Tuesday, April 12, 2005

IT Observer - Mozilla: The Honeymoon is over

According to IT Observer Mozilla: The Honeymoon is over. One snippet:

But then it may be asked is it really within the remit of a browser to guarantee Internet security. Are we asking too much? We don’t expect our browsers to block viruses, spyware or malicious scripts so why should we have such high expectations for their security capabilities.

It's not a case of guaranteeing security. I expect security by default. And I don't expect my browser to block viruses, spyware or malicious scripts - I expect that a web browser should be immune to them, so that blocking is irrelevant.

I don't often get decent security by default, mind you.

On my home PC, with Windows XP, for a couple of days when I first got it I was using IE (just until I got round to installing Netscape and later Firefox). And just a couple of days using IE was enough to persuade me never to do so again. Something that will allow a web site to randomly install software on my machine without even bothering to tell me has no place on my machine. I currently have IE set up so that everything except windows update is run at the highest possible security setting, and don't use IE anyway as I have something other than IE as the default browser. Since then, I've been trouble free. (And I don't read mail on my PC with anything - I ssh onto a Sun box and use good old ucb mail for that.)

Are the unix variants maintaining the high ground in terms of security? On the server side, I could honestly argue that they are. I'm not at all sure that this is true on the desktop, though. The problem I see here is the increasing complexity of desktop environments, with tight integration and extra services opening up new avenues of attack (or the same sorts of avenues that have been present on Windows for some time).

No comments: