah that is ancient news my friend. It was patched with OS version 1.1.2. in 2007 if my information is correct.

iPhones and iPods can now run OS version 3.1+

I would say that pretty much anyone going online has patched as version 3 of the OS brought copy/paste functions.

I can't imagine using my iPhone or iPod without copy/paste.

That is the main problem with closed source software; in the event of a security hole, you as a customer / company are left to the mercy / arrogance of your software vendor to patch the flaw. Until he does, you can do nothing but become increasingly concerned...
0day? Fixed tomorrow!

You can patch only what you know how to patch.

In 2008 there were between 6 and 10 million lines of code in the Linux kernel alone. Linux Kernel Surpasses 10 Million Lines of Code

In 2003 OpenOffice.org had 9 million lines of code. Build FAQ for OpenOffice.org

You can only test your patch only on systems you can access.

That your home-brewed solution is seriously flawed may only be discovered by your neighbors.

The next time they load a JPEG from your site.

As soon as a security hole is discovered, virtually anyone can contribute to a timely resolution.

Most likely by staying out of the way.

There is the final problem of how to roll out a patch. The naive end-user who auto-patches was spared Cornflicker.

Secunia integrated with Microsoft WSUS

"Ha, and you got tricked by a Opera or Chrome fanboy into replying. You know that's not going to make them change." - by zullnero (833754) on Thursday January 21, @04:01PM (#30851208) Homepage

Ok, then here are some FACTS for your to "mull over" then... ok?

NOW, as far as "SPEED & SECURITY" online, & Opera vs. FireFox vs. IE?? Ok:

====

A.) For SPEED (& even in javascript for the LONGEST time, until FF's new engines took its place (until Opera 10.50 @ least, because that's gotten a decent "boost" in that area -> http://tech.slashdot.org/article.pl?sid=09/12/22/1911216 (not that it matters though, speeding up javascript is like asking to get infected by malscripted sites &/or adbanners faster imo @ least - that of a "POV" of PC security, mostly)):

http://www.howtocreate.co.uk/browserSpeed.html

and

http://crave.cnet.co.uk/cnetuk/crave/software/0,39029471,49302491,00.htm

AND

http://nontroppo.org/timer/kestrel_tests/

(Opera "rocked the planet" in those cases... bigtime (& ESPECIALLY ON THE MOST USED PLATFORM THERE IS, BAR-NONE, FOR PC-COMPUTING: Windows!))

----

AND, for SECURITY also (less vulnerabilities present over time than IE or FF, per SECUNIA.COM stats):

INTERNET EXPLORER 8.x VULNERABILITIES STATS:(01/21/2010)

http://secunia.com/advisories/product/21625/?task=advisories

(UNPATCHED = 4-8 / 50% (though 1 of them, the "Critical 'Out-of-Band' Cumulative Update IS patched, as of about 1 hr. ago (go get it those of you that use MS OS' that is...)))

---

FIREFOX 3.x VULNERABILITIES STATS:(01/21/2010)

http://secunia.com/advisories/product/25800/?task=statistics

(UNPATCHED = 0-6 / 0% (on this note, as you can see? FF had MORE advisories, over time as I noted, but... they've done a GREAT JOB in stopping that much (now, the same has to be said for their browser addons too, but that too, improves over time as well usually))

Most Critical Unpatched

There are no unpatched Secunia advisories affecting this product, when all vendor patches are applied..

----

OPERA 10.x VULNERABILITIES STATS:(01/21/2010)

http://secunia.com/advisories/product/26745/?task=statistics

(UNPATCHED = 0-3 / 0% )

Most Critical Unpatched

There are no unpatched Secunia advisories affecting this product, when all vendor patches are applied..

====

Opera ROCKS, period (or, do the stats above make me a liar? I think not...)!

Plus, Opera's been able to pass the "ACID TESTS" (ACID2 specfically) for compliance to web-based standards since version 6.x iirc, & it was (iirc) actually the FIRST BROWSER (not development kit) to do so, but when counting dev kits, it was 2nd... correct me if I am "off" here on this last point though, guys, & thanks.

APK

P.S.=> Opera has a BIG "share-of-market" on MOBILE DEVICES as well, & is big in EUROPE (though stats don't tend to show it, because like many others, I tend to "IDENTIFY AS IE" in Opera, so I get somewhat better "IE based" page renderings on SOME sites (this happens, too bad) & that's something others seem to overlook QUITE A BIT too)...

Once more, imo @ least? Well - Opera's great!

I.E.-> It took me away from being a FireFox user primarily in fact, because of it (& FF + IE have copied Opera's features RAMPANTLY over time (e.g.-> Tabbed Browsing anyone? As far as ADDONS also?? Heh, a LOT of what FF

"Ha, and you got tricked by a Opera or Chrome fanboy into replying. You know that's not going to make them change." - by zullnero (833754) on Thursday January 21, @04:01PM (#30851208) Homepage

Ok, then here are some FACTS for your to "mull over" then... ok?

NOW, as far as "SPEED & SECURITY" online, & Opera vs. FireFox vs. IE?? Ok:

====

A.) For SPEED (& even in javascript for the LONGEST time, until FF's new engines took its place (until Opera 10.50 @ least, because that's gotten a decent "boost" in that area -> http://tech.slashdot.org/article.pl?sid=09/12/22/1911216 (not that it matters though, speeding up javascript is like asking to get infected by malscripted sites &/or adbanners faster imo @ least - that of a "POV" of PC security, mostly)):

http://www.howtocreate.co.uk/browserSpeed.html

and

http://crave.cnet.co.uk/cnetuk/crave/software/0,39029471,49302491,00.htm

AND

http://nontroppo.org/timer/kestrel_tests/

(Opera "rocked the planet" in those cases... bigtime (& ESPECIALLY ON THE MOST USED PLATFORM THERE IS, BAR-NONE, FOR PC-COMPUTING: Windows!))

----

AND, for SECURITY also (less vulnerabilities present over time than IE or FF, per SECUNIA.COM stats):

INTERNET EXPLORER 8.x VULNERABILITIES STATS:(01/21/2010)

http://secunia.com/advisories/product/21625/?task=advisories

(UNPATCHED = 4-8 / 50% (though 1 of them, the "Critical 'Out-of-Band' Cumulative Update IS patched, as of about 1 hr. ago (go get it those of you that use MS OS' that is...)))

