Slashdot Mirror
Domain: secunia.com
Stories and comments across the archive that link to secunia.com.
Comments · 2,642
-
Re:Security issues with Google Chrome?
Silverlight 2.x - 0 Vulnerabilities
http://secunia.com/advisories/product/20227/Silverlight 3.x - 0 Vulnerabilities
http://secunia.com/advisories/product/25996/Google Chrome 2.x - 10 Vulnerabilities
http://secunia.com/advisories/product/25469/Google Chrome 3.x - 0 Vulnerabilities
http://secunia.com/advisories/product/25720/Unfortunately, Secunia does not include Google Chrome 4.x data, which is the Chrome version using by the Chrome Frame
as a plugin, Chrome seems have more Vulnerabilities
I think we need to praise Microsoft on security area, after the Security Development Lifecycle, Microsoft increase the security of their products tremendously.
Here is an example:
Microsoft SQL Server 2008 - 0 Vulnerabilities
http://secunia.com/advisories/product/21744/and try to find the Oracle data in the Secunia website, you will amaze
-
Re:Security issues with Google Chrome?
Silverlight 2.x - 0 Vulnerabilities
http://secunia.com/advisories/product/20227/Silverlight 3.x - 0 Vulnerabilities
http://secunia.com/advisories/product/25996/Google Chrome 2.x - 10 Vulnerabilities
http://secunia.com/advisories/product/25469/Google Chrome 3.x - 0 Vulnerabilities
http://secunia.com/advisories/product/25720/Unfortunately, Secunia does not include Google Chrome 4.x data, which is the Chrome version using by the Chrome Frame
as a plugin, Chrome seems have more Vulnerabilities
I think we need to praise Microsoft on security area, after the Security Development Lifecycle, Microsoft increase the security of their products tremendously.
Here is an example:
Microsoft SQL Server 2008 - 0 Vulnerabilities
http://secunia.com/advisories/product/21744/and try to find the Oracle data in the Secunia website, you will amaze
-
Re:Security issues with Google Chrome?
Silverlight 2.x - 0 Vulnerabilities
http://secunia.com/advisories/product/20227/Silverlight 3.x - 0 Vulnerabilities
http://secunia.com/advisories/product/25996/Google Chrome 2.x - 10 Vulnerabilities
http://secunia.com/advisories/product/25469/Google Chrome 3.x - 0 Vulnerabilities
http://secunia.com/advisories/product/25720/Unfortunately, Secunia does not include Google Chrome 4.x data, which is the Chrome version using by the Chrome Frame
as a plugin, Chrome seems have more Vulnerabilities
I think we need to praise Microsoft on security area, after the Security Development Lifecycle, Microsoft increase the security of their products tremendously.
Here is an example:
Microsoft SQL Server 2008 - 0 Vulnerabilities
http://secunia.com/advisories/product/21744/and try to find the Oracle data in the Secunia website, you will amaze
-
Re:Security issues with Google Chrome?
Silverlight 2.x - 0 Vulnerabilities
http://secunia.com/advisories/product/20227/Silverlight 3.x - 0 Vulnerabilities
http://secunia.com/advisories/product/25996/Google Chrome 2.x - 10 Vulnerabilities
http://secunia.com/advisories/product/25469/Google Chrome 3.x - 0 Vulnerabilities
http://secunia.com/advisories/product/25720/Unfortunately, Secunia does not include Google Chrome 4.x data, which is the Chrome version using by the Chrome Frame
as a plugin, Chrome seems have more Vulnerabilities
I think we need to praise Microsoft on security area, after the Security Development Lifecycle, Microsoft increase the security of their products tremendously.
Here is an example:
Microsoft SQL Server 2008 - 0 Vulnerabilities
http://secunia.com/advisories/product/21744/and try to find the Oracle data in the Secunia website, you will amaze
-
Re:Security issues with Google Chrome?
Silverlight 2.x - 0 Vulnerabilities
http://secunia.com/advisories/product/20227/Silverlight 3.x - 0 Vulnerabilities
http://secunia.com/advisories/product/25996/Google Chrome 2.x - 10 Vulnerabilities
http://secunia.com/advisories/product/25469/Google Chrome 3.x - 0 Vulnerabilities
http://secunia.com/advisories/product/25720/Unfortunately, Secunia does not include Google Chrome 4.x data, which is the Chrome version using by the Chrome Frame
as a plugin, Chrome seems have more Vulnerabilities
I think we need to praise Microsoft on security area, after the Security Development Lifecycle, Microsoft increase the security of their products tremendously.
Here is an example:
Microsoft SQL Server 2008 - 0 Vulnerabilities
http://secunia.com/advisories/product/21744/and try to find the Oracle data in the Secunia website, you will amaze
-
Re:Well yes
And when you start digging in to those numbers, you find that they are not the same. IE's vulnerabilities tend to be more severe, more often unpatched, and (to a minor extent) leaving you in a worse position for being unpatched. And since we're being thorough - how about we throw in IE6 as well?
Yeah - MS has done way better over the years. They're pretty close to FF. About time.
-
Re:Well yes
IE7 and IE8 on Vista and later (Server 2008 and Windows 7) have some really impressive security, in fact. Everything is pretty well sandboxed, and if something DOES break, it's usually pretty well contained.
IE7 and IE8 combined have, oddly, exactly 100 vulnerabilities (88 for IE7, 12 for IE8).
FireFox 3.0 alone has 114. FireFox 3.5 has 18. And, to be thorough, FireFox 2 has 154.
So. Yeah. Glass Houses, throwing stones, yada yada yada. -
Re:Well yes
IE7 and IE8 on Vista and later (Server 2008 and Windows 7) have some really impressive security, in fact. Everything is pretty well sandboxed, and if something DOES break, it's usually pretty well contained.
IE7 and IE8 combined have, oddly, exactly 100 vulnerabilities (88 for IE7, 12 for IE8).
FireFox 3.0 alone has 114. FireFox 3.5 has 18. And, to be thorough, FireFox 2 has 154.
So. Yeah. Glass Houses, throwing stones, yada yada yada. -
Re:Well yes
IE7 and IE8 on Vista and later (Server 2008 and Windows 7) have some really impressive security, in fact. Everything is pretty well sandboxed, and if something DOES break, it's usually pretty well contained.
IE7 and IE8 combined have, oddly, exactly 100 vulnerabilities (88 for IE7, 12 for IE8).
FireFox 3.0 alone has 114. FireFox 3.5 has 18. And, to be thorough, FireFox 2 has 154.
So. Yeah. Glass Houses, throwing stones, yada yada yada. -
Re:Well yes
IE7 and IE8 on Vista and later (Server 2008 and Windows 7) have some really impressive security, in fact. Everything is pretty well sandboxed, and if something DOES break, it's usually pretty well contained.
IE7 and IE8 combined have, oddly, exactly 100 vulnerabilities (88 for IE7, 12 for IE8).
FireFox 3.0 alone has 114. FireFox 3.5 has 18. And, to be thorough, FireFox 2 has 154.
So. Yeah. Glass Houses, throwing stones, yada yada yada. -
Re:Well yes
IE7 and IE8 on Vista and later (Server 2008 and Windows 7) have some really impressive security, in fact. Everything is pretty well sandboxed, and if something DOES break, it's usually pretty well contained.
IE7 and IE8 combined have, oddly, exactly 100 vulnerabilities (88 for IE7, 12 for IE8).
FireFox 3.0 alone has 114. FireFox 3.5 has 18. And, to be thorough, FireFox 2 has 154.
So. Yeah. Glass Houses, throwing stones, yada yada yada. -
Re:Brain... locking... up...
Except that IIS has fewer. Let's see:
IIS7, first released in a server OS (Win2K8 - it was actually present in Vista before that, but no-one would run a server using it, so we don't consider that period) in January 2008, has 2 vulnerabilities in its entire lifetime, and only one of those is remote. That makes it 1 vulnerability per 10 months, or 1 remote vulnerability (which is usually what you care about for servers exposed on the Net) per 20 months.
Apache 2.2, first released in December 2005, has 16 vulnerabilities in its entire lifetime, 15 out of which are remote. That's roughly 1 remote vulnerability every 3 months.
