Given that Mozilla security bugs aren't disclosed to the public until fixed, you have no idea how long it takes a fix for a particular bug to be released.
First, with XP SP2, you don't have to go to www.majorgeeks.com to see what BHOs are installed, you can use use IE's "Tools-Magage Add-ons..." menu command. This allows you to display each installed and/or currently loaded ActiveX Control, Browser Extension, BHO, and 3rd party Toolbar; and allows you to disable/enable them as to your liking.
Second, you didn't answer the parent's challenge by providing a URL to a page that does drive-by installs. Those BHOs are normally installed as part of a software package downloaded by the user (Adobe Acrobat Reader, for example). I currently have three BHOs installed: one from Sonic, one from Adobe (the Acrobat Reader BHO), and the Spybot BHO. Each of these were installed as part of software from legit companies that I intentionally installed; none were installed via "drive-by installs".
The fact is, most, if not all, "drive-by installs" are found at warez sites, and SP2 blocks such installs anyway.
I see many here attacking Symantec, but if you read the article, US-CERT is also cited as a source questioning the "Firefix is more secure" mantra.
"US-CERT (United States Computer Emergency Readiness Team), a partnership between the Department of Homeland Security and the public and private sectors, impartially tracks all manner of security issues in operating systems and major applications, such as browsers. US-CERT issues a bulletin every week, outlining the current crop of problem areas. You can access all past and current bulletins
here; I urge you to take a moment, click on over to their site, open several bulletins at random, and scroll down the page. In most cases in the more recent issues, you'll see the list of IE's vulnerabilities is shorter than those for Firefox, Mozilla, and the other alternate browsers. Likewise, with the more recent bulletins, you'll also see the list of Windows' vulnerabilities is actually much shorter than that for the other operating systems, even though Windows is far more widely installed."
So, making yourselves feel better by attacking the messenger Symantec is foolhardy because there are other messengers that agree with them.
"In fact, changing to Firefox--or Mozilla, or any similar software--because "it's more secure" is a
dangerous misconception; and demonstrably false. "
This is where Firefox advocates should be careful in their advocacy. By giving the impression that Firefox is nigh-invulnerable, Joe Blow might now feel free to download whatever malware and visit whatever malicious site strikes his fancy, falsely secure in the knowldedge that Firefox will protect him.
to SP2 because they want Windows to remain as insecure as it was under XP SP1, as that makes Linux an easier sell. The "greater stability" argument for Linux has been gone for a while now, so the remaining main argument is "greater security". Many are playing that argument for all its worth, and are loath to see any improvement in Windows that would lessen the effect of that argument. Hence, they spread FUD about SP2 breaking everything in sight in order to scare people from upgrading.
Re:Linux is the rebellion of the intellectuals
on
Linux Can't Kill Windows
·
· Score: 1, Flamebait
WTF? How is the parent post a "Troll, -1"? I guess anything that goes against the groupthink gets modded down. Makes for a pretty boring message board to not allow any disent.
When was videogaming "underground"? Maybe "hardcore nerds" were more into it (actually, they were more into D&D at my school), but I don't recall it being "underground". After all, the song "Pac-Man Fever" was a top 10 hit and Tron did well at the box office.
Developers should be mature enough to realize that any bug or irregularity found in an OS API should be considered subject to change and could break their software once it is fixed. It kinda bugs me that these "paid professionals" were and continue to be so short-sighted.... (meanwhile, these Open Source Amateurs rely almost exclusively on documented API functions and features simply because bugs and irregularities are often fixed quickly enough that to write code against them would mean they would need to update their code AGAIN.)
Are these the same OSS devs that proclaim the having access to the source code of the target OS is beneficial because they can see what the OS code is actually doing and code against that rather than the specs in order to gain performance (or perform certain "tricks")? Are these the same OSS advocates that say that Microsoft should document every internal function as if it's a public API so that any app can call any internal function any time it wants?
I think this kind of speaks volumes about where the real weakness in commericial software development lies -- in the motivation.
That's the weakness of all human endeavors, and is a reason that most of the projects on SourceForge are moribund.
I guess unix users (non-Mac OSX users) just have a different mindset. I know that Apple's own programs *require* installation in the Applicaitons folder, no ifs, ands, or buts. This is in contrast to most of the third party Mac software I've used (including Microsoft Office) that can be installed in the Home folder (or any folder to which the user has permission).
If you read the links that I provided, you also see that the Apache security adviseries are also more critical than the IIS ones.
And you say IIS was designed in an insecure manner. You sound like someone criticizing Windows instability by using Windows 9x as your basis. IIS 6.0 is NOT designed in an insecure manner, and this has been shown in practice. I'm not concerned with earlier versions of IIS.