---

FIREFOX 3.x VULNERABILITIES STATS:(01/21/2010)

http://secunia.com/advisories/product/25800/?task=statistics

(UNPATCHED = 0-6 / 0% (on this note, as you can see? FF had MORE advisories, over time as I noted, but... they've done a GREAT JOB in stopping that much (now, the same has to be said for their browser addons too, but that too, improves over time as well usually))

Most Critical Unpatched

There are no unpatched Secunia advisories affecting this product, when all vendor patches are applied..

----

OPERA 10.x VULNERABILITIES STATS:(01/21/2010)

http://secunia.com/advisories/product/26745/?task=statistics

(UNPATCHED = 0-3 / 0% )

Most Critical Unpatched

There are no unpatched Secunia advisories affecting this product, when all vendor patches are applied..

====

Opera ROCKS, period (or, do the stats above make me a liar? I think not...)!

Plus, Opera's been able to pass the "ACID TESTS" (ACID2 specfically) for compliance to web-based standards since version 6.x iirc, & it was (iirc) actually the FIRST BROWSER (not development kit) to do so, but when counting dev kits, it was 2nd... correct me if I am "off" here on this last point though, guys, & thanks.

APK

P.S.=> Opera has a BIG "share-of-market" on MOBILE DEVICES as well, & is big in EUROPE (though stats don't tend to show it, because like many others, I tend to "IDENTIFY AS IE" in Opera, so I get somewhat better "IE based" page renderings on SOME sites (this happens, too bad) & that's something others seem to overlook QUITE A BIT too)...

Once more, imo @ least? Well - Opera's great!

I.E.-> It took me away from being a FireFox user primarily in fact, because of it (& FF + IE have copied Opera's features RAMPANTLY over time (e.g.-> Tabbed Browsing anyone? As far as ADDONS also?? Heh, a LOT of what FF

"Ha, and you got tricked by a Opera or Chrome fanboy into replying. You know that's not going to make them change." - by zullnero (833754) on Thursday January 21, @04:01PM (#30851208) Homepage

Ok, then here are some FACTS for your to "mull over" then... ok?

NOW, as far as "SPEED & SECURITY" online, & Opera vs. FireFox vs. IE?? Ok:

====

A.) For SPEED (& even in javascript for the LONGEST time, until FF's new engines took its place (until Opera 10.50 @ least, because that's gotten a decent "boost" in that area -> http://tech.slashdot.org/article.pl?sid=09/12/22/1911216 (not that it matters though, speeding up javascript is like asking to get infected by malscripted sites &/or adbanners faster imo @ least - that of a "POV" of PC security, mostly)):

http://www.howtocreate.co.uk/browserSpeed.html

and

http://crave.cnet.co.uk/cnetuk/crave/software/0,39029471,49302491,00.htm

AND

http://nontroppo.org/timer/kestrel_tests/

(Opera "rocked the planet" in those cases... bigtime (& ESPECIALLY ON THE MOST USED PLATFORM THERE IS, BAR-NONE, FOR PC-COMPUTING: Windows!))

----

AND, for SECURITY also (less vulnerabilities present over time than IE or FF, per SECUNIA.COM stats):

INTERNET EXPLORER 8.x VULNERABILITIES STATS:(01/21/2010)

http://secunia.com/advisories/product/21625/?task=advisories

(UNPATCHED = 4-8 / 50% (though 1 of them, the "Critical 'Out-of-Band' Cumulative Update IS patched, as of about 1 hr. ago (go get it those of you that use MS OS' that is...)))

---

FIREFOX 3.x VULNERABILITIES STATS:(01/21/2010)

http://secunia.com/advisories/product/25800/?task=statistics

(UNPATCHED = 0-6 / 0% (on this note, as you can see? FF had MORE advisories, over time as I noted, but... they've done a GREAT JOB in stopping that much (now, the same has to be said for their browser addons too, but that too, improves over time as well usually))

Most Critical Unpatched

There are no unpatched Secunia advisories affecting this product, when all vendor patches are applied..

----

OPERA 10.x VULNERABILITIES STATS:(01/21/2010)

http://secunia.com/advisories/product/26745/?task=statistics

(UNPATCHED = 0-3 / 0% )

Most Critical Unpatched

There are no unpatched Secunia advisories affecting this product, when all vendor patches are applied..

====

Opera ROCKS, period (or, do the stats above make me a liar? I think not...)!

Plus, Opera's been able to pass the "ACID TESTS" (ACID2 specfically) for compliance to web-based standards since version 6.x iirc, & it was (iirc) actually the FIRST BROWSER (not development kit) to do so, but when counting dev kits, it was 2nd... correct me if I am "off" here on this last point though, guys, & thanks.

APK

P.S.=> Opera has a BIG "share-of-market" on MOBILE DEVICES as well, & is big in EUROPE (though stats don't tend to show it, because like many others, I tend to "IDENTIFY AS IE" in Opera, so I get somewhat better "IE based" page renderings on SOME sites (this happens, too bad) & that's something others seem to overlook QUITE A BIT too)...

Once more, imo @ least? Well - Opera's great!

I.E.-> It took me away from being a FireFox user primarily in fact, because of it (& FF + IE have copied Opera's features RAMPANTLY over time (e.g.-> Tabbed Browsing anyone? As far as ADDONS also?? Heh, a LOT of what FF

"Firefox 3.6 does beat the newest Chrome on some Javascript benchmarks (and Chrome beats Firefox on others)." - by Anonymous Coward on Thursday January 21, @03:06PM (#30850216)

LOL: WoW... when you come right down to it though, my man? That's hilarious... it really is!

(Especially in today's "over-plagued by javascript-based attacks" of the internet today!)

After all - Most attack that hit you USE javascript in malscripted webpages &/or malscripted adbanners, period (or via email attacks & malscripted .pdf files).

Facts ARE FACTS.

NOW, as far as "SPEED & SECURITY" online, & Opera vs. FireFox vs. IE?? Ok:

====

A.) For SPEED (& even in javascript for the LONGEST time, until FF's new engines took its place (until Opera 10.50 @ least, because that's gotten a decent "boost" in that area -> http://tech.slashdot.org/article.pl?sid=09/12/22/1911216 (not that it matters though, speeding up javascript is like asking to get infected by malscripted sites &/or adbanners faster imo @ least - that of a "POV" of PC security, mostly)):

http://www.howtocreate.co.uk/browserSpeed.html

and

http://crave.cnet.co.uk/cnetuk/crave/software/0,39029471,49302491,00.htm

AND

http://nontroppo.org/timer/kestrel_tests/

(Opera "rocked the planet" in those cases... bigtime (& ESPECIALLY ON THE MOST USED PLATFORM THERE IS, BAR-NONE, FOR PC-COMPUTING: Windows!))