"Oh, but no-one uses Win2K8 and IIS7", I hear people saying. Very well, let's look at the generation before that - IIS6 vs Apache 2.0. IIS6 was released with Win2K3 in April 2003; Apache 2.0 was released in April 2002, a year before that. Lets see:
IIS6 - 8 vulnerabilities to date
Apache 2.0 - 38 vulnerabilities to dateIn the interests of fairness it should be noted that a larger percentage - twice as many - of IIS6 vulnerabilities would give the attacker system access (i.e. provide an infection vector), compared to Apache. Even so, in absolute numbers, it's 3 system access vulnerabilities for IIS6 vs 7 such vulnerabilities for Apache. So, even accounting for that extra year, Apache still has worse security record overall for the last two major releases (or the last 6 years).
A secure OS would make sure that all code downloaded from the net is identified to the user as code downloaded from the net and its source/publisher, and a secure OS does not allow the downloaded code to execute until after the user has acknowledged that it is a downloaded program and given explicit permission.
This is precisely what Vista and Win7 do. If you download an executable, it will have a flag set in file meta-information that basically indicates that the source was network... when you run it, the OS will warn you and ask to confirm.
The problem is that this is not fool-proof. Consider this: how is the OS supposed to know that file comes from the network? From OS point of view, files don't "come" from anywhere - it's just that some application opens a file and starts writing data into it. The fact that said data was received from an open socket to a remove server a few milliseconds ago is not something an OS can reasonably detect. Thus, it really is all up to application to set the flag correctly. IE does that, and so does Firefox; other browsers might, or they might not.
Meanwhile, no other desktop OS that I know of does anything similar, and it's certainly quite possible for a Linux browser to download an executable file and chmod+x it - the OS won't stop it, because how could it possibly know that it's a bad thing, or even distinguish such a syscall from another one originating from user explicitly running chmod in the shell?
-
Re:Brain... locking... up...
Except that IIS has fewer. Let's see:
IIS7, first released in a server OS (Win2K8 - it was actually present in Vista before that, but no-one would run a server using it, so we don't consider that period) in January 2008, has 2 vulnerabilities in its entire lifetime, and only one of those is remote. That makes it 1 vulnerability per 10 months, or 1 remote vulnerability (which is usually what you care about for servers exposed on the Net) per 20 months.
Apache 2.2, first released in December 2005, has 16 vulnerabilities in its entire lifetime, 15 out of which are remote. That's roughly 1 remote vulnerability every 3 months.
"Oh, but no-one uses Win2K8 and IIS7", I hear people saying. Very well, let's look at the generation before that - IIS6 vs Apache 2.0. IIS6 was released with Win2K3 in April 2003; Apache 2.0 was released in April 2002, a year before that. Lets see:
IIS6 - 8 vulnerabilities to date
Apache 2.0 - 38 vulnerabilities to dateIn the interests of fairness it should be noted that a larger percentage - twice as many - of IIS6 vulnerabilities would give the attacker system access (i.e. provide an infection vector), compared to Apache. Even so, in absolute numbers, it's 3 system access vulnerabilities for IIS6 vs 7 such vulnerabilities for Apache. So, even accounting for that extra year, Apache still has worse security record overall for the last two major releases (or the last 6 years).
A secure OS would make sure that all code downloaded from the net is identified to the user as code downloaded from the net and its source/publisher, and a secure OS does not allow the downloaded code to execute until after the user has acknowledged that it is a downloaded program and given explicit permission.
This is precisely what Vista and Win7 do. If you download an executable, it will have a flag set in file meta-information that basically indicates that the source was network... when you run it, the OS will warn you and ask to confirm.
The problem is that this is not fool-proof. Consider this: how is the OS supposed to know that file comes from the network? From OS point of view, files don't "come" from anywhere - it's just that some application opens a file and starts writing data into it. The fact that said data was received from an open socket to a remove server a few milliseconds ago is not something an OS can reasonably detect. Thus, it really is all up to application to set the flag correctly. IE does that, and so does Firefox; other browsers might, or they might not.
Meanwhile, no other desktop OS that I know of does anything similar, and it's certainly quite possible for a Linux browser to download an executable file and chmod+x it - the OS won't stop it, because how could it possibly know that it's a bad thing, or even distinguish such a syscall from another one originating from user explicitly running chmod in the shell?
-
Re:Brain... locking... up...
Except that IIS has fewer. Let's see:
IIS7, first released in a server OS (Win2K8 - it was actually present in Vista before that, but no-one would run a server using it, so we don't consider that period) in January 2008, has 2 vulnerabilities in its entire lifetime, and only one of those is remote. That makes it 1 vulnerability per 10 months, or 1 remote vulnerability (which is usually what you care about for servers exposed on the Net) per 20 months.
Apache 2.2, first released in December 2005, has 16 vulnerabilities in its entire lifetime, 15 out of which are remote. That's roughly 1 remote vulnerability every 3 months.
"Oh, but no-one uses Win2K8 and IIS7", I hear people saying. Very well, let's look at the generation before that - IIS6 vs Apache 2.0. IIS6 was released with Win2K3 in April 2003; Apache 2.0 was released in April 2002, a year before that. Lets see:
IIS6 - 8 vulnerabilities to date
Apache 2.0 - 38 vulnerabilities to dateIn the interests of fairness it should be noted that a larger percentage - twice as many - of IIS6 vulnerabilities would give the attacker system access (i.e. provide an infection vector), compared to Apache. Even so, in absolute numbers, it's 3 system access vulnerabilities for IIS6 vs 7 such vulnerabilities for Apache. So, even accounting for that extra year, Apache still has worse security record overall for the last two major releases (or the last 6 years).
A secure OS would make sure that all code downloaded from the net is identified to the user as code downloaded from the net and its source/publisher, and a secure OS does not allow the downloaded code to execute until after the user has acknowledged that it is a downloaded program and given explicit permission.
This is precisely what Vista and Win7 do. If you download an executable, it will have a flag set in file meta-information that basically indicates that the source was network... when you run it, the OS will warn you and ask to confirm.
The problem is that this is not fool-proof. Consider this: how is the OS supposed to know that file comes from the network? From OS point of view, files don't "come" from anywhere - it's just that some application opens a file and starts writing data into it. The fact that said data was received from an open socket to a remove server a few milliseconds ago is not something an OS can reasonably detect. Thus, it really is all up to application to set the flag correctly. IE does that, and so does Firefox; other browsers might, or they might not.
Meanwhile, no other desktop OS that I know of does anything similar, and it's certainly quite possible for a Linux browser to download an executable file and chmod+x it - the OS won't stop it, because how could it possibly know that it's a bad thing, or even distinguish such a syscall from another one originating from user explicitly running chmod in the shell?
-
Re:Brain... locking... up...
Except that IIS has fewer. Let's see:
IIS7, first released in a server OS (Win2K8 - it was actually present in Vista before that, but no-one would run a server using it, so we don't consider that period) in January 2008, has 2 vulnerabilities in its entire lifetime, and only one of those is remote. That makes it 1 vulnerability per 10 months, or 1 remote vulnerability (which is usually what you care about for servers exposed on the Net) per 20 months.
Apache 2.2, first released in December 2005, has 16 vulnerabilities in its entire lifetime, 15 out of which are remote. That's roughly 1 remote vulnerability every 3 months.
"Oh, but no-one uses Win2K8 and IIS7", I hear people saying. Very well, let's look at the generation before that - IIS6 vs Apache 2.0. IIS6 was released with Win2K3 in April 2003; Apache 2.0 was released in April 2002, a year before that. Lets see:
IIS6 - 8 vulnerabilities to date
Apache 2.0 - 38 vulnerabilities to dateIn the interests of fairness it should be noted that a larger percentage - twice as many - of IIS6 vulnerabilities would give the attacker system access (i.e. provide an infection vector), compared to Apache. Even so, in absolute numbers, it's 3 system access vulnerabilities for IIS6 vs 7 such vulnerabilities for Apache. So, even accounting for that extra year, Apache still has worse security record overall for the last two major releases (or the last 6 years).
A secure OS would make sure that all code downloaded from the net is identified to the user as code downloaded from the net and its source/publisher, and a secure OS does not allow the downloaded code to execute until after the user has acknowledged that it is a downloaded program and given explicit permission.
This is precisely what Vista and Win7 do. If you download an executable, it will have a flag set in file meta-information that basically indicates that the source was network... when you run it, the OS will warn you and ask to confirm.
