There Is No Safe Web Browser

Michael writes "David Sheets has up an interesting article on browser security, and I have to agree with his conclusion: no web browser is safe. The article details the recent Netscape fiasco, and touches on the whole Firefox/Internet Explorer debate. From the article: 'So if it sounds as if we're all at the mercy of hackers just looking for some new challenge, that's partially true. As law enforcement officers will tell you, crime finds you if it wants you bad enough, no matter what preventative measures you take. But the vast majority of criminals have an Achilles' heel: They prefer convenience to challenge. For now, it's more convenient for them to pick on Internet Explorer.'"

Dictionary Security Definition

[Crimson+Dragon]

While I understand the point that Mr. Sheets is making, however, I disagree with his definition of safe.

The implication of this article stems in the absolutes of security: can it ward off intruders or not. This is a flawed approach, and while seemingly a logical one, denounces another reality of this level of breach: the lion's share of these breaches are not of the most malicious sort (read: that stupid data miner which causes popups, search bars from hell, etc). These kind of easily hackable sections of Internet Explorer are less prevalent in Firefox. Market forces of the sheer user base would dictate that if this were not so, more spyware would have been ported to Firefox by now. 25 million downloads, right? That's a sizable chunk for any malware vendor, or aspiring intruder, to infiltrate.

One must acknowledge the reality of security by statistics alongside security by absolutes.

Hit the Nail on the Head

I think that this author has finally gotten it right. Note the increasing instances of popup ads that are tailored for firefox users etc.

As firefox gains in popularity, expect that the number of exploits aimed towards it will continue to rise.

That being said, the nice thing about firefox (and OSS), is that lots of eyeballs can look at, and fix, the code in a timely manner.

Re:No browser is safe?

[slavemowgli]

Lynx has had vulnerabilities in the past, too - this one, for example. The only *really* safe way to browse is probably to use telnet, but I'm not sure you can even call that "browsing" anymore.

Come on

[a_greer2005]

The problem is ignorant users, the headline is like saying "THERE IS NO SAFE CAR" of cource no car is safe when you dont buckle up, drive 120MPH and swirve, but when proper precautions are taken, I dare say a Lexus is safer than a Pinto.
Browsers can be totaly safe, as much as I hate to say it, IE can be pretty safe too. just follow these rules:
1:USE A FIREWALL
2: update your browser
3:disable ActiveX, any site that uses it is a site you should learn to live without.
4: (the one most often broken) DONT CLICK YES ALL THE TIME, warnings are there for a reason.
5: Dont DL and run STUPID executables

Most Browsers do a decent job of protecting you fron the bad stuff, but NOTHING can protect you from yourself, short of cutting the cable, and if you do that, dont run with scisors

Re:Lynx is safe

[Profane+MuthaFucka]

I don't even see the code. All I see is blonde, brunette, and redhead.

Be careful!!!

[3770]

I telnetted to port 80 once, and interpreted the HTML in my head.

Unfortunately there was a infinitely recursive Java script function on there.

I'm still not quite myself.