----

AND, for SECURITY also (less vulnerabilities present over time than IE or FF, per SECUNIA.COM stats):

INTERNET EXPLORER 8.x VULNERABILITIES STATS:(01/21/2010)

http://secunia.com/advisories/product/21625/?task=advisories

(UNPATCHED = 4-8 / 50% (though 1 of them, the "Critical 'Out-of-Band' Cumulative Update IS patched, as of about 1 hr. ago (go get it those of you that use MS OS' that is...)))

---

FIREFOX 3.x VULNERABILITIES STATS:(01/21/2010)

http://secunia.com/advisories/product/25800/?task=statistics

(UNPATCHED = 0-6 / 0% (on this note, as you can see? FF had MORE advisories, over time as I noted, but... they've done a GREAT JOB in stopping that much (now, the same has to be said for their browser addons too, but that too, improves over time as well usually))

Most Critical Unpatched

There are no unpatched Secunia advisories affecting this product, when all vendor patches are applied..

----

OPERA 10.x VULNERABILITIES STATS:(01/21/2010)

http://secunia.com/advisories/product/26745/?task=statistics

(UNPATCHED = 0-3 / 0% )

Most Critical Unpatched

There are no unpatched Secunia advisories affecting this product, when all vendor patches are applied..

====

Opera ROCKS, period (or, do the stats above make me a liar? I think not...)!

Plus, Opera's been able to pass the "ACID TESTS" (ACID2 specfically) for compliance to web-based standards since version 6.x iirc, & it was (iirc) actually the FIRST BROWSER (not development kit) to do so, but when counting dev kits, it was 2nd... correct me if I am "off" here on this last point though, guys, & thanks.

APK

P.S.=> Opera has a BIG "share-of-market" on MOBILE DEVICES as well, & is big in EUROPE (though stats don't tend to show it, because like many others, I tend to "IDENTIFY AS IE" in Opera, so I get somewhat better "IE based" page renderings on SOME sites (this happens, too bad) & that's something others s

"Firefox 3.6 does beat the newest Chrome on some Javascript benchmarks (and Chrome beats Firefox on others)." - by Anonymous Coward on Thursday January 21, @03:06PM (#30850216)

LOL: WoW... when you come right down to it though, my man? That's hilarious... it really is!

(Especially in today's "over-plagued by javascript-based attacks" of the internet today!)

After all - Most attack that hit you USE javascript in malscripted webpages &/or malscripted adbanners, period (or via email attacks & malscripted .pdf files).

Facts ARE FACTS.

NOW, as far as "SPEED & SECURITY" online, & Opera vs. FireFox vs. IE?? Ok:

====

A.) For SPEED (& even in javascript for the LONGEST time, until FF's new engines took its place (until Opera 10.50 @ least, because that's gotten a decent "boost" in that area -> http://tech.slashdot.org/article.pl?sid=09/12/22/1911216 (not that it matters though, speeding up javascript is like asking to get infected by malscripted sites &/or adbanners faster imo @ least - that of a "POV" of PC security, mostly)):

http://www.howtocreate.co.uk/browserSpeed.html

and

http://crave.cnet.co.uk/cnetuk/crave/software/0,39029471,49302491,00.htm

AND

http://nontroppo.org/timer/kestrel_tests/

(Opera "rocked the planet" in those cases... bigtime (& ESPECIALLY ON THE MOST USED PLATFORM THERE IS, BAR-NONE, FOR PC-COMPUTING: Windows!))

----

AND, for SECURITY also (less vulnerabilities present over time than IE or FF, per SECUNIA.COM stats):

INTERNET EXPLORER 8.x VULNERABILITIES STATS:(01/21/2010)

http://secunia.com/advisories/product/21625/?task=advisories

(UNPATCHED = 4-8 / 50% (though 1 of them, the "Critical 'Out-of-Band' Cumulative Update IS patched, as of about 1 hr. ago (go get it those of you that use MS OS' that is...)))

---

FIREFOX 3.x VULNERABILITIES STATS:(01/21/2010)

http://secunia.com/advisories/product/25800/?task=statistics

(UNPATCHED = 0-6 / 0% (on this note, as you can see? FF had MORE advisories, over time as I noted, but... they've done a GREAT JOB in stopping that much (now, the same has to be said for their browser addons too, but that too, improves over time as well usually))

Most Critical Unpatched

There are no unpatched Secunia advisories affecting this product, when all vendor patches are applied..

----

OPERA 10.x VULNERABILITIES STATS:(01/21/2010)

http://secunia.com/advisories/product/26745/?task=statistics

(UNPATCHED = 0-3 / 0% )

Most Critical Unpatched

There are no unpatched Secunia advisories affecting this product, when all vendor patches are applied..

====

Opera ROCKS, period (or, do the stats above make me a liar? I think not...)!

Plus, Opera's been able to pass the "ACID TESTS" (ACID2 specfically) for compliance to web-based standards since version 6.x iirc, & it was (iirc) actually the FIRST BROWSER (not development kit) to do so, but when counting dev kits, it was 2nd... correct me if I am "off" here on this last point though, guys, & thanks.

APK

P.S.=> Opera has a BIG "share-of-market" on MOBILE DEVICES as well, & is big in EUROPE (though stats don't tend to show it, because like many others, I tend to "IDENTIFY AS IE" in Opera, so I get somewhat better "IE based" page renderings on SOME sites (this happens, too bad) & that's something others s

"Firefox 3.6 does beat the newest Chrome on some Javascript benchmarks (and Chrome beats Firefox on others)." - by Anonymous Coward on Thursday January 21, @03:06PM (#30850216)

LOL: WoW... when you come right down to it though, my man? That's hilarious... it really is!

(Especially in today's "over-plagued by javascript-based attacks" of the internet today!)

After all - Most attack that hit you USE javascript in malscripted webpages &/or malscripted adbanners, period (or via email attacks & malscripted .pdf files).

Facts ARE FACTS.

NOW, as far as "SPEED & SECURITY" online, & Opera vs. FireFox vs. IE?? Ok:

====

A.) For SPEED (& even in javascript for the LONGEST time, until FF's new engines took its place (until Opera 10.50 @ least, because that's gotten a decent "boost" in that area -> http://tech.slashdot.org/article.pl?sid=09/12/22/1911216 (not that it matters though, speeding up javascript is like asking to get infected by malscripted sites &/or adbanners faster imo @ least - that of a "POV" of PC security, mostly)):

http://www.howtocreate.co.uk/browserSpeed.html

and

http://crave.cnet.co.uk/cnetuk/crave/software/0,39029471,49302491,00.htm

AND

http://nontroppo.org/timer/kestrel_tests/

(Opera "rocked the planet" in those cases... bigtime (& ESPECIALLY ON THE MOST USED PLATFORM THERE IS, BAR-NONE, FOR PC-COMPUTING: Windows!))