The problem is that this is not fool-proof. Consider this: how is the OS supposed to know that file comes from the network? From OS point of view, files don't "come" from anywhere - it's just that some application opens a file and starts writing data into it. The fact that said data was received from an open socket to a remove server a few milliseconds ago is not something an OS can reasonably detect. Thus, it really is all up to application to set the flag correctly. IE does that, and so does Firefox; other browsers might, or they might not.
Meanwhile, no other desktop OS that I know of does anything similar, and it's certainly quite possible for a Linux browser to download an executable file and chmod+x it - the OS won't stop it, because how could it possibly know that it's a bad thing, or even distinguish such a syscall from another one originating from user explicitly running chmod in the shell?
-
Re:The problem is in job responsibility
Cassandra is probably the best resource for that, you can build a profile of the software you use, and it will alert you when a vulnerability is fixed in that software.
Secunia of course offers commercial tools, but I've never used them, so not sure how useful they are.
http://secunia.com/advisories/business_solutions/Also, vulnerability management/discovery software like NeXpose or Nessus also can find many similar problems, especially if you give them access credentials.
-
Re:The problem is in job responsibility
For commonly used applications that make the CSV lists I find the Personal Software Inspector an excellent tool.
http://secunia.com/vulnerability_scanning/personal/
Amazing how many userland applications out there have some kind of exploit against them : /
-
Re:But it's not Windows!
Linux has had more known vulnerabilities than Windows, but that is because people can see the source and find the vulnerabilities. It has also had more fixed vulnerabilities and currently has less valid vulnerabilities than Windows.
I call bullshit twice. Without citations your opinion is noted but not necessarily relevant. Can you throw us a bone and define "Linux" and "valid"?
Because I don't know the basis of your statements, if you compare Windows Vista to Ubuntu 9.04 you'll see that Vista has 63 advisories and 113 vulnerabilities over three years. Ubuntu has 58 advisories and 147 vulnerabilities over four months. Vista's aren't all patched. Yawn. Microsoft does fix urgent issues out of band.
-
Re:But it's not Windows!
Linux has had more known vulnerabilities than Windows, but that is because people can see the source and find the vulnerabilities. It has also had more fixed vulnerabilities and currently has less valid vulnerabilities than Windows.
I call bullshit twice. Without citations your opinion is noted but not necessarily relevant. Can you throw us a bone and define "Linux" and "valid"?
Because I don't know the basis of your statements, if you compare Windows Vista to Ubuntu 9.04 you'll see that Vista has 63 advisories and 113 vulnerabilities over three years. Ubuntu has 58 advisories and 147 vulnerabilities over four months. Vista's aren't all patched. Yawn. Microsoft does fix urgent issues out of band.
-
Opera still has a LOWER MEMORY FOOTPRINT
"This was by design. Everything which could be moved to a plugin was. Of course, some things have slipped back into the browser, but the idea was to cut down the bloat." - by Philip_the_physicist (1536015) on Saturday August 22, @02:55AM (#29154011)
See subject-line above, & test for yourself - Opera can do javascript blocking, popup blocking, cookie blocking: AND ON A "PER-SITE BASIS", easily (via right-click on any website you wish & by setting "per site preferences", rather than GLOBAL ones only), & AS A "NATIVE BUILT-IN FEATURESET", not via addons (which only increase memory consumption & reduce browser speed (especially IF you load TOO MANY in FireFox, been there myself before is why I state that much))...
AND, Opera does so, with less memory consumption, by far (vs. FF or IE)... Here's what I see, on this note:
----
OPERA 10.10 BETA MEMORY FOOTPRINT (I use this, vs. Opera 9.6x - Working set, 1 tab open only, google main page):
24,488mb Working Set (via Process Explorer)
----
MICROSOFT INTERNET EXPLORER 8.x (Working set, 1 tab open only, google main page):
30,304mb Working Set (via Process Explorer)
----
MOZILLA MINEFIELD NIGHTLY BUILD (I use this vs. FF 3.52, & no addons loaded either, which would make this figure even MORE - Working set, 1 tab open only, google main page):
55,972mb Working Set (via Process Explorer)
----
"Read 'em & weep", I supposed... Opera does what the others do (& first, tabbed browsing anyone?), & for LESS... thus, "less IS truly MORE"...
NOW, as far as OVERALL web-browser performance? Opera "swept the floor" with the competition on THAT NOTE, as well, see here:
http://www.howtocreate.co.uk/browserSpeed.html
(Sure, Mozilla may have passed Opera in terms of JavaScript parsing speeds, but for years, it was NOT FASTER (Opera was)... but what is the gain there exactly? Since JavaScript's been shown to essentially be "the harbinger of doom" the past few years now in being the MAIN MALWARE DISTRIBUTION LAYER ONLINE in terms of bad adbanner code &/or malicious code on websites? Maybe it helps on ecommerce type pages or online banking page performance (where you actually absolutely NEED javascript running in order to use those types of pages), but, it only means it will get folks infected faster really... I don't understand this "web 2.0" craze, because they ought to fix the busted DOM in javascript first, before making javascript processing faster... imo, @ least!)
APK
P.S.=> Opera's also CONSISTENTLY led in less "known unpatched security vulnerabilities", per the stats kept by SECUNIA.COM, as follows (this is consistent for YEARS now no less, w/ Opera @ 0% most of the time, & FF + IE not @ 0% usually):
----
Vulnerability Report: Opera 9.x
http://secunia.com/advisories/product/10615/
0% (0 of 22 Secunia advisories)
----
Vulnerability Report: Mozilla Firefox 3.5.x
http://secunia.com/advisories/product/25800/
0% (0 of 2 Secunia advisories)
----
Vulnerability Report: Microsoft Internet Explorer 8.x
http://secunia.com/advisories/product/21625/
50% (2 of 4 Secunia advisories)
----
FireFox "surprises me", this round (usually, I found that FF has a couple over time usually (been doing posts like this one since 2005 here & elsewhere is why I state that) today... good job to the FF team (now, time to work on that memory footprint is all, so it's competitive w/ that of Opera), but, IE8 still has a couple outstanding (but, this is BETTER THAN USUAL for MS on this account)... so, they're ALL "getting better" on this front @ least! apk
-
Opera still has a LOWER MEMORY FOOTPRINT
"This was by design. Everything which could be moved to a plugin was. Of course, some things have slipped back into the browser, but the idea was to cut down the bloat." - by Philip_the_physicist (1536015) on Saturday August 22, @02:55AM (#29154011)
See subject-line above, & test for yourself - Opera can do javascript blocking, popup blocking, cookie blocking: AND ON A "PER-SITE BASIS", easily (via right-click on any website you wish & by setting "per site preferences", rather than GLOBAL ones only), & AS A "NATIVE BUILT-IN FEATURESET", not via addons (which only increase memory consumption & reduce browser speed (especially IF you load TOO MANY in FireFox, been there myself before is why I state that much))...
AND, Opera does so, with less memory consumption, by far (vs. FF or IE)... Here's what I see, on this note:
----
OPERA 10.10 BETA MEMORY FOOTPRINT (I use this, vs. Opera 9.6x - Working set, 1 tab open only, google main page):
24,488mb Working Set (via Process Explorer)
----
MICROSOFT INTERNET EXPLORER 8.x (Working set, 1 tab open only, google main page):
30,304mb Working Set (via Process Explorer)
----
MOZILLA MINEFIELD NIGHTLY BUILD (I use this vs. FF 3.52, & no addons loaded either, which would make this figure even MORE - Working set, 1 tab open only, google main page):
55,972mb Working Set (via Process Explorer)
----
"Read 'em & weep", I supposed... Opera does what the others do (& first, tabbed browsing anyone?), & for LESS... thus, "less IS truly MORE"...
NOW, as far as OVERALL web-browser performance? Opera "swept the floor" with the competition on THAT NOTE, as well, see here:
http://www.howtocreate.co.uk/browserSpeed.html
(Sure, Mozilla may have passed Opera in terms of JavaScript parsing speeds, but for years, it was NOT FASTER (Opera was)... but what is the gain there exactly? Since JavaScript's been shown to essentially be "the harbinger of doom" the past few years now in being the MAIN MALWARE DISTRIBUTION LAYER ONLINE in terms of bad adbanner code &/or malicious code on websites? Maybe it helps on ecommerce type pages or online banking page performance (where you actually absolutely NEED javascript running in order to use those types of pages), but, it only means it will get folks infected faster really... I don't understand this "web 2.0" craze, because they ought to fix the busted DOM in javascript first, before making javascript processing faster... imo, @ least!)