From ActiveState.com's whitepaper Dynamic Languages -- ready for the next challenges, by design. July, 2004, regarding the rise of the dynamic languages Perl, Python, PHP, Tcl, Ruby: http://www.activestate.com/Company/NewsRoom/whitep apers.plex
While each of the successful dynamic languages have chosen different specific licenses, it is far from accidental that none selected the more extreme GPL license used by the Linux kernel. All of the successful language communities have deliberately picked licenses that fit equally well with corporate requirements for non-viral licenses and the Free Software Foundation's goals (although clearly not the tactics, given the license differences). In general, the language communities view themselves as on the "liberal" side of the open source debate (inasmuch as any large group can be described as having a consistent opinion), and aren't compelled to pick sides on the morality of proprietary licenses. This approach has served them well, with significant successes both within the Linux and Windows communities.
The "negative hype" regarding XP SP2 comes from one source: advocates of other OSes (namely Linux and OSX). These advocates don't WANT people to upgrade to SP2 because SP2 is much more secure than previous XPs and the security argument is the biggest weapon that these people have.
LOL It's amusing to see some of you twist yourselves in logical knots trying to rationalize the notion that this Cherry OS business involves "theft" while downloading warez does not.
Bust this: 1. Both are copyright infringement.
2. According to the dictionary definition of steal, "To take OR appropriate without right or leave, with intent to keep OR make use of wrongfully", both acts can be categorized as "stealing".
3. Even if they do not fall under the category of "theft", both are wrongs, and fall into at least one of the classic wrongs of lie, cheat, and steal.
4. For those that refuse to categorize downloading illegal warez as "theft", feel free to look upon it as "cheating" instead. Does that make you feel better about your illegal warez?
Is deriving something from the assembly really "reverse engineering"? Is it not merely disassemblying? "Reverse engineering" requires study of inputs and outputs until figure out how the thing works and how to make something compatible with it, without actually looking at assembly.
I don't know the history of SQL Server, but MS-DOS isn't an example of Microsoft taking open source code for free and selling it without paying the original author. Microsoft paid the creator of Q-DOS (or whatever it was called). And that creator didn't make billions like Microsoft did, but he did get much more than he ever got before (and likely since). (Now, whether he actually stole code from CP/M is another matter.;))
Why are both of you talking about theoretical scenarios about Microsoft making millions off of open source without paying the original coders when other companies are already doing that today? Talk about the real companies that are already engaging in the practice rather than talking about what Microsoft might be able to do in theory.
"As a customer Apache is so much better than IIS that there is no comparison. First it's free. Second it is more secure. "
There may be some reasons to prefer Apache over IIS but security is not one of them. Since 2003, IIS 6.0 has had exactly 3 security adviseries verses Apache's 22 in the same time period: IIS6 adviseries http://secunia.com/product/1438/ Apache 2.0 adviseries: http://secunia.com/product/73/
Linux and Windows having perceived security ratings of 8.3 and 7.6 isn't interesting, but what is interesting is that Windows perceived security rating doubled in one year. It may be time for Linux advocates to find another argument besides "security". The "stability" argument is no more, the "security" argument is losing steam, so I guess "price" is the only argument left (although, if the perceived TCO is the same for Linux and Windows, even the "price" argument doesn't have much steam).
To add to the parent's comment, in the 90's Linux advocates' main argument over Windows was "stability". But with the movement from Windows9x to the NT-based Windowses (Windows 2000 and XP) the "stability" argument no longer plays. Today, Linux advocates main argument is "security". Look for that argument to go by the way side in the same way as the "stability" argument has.
Lastly, in 10 years, Windows went from Win3.1 to Windows XP, a vastly higher improvement rate than Linux enjoyed over the same time period, and the respective rates will continue into the future. (Note that Mac enjoyed a similar improvement rate over the last 10 years as that of Windows; both are passing Linux by.)
Slashdot Mirror
Given that Mozilla security bugs aren't disclosed to the public until fixed, you have no idea how long it takes a fix for a particular bug to be released.
First, with XP SP2, you don't have to go to www.majorgeeks.com to see what BHOs are installed, you can use use IE's "Tools-Magage Add-ons..." menu command. This allows you to display each installed and/or currently loaded ActiveX Control, Browser Extension, BHO, and 3rd party Toolbar; and allows you to disable/enable them as to your liking.
Second, you didn't answer the parent's challenge by providing a URL to a page that does drive-by installs. Those BHOs are normally installed as part of a software package downloaded by the user (Adobe Acrobat Reader, for example). I currently have three BHOs installed: one from Sonic, one from Adobe (the Acrobat Reader BHO), and the Spybot BHO. Each of these were installed as part of software from legit companies that I intentionally installed; none were installed via "drive-by installs".
The fact is, most, if not all, "drive-by installs" are found at warez sites, and SP2 blocks such installs anyway.
to SP2 because they want Windows to remain as insecure as it was under XP SP1, as that makes Linux an easier sell. The "greater stability" argument for Linux has been gone for a while now, so the remaining main argument is "greater security". Many are playing that argument for all its worth, and are loath to see any improvement in Windows that would lessen the effect of that argument. Hence, they spread FUD about SP2 breaking everything in sight in order to scare people from upgrading.