----

AND, for SECURITY also (less vulnerabilities present over time than IE or FF, per SECUNIA.COM stats):

INTERNET EXPLORER 8.x VULNERABILITIES STATS:(01/21/2010)

http://secunia.com/advisories/product/21625/?task=advisories

(UNPATCHED = 4-8 / 50% (though 1 of them, the "Critical 'Out-of-Band' Cumulative Update IS patched, as of about 1 hr. ago (go get it those of you that use MS OS' that is...)))

---

FIREFOX 3.x VULNERABILITIES STATS:(01/21/2010)

http://secunia.com/advisories/product/25800/?task=statistics

(UNPATCHED = 0-6 / 0% (on this note, as you can see? FF had MORE advisories, over time as I noted, but... they've done a GREAT JOB in stopping that much (now, the same has to be said for their browser addons too, but that too, improves over time as well usually))

Most Critical Unpatched

There are no unpatched Secunia advisories affecting this product, when all vendor patches are applied..

----

OPERA 10.x VULNERABILITIES STATS:(01/21/2010)

http://secunia.com/advisories/product/26745/?task=statistics

(UNPATCHED = 0-3 / 0% )

Most Critical Unpatched

There are no unpatched Secunia advisories affecting this product, when all vendor patches are applied..

====

Opera ROCKS, period (or, do the stats above make me a liar? I think not...)!

Plus, Opera's been able to pass the "ACID TESTS" (ACID2 specfically) for compliance to web-based standards since version 6.x iirc, & it was (iirc) actually the FIRST BROWSER (not development kit) to do so, but when counting dev kits, it was 2nd... correct me if I am "off" here on this last point though, guys, & thanks.

APK

P.S.=> Opera has a BIG "share-of-market" on MOBILE DEVICES as well, & is big in EUROPE (though stats don't tend to show it, because like many others, I tend to "IDENTIFY AS IE" in Opera, so I get somewhat better "IE based" page renderings on SOME sites (this happens, too bad) & that's something others s

"Whether you like it or not, Opera is *massive* in Europe and has a far greater market share than you'd like to believe." - by A Friendly Troll (1017492) on Tuesday January 19, @05:28PM (#30825616)

Per my subject-line above: Well, I BELIEVE YOU, & here are the reasons as to why:

====

A.) For SPEED (& even in javascript for the LONGEST time, until FF's new engines took its place (until Opera 10.50 @ least, because that's gotten a decent "boost" in that area -> http://tech.slashdot.org/article.pl?sid=09/12/22/1911216 (not that it matters though, speeding up javascript is like asking to get infected by malscripted sites &/or adbanners faster imo @ least - that of a "POV" of PC security, mostly)):

http://www.howtocreate.co.uk/browserSpeed.html

and

http://crave.cnet.co.uk/cnetuk/crave/software/0,39029471,49302491,00.htm

AND

http://nontroppo.org/timer/kestrel_tests/

(Opera "rocked the planet" in those cases... bigtime (& ESPECIALLY ON THE MOST USED PLATFORM THERE IS, BAR-NONE, FOR PC-COMPUTING: Windows!))

----

AND, for SECURITY also (less vulnerabilities present over time than IE or FF, per SECUNIA.COM stats):

INTERNET EXPLORER 8.x VULNERABILITIES STATS:(01/21/2010)

http://secunia.com/advisories/product/21625/?task=advisories

(UNPATCHED = 4-8 / 50% (though 1 of them, the "Critical 'Out-of-Band' Cumulative Update IS patched, as of about 1 hr. ago (go get it those of you that use MS OS' that is...)))

---

FIREFOX 3.x VULNERABILITIES STATS:(01/21/2010)

(UNPATCHED = 0-6 / 0% (on this note, as you can see? FF had MORE advisories, over time as I noted, but... they've done a GREAT JOB in stopping that much (now, the same has to be said for their browser addons too, but that too, improves over time as well usually))

Most Critical Unpatched

There are no unpatched Secunia advisories affecting this product, when all vendor patches are applied..

----

OPERA 10.x VULNERABILITIES STATS:(01/21/2010)

http://secunia.com/advisories/product/26745/?task=statistics

(UNPATCHED = 0-3 / 0% )

Most Critical Unpatched

There are no unpatched Secunia advisories affecting this product, when all vendor patches are applied..

====

Opera ROCKS, period (or, do the stats above make me a liar? I think not...) &, it's been able to pass the "ACID TESTS" for compliance to web-based standards since version 6.x iirc, & it was (iirc) actually the FIRST BROWSER (not development kit) to do so, but when counting dev kits, it was 2nd... correct me if I am "off" here on this last point though, guys, & thanks.

APK

P.S.=> Again though, I tend to believe you (& Opera has a BIG "share-of-market" on MOBILE DEVICES as well, which others seem to overlook QUITE A BIT too)... Once more, imo @ least? Well - Opera's great!

I.E.-> It took me away from being a FireFox user primarily in fact, because of it (& FF + IE have copied Opera's features RAMPANTLY over time (e.g.-> Tabbed Browsing anyone? As far as ADDONS also?? Heh, a LOT of what FF has in browser addons, Opera already has natively (minus the CPU usage + speed hits & security vulnerabilities that webbrowser addons introduce (more than potentially too, ala Greasemonkey having that before (as only 1 single example)))... apk

"Whether you like it or not, Opera is *massive* in Europe and has a far greater market share than you'd like to believe." - by A Friendly Troll (1017492) on Tuesday January 19, @05:28PM (#30825616)

Per my subject-line above: Well, I BELIEVE YOU, & here are the reasons as to why:

====

A.) For SPEED (& even in javascript for the LONGEST time, until FF's new engines took its place (until Opera 10.50 @ least, because that's gotten a decent "boost" in that area -> http://tech.slashdot.org/article.pl?sid=09/12/22/1911216 (not that it matters though, speeding up javascript is like asking to get infected by malscripted sites &/or adbanners faster imo @ least - that of a "POV" of PC security, mostly)):

http://www.howtocreate.co.uk/browserSpeed.html

and

http://crave.cnet.co.uk/cnetuk/crave/software/0,39029471,49302491,00.htm

AND

http://nontroppo.org/timer/kestrel_tests/

(Opera "rocked the planet" in those cases... bigtime (& ESPECIALLY ON THE MOST USED PLATFORM THERE IS, BAR-NONE, FOR PC-COMPUTING: Windows!))