APK
P.S.=> Opera's also CONSISTENTLY led in less "known unpatched security vulnerabilities", per the stats kept by SECUNIA.COM, as follows (this is consistent for YEARS now no less, w/ Opera @ 0% most of the time, & FF + IE not @ 0% usually):
----
Vulnerability Report: Opera 9.x
http://secunia.com/advisories/product/10615/
0% (0 of 22 Secunia advisories)
----
Vulnerability Report: Mozilla Firefox 3.5.x
http://secunia.com/advisories/product/25800/
0% (0 of 2 Secunia advisories)
----
Vulnerability Report: Microsoft Internet Explorer 8.x
http://secunia.com/advisories/product/21625/
50% (2 of 4 Secunia advisories)
----
FireFox "surprises me", this round (usually, I found that FF has a couple over time usually (been doing posts like this one since 2005 here & elsewhere is why I state that) today... good job to the FF team (now, time to work on that memory footprint is all, so it's competitive w/ that of Opera), but, IE8 still has a couple outstanding (but, this is BETTER THAN USUAL for MS on this account)... so, they're ALL "getting better" on this front @ least! apk
-
Opera still has a LOWER MEMORY FOOTPRINT
"This was by design. Everything which could be moved to a plugin was. Of course, some things have slipped back into the browser, but the idea was to cut down the bloat." - by Philip_the_physicist (1536015) on Saturday August 22, @02:55AM (#29154011)
See subject-line above, & test for yourself - Opera can do javascript blocking, popup blocking, cookie blocking: AND ON A "PER-SITE BASIS", easily (via right-click on any website you wish & by setting "per site preferences", rather than GLOBAL ones only), & AS A "NATIVE BUILT-IN FEATURESET", not via addons (which only increase memory consumption & reduce browser speed (especially IF you load TOO MANY in FireFox, been there myself before is why I state that much))...
AND, Opera does so, with less memory consumption, by far (vs. FF or IE)... Here's what I see, on this note:
----
OPERA 10.10 BETA MEMORY FOOTPRINT (I use this, vs. Opera 9.6x - Working set, 1 tab open only, google main page):
24,488mb Working Set (via Process Explorer)
----
MICROSOFT INTERNET EXPLORER 8.x (Working set, 1 tab open only, google main page):
30,304mb Working Set (via Process Explorer)
----
MOZILLA MINEFIELD NIGHTLY BUILD (I use this vs. FF 3.52, & no addons loaded either, which would make this figure even MORE - Working set, 1 tab open only, google main page):
55,972mb Working Set (via Process Explorer)
----
"Read 'em & weep", I supposed... Opera does what the others do (& first, tabbed browsing anyone?), & for LESS... thus, "less IS truly MORE"...
NOW, as far as OVERALL web-browser performance? Opera "swept the floor" with the competition on THAT NOTE, as well, see here:
http://www.howtocreate.co.uk/browserSpeed.html
(Sure, Mozilla may have passed Opera in terms of JavaScript parsing speeds, but for years, it was NOT FASTER (Opera was)... but what is the gain there exactly? Since JavaScript's been shown to essentially be "the harbinger of doom" the past few years now in being the MAIN MALWARE DISTRIBUTION LAYER ONLINE in terms of bad adbanner code &/or malicious code on websites? Maybe it helps on ecommerce type pages or online banking page performance (where you actually absolutely NEED javascript running in order to use those types of pages), but, it only means it will get folks infected faster really... I don't understand this "web 2.0" craze, because they ought to fix the busted DOM in javascript first, before making javascript processing faster... imo, @ least!)
APK
P.S.=> Opera's also CONSISTENTLY led in less "known unpatched security vulnerabilities", per the stats kept by SECUNIA.COM, as follows (this is consistent for YEARS now no less, w/ Opera @ 0% most of the time, & FF + IE not @ 0% usually):
----
Vulnerability Report: Opera 9.x
http://secunia.com/advisories/product/10615/
0% (0 of 22 Secunia advisories)
----
Vulnerability Report: Mozilla Firefox 3.5.x
http://secunia.com/advisories/product/25800/
0% (0 of 2 Secunia advisories)
----
Vulnerability Report: Microsoft Internet Explorer 8.x
http://secunia.com/advisories/product/21625/
50% (2 of 4 Secunia advisories)
----
FireFox "surprises me", this round (usually, I found that FF has a couple over time usually (been doing posts like this one since 2005 here & elsewhere is why I state that) today... good job to the FF team (now, time to work on that memory footprint is all, so it's competitive w/ that of Opera), but, IE8 still has a couple outstanding (but, this is BETTER THAN USUAL for MS on this account)... so, they're ALL "getting better" on this front @ least! apk
-
Correction on SECUNIA stats (sorry, cut N paste)
Opera security advisories @ SECUNIA (0% unpatched):
http://secunia.com/product/10615/?task=advisories
FireFox security advisories @ SECUNIA (10% unpatched):
http://secunia.com/product/12434/
IE 7 security advisories @ SECUNIA (22% unpatched):
http://secunia.com/product/12366/
----
Using more CURRENT #'s, for the % of unpatched bugs in Opera (still @ 0% unpatched, AS-PER-USUAL), FireFox, & IE... &, @ least "I caught myself", first - @ least before anybody else has...
APK
P.S.=> You'll have to excuse me on the less than current #'s I posted in my last post - I re-used it from another posting I did comparing Opera, FF, & IE here before (& the results are fairly the same, Opera is clean, as usual... & the others? Are not, as usual)... apk
-
Correction on SECUNIA stats (sorry, cut N paste)
Opera security advisories @ SECUNIA (0% unpatched):
http://secunia.com/product/10615/?task=advisories
FireFox security advisories @ SECUNIA (10% unpatched):
http://secunia.com/product/12434/
IE 7 security advisories @ SECUNIA (22% unpatched):
http://secunia.com/product/12366/
----
Using more CURRENT #'s, for the % of unpatched bugs in Opera (still @ 0% unpatched, AS-PER-USUAL), FireFox, & IE... &, @ least "I caught myself", first - @ least before anybody else has...
APK
P.S.=> You'll have to excuse me on the less than current #'s I posted in my last post - I re-used it from another posting I did comparing Opera, FF, & IE here before (& the results are fairly the same, Opera is clean, as usual... & the others? Are not, as usual)... apk
-
Correction on SECUNIA stats (sorry, cut N paste)
Opera security advisories @ SECUNIA (0% unpatched):
http://secunia.com/product/10615/?task=advisories
FireFox security advisories @ SECUNIA (10% unpatched):
http://secunia.com/product/12434/
IE 7 security advisories @ SECUNIA (22% unpatched):
http://secunia.com/product/12366/
----
Using more CURRENT #'s, for the % of unpatched bugs in Opera (still @ 0% unpatched, AS-PER-USUAL), FireFox, & IE... &, @ least "I caught myself", first - @ least before anybody else has...
APK
P.S.=> You'll have to excuse me on the less than current #'s I posted in my last post - I re-used it from another posting I did comparing Opera, FF, & IE here before (& the results are fairly the same, Opera is clean, as usual... & the others? Are not, as usual)... apk
-
Re:Ahh...
There's a metric fuck-ton on Secunia.com, not least of all the emf file handling.
-
Re:Ahh...
There's a metric fuck-ton on Secunia.com, not least of all the emf file handling.
-
Re:local... remote...
No no... not "wordpress". Youd need an exploit in the PHP-Apache stack, not just in a random web app.
Care to find us one of those tha tis currently unpatched?
Why would a Wordpress exploit be not possible as a vector for this? For example see this --> http://secunia.com/advisories/25794/
If you can run arbitrary PHP code, you could possibly trigger this NULL exploit to get root.
-
Re:Adobe Flash security is extremely disappointing
>> My point is that MS seems to have finally woken up to security threats and is trying to clean up by having proper security audits...
>> Adobe has yet to do something like this.Are you suggesting that Adobe doesn't do security audits? You really think so?
