The point? You're not "us[ing] your computer intelligently" if you don't use any run some sort of security software just as a precaution.
That's a good point.
I'm not saying I only browse sites I trust (porn certainly needs to be watched occasionally), but when I'm browsing I'm using either Opera or Chrome, neither of which seem to get targeted. Not using IE (for anything) is actually the #1 security tip I can give to any Windows user. The only time I'll ever run IE is when I'm developing a site in Opera and I want to test it. I've got a toolbar button to open the current page in IE so it doesn't even need to go to its home page or anywhere else, it goes to the one page I'm working on and that's it, and then I close it. My days of downloading pirated material are also behind me, so that also probably had a significant impact on the average time between infections.
That being said, I'm feeling that with the increased focus on Flash player vulnerabilities, and my complete lack of faith in Adobe, that my days of browsing without explicit protection will be coming to an end relatively soon.
That's a good point, most of the time I don't have a reason to believe that but if I suspect something funny is going on I'll fire up Malwarebytes or something like that to check on it. I've got one or two anti-malware programs installed, I just run them on an as-needed basis instead of constantly scanning.
Hmm.. I used to hate Microsoft, back when I had to develop for IE6, but with steps in the right direction for IE8 and Windows 7 I'm feeling less hatred and more optimism. I used to have not much of an opinion on Apple, but now I think Apple is my most hated company (somehow they overtook Sony). Google is sort of like a fun uncle who always comes over bringing gifts, but you're not sure if he just does that because he wants to molest you. I gave up on Linux after a terrible experience trying to install Debian many years ago, but now I've got my little EeePC with Xandros which has never done me wrong.
I'm not sure where that leaves me..
Wait, I know: I'm an Opera fanboy! I can live with that.
That's exactly my point - read the first post in the thread and my reply. Someone responded to that with a non-sequitor about IE and you saw my reply. The original poster seemed to imply that Apple releasing an update somehow decreased the perceived security of OSX.
"Fanboi", huh? Exactly which company do you think I'm a huge fan of?
Meanwhile, I go home at night and surf with impunity on my Mac running OS X, just like I've done for the last 8 years.
You think you're the only one? My machine at home runs an unpatched version of XP SP3 (legally licensed, I just don't really bother to update it). I don't run a virus scanner, nor a software firewall, nor a memory-resident malware scanner. My current machine has never been infected (~2 years or so, since Crysis). My machine before that (same config) got infected once, when my roommate was porn browsing in IE.
The point? You don't need to run something other than Windows if you want to avoid infection, you just need to use your computer intelligently. It seems like you're saying that OSX is the platform for people to be as stupid as they want and still manage to avoid infection. That, my friend, is changing (as evidenced by the 7 patched vulnerabilities in Flash player).
Windows 7 can still be targeted by a IE bug that's been in place since IE6. Safari doesn't have zero day bugs *that* old
Regardless of whether or not your statement about IE in Windows 7 is accurate, that doesn't have anything to do with an update for OSX somehow implying that OSX is less secure than it was yesterday.
You just couldn't wait to post that, could you? FYI: every piece of software needs updates, and there is still always one piece of software that will be more secure than the others. I don't know if OSX is more secure than Windows 7, but both of them will continue to receive updates, that fact doesn't make either of them less secure.
Oh believe me, if there was a viable alternative we would be all over it. Not many people here have a love for Flash, we've been using it since the Flash 3/Flash 4 days and we've probably run into almost every bug at one time or another. We've lost a lot of productivity to the Flash IDE. But, as it is, Flash is basically the de-facto standard for producing online learning content, and our graphic folks are able to produce some pretty cool things with it.
go learn XHTML before you bitch about it. A hint: The real difference between HTML4 and XHTML lies in the parts that Internet Explorer doesn't support.
I know as much as I need to about XHTML, and I'm also not bitching about it ("There's no practical advantage to using XHTML over HTML." - that's not a complaint, it's a fact). If you think you have a good point, maybe you should make it instead of brushing it off. If your point is that XHTML is (in theory) well-formed XML, then describe how having well-formed XML is a benefit over using HTML for structuring a web page. I don't see any practical advantage to having a web page that you can also parse as XML. If I want a data feed I'll use XML. If I want a web page I'll use HTML.