----

AND, for SECURITY also (less vulnerabilities present over time than IE or FF, per SECUNIA.COM stats):

INTERNET EXPLORER 8.x VULNERABILITIES STATS:(01/21/2010)

http://secunia.com/advisories/product/21625/?task=advisories

(UNPATCHED = 4-8 / 50% (though 1 of them, the "Critical 'Out-of-Band' Cumulative Update IS patched, as of about 1 hr. ago (go get it those of you that use MS OS' that is...)))

---

FIREFOX 3.x VULNERABILITIES STATS:(01/21/2010)

(UNPATCHED = 0-6 / 0% (on this note, as you can see? FF had MORE advisories, over time as I noted, but... they've done a GREAT JOB in stopping that much (now, the same has to be said for their browser addons too, but that too, improves over time as well usually))

Most Critical Unpatched

There are no unpatched Secunia advisories affecting this product, when all vendor patches are applied..

----

OPERA 10.x VULNERABILITIES STATS:(01/21/2010)

http://secunia.com/advisories/product/26745/?task=statistics

(UNPATCHED = 0-3 / 0% )

Most Critical Unpatched

There are no unpatched Secunia advisories affecting this product, when all vendor patches are applied..

====

Opera ROCKS, period (or, do the stats above make me a liar? I think not...) &, it's been able to pass the "ACID TESTS" for compliance to web-based standards since version 6.x iirc, & it was (iirc) actually the FIRST BROWSER (not development kit) to do so, but when counting dev kits, it was 2nd... correct me if I am "off" here on this last point though, guys, & thanks.

APK

P.S.=> Again though, I tend to believe you (& Opera has a BIG "share-of-market" on MOBILE DEVICES as well, which others seem to overlook QUITE A BIT too)... Once more, imo @ least? Well - Opera's great!

I.E.-> It took me away from being a FireFox user primarily in fact, because of it (& FF + IE have copied Opera's features RAMPANTLY over time (e.g.-> Tabbed Browsing anyone? As far as ADDONS also?? Heh, a LOT of what FF has in browser addons, Opera already has natively (minus the CPU usage + speed hits & security vulnerabilities that webbrowser addons introduce (more than potentially too, ala Greasemonkey having that before (as only 1 single example)))... apk

Yes, it only deserves a rating of Moderate. It's not remote and requires local user intervention. This is pretty much the definition of a moderate vulnerability.

The industry appears to agree with me:
http://secunia.com/advisories/38265/
http://www.vupen.com/english/advisories/2010/0179

And IE 7 and IE 8. Therefore we should go back to IE 5.5 it's more secure.

And IE 7 and IE 8. Therefore we should go back to IE 5.5 it's more secure.

Here: http://secunia.com/advisories/product/19089/ and here: http://secunia.com/advisories/product/21625/ FF3 and IE8 are about the same age. In the same time frame FF3 has raked up 144 vulnerabilities. IE8 has experienced 23.

Apparently you did not even read your own source! QUOTE FROM YOUR OWN SOURCE:

PLEASE NOTE: The statistics provided should NOT be used to compare the overall security of products against one another. It is IMPORTANT to understand what the below comments mean when using the statistics, especially when using the statistics to compare the vulnerability aspects of different products.

Please go and read your source, they make this point for me.

We have access to Microsofts Security Bulletins - which are among the most detailed in the industry. Admins depend on those bulletins to be accurate. They need to make the right decisions on whether to block or allow patches. What do you think would happen if MS tried to sneak a patch by and it turned out to cause damage to systems? Simply put, there's nothing to support a suggestion that MS is sneaking anything by.

Wow, talk about calling your own objectivity into question. "The most detailed in the industry" Sheesh. Are they also the most well written, prepared by the best smelling employees?

You just don't get it. You can't tell if they're telling you everything because you don't have access to their bug tracker and you don't have access to the code. The can say they're changing a font size and fix 3 major vulnerabilities without telling you.
And as for what would happen if "it turned out to cause damage to systems", let me know when their EULA doesn't explicitly disclaim liability for that.

#2) Number of exploits is a function of profitability, is has no correlation to number of security bugs or software quality

Try reading your own statement out loud to yourself. It obviously does not make sense. Of course number of exploits is correlated to the number of bugs. It don't take a genius to realize that as the number of bugs reaches zero, the number of exploits will be forced to zero as well. This section is an example where you're using terms with very specific meanings like "correlation" without any data to back it up.

#3 Time to fix is relevant. However, in this case it doesn't matter, because this was targeted attacks.

This is another case where you're assuming things you can't possibly have data for, such as when MS first became aware of this vulnerability.

This really doesn't take a rocket scientist:
Pretend you're a software vendor and you want to look good to your customers, first and foremost.
You will group software updates into batches so as give the best impression of stability and security as possible.
You will have a pressure to do this even when particular flaws might be quite severe.
In an extreme case, you might even go so far as to only release your updates on a particular day.... maybe Tuesday?

Here: http://secunia.com/advisories/product/19089/ and here: http://secunia.com/advisories/product/21625/ FF3 and IE8 are about the same age. In the same time frame FF3 has raked up 144 vulnerabilities. IE8 has experienced 23.

Apparently you did not even read your own source! QUOTE FROM YOUR OWN SOURCE:

PLEASE NOTE: The statistics provided should NOT be used to compare the overall security of products against one another. It is IMPORTANT to understand what the below comments mean when using the statistics, especially when using the statistics to compare the vulnerability aspects of different products.

Please go and read your source, they make this point for me.

We have access to Microsofts Security Bulletins - which are among the most detailed in the industry. Admins depend on those bulletins to be accurate. They need to make the right decisions on whether to block or allow patches. What do you think would happen if MS tried to sneak a patch by and it turned out to cause damage to systems? Simply put, there's nothing to support a suggestion that MS is sneaking anything by.

Wow, talk about calling your own objectivity into question. "The most detailed in the industry" Sheesh. Are they also the most well written, prepared by the best smelling employees?

You just don't get it. You can't tell if they're telling you everything because you don't have access to their bug tracker and you don't have access to the code. The can say they're changing a font size and fix 3 major vulnerabilities without telling you.
And as for what would happen if "it turned out to cause damage to systems", let me know when their EULA doesn't explicitly disclaim liability for that.