Security audits and coding practices are always imperfect tools. Despite MS's audits that you think are so fantastic, IE 7 had 28 advisories in the last two years (vs. 23 for Flash in a parent post... pretty comparable numbers).
-
Actually, Secunia reports 4 browsers insecure
This is not so much a Windows issue as it is a browser issue. Secunia reports MSIE7, Mozilla, Chrome, and Opera ALL insecure for browsing for the same reasons: Flash, Adobe Reader, and Sun Java being the consistently prime culprits, but it also reports MSIE 7 and Mozilla as unsecure all by themselves.
Secunia is an interesting program in many ways, but it reports 'vulnerabilities' as soon as anyone releases a new version of anything. Suddenly, you are 'insecure.'
Regardless, Secunia is well worth taking a look at. http://www.secunia.com/
-
Let's review MacOS X vs. Windows Server 2003...
"So your hateboy statement that "It's proven every year that only OSX lags in this area" is simply disingenuous." - by Super_Z (756391) on Tuesday July 28, @04:51PM (#28858765)
Does it? Ok, let's "put that to the test", shall we?
Windows Server 2003 Known Vulnerabilities that are critical & unpatched/unworkaroundable:
----
http://secunia.com/advisories/product/1174/?task=advisories
240 Vulnerabilities
----
vs.
MacOS X (latest build) Known Vulnerabilities that are critical & unpatched/unworkaroundable:
----
http://secunia.com/advisories/product/96/?task=advisories
971 Vulnerabilities
----
READ 'EM & WEEP... &, that is absolutely current data, for both of their "all-time" advisories list, & unpatched (or work-around-able) issues... &, it appears MacOS X has been affected by FAR MORE than Windows Server 2003 (what I use here, as I consider IT the "real version of Windows", even vs. VISTA/Server 2008/Windows 7).
In fact? I'll discuss ANY of them @ length with you, as to the currently STILL "outstanding" issues... the ones to be of most concern, are of course, those that allow remote exploits of CRITICAL nature, because that's where I'll simply then show you EASY WORK-AROUNDS for the ones in Windows Server 2003... easy ones, mostly dealing in ACL's alterations in fact, which is, very easy, to do!
I mean, because of HOW I setup Windows Server 2003? Well, basically/fact is??
I am "proof" to a few just based on that alone, & only because of how I setup Windows Server 2003 here (default setup mostly, @ least AT setup that is, since it installs by default, as "workstation/pro" mode basically, not a full-blown server & I am proof to the issues that surround THAT end of things because of that alone)...
Fact is, quite recently, I have had that kind of 'debate' here on
(I think the person who attacked me over it (Americano &/or RyuuzakiTetsuya (same guy, diff. logons)) found it "QUITE ENLIGHTENING", lol, to say the least... with him having to use multiple accounts like that, & still failing to prove that MacOS X is more secure than Windows Server 2003 is... @ least in terms of current vulnerabilities & MacOS X still has one it has totally NOT PATCHED, deals in scripting (& they ONLY RECENTLY PATCHED A JAVA ISSUE ALL OTHER OS VENDORS PATCHED MONTHS AGO, no less)).
APK
P.S.=> Seems like YOU are the "disingenious one", as most of you "Pro-*NIX" fud spreaders, with your "straight outta pravda" b.s., which has been CLEARLY, shown as only that much... b.s.! Because, believe me, on this issue? I am "prepared as prepared gets", & anytime you want to discuss that (MacOS X vs. Windows Server 2003? I'm ready, willing, & able))... apk
-
Let's review MacOS X vs. Windows Server 2003...
"So your hateboy statement that "It's proven every year that only OSX lags in this area" is simply disingenuous." - by Super_Z (756391) on Tuesday July 28, @04:51PM (#28858765)
Does it? Ok, let's "put that to the test", shall we?
Windows Server 2003 Known Vulnerabilities that are critical & unpatched/unworkaroundable:
----
http://secunia.com/advisories/product/1174/?task=advisories
240 Vulnerabilities
----
vs.
MacOS X (latest build) Known Vulnerabilities that are critical & unpatched/unworkaroundable:
----
http://secunia.com/advisories/product/96/?task=advisories
971 Vulnerabilities
----
READ 'EM & WEEP... &, that is absolutely current data, for both of their "all-time" advisories list, & unpatched (or work-around-able) issues... &, it appears MacOS X has been affected by FAR MORE than Windows Server 2003 (what I use here, as I consider IT the "real version of Windows", even vs. VISTA/Server 2008/Windows 7).
In fact? I'll discuss ANY of them @ length with you, as to the currently STILL "outstanding" issues... the ones to be of most concern, are of course, those that allow remote exploits of CRITICAL nature, because that's where I'll simply then show you EASY WORK-AROUNDS for the ones in Windows Server 2003... easy ones, mostly dealing in ACL's alterations in fact, which is, very easy, to do!
I mean, because of HOW I setup Windows Server 2003? Well, basically/fact is??
I am "proof" to a few just based on that alone, & only because of how I setup Windows Server 2003 here (default setup mostly, @ least AT setup that is, since it installs by default, as "workstation/pro" mode basically, not a full-blown server & I am proof to the issues that surround THAT end of things because of that alone)...
Fact is, quite recently, I have had that kind of 'debate' here on
(I think the person who attacked me over it (Americano &/or RyuuzakiTetsuya (same guy, diff. logons)) found it "QUITE ENLIGHTENING", lol, to say the least... with him having to use multiple accounts like that, & still failing to prove that MacOS X is more secure than Windows Server 2003 is... @ least in terms of current vulnerabilities & MacOS X still has one it has totally NOT PATCHED, deals in scripting (& they ONLY RECENTLY PATCHED A JAVA ISSUE ALL OTHER OS VENDORS PATCHED MONTHS AGO, no less)).
APK
P.S.=> Seems like YOU are the "disingenious one", as most of you "Pro-*NIX" fud spreaders, with your "straight outta pravda" b.s., which has been CLEARLY, shown as only that much... b.s.! Because, believe me, on this issue? I am "prepared as prepared gets", & anytime you want to discuss that (MacOS X vs. Windows Server 2003? I'm ready, willing, & able))... apk
-
Re:Huh?
And then when a patch for Adobe does come out, as an Admin of 600 PC's I have to use Adobe's somewhat broken Update mechanism inside reader to update it. They don't release an MSP patch for SUS/Zenworks deployment until weeks later.
They do need to fix this. Also, how often do you install a piece of software only to end up with Adobe reader 3.01, or 5 installed with it even though you have 9.1.2? That is an issue to.
Sun Java needs to fix their broken updater too. Check out http://secunia.com/advisories/35853/ then realize that I'm the Java updater's not detecting that there is a Java 6 build 14 released. I have to manually go out and download build 14. And when I do that, I'm still left with vulnerable versions of Java 3, 4, 5, and 6 builds 0-4 installed. WTF?
-
Opera IS the "superior warrior" though... apk
"since they are insignificant in the browser market I'd probably do the same thing. This is a lame piece of news, companies blow larger deals on much sillier situations than this. It's just Opera trying to drum up some users." - by sulfide (1382739) on Tuesday July 21, @08:53AM (#28768555)
Not knocking FireFox/Mozilla really, they do a nice product & I've worked with their teams fixing bugs on various sites etc. et al, but... they're NO OPERA, in terms of performance, memory footprint, speed overall consistently, & security vulnerabilities patching (as well as meeting standards, but, here? FF seems to do more pages 'correctly', but, that's a matter of useragent string as a fix usually (report as IE, hassles go away many times), + webpage devs building MOSTLY around IE &/or FireFox instead)...
Considering Opera's OVERALL faster (when all factors are tested, Opera USUALLY comes out "on top" of the competition, for more speed & efficiency in various tests of browser speed (such as this one -> http://www.howtocreate.co.uk/browserSpeed.html + others such as -> http://nontroppo.org/timer/kestrel_tests/ & more (available upon request, just ask, I will put them out))?
It keeps Opera's competition on their toes, so-to-speak - they "steal" ideas from Opera, rampantly, & yes FireFox has surpassed Opera in javascript parsing + processing speeds lately, but, that same "gain" turned up a loss in the next url below (1st one):
AND, that Opera is overall the most secure (i.e.-> consistently bearing less known & unpatched security vulnerabilities, for YEARS now no less, this HAS been the case) than BOTH of its main competitors in FireFox (yes, even v.3.51 lately, has "holes again", per this url from here @
That anyone, with ANY SENSE, that is, knows which webbrowser not only performs the best, pound for pound, but also which one keeps you safest online (& has features natively "built-in" that other webbrowsers have to use addons for, or imitate, to achieve the same levels of excellence in 1 package)...
