It seems that the mozilla-derived browsers have security issues
requiring updates far more frequently than other browsers like Konqueror
or links2.

I'm curious as to why this is. Does anyone have any ideas?

I'm on dialup and switched to Konq for this very reason but sometimes I
have a website that doesn't work and its handy to see if iceweasel will
view it. (so far the only one is the adobe flashplayer test page).

Doug.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Hi Douglas.

Douglas Allan Tutty, 26.07.2007 18:23:
> It seems that the mozilla-derived browsers have security issues
> requiring updates far more frequently than other browsers like Konqueror
> or links2.

Aside from the fact that one software really can be more secure than another one
is this the result of an increased usage. The more people use Gecko browsers,
the more bugs can be found willingly or unwillingly. And the more people use
Gecko browsers, the more lucrative is it to find security holes and damage
systems this way.


Regards, Mathias


--
debian/rules


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGqNZMYfUFJ3ewsJgRArpWAKCIA2ZjbiIiJkvbzz/ahmUq+Ru8JwCeNi7g
AvEKIgtqyNtbj6oC9PHP+hU=
=0Lzm
-----END PGP SIGNATURE-----

Hi Douglas.

Douglas Allan Tutty, 26.07.2007 18:23:
> It seems that the mozilla-derived browsers have security issues
> requiring updates far more frequently than other browsers like Konqueror
> or links2.

Aside from the fact that one software really can be more secure than another one
is this the result of an increased usage. The more people use Gecko browsers,
the more bugs can be found willingly or unwillingly. And the more people use
Gecko browsers, the more lucrative is it to find security holes and damage
systems this way.


Regards, Mathias


--
debian/rules


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGqNZMYfUFJ3ewsJgRArpWAKCIA2ZjbiIiJkvbzz/ahmUq+Ru8JwCeNi7g
AvEKIgtqyNtbj6oC9PHP+hU=
=0Lzm
-----END PGP SIGNATURE-----

Doug writes:
> It seems that the mozilla-derived browsers have security issues requiring
> updates far more frequently than other browsers like Konqueror or links2.

> I'm curious as to why this is. Does anyone have any ideas?

How many people are looking for holes in Konq or Links2?
--
John Hasler


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Doug writes:
> It seems that the mozilla-derived browsers have security issues requiring
> updates far more frequently than other browsers like Konqueror or links2.

> I'm curious as to why this is. Does anyone have any ideas?

How many people are looking for holes in Konq or Links2?
--
John Hasler


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

On Thu, Jul 26, 2007 at 07:13:48PM +0200, Mathias Brodala wrote:
> Douglas Allan Tutty, 26.07.2007 18:23:
> > It seems that the mozilla-derived browsers have security issues
> > requiring updates far more frequently than other browsers like Konqueror
> > or links2.
>
> Aside from the fact that one software really can be more secure than another one
> is this the result of an increased usage. The more people use Gecko browsers,
> the more bugs can be found willingly or unwillingly. And the more people use
> Gecko browsers, the more lucrative is it to find security holes and damage
> systems this way.

So this suggests that its a tradeoff: more users of Gecko means more
people reporting bugs and therefore more bug fixes but also a more
lucrative target for security threats; Konq may have more undiscovered
security holes but they are undiscovered both by bug fixers and security
threats?

Is this the gist of the situation?

Doug.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

On Thu, Jul 26, 2007 at 07:13:48PM +0200, Mathias Brodala wrote:
> Douglas Allan Tutty, 26.07.2007 18:23:
> > It seems that the mozilla-derived browsers have security issues
> > requiring updates far more frequently than other browsers like Konqueror
> > or links2.
>
> Aside from the fact that one software really can be more secure than another one
> is this the result of an increased usage. The more people use Gecko browsers,
> the more bugs can be found willingly or unwillingly. And the more people use
> Gecko browsers, the more lucrative is it to find security holes and damage
> systems this way.