More like the rebellion of psuedo-intellectuals.
WTF? How is the parent post a "Troll, -1"? I guess anything that goes against the groupthink gets modded down. Makes for a pretty boring message board to not allow any disent.
When was videogaming "underground"? Maybe "hardcore nerds" were more into it (actually, they were more into D&D at my school), but I don't recall it being "underground". After all, the song "Pac-Man Fever" was a top 10 hit and Tron did well at the box office.
it wouldn't have any significant affect on the income of the distributers or artists either. So, is my act of shoplifting excusable?
Are these the same OSS devs that proclaim the having access to the source code of the target OS is beneficial because they can see what the OS code is actually doing and code against that rather than the specs in order to gain performance (or perform certain "tricks")? Are these the same OSS advocates that say that Microsoft should document every internal function as if it's a public API so that any app can call any internal function any time it wants?
That's the weakness of all human endeavors, and is a reason that most of the projects on SourceForge are moribund.
I guess unix users (non-Mac OSX users) just have a different mindset. I know that Apple's own programs *require* installation in the Applicaitons folder, no ifs, ands, or buts. This is in contrast to most of the third party Mac software I've used (including Microsoft Office) that can be installed in the Home folder (or any folder to which the user has permission).
If you read the links that I provided, you also see that the Apache security adviseries are also more critical than the IIS ones.
And you say IIS was designed in an insecure manner. You sound like someone criticizing Windows instability by using Windows 9x as your basis. IIS 6.0 is NOT designed in an insecure manner, and this has been shown in practice. I'm not concerned with earlier versions of IIS.
http://www.activestate.com/Company/NewsRoom/white
Now, do you see the problem with GPL?
The "negative hype" regarding XP SP2 comes from one source: advocates of other OSes (namely Linux and OSX). These advocates don't WANT people to upgrade to SP2 because SP2 is much more secure than previous XPs and the security argument is the biggest weapon that these people have.
LOL
It's amusing to see some of you twist yourselves in logical knots trying to rationalize the notion that this Cherry OS business involves "theft" while downloading warez does not.
Bust this:
1. Both are copyright infringement.
2. According to the dictionary definition of steal, "To take OR appropriate without right or leave, with intent to keep OR make use of wrongfully", both acts can be categorized as "stealing".
3. Even if they do not fall under the category of "theft", both are wrongs, and fall into at least one of the classic wrongs of lie, cheat, and steal.
4. For those that refuse to categorize downloading illegal warez as "theft", feel free to look upon it as "cheating" instead. Does that make you feel better about your illegal warez?
What's this have to do with my rights online?
Don't you mean Fox? Talk about carrying an administration's water... LOL
Is deriving something from the assembly really "reverse engineering"? Is it not merely disassemblying? "Reverse engineering" requires study of inputs and outputs until figure out how the thing works and how to make something compatible with it, without actually looking at assembly.
I don't know the history of SQL Server, but MS-DOS isn't an example of Microsoft taking open source code for free and selling it without paying the original author. Microsoft paid the creator of Q-DOS (or whatever it was called). And that creator didn't make billions like Microsoft did, but he did get much more than he ever got before (and likely since). (Now, whether he actually stole code from CP/M is another matter. ;))
Why are both of you talking about theoretical scenarios about Microsoft making millions off of open source without paying the original coders when other companies are already doing that today? Talk about the real companies that are already engaging in the practice rather than talking about what Microsoft might be able to do in theory.
"As a customer Apache is so much better than IIS that there is no comparison. First it's free. Second it is more secure. "
There may be some reasons to prefer Apache over IIS but security is not one of them. Since 2003, IIS 6.0 has had exactly 3 security adviseries verses Apache's 22 in the same time period:
IIS6 adviseries http://secunia.com/product/1438/
Apache 2.0 adviseries: http://secunia.com/product/73/
yeah, like VB coders have the ability to fork and maintain VB on their own. LOL Get real.
Linux and Windows having perceived security ratings of 8.3 and 7.6 isn't interesting, but what is interesting is that Windows perceived security rating doubled in one year. It may be time for Linux advocates to find another argument besides "security". The "stability" argument is no more, the "security" argument is losing steam, so I guess "price" is the only argument left (although, if the perceived TCO is the same for Linux and Windows, even the "price" argument doesn't have much steam).
To add to the parent's comment, in the 90's Linux advocates' main argument over Windows was "stability". But with the movement from Windows9x to the NT-based Windowses (Windows 2000 and XP) the "stability" argument no longer plays. Today, Linux advocates main argument is "security". Look for that argument to go by the way side in the same way as the "stability" argument has.
Lastly, in 10 years, Windows went from Win3.1 to Windows XP, a vastly higher improvement rate than Linux enjoyed over the same time period, and the respective rates will continue into the future. (Note that Mac enjoyed a similar improvement rate over the last 10 years as that of Windows; both are passing Linux by.)