APK
P.S.=> Lastly, considering Opera generally makes passing the "ACID tests" (for browser std.s compliance) a snap usually, & they are usually the first OR amongst the first that pass it? Well... to quote Microsoft? "Where do YOU want to go, today?"... Opera! apk
-
Opera IS the "superior warrior" though... apk
"since they are insignificant in the browser market I'd probably do the same thing. This is a lame piece of news, companies blow larger deals on much sillier situations than this. It's just Opera trying to drum up some users." - by sulfide (1382739) on Tuesday July 21, @08:53AM (#28768555)
Not knocking FireFox/Mozilla really, they do a nice product & I've worked with their teams fixing bugs on various sites etc. et al, but... they're NO OPERA, in terms of performance, memory footprint, speed overall consistently, & security vulnerabilities patching (as well as meeting standards, but, here? FF seems to do more pages 'correctly', but, that's a matter of useragent string as a fix usually (report as IE, hassles go away many times), + webpage devs building MOSTLY around IE &/or FireFox instead)...
Considering Opera's OVERALL faster (when all factors are tested, Opera USUALLY comes out "on top" of the competition, for more speed & efficiency in various tests of browser speed (such as this one -> http://www.howtocreate.co.uk/browserSpeed.html + others such as -> http://nontroppo.org/timer/kestrel_tests/ & more (available upon request, just ask, I will put them out))?
It keeps Opera's competition on their toes, so-to-speak - they "steal" ideas from Opera, rampantly, & yes FireFox has surpassed Opera in javascript parsing + processing speeds lately, but, that same "gain" turned up a loss in the next url below (1st one):
AND, that Opera is overall the most secure (i.e.-> consistently bearing less known & unpatched security vulnerabilities, for YEARS now no less, this HAS been the case) than BOTH of its main competitors in FireFox (yes, even v.3.51 lately, has "holes again", per this url from here @
That anyone, with ANY SENSE, that is, knows which webbrowser not only performs the best, pound for pound, but also which one keeps you safest online (& has features natively "built-in" that other webbrowsers have to use addons for, or imitate, to achieve the same levels of excellence in 1 package)...
APK
P.S.=> Lastly, considering Opera generally makes passing the "ACID tests" (for browser std.s compliance) a snap usually, & they are usually the first OR amongst the first that pass it? Well... to quote Microsoft? "Where do YOU want to go, today?"... Opera! apk
-
Re:Full disclosure
After reading this comment I felt the need to point out the practices of the Secunia sponsored "Full Disclosure" mailing list whose supporters I called the Full Disclosure movement.
This is the message that credits a guy called SBerry for "discovering" the vulnerability. All that guy did was take the testcase from the Mozilla bug tracker attach a payload to it and publish it as his exploit, ready to be consumed by every skript kiddie with a subscription to that list or the milw0rm exploit RSS feed.
And Secunia even have the nerve calling the exploit the original advisory.
I'm not suggesting we hide all bugs and actually I don't like Mozilla's practice of doing so, for the same reasons that you suggest.
What I'm suggesting is that people like SBerry, milw0rm and Secunia get punished for what they do. An exploit is no security advisory! As the name suggests its only purpose is to exploit a known vulnerability which in almost all cases happens with criminal intend. Secunia is promoting this practice by giving credit to the exploit writers (and who knows what else). milw0rm is one of their henchmen hosting all the exploits. SBerry is one of the many misguided hackers, yearning for approval, who partake in this "security practice" called Full Disclosure.
But you know, I'm just a developer who was raised a hacker. I would never call me a security expert but I really have an uneasy feeling knowing that the Security industry is promoting ready-made exploits, which I think is actually quite insecure.
-
Re:Isolate! HA!FI (You figure out the acronym)
Um, what? This has nothing to do with the kernel.
Clarification - Maybe not this one, however: Using ActiveX allows system access
Ever heard the phrase "ActiveX kernel mode"?
Some nice examples:
http://www.codeproject.com/KB/COM/ActiveXEXEWrappers.aspx
http://blogs.zdnet.com/security/?p=427
http://secunia.com/advisories/35683/
Need anymore?
FMSFB (You figure out the acronym) -
Re:Symantec is saying this?
Yes it is better than older versions but
download and run this - http://secunia.com/vulnerability_scanning/personal/
It will tell you what programs you need to update. It will tell you every 1 to 3 days that you have a problem with Word, Excel, IE, Flash, Adobe Acrobat, etc, etc and really need to download the update from which ever companies website. It's made me decide to switch to Linux just out of shear annoyance... It's really funny how the update programs that litter my process list don't tell me this information for at least 1 to 4 weeks as I'd really like to know sooner... Can a brother get a damn RSS feed or something?
More than likely all of the above apply; Your mom is using IE, has an old version of Flash, Java, and Shockwave installed or has malware installed that is not detected yet. If you or your mom like the War3z then you more than likely have something not detected. A lot of stuff doesn't get added for a long long time when it doesn't break anything.
-
A simple cut & paste is what you get here, lol
"You cannot play videos without some ridiculous manual workaround. I consider that unusable" - by Americano (920576) on Thursday July 02, @02:39PM (#28561741)
The proof here seems to show otherwise, as I am watching an
All you are doing now, is trying to 'save face' because I can quote where you stated I could not watch videos & do so below (now you are 'turning tail' & trying to amend what you said, & you made a mistake, face it):
QUESTION: Did you say I could not play
"You can dick around with crippling your Windows box so it can't play videos" - by Americano (920576) on Sunday June 28, @01:56AM (#28501419)" - by Americano (920576) on Thursday July 02, @02:39PM (#28561741)
LOL, Answer my question above... &? A simple YES or NO will do on that (And, please - No more of your clearly evasive b.s.)
(Then again, ALL anyone has to do, is read what you wrote above, in plain black & white, & then see the solution I have to work around it, using VideoInspector (a freeware that works great) to scan + test if
TOO EASY! Thanks... & by the by?
You can "dick around" with the unfinished & only partially fixed MacOS X bug on scripts (lol, some fix - it's right up there with the Java hole that all other OS vendors patched MONTHS ago, & it took Apple way, Way, WAY longer to fix than the rest - and you trust THAT level of speed of fixes? No wonder they had 971 security vulnerabilities over time, & the Windows version I use only had 274 in the same timeframe)
I wonder - What is the more secure OS: The one I can fix or work around ANY problem & be safe, AND HAVE FULL FUNCTION IN no less (and others besides myself said it like THRONKA @ xtremepccentral, for he AND his clients no less) or yours, with only a "partial fix" in place that doesn't work fully & YOU CANNOT FIX IT??
"Inquiring minds want to know" lmao...
APK
P.S.=>
"Your system is, by default, more insecure than a mac. That simple fact has been demonstrated to you repeatedly using your own treasured Secunia data." - by Americano (920576) on Thursday July 02, @02:39PM (#28561741)
LOL, you mean THIS data -> http://secunia.com/advisories/18963/ that shows MacOS X with a hole that is NOT fully fixable? Sure you "proved me wrong" & that YOUR choice in OS, in MacOS X is "more secure" (lol, not)... not even a "nice try"...
(Too, TOO easy)...
"yawn. One trick ponies are boring." - by Americano (920576) on Thursday July 02, @04:08PM (#28563449)
Funny - That "1 trick" did you in easily (along w/ the security vulnerability in MacOS X that is unfinished & only a partial fix), along witn your impersonating me (which you were modded down for when you tried to deny it, lmao, nobody believed you then either) & you were called a troll here (your rep? Shot... you only did this, to yourself!)
