Re: On product vulnerability history and vulnerability complexity

To: Crispin Cowan <crispin@xxxxxxxxxx>
Subject: Re: On product vulnerability history and vulnerability complexity
From: ArkanoiD <ark@xxxxxxxxx>
Date: Mon, 3 Apr 2006 19:44:12 +0400
Cc: "Steven M. Christey" <coley@xxxxxxxxx>, bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <442F060E.4030909@xxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <200603240801.k2O81Wnx003790@xxxxxxxxxxxxxxx> <442F060E.4030909@xxxxxxxxxx>
User-agent: Mutt/1.4.1i

nuqneH,

On Sat, Apr 01, 2006 at 03:00:30PM -0800, Crispin Cowan wrote:
> >   
> IMHO the biggest thing that makes Firefox on Linux more secure than IE
> on Windows is that you don't run Firefox as root/administrator, so when
> it gets hacked, it doesn't 0wn the machine.

Actually there is only one major difference: you cannot be rootkited (unless
there is an exploit that fits, and if you are running X11 with all modern
software bells'n'whistles , there probably is) .

>From other points of view owning a sole user on the machine does not 
differ much.

(Do they still run web browser as administrator? I think XP was designed not
to do that?)

References:
- On product vulnerability history and vulnerability complexity
  - From: Steven M. Christey
- Re: On product vulnerability history and vulnerability complexity
  - From: Crispin Cowan

Prev by Date: Re: recursive DNS servers DDoS as a growing DDoS problem
Next by Date: Re: On product vulnerability history and vulnerability complexity
Previous by thread: Re: On product vulnerability history and vulnerability complexity
Next by thread: Re: On product vulnerability history and vulnerability complexity
Index(es):
- Date
- Thread