The main uses that come to mind are video, audio, and non-video animation. The company I work for makes online training courses which are all done in Flash, there's no suitable alternative to Flash in that context (unless you count Silverlight, which I don't).
Unfortunately, it's not always possible to rewrite the software that is using IE6 (No access to the source code, None of the current IT department know the language the original software was written in).
That doesn't mean it's not possible. If nothing else, you can always do a ground-up redesign and rewrite. Applications could use that from time to time anyway. After several years I was able to talk my boss into letting me do that, we had 6 versions of an application running on ASP/Sql Server and I finally got everyone to agree to let me rewrite everything in PHP/MySQL. Not only was it a complete redesign and rewrite, but the software is faster and way more powerful, it has many new features that people need. It's also got a new Javascript interface which is orders of magnitude easier to use. Not having access to the code or having IT which has no clue what you were doing years ago doesn't mean you can't (or shouldn't) rewrite your outdated software.
No amount of conversations with the software developers will get them to change how they do it as they prefer the export feature didn't exist and no, we can't use an alternative.
C'mon, you know that's not true. Give me the specification for what you need your software to do and I'll tell you how much it will cost to build, and then you can tell the current "developers" (who apparently don't) where they can go.
What's with you putting words into my mouth? Is that what I said? I don't think so. I said "good indication", not "only factor". I'm not dealing in absolutes here. I'm not saying that any one thing is necessary to always be secure, or always be vulnerable. Yeah, code audits help. But that doesn't mean that for every single program where the code is not audited by a third party that it's always automatically insecure.
In other words, code audits help, but they aren't required in every single situation for a program to be secure. I'll point back to Opera as an example again. I can look at the vulnerability record and feel secure that I'm not going to get hit with a virus while I'm browsing (at least not through Opera, I can't say the same for Flash), and I don't need a code audit to tell me that. Fact is, I trust Opera Software enough to put out a quality product to help keep their good reputation, and my years of using their products has given me the experience to notice that I've never had Opera used as an attack vector.
Again, I can't say the same for Adobe and Flash, Adobe apparently could use a lot of help identifying and fixing problems. But that's a problem at Adobe, that's not due to the fact that their software is closed-source. If it was due to the fact that their software is closed-source, then you could expect the same level of security in all closed-source software.
Your view of this seems very black-and-white. There are many factors to consider when you decide if a piece of software is vulnerable, and code audits and the history are only pieces of that. A lack of either does not necessarily make a program insecure.
If you want to continue, then I would argue that the fact that Opera's security record shows only a handful of vulnerabilities which have all been patched implies that Opera is relatively secure. If it was not relatively secure, then there would be more known vulnerabilities. Consequently, the lack of known vulnerabilities, for all intents and purposes, qualifies a piece of software as secure (for the moment, at least). It doesn't matter practically if a piece of software has a vulnerability which no is able to exploit because no one knows about it. Your attempts at trying to establish program security with 100% accuracy are simply academic, what matters is what happens in the real world. A program's past record of events is a good indication of the developer's competence in producing quality software.
If you don't trust third parties to review the code
I do. I don't require a personal code audit of every program I run.
The only thing I'm arguing is that the lack of available source code does not automatically make a program insecure. That is the beginning and end of my argument.
Acrobat Reader most definitely does not have a home on any of my machines.
The point? You're not "us[ing] your computer intelligently" if you don't use any run some sort of security software just as a precaution.
That's a good point.
I'm not saying I only browse sites I trust (porn certainly needs to be watched occasionally), but when I'm browsing I'm using either Opera or Chrome, neither of which seem to get targeted. Not using IE (for anything) is actually the #1 security tip I can give to any Windows user. The only time I'll ever run IE is when I'm developing a site in Opera and I want to test it. I've got a toolbar button to open the current page in IE so it doesn't even need to go to its home page or anywhere else, it goes to the one page I'm working on and that's it, and then I close it. My days of downloading pirated material are also behind me, so that also probably had a significant impact on the average time between infections.