#2) Number of exploits is a function of profitability, is has no correlation to number of security bugs or software quality

Try reading your own statement out loud to yourself. It obviously does not make sense. Of course number of exploits is correlated to the number of bugs. It don't take a genius to realize that as the number of bugs reaches zero, the number of exploits will be forced to zero as well. This section is an example where you're using terms with very specific meanings like "correlation" without any data to back it up.

#3 Time to fix is relevant. However, in this case it doesn't matter, because this was targeted attacks.

This is another case where you're assuming things you can't possibly have data for, such as when MS first became aware of this vulnerability.

This really doesn't take a rocket scientist:
Pretend you're a software vendor and you want to look good to your customers, first and foremost.
You will group software updates into batches so as give the best impression of stability and security as possible.
You will have a pressure to do this even when particular flaws might be quite severe.
In an extreme case, you might even go so far as to only release your updates on a particular day.... maybe Tuesday?

What a bunch of crap!

Ignored.

Where's your proof?

Here: http://secunia.com/advisories/product/19089/

and here: http://secunia.com/advisories/product/21625/

FF3 and IE8 are about the same age. In the same time frame FF3 has raked up 144 vulnerabilities. IE8 has experienced 23.

And no, those FF bugs are not just trivialities. They are practically all of them rated "highly critical". And most of them are - tada - memory corruption bugs like the one exploited in this attack.

#1) It's impossible to conclusively make this statement since we don't have access to Microsoft's internal bug tracker.

#2) The directly comparable indicators we do have (how many major exploits are actually published) do not agree with your statement.

#3) Your statement ignores one other key factor: The time it takes the vendor to fix the bug. Who cares is a browser has only one major security exploit per year if it takes two years for the vendor to fix it? At that point, your ass is always hanging out in the wind.

#1) We have access to Microsofts Security Bulletins - which are among the most detailed in the industry. Admins depend on those bulletins to be accurate. They need to make the right decisions on whether to block or allow patches. What do you think would happen if MS tried to sneak a patch by and it turned out to cause damage to systems? Simply put, there's nothing to support a suggestion that MS is sneaking anything by.

#2) Number of exploits is a function of profitability, is has no correlation to number of security bugs or software quality. One bug may give rise to many exploitation attempts. 144 vulnerabilities may never be exploited. Consider two lotteries, tickets the same price and the winning chances were same. Only in one lottery the prizes were 10x bigger. Given you could buy 10 tickets - how would you spend them?

#3 Time to fix is relevant. However, in this case it doesn't matter, because this was targeted attacks. Somebody had put in a lot of effort in finding a bug and prepare a cocktail attack (social engineering, pdf and IE). This was not a publicly disclosed bug. No vendor can patch a bug before they know of it. Simply put, the most important precaution is to up the QA standards and prevent the bugs in the first place. Then - when a bug is eventually discovered - it is important to fix it fast.

Mozilla certainly seems to patch fast. But they have 8 times more bugs to fix. That says something about their quality control as compared to Microsofts. Which shouldn't come as a surprise given how crash-happy Firefox has become.

Disclosure: I use Chrome. Safer and far less crash-happy than FF.

What a bunch of crap!

Ignored.

Where's your proof?

Here: http://secunia.com/advisories/product/19089/

and here: http://secunia.com/advisories/product/21625/

FF3 and IE8 are about the same age. In the same time frame FF3 has raked up 144 vulnerabilities. IE8 has experienced 23.

And no, those FF bugs are not just trivialities. They are practically all of them rated "highly critical". And most of them are - tada - memory corruption bugs like the one exploited in this attack.

#1) It's impossible to conclusively make this statement since we don't have access to Microsoft's internal bug tracker.

#2) The directly comparable indicators we do have (how many major exploits are actually published) do not agree with your statement.

#3) Your statement ignores one other key factor: The time it takes the vendor to fix the bug. Who cares is a browser has only one major security exploit per year if it takes two years for the vendor to fix it? At that point, your ass is always hanging out in the wind.

#1) We have access to Microsofts Security Bulletins - which are among the most detailed in the industry. Admins depend on those bulletins to be accurate. They need to make the right decisions on whether to block or allow patches. What do you think would happen if MS tried to sneak a patch by and it turned out to cause damage to systems? Simply put, there's nothing to support a suggestion that MS is sneaking anything by.

#2) Number of exploits is a function of profitability, is has no correlation to number of security bugs or software quality. One bug may give rise to many exploitation attempts. 144 vulnerabilities may never be exploited. Consider two lotteries, tickets the same price and the winning chances were same. Only in one lottery the prizes were 10x bigger. Given you could buy 10 tickets - how would you spend them?

#3 Time to fix is relevant. However, in this case it doesn't matter, because this was targeted attacks. Somebody had put in a lot of effort in finding a bug and prepare a cocktail attack (social engineering, pdf and IE). This was not a publicly disclosed bug. No vendor can patch a bug before they know of it. Simply put, the most important precaution is to up the QA standards and prevent the bugs in the first place. Then - when a bug is eventually discovered - it is important to fix it fast.

Mozilla certainly seems to patch fast. But they have 8 times more bugs to fix. That says something about their quality control as compared to Microsofts. Which shouldn't come as a surprise given how crash-happy Firefox has become.

Disclosure: I use Chrome. Safer and far less crash-happy than FF.

Mozilla Firefox 3.5.x: unpatched 0 of 6 Secunia advisories.

MS Internet Explorer 8.x: unpatched 4 of 8 Secunia advisories.

MS Internet Explorer 7.x: unpatched 11 of 42 Secunia advisories.

Opera 10.x: unpatched 0 of 3 Secunia advisories.

I can't see your point, are you trolling?

Mozilla Firefox 3.5.x: unpatched 0 of 6 Secunia advisories.

MS Internet Explorer 8.x: unpatched 4 of 8 Secunia advisories.

MS Internet Explorer 7.x: unpatched 11 of 42 Secunia advisories.

Opera 10.x: unpatched 0 of 3 Secunia advisories.

I can't see your point, are you trolling?

Mozilla Firefox 3.5.x: unpatched 0 of 6 Secunia advisories.

MS Internet Explorer 8.x: unpatched 4 of 8 Secunia advisories.

MS Internet Explorer 7.x: unpatched 11 of 42 Secunia advisories.

Opera 10.x: unpatched 0 of 3 Secunia advisories.

I can't see your point, are you trolling?

Mozilla Firefox 3.5.x: unpatched 0 of 6 Secunia advisories.

MS Internet Explorer 8.x: unpatched 4 of 8 Secunia advisories.

MS Internet Explorer 7.x: unpatched 11 of 42 Secunia advisories.

Opera 10.x: unpatched 0 of 3 Secunia advisories.