"I notice in another thread you've been modded down as an off-topic troll pretty thoroughly, too - maybe I can start talking about how you're modded troll, offtopic, redundant, and all kinds of other nasty stuff, too, in an attempt to discredit your lame points?" - by Americano (920576) on Thursday July 02, @06:28PM (#28565433)
LOL, you're probably blowing your mod points modding me down elsewhere too, keep it up, I'll let YOU take your only 'weapon', away from YOURSELF (as I "get off" on watching peop
-
It only took 1 trick to make YOU LOSE, lol
"You cannot play videos without some ridiculous manual workaround. I consider that unusable" - by Americano (920576) on Thursday July 02, @02:39PM (#28561741)
The proof here seems to show otherwise, as I am watching an
All you are doing now, is trying to 'save face' because I can quote where you stated I could not watch videos & do so below (now you are 'turning tail' & trying to amend what you said, & you made a mistake, face it):
QUESTION: Did you say I could not play
"You can dick around with crippling your Windows box so it can't play videos" - by Americano (920576) on Sunday June 28, @01:56AM (#28501419)" - by Americano (920576) on Thursday July 02, @02:39PM (#28561741)
LOL, Answer my question above... &? A simple YES or NO will do on that (And, please - No more of your clearly evasive b.s.)
(Then again, ALL anyone has to do, is read what you wrote above, in plain black & white, & then see the solution I have to work around it, using VideoInspector (a freeware that works great) to scan + test if
TOO EASY! Thanks... & by the by?
You can "dick around" with the unfinished & only partially fixed MacOS X bug on scripts (lol, some fix - it's right up there with the Java hole that all other OS vendors patched MONTHS ago, & it took Apple way, Way, WAY longer to fix than the rest - and you trust THAT level of speed of fixes? No wonder they had 971 security vulnerabilities over time, & the Windows version I use only had 274 in the same timeframe)
I wonder - What is the more secure OS: The one I can fix or work around ANY problem & be safe, or yours, with only a "partial fix" in place that doesn't work fully & YOU CANNOT FIX IT??
"Inquiring minds want to know" lmao...
APK
P.S.=>
"Your system is, by default, more insecure than a mac. That simple fact has been demonstrated to you repeatedly using your own treasured Secunia data.",/b> - by Americano (920576) on Thursday July 02, @02:39PM (#28561741)
LOL, you mean THIS data -> http://secunia.com/advisories/18963/ [secunia.com] that shows MacOS X with a hole that is NOT fully fixable? Sure you "proved me wrong" & that YOUR choice in OS, in MacOS X is "more secure" (lol, not)... not even a "nice try"... apk
TOO easy...
"yawn. One trick ponies are boring." - by Americano (920576) on Thursday July 02, @04:08PM (#28563449)
Funny - That "1 trick" did you in easily (along w/ the security vulnerability in MacOS X that is unfinished & only a partial fix), did you in, along witn your impersonating me (which you were modded down for when you tried to deny it, lmao, nobody believed you then either) & you were called a troll here (your rep? Shot... you only did this, to yourself)... apk
-
Re:You can't change what you said originally, lol!
"You cannot play videos without some ridiculous manual workaround. I consider that unusable" - by Americano (920576) on Thursday July 02, @02:39PM (#28561741)
I definitely know not, as I am watching an
QUESTION: Did you say I could not play
"You can dick around with crippling your Windows box so it can't play videos" - by Americano (920576) on Sunday June 28, @01:56AM (#28501419)
LOL, Answer my question above... &? A simple YES or NO will do on that (And, please - No more of your clearly evasive b.s.)
(Then again, ALL anyone has to do, is read what you wrote above, in plain black & white, & then see the solution I have to work around it, using VideoInspector (a freeware that works great) to scan + test if
TOO EASY! Thanks... & by the by?
You can "dick around" with the unfinished & only partially fixed MacOS X bug on scripts (lol, some fix - it's right up there with the Java hole that all other OS vendors patched MONTHS ago, & it took Apple way, Way, WAY longer to fix than the rest - and you trust THAT level of speed of fixes? No wonder they had 971 security vulnerabilities over time, & the Windows version I use only had 274 in the same timeframe)
I wonder - What is the more secure OS: The one I can fix or work around ANY problem & be safe, or yours, with only a "partial fix" in place that doesn't work fully & YOU CANNOT FIX IT??
"Inquiring minds want to know" lmao...
APK
P.S.=>
"Why would I be trying to save face?" - by Americano (920576) on Thursday July 02, @02:39PM (#28561741)
Same reason as why you won't answer a simple YES or NO to my question in bold above... saving your face, & then trying to change what you originally said as well, lmao... YOU LOSE!
"I've shown you to be incorrect and completely wrong on all counts. Your system is, by default, more insecure than a mac." - by Americano (920576) on Thursday July 02, @02:39PM (#28561741)
Really? I am not the one running an OS with a partial fix on it now, like you are, am I? I can easily fix, and NOT LOSE ANY FUNCTION, anything on Windows, period (and I proved it and vs. your own erroneous statements above no less which you refuse to give a straight answer to).
"Your system is, by default, more insecure than a mac. That simple fact has been demonstrated to you repeatedly using your own treasured Secunia data." - by Americano (920576) on Thursday July 02, @02:39PM (#28561741)
LOL, you mean THIS data -> http://secunia.com/advisories/18963/ that shows MacOS X with a hole that is NOT fully fixable? Sure you "proved me wrong" & that YOUR choice in OS, in MacOS X is "more secure" (lol, not)... not even a "nice try"... apk
TOO easy... apk
-
Agreed 110%, Web 2.x & javascript = BAD! apk
All this "concentration" on "Web 2.0" riddled with javascript = "bad move", OVERALL, imo @ least! No, it's not "ALL BAD", & is a good thing, but I only say that because IF they would fix up the problems javascript itself has in its DOM, we might NOT see so many "bugs" come through our browsers & into the rest of our systems.
I mean, hey - Speeding up javascript processing's all "fine & good" but, it's only speeding up how fast you can be infected as well (& lately? Even by bogus adbanners (been this way for years now, only moreso lately)).
What about this EMCA script, that's supposed to be an improvement on javascript? AND, will it improve the DOM & the security vs. what we see in javascript now?? I think that we need something like that, now.
(These are the questions that need answering/addressing, imo @ least!)
APK
P.S.=> However, on this question from you:
"What I want to see is a browser that isn't riddled with bugs and easy ways for badware to end up infecting my machine" - by cyberjock1980 (1131059) on Wednesday July 01, @03:14PM (#28547409)
Well, the best I can show you on this account, is these stats from SECUNIA.COM, so you can make your OWN judgements/decisions, on this note!
----
Opera 9.x
http://secunia.com/advisories/product/10615/
Unpatched = 0% (0 of 22 Secunia advisories)
----
FireFox 3.x
http://secunia.com/advisories/product/19089/
Unpatched = 0% (0 of 15 Secunia advisories)
----
Internet Explorer
http://secunia.com/advisories/product/21625/
Unpatched = 50% (1 of 2 Secunia advisories)
----
(BIG improvement for FireFox, as I used to post these stats from 2005 - 2008 here, quite frequently, in debates about webbrowsers (on security, other url evidences for speed... & like the article says though, almost @ its outset? We HAVE seen big improvements in webbrowsers, this year especially))
Problem is though, that the stats above? Those are for KHOWN vulnerabilities... what about those NOT published publicly, & those that javascript creates? No, the problem is, & I AM CONVINCED OF THIS, is javascript - "the harbinger of doom"
-
Agreed 110%, Web 2.x & javascript = BAD! apk
All this "concentration" on "Web 2.0" riddled with javascript = "bad move", OVERALL, imo @ least! No, it's not "ALL BAD", & is a good thing, but I only say that because IF they would fix up the problems javascript itself has in its DOM, we might NOT see so many "bugs" come through our browsers & into the rest of our systems.
I mean, hey - Speeding up javascript processing's all "fine & good" but, it's only speeding up how fast you can be infected as well (& lately? Even by bogus adbanners (been this way for years now, only moreso lately)).
What about this EMCA script, that's supposed to be an improvement on javascript? AND, will it improve the DOM & the security vs. what we see in javascript now?? I think that we need something like that, now.
(These are the questions that need answering/addressing, imo @ least!)
APK
P.S.=> However, on this question from you:
"What I want to see is a browser that isn't riddled with bugs and easy ways for badware to end up infecting my machine" - by cyberjock1980 (1131059) on Wednesday July 01, @03:14PM (#28547409)
Well, the best I can show you on this account, is these stats from SECUNIA.COM, so you can make your OWN judgements/decisions, on this note!