That being said, I'm feeling that with the increased focus on Flash player vulnerabilities, and my complete lack of faith in Adobe, that my days of browsing without explicit protection will be coming to an end relatively soon.
how do you know if your PC is infected
That's a good point, most of the time I don't have a reason to believe that but if I suspect something funny is going on I'll fire up Malwarebytes or something like that to check on it. I've got one or two anti-malware programs installed, I just run them on an as-needed basis instead of constantly scanning.
Hmm.. I used to hate Microsoft, back when I had to develop for IE6, but with steps in the right direction for IE8 and Windows 7 I'm feeling less hatred and more optimism. I used to have not much of an opinion on Apple, but now I think Apple is my most hated company (somehow they overtook Sony). Google is sort of like a fun uncle who always comes over bringing gifts, but you're not sure if he just does that because he wants to molest you. I gave up on Linux after a terrible experience trying to install Debian many years ago, but now I've got my little EeePC with Xandros which has never done me wrong.
I'm not sure where that leaves me..
Wait, I know: I'm an Opera fanboy! I can live with that.
That's exactly my point - read the first post in the thread and my reply. Someone responded to that with a non-sequitor about IE and you saw my reply. The original poster seemed to imply that Apple releasing an update somehow decreased the perceived security of OSX.
"Fanboi", huh? Exactly which company do you think I'm a huge fan of?
I'm waiting for the correlation between video game success and getting laid.
Being that there are many reasons to post things, and to post anonymously, "funny" isn't always the primary intent. What was my primary intent?
If it's necessary to have a discussion about your intent, how successful do you think you were in conveying it?
But it's possible I might say something funny.
Tell me a joke!
Meanwhile, I go home at night and surf with impunity on my Mac running OS X, just like I've done for the last 8 years.
You think you're the only one? My machine at home runs an unpatched version of XP SP3 (legally licensed, I just don't really bother to update it). I don't run a virus scanner, nor a software firewall, nor a memory-resident malware scanner. My current machine has never been infected (~2 years or so, since Crysis). My machine before that (same config) got infected once, when my roommate was porn browsing in IE.
The point? You don't need to run something other than Windows if you want to avoid infection, you just need to use your computer intelligently. It seems like you're saying that OSX is the platform for people to be as stupid as they want and still manage to avoid infection. That, my friend, is changing (as evidenced by the 7 patched vulnerabilities in Flash player).
Windows 7 can still be targeted by a IE bug that's been in place since IE6. Safari doesn't have zero day bugs *that* old
Regardless of whether or not your statement about IE in Windows 7 is accurate, that doesn't have anything to do with an update for OSX somehow implying that OSX is less secure than it was yesterday.
You already posted that in the first comment anonymously, and it wasn't funny then either.
You just couldn't wait to post that, could you? FYI: every piece of software needs updates, and there is still always one piece of software that will be more secure than the others. I don't know if OSX is more secure than Windows 7, but both of them will continue to receive updates, that fact doesn't make either of them less secure.
Oh believe me, if there was a viable alternative we would be all over it. Not many people here have a love for Flash, we've been using it since the Flash 3/Flash 4 days and we've probably run into almost every bug at one time or another. We've lost a lot of productivity to the Flash IDE. But, as it is, Flash is basically the de-facto standard for producing online learning content, and our graphic folks are able to produce some pretty cool things with it.
Maybe the PRC government did it at the request of the MPAA to cut down on piracy?
Do you realize how stupid that sounds?
Good, tell that to Youtube and let me know how it works out.
Some video and a set of radio buttons, huh? Educate thyself.
go learn XHTML before you bitch about it.
A hint: The real difference between HTML4 and XHTML lies in the parts that Internet Explorer doesn't support.