I can't see your point, are you trolling?

Firefox get's a patch pretty quick when you consider an unpatched IE exploit going back to oh say 2007 just for starts.

http://secunia.com/advisories/product/21625/?task=advisories_2007

Wanna reformat? hit those urls with frames and iframes, your sure to pick up virut really quick.
While you can add a squid rule to block "frame"

*.Blogspot, I'd like to reply to the thread becomes much more difficult doesn't it?

Such as this one: http://secunia.com/advisories/product/25800/

"There are no unpatched Secunia advisories affecting this product [Firefox]"

Unpatched 0% (0 of 6 Secunia advisories)

Or this one: http://secunia.com/advisories/product/21625/

"The most severe unpatched Secunia advisory affecting Microsoft Internet Explorer 8.x, with all vendor patches applied, is rated Extremely critical"

"Unpatched 50% (4 of 8 Secunia advisories)"

Such as this one: http://secunia.com/advisories/product/25800/

"There are no unpatched Secunia advisories affecting this product [Firefox]"

Unpatched 0% (0 of 6 Secunia advisories)

Or this one: http://secunia.com/advisories/product/21625/

"The most severe unpatched Secunia advisory affecting Microsoft Internet Explorer 8.x, with all vendor patches applied, is rated Extremely critical"

"Unpatched 50% (4 of 8 Secunia advisories)"

Check if you're in a glass house first.

http://secunia.com/advisories/15601/ Seven year old vulnerability reintroduced into Firefox.

If the biggest complaint you have is a vulnerability that was fixed in 2005 (even if it had previously occurred in 1998), then I don't think there's too much to worry about.

http://secunia.com/advisories/15601/

Seven year old vulnerability reintroduced into Firefox.

Secunia is better. Take a look here:

IE6 http://secunia.com/advisories/product/11/?task=advisories
IE7 http://secunia.com/advisories/product/12366/?task=advisories
IE8 http://secunia.com/advisories/product/21625/?task=advisories
Firefox2 http://secunia.com/advisories/product/12434/
Firefox3.0 http://secunia.com/advisories/product/19089/?task=advisories
Firefox3.5 http://secunia.com/advisories/product/25800/?task=advisories

Based on these, I would choose Firefox and not IE

Secunia is better. Take a look here:

IE6 http://secunia.com/advisories/product/11/?task=advisories
IE7 http://secunia.com/advisories/product/12366/?task=advisories
IE8 http://secunia.com/advisories/product/21625/?task=advisories
Firefox2 http://secunia.com/advisories/product/12434/
Firefox3.0 http://secunia.com/advisories/product/19089/?task=advisories
Firefox3.5 http://secunia.com/advisories/product/25800/?task=advisories

Based on these, I would choose Firefox and not IE

Secunia is better. Take a look here:

IE6 http://secunia.com/advisories/product/11/?task=advisories
IE7 http://secunia.com/advisories/product/12366/?task=advisories
IE8 http://secunia.com/advisories/product/21625/?task=advisories
Firefox2 http://secunia.com/advisories/product/12434/
Firefox3.0 http://secunia.com/advisories/product/19089/?task=advisories
Firefox3.5 http://secunia.com/advisories/product/25800/?task=advisories

Based on these, I would choose Firefox and not IE

Secunia is better. Take a look here:

IE6 http://secunia.com/advisories/product/11/?task=advisories
IE7 http://secunia.com/advisories/product/12366/?task=advisories
IE8 http://secunia.com/advisories/product/21625/?task=advisories
Firefox2 http://secunia.com/advisories/product/12434/
Firefox3.0 http://secunia.com/advisories/product/19089/?task=advisories
Firefox3.5 http://secunia.com/advisories/product/25800/?task=advisories

Based on these, I would choose Firefox and not IE

Secunia is better. Take a look here:

IE6 http://secunia.com/advisories/product/11/?task=advisories
IE7 http://secunia.com/advisories/product/12366/?task=advisories
IE8 http://secunia.com/advisories/product/21625/?task=advisories
Firefox2 http://secunia.com/advisories/product/12434/
Firefox3.0 http://secunia.com/advisories/product/19089/?task=advisories
Firefox3.5 http://secunia.com/advisories/product/25800/?task=advisories

Based on these, I would choose Firefox and not IE

Secunia is better. Take a look here:

IE6 http://secunia.com/advisories/product/11/?task=advisories
IE7 http://secunia.com/advisories/product/12366/?task=advisories
IE8 http://secunia.com/advisories/product/21625/?task=advisories
Firefox2 http://secunia.com/advisories/product/12434/
Firefox3.0 http://secunia.com/advisories/product/19089/?task=advisories
Firefox3.5 http://secunia.com/advisories/product/25800/?task=advisories

Based on these, I would choose Firefox and not IE

Only a month or so ago, I still had Shockwave 9 installed. I'm sure I'm not alone in saying I have a good number of programs installed on my computer, and keeping track of which ones need updates is a real chore that I usually just (unwisely) ignore. But, then I found this great free program called Secunia PSI. Every week I just click "Scan" and it compares the software installed on my computer, including windows, with an online database, and reports anything that has known security vulnerabilities.

If MS included this in Windows, you'd never get to see the login screen because the CPU would be so busy fixing bugs.

This sort of thing plays well to the geek's hive mind. But is it really worth a mod-up to +5, Insightful?

Vulnerability Report: Microsoft Windows 7 - 2009 There are no unpatched Secunia advisories affecting this product, when all vendor patches are applied..

Of course if you're a Microsoft slave, you can wait for a bug to be fixed "when we get around to it"

You see that a lot in FOSS as well.

What you don't see so much in the Windows world is a natural-born instinct for insults guaranteed to piss off any potential convert.

depending on how buggy THIS Windows version is...

In nine months the public beta/RC of Win 7 took a 1.5% share of the desktop. 50% higher than Linux, all flavors. Top Operating System Share Trend

If there were any show-stoppers they should have been exposed by now.

Vulnerability Report: Microsoft Windows 7

There are no unpatched Secunia advisories affecting this product, when all vendor patches are applied.

Vulnerability Report: Microsoft Windows Vista

The most severe unpatched Secunia advisory affecting Microsoft Windows Vista, with all vendor patches applied, is rated Less critical

Of course if you're a Microsoft slave, you can wait for a bug to be fixed "when we get around to it"

You see that a lot in FOSS as well.

What you don't see so much in the Windows world is a natural-born instinct for insults guaranteed to piss off any potential convert.

depending on how buggy THIS Windows version is...