----
Opera 9.x
http://secunia.com/advisories/product/10615/
Unpatched = 0% (0 of 22 Secunia advisories)
----
FireFox 3.x
http://secunia.com/advisories/product/19089/
Unpatched = 0% (0 of 15 Secunia advisories)
----
Internet Explorer
http://secunia.com/advisories/product/21625/
Unpatched = 50% (1 of 2 Secunia advisories)
----
(BIG improvement for FireFox, as I used to post these stats from 2005 - 2008 here, quite frequently, in debates about webbrowsers (on security, other url evidences for speed... & like the article says though, almost @ its outset? We HAVE seen big improvements in webbrowsers, this year especially))
Problem is though, that the stats above? Those are for KHOWN vulnerabilities... what about those NOT published publicly, & those that javascript creates? No, the problem is, & I AM CONVINCED OF THIS, is javascript - "the harbinger of doom"
-
Agreed 110%, Web 2.x & javascript = BAD! apk
All this "concentration" on "Web 2.0" riddled with javascript = "bad move", OVERALL, imo @ least! No, it's not "ALL BAD", & is a good thing, but I only say that because IF they would fix up the problems javascript itself has in its DOM, we might NOT see so many "bugs" come through our browsers & into the rest of our systems.
I mean, hey - Speeding up javascript processing's all "fine & good" but, it's only speeding up how fast you can be infected as well (& lately? Even by bogus adbanners (been this way for years now, only moreso lately)).
What about this EMCA script, that's supposed to be an improvement on javascript? AND, will it improve the DOM & the security vs. what we see in javascript now?? I think that we need something like that, now.
(These are the questions that need answering/addressing, imo @ least!)
APK
P.S.=> However, on this question from you:
"What I want to see is a browser that isn't riddled with bugs and easy ways for badware to end up infecting my machine" - by cyberjock1980 (1131059) on Wednesday July 01, @03:14PM (#28547409)
Well, the best I can show you on this account, is these stats from SECUNIA.COM, so you can make your OWN judgements/decisions, on this note!
----
Opera 9.x
http://secunia.com/advisories/product/10615/
Unpatched = 0% (0 of 22 Secunia advisories)
----
FireFox 3.x
http://secunia.com/advisories/product/19089/
Unpatched = 0% (0 of 15 Secunia advisories)
----
Internet Explorer
http://secunia.com/advisories/product/21625/
Unpatched = 50% (1 of 2 Secunia advisories)
----
(BIG improvement for FireFox, as I used to post these stats from 2005 - 2008 here, quite frequently, in debates about webbrowsers (on security, other url evidences for speed... & like the article says though, almost @ its outset? We HAVE seen big improvements in webbrowsers, this year especially))
Problem is though, that the stats above? Those are for KHOWN vulnerabilities... what about those NOT published publicly, & those that javascript creates? No, the problem is, & I AM CONVINCED OF THIS, is javascript - "the harbinger of doom"
-
What did I have to "cripple"? Tell us all, please!
"I have shown that it requires less crippling of system functionality to secure." - by Americano (920576) on Wednesday July 01, @03:13PM (#28547397)
Per my subject-line above? What did I 'cripple' to "cure the ills" on the still unpatched security vulnerabilities I reviewed, point-by-point no less, from SECUNIA.COM advisories??
After all, here, in THIS VERY EXCHANGE & the other one we came from?
Hey - You said I 'crippled my OS' via not being able to play
(AND, I clearly showed you an EASY 'work-around' for that (run any suspect, or ANY,
Above all else though? I knew you couldn't stay away, despite stating you'd "ignore me"... lmao! So answer THAT question above I just asked, & then the one in my "p.s." below, also, ok??
(Because I don't think I have to post the fact that others called you a troll here, or that you were "modded down" for impersonating me here, & then LYING about it also, & that you had to "eat your words" to others here already...)
APK
P.S.=>
"You have ignored all of that though, because it's inconvenient to the fiction you cling to that you're right." - by Americano (920576) on Wednesday July 01, @03:13PM (#28547397)
Oh, really? Now, why then won't you tell us, how YOU would FULLY fix this on MacOS X then -> http://secunia.com/advisories/18963/ ? Because, according to SECUNIA.COM & that advisory?? You really cannot... not fully & what Apple DID implement, is ONLY A PARTIAL FIX! apk
-
Re:You cannot use viruses/bugs as an example of co
Uhm, where are you getting your figures? Seems like IIS has been doing a better job of keeping up on everything. (Figures from secunia.com which seems about as neutral as I can find)
IIS 7 has only had 1 advisory and it was patched, http://secunia.com/advisories/product/17543/
IIS 6 has had 6 advisories and they were all patched, http://secunia.com/advisories/product/1438/
IIS 5 had 17 advisories and all but 1 were patched out, http://secunia.com/advisories/product/39/Apache 2.2 has had 11 advisories and 2 remain unpatched, http://secunia.com/advisories/product/9633/
Apache 2.0 has 39 adviseries, and 4 are unpatched, http://secunia.com/advisories/product/73/
Apaches 1.3 has 21 and 1 is unpatched. http://secunia.com/advisories/product/72/ -
Re:You cannot use viruses/bugs as an example of co
Uhm, where are you getting your figures? Seems like IIS has been doing a better job of keeping up on everything. (Figures from secunia.com which seems about as neutral as I can find)
IIS 7 has only had 1 advisory and it was patched, http://secunia.com/advisories/product/17543/
IIS 6 has had 6 advisories and they were all patched, http://secunia.com/advisories/product/1438/
IIS 5 had 17 advisories and all but 1 were patched out, http://secunia.com/advisories/product/39/Apache 2.2 has had 11 advisories and 2 remain unpatched, http://secunia.com/advisories/product/9633/
Apache 2.0 has 39 adviseries, and 4 are unpatched, http://secunia.com/advisories/product/73/
Apaches 1.3 has 21 and 1 is unpatched. http://secunia.com/advisories/product/72/ -
Re:You cannot use viruses/bugs as an example of co
Uhm, where are you getting your figures? Seems like IIS has been doing a better job of keeping up on everything. (Figures from secunia.com which seems about as neutral as I can find)
IIS 7 has only had 1 advisory and it was patched, http://secunia.com/advisories/product/17543/
IIS 6 has had 6 advisories and they were all patched, http://secunia.com/advisories/product/1438/
IIS 5 had 17 advisories and all but 1 were patched out, http://secunia.com/advisories/product/39/Apache 2.2 has had 11 advisories and 2 remain unpatched, http://secunia.com/advisories/product/9633/
Apache 2.0 has 39 adviseries, and 4 are unpatched, http://secunia.com/advisories/product/73/
Apaches 1.3 has 21 and 1 is unpatched. http://secunia.com/advisories/product/72/ -
Re:You cannot use viruses/bugs as an example of co
Uhm, where are you getting your figures? Seems like IIS has been doing a better job of keeping up on everything. (Figures from secunia.com which seems about as neutral as I can find)
IIS 7 has only had 1 advisory and it was patched, http://secunia.com/advisories/product/17543/
IIS 6 has had 6 advisories and they were all patched, http://secunia.com/advisories/product/1438/
IIS 5 had 17 advisories and all but 1 were patched out, http://secunia.com/advisories/product/39/Apache 2.2 has had 11 advisories and 2 remain unpatched, http://secunia.com/advisories/product/9633/
Apache 2.0 has 39 adviseries, and 4 are unpatched, http://secunia.com/advisories/product/73/
Apaches 1.3 has 21 and 1 is unpatched. http://secunia.com/advisories/product/72/ -
Re:You cannot use viruses/bugs as an example of co
Uhm, where are you getting your figures? Seems like IIS has been doing a better job of keeping up on everything. (Figures from secunia.com which seems about as neutral as I can find)
IIS 7 has only had 1 advisory and it was patched, http://secunia.com/advisories/product/17543/
IIS 6 has had 6 advisories and they were all patched, http://secunia.com/advisories/product/1438/
IIS 5 had 17 advisories and all but 1 were patched out, http://secunia.com/advisories/product/39/Apache 2.2 has had 11 advisories and 2 remain unpatched, http://secunia.com/advisories/product/9633/
Apache 2.0 has 39 adviseries, and 4 are unpatched, http://secunia.com/advisories/product/73/
Apaches 1.3 has 21 and 1 is unpatched. http://secunia.com/advisories/product/72/