I know as much as I need to about XHTML, and I'm also not bitching about it ("There's no practical advantage to using XHTML over HTML." - that's not a complaint, it's a fact). If you think you have a good point, maybe you should make it instead of brushing it off. If your point is that XHTML is (in theory) well-formed XML, then describe how having well-formed XML is a benefit over using HTML for structuring a web page. I don't see any practical advantage to having a web page that you can also parse as XML. If I want a data feed I'll use XML. If I want a web page I'll use HTML.
I don't have anything against XHTML, I just don't see a benefit to using it versus HTML. I'll write structured markup either way.
The main uses that come to mind are video, audio, and non-video animation. The company I work for makes online training courses which are all done in Flash, there's no suitable alternative to Flash in that context (unless you count Silverlight, which I don't).
Why shouldn't you use XHTML?
1) There's no practical advantage to using XHTML over HTML.
2) There's no XHTML2. The future is HTML5.
What do you suggest as a replacement for the functionality provided by Flash?
Unfortunately, it's not always possible to rewrite the software that is using IE6 (No access to the source code, None of the current IT department know the language the original software was written in).
That doesn't mean it's not possible. If nothing else, you can always do a ground-up redesign and rewrite. Applications could use that from time to time anyway. After several years I was able to talk my boss into letting me do that, we had 6 versions of an application running on ASP/Sql Server and I finally got everyone to agree to let me rewrite everything in PHP/MySQL. Not only was it a complete redesign and rewrite, but the software is faster and way more powerful, it has many new features that people need. It's also got a new Javascript interface which is orders of magnitude easier to use. Not having access to the code or having IT which has no clue what you were doing years ago doesn't mean you can't (or shouldn't) rewrite your outdated software.
No amount of conversations with the software developers will get them to change how they do it as they prefer the export feature didn't exist and no, we can't use an alternative.
C'mon, you know that's not true. Give me the specification for what you need your software to do and I'll tell you how much it will cost to build, and then you can tell the current "developers" (who apparently don't) where they can go.
It's surprising that you don't.
What's with you putting words into my mouth? Is that what I said? I don't think so. I said "good indication", not "only factor". I'm not dealing in absolutes here. I'm not saying that any one thing is necessary to always be secure, or always be vulnerable. Yeah, code audits help. But that doesn't mean that for every single program where the code is not audited by a third party that it's always automatically insecure.
In other words, code audits help, but they aren't required in every single situation for a program to be secure. I'll point back to Opera as an example again. I can look at the vulnerability record and feel secure that I'm not going to get hit with a virus while I'm browsing (at least not through Opera, I can't say the same for Flash), and I don't need a code audit to tell me that. Fact is, I trust Opera Software enough to put out a quality product to help keep their good reputation, and my years of using their products has given me the experience to notice that I've never had Opera used as an attack vector.
Again, I can't say the same for Adobe and Flash, Adobe apparently could use a lot of help identifying and fixing problems. But that's a problem at Adobe, that's not due to the fact that their software is closed-source. If it was due to the fact that their software is closed-source, then you could expect the same level of security in all closed-source software.
Your view of this seems very black-and-white. There are many factors to consider when you decide if a piece of software is vulnerable, and code audits and the history are only pieces of that. A lack of either does not necessarily make a program insecure.
FYI:
http://en.wikipedia.org/wiki/Presto_(layout_engine)
If you want to continue, then I would argue that the fact that Opera's security record shows only a handful of vulnerabilities which have all been patched implies that Opera is relatively secure. If it was not relatively secure, then there would be more known vulnerabilities. Consequently, the lack of known vulnerabilities, for all intents and purposes, qualifies a piece of software as secure (for the moment, at least). It doesn't matter practically if a piece of software has a vulnerability which no is able to exploit because no one knows about it. Your attempts at trying to establish program security with 100% accuracy are simply academic, what matters is what happens in the real world. A program's past record of events is a good indication of the developer's competence in producing quality software.
If you don't trust third parties to review the code
I do. I don't require a personal code audit of every program I run.
The only thing I'm arguing is that the lack of available source code does not automatically make a program insecure. That is the beginning and end of my argument.