In nine months the public beta/RC of Win 7 took a 1.5% share of the desktop. 50% higher than Linux, all flavors. Top Operating System Share Trend

If there were any show-stoppers they should have been exposed by now.

Vulnerability Report: Microsoft Windows 7

There are no unpatched Secunia advisories affecting this product, when all vendor patches are applied.

Vulnerability Report: Microsoft Windows Vista

The most severe unpatched Secunia advisory affecting Microsoft Windows Vista, with all vendor patches applied, is rated Less critical

Apache would like to have a word with you.

Sure, let's talk about Apache then: Apache 2.2.x, 17 advisories, 28 vulnerabilities, 2 unpatched. IIS 7.x, 2 advisories, 2 vulnerabilities, all patched. Are you going to apologize now? I didn't think so.

Do you get paid to shill?

Being a devil's advocate on an issue != being a troll on an issue, but pretending to be a devil's advocate just so you can FUD = Troll.

You don't know what you're talking about (as shown above), and you attack the person instead of the message. On top of that, you've been spamming your silly "shilling" accusation all over the place, no matter what other posters say. I think you're the troll here, and not a very bright one either.

Apache would like to have a word with you.

Sure, let's talk about Apache then: Apache 2.2.x, 17 advisories, 28 vulnerabilities, 2 unpatched. IIS 7.x, 2 advisories, 2 vulnerabilities, all patched. Are you going to apologize now? I didn't think so.

Do you get paid to shill?

Being a devil's advocate on an issue != being a troll on an issue, but pretending to be a devil's advocate just so you can FUD = Troll.

You don't know what you're talking about (as shown above), and you attack the person instead of the message. On top of that, you've been spamming your silly "shilling" accusation all over the place, no matter what other posters say. I think you're the troll here, and not a very bright one either.

With a browser installed by default the user can go online and compare the home pages of other browsers.

He can - if he chooses - seek out independent reviews.

The more technically minded might be attracted to resources like Secunia: Vulnerability Report: Microsoft Internet Explorer 8.x

He is not limited to a screen shot and a paragraph or two of description -
which will inevitably be fretted and fussed over word-by-word by the anal-retentive geek and EU bureaucrat.

I should have been more clear in my earlier post, and typing code-pages instead of code-points didn't help either.
I don't mean unicode characters that use same glyphs as ASCII characters, I meant unicode characters that look like ASCII characters but actually use different code-points, or more precisely IDN URL Spoofing.
http://secunia.com/advisories/14163/

This means that exploit JavaScript code has been tuned to target vulnerabilities in Safari as well

No, it means that the infected websites redirected visitors including Mac users. They were victims of redirection only at that point. It's the sites that people got redirected to that did the actual user-machine infecting. The article only says that six vulnerabilities were targeted but it doesn't say which. Mebroot (Master Boot Record Rootkit) is Windows based and isn't new.

"Using a variety of methods, the criminals behind Mebroot infect legitimate Web servers with Javascript code. The code redirects visitors to a different Internet domain, which changes every day, and where a malicious server attempts to compromise their computer with a program that provides the botnet's owners with remote control over that machine."

I'm not an expert, but the Mebroot description at F-Secure appears to show Windows systems as the target. Of course other mutations could potentially be created to target vulnerabilities on OS X or other platforms, but once in it couldn't just install the same Windows rootkit.
(below from F-Secure, not article)
http://www.f-secure.com/weblog/archives/00001393.html

The actual site hosting the exploit code utilizes the following exploits:

          Microsoft Data Access Components (MDAC) Function vulnerability (MS06-014)
          AOL SuperBuddy ActiveX Control Code Execution vulnerability (CVE-2006-5820)
          Online Media Technologies NCTsoft NCTAudioFile2 ActiveX Buffer Overflow (CVE-2007-0018)
          GOM Player "GomWeb3" ActiveX Control Buffer Overflow (CVE-2007-5779)
          Microsoft Internet Explorer WebViewFolderIcon setSlice (CVE-2006-3730)
          Yahoo! JukeBox datagrid.dll AddButton() Buffer Overflow
          DirectAnimation.PathControl KeyFrame vulnerability (CVE-2006-4777)
          Microsoft DirectSpeechSynthesis Module Remote Buffer Overflow

from article:
"The researchers also discovered that nearly 70 percent of those redirected by Mebroot--as classified by Internet address--were vulnerable to one of almost 40 vulnerabilities regularly used by the most popular infection toolkits designed to compromise computer systems. About half that number were vulnerable to the six specific vulnerabilities used by the Mebroot toolkit."

For things that have been fixed, I think Mac users are generally a bit better about having OS and browser updates. Of course, like everyone else, they can still reduce significantly reduce risk by disabling browser functionality except when needed (as with NoScript and Firefox).

I'm concerned updates in other applications may be missed not only by users, but even developers.
VLC promptly was updated for some vulnerabilities in underlying ffmpeg code, but users aren't always good about keeping VLC up to date (the older version for OS X 10.4 got an update as well as the current release.

There are a many video conversion, dvd assembly and other programs built on Windows and OS X using ffmpeg behind the scenes. In some cases the developers make little or no mention of it (LGPL/GPL compliance is a problem too). These programs don't seem to be getting the newer ffmpeg builds that address the problems.

http://secunia.com/advisories/36805

Periodically I publish my data to http://secunia.com/vulnerability_scanning/personal/

Jeez, can't anybody here use Google? According to Secunia, for the time period 2003-2009, IIS6 had 6 vulnerabilities http://secunia.com/advisories/product/1438/?task=statistics. Apache had 39 http://secunia.com/advisories/product/73/?task=statistics.

You can look at those statistics a few different ways. Apache had far more moderate-severe vulnerabilites than IIS6. Or if you're an Apache fanboy, you can twist it and say Apache's vulnerabilites were less severe in general, but that's only because Apache had a whole lot more lower vulnerabilities to skew the percentages. It's too bad Secunia doesn't show the statistics on how long those issues remained patched.

Jeez, can't anybody here use Google? According to Secunia, for the time period 2003-2009, IIS6 had 6 vulnerabilities http://secunia.com/advisories/product/1438/?task=statistics. Apache had 39 http://secunia.com/advisories/product/73/?task=statistics.

You can look at those statistics a few different ways. Apache had far more moderate-severe vulnerabilites than IIS6. Or if you're an Apache fanboy, you can twist it and say Apache's vulnerabilites were less severe in general, but that's only because Apache had a whole lot more lower vulnerabilities to skew the percentages. It's too bad Secunia doesn't show the statistics on how long those issues remained patched.