So this suggests that its a tradeoff: more users of Gecko means more
people reporting bugs and therefore more bug fixes but also a more
lucrative target for security threats; Konq may have more undiscovered
security holes but they are undiscovered both by bug fixers and security
threats?

Is this the gist of the situation?

Doug.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Hi Douglas.

Douglas Allan Tutty, 26.07.2007 20:06:
> On Thu, Jul 26, 2007 at 07:13:48PM +0200, Mathias Brodala wrote:
>> Douglas Allan Tutty, 26.07.2007 18:23:
>>> It seems that the mozilla-derived browsers have security issues
>>> requiring updates far more frequently than other browsers like Konqueror
>>> or links2.
>> Aside from the fact that one software really can be more secure than another one
>> is this the result of an increased usage. The more people use Gecko browsers,
>> the more bugs can be found willingly or unwillingly. And the more people use
>> Gecko browsers, the more lucrative is it to find security holes and damage
>> systems this way.
>
> So this suggests that its a tradeoff: more users of Gecko means more
> people reporting bugs and therefore more bug fixes but also a more
> lucrative target for security threats; Konq may have more undiscovered
> security holes but they are undiscovered both by bug fixers and security
> threats?
>
> Is this the gist of the situation?

Basically, yes.


Regards, Mathias

--
debian/rules


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGqOWMYfUFJ3ewsJgRAqL/AJ4sfjr5jmDyIGM3f512FQ8jYRvAEQCcCNM6
qJVpFv81YAyYO8a7m1Kt5/I=
=MBTF
-----END PGP SIGNATURE-----

On Thu, Jul 26, 2007 at 02:06:11PM -0400, Douglas Allan Tutty wrote:
> On Thu, Jul 26, 2007 at 07:13:48PM +0200, Mathias Brodala wrote:
> > Douglas Allan Tutty, 26.07.2007 18:23:
> > > It seems that the mozilla-derived browsers have security issues
> > > requiring updates far more frequently than other browsers like Konqueror
> > > or links2.
> >
> > Aside from the fact that one software really can be more secure than another one
> > is this the result of an increased usage. The more people use Gecko browsers,
> > the more bugs can be found willingly or unwillingly. And the more people use
> > Gecko browsers, the more lucrative is it to find security holes and damage
> > systems this way.
>
> So this suggests that its a tradeoff: more users of Gecko means more
> people reporting bugs and therefore more bug fixes but also a more
> lucrative target for security threats; Konq may have more undiscovered
> security holes but they are undiscovered both by bug fixers and security
> threats?
>
> Is this the gist of the situation?

yes, but it amounts to security by obscurity... IOW, don't count on a
smaller user base to provide security simply because its a less
lucrative target... nothing prevents someone from looking for the
security holes that are surely there even if its less lucrative.

A

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGqOfkaIeIEqwil4YRAjKEAJ414nCDmG4QoSlIijOZ3P et0/JicwCgpGb0
fepZ75pvhh7dyY17bNfoF5Q=
=C6QY
-----END PGP SIGNATURE-----

John Hasler wrote:
> Doug writes:
>> It seems that the mozilla-derived browsers have security issues requiring
>> updates far more frequently than other browsers like Konqueror or links2.
>
>> I'm curious as to why this is. Does anyone have any ideas?
>
> How many people are looking for holes in Konq or Links2?

2?


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

John Hasler wrote:
> Doug writes:
>> It seems that the mozilla-derived browsers have security issues requiring
>> updates far more frequently than other browsers like Konqueror or links2.
>
>> I'm curious as to why this is. Does anyone have any ideas?
>
> How many people are looking for holes in Konq or Links2?

2?


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

On 7/26/07, Mathias Brodala <info@noctus.net> wrote:
> Hi Douglas.
>
> Douglas Allan Tutty, 26.07.2007 18:23:
> > It seems that the mozilla-derived browsers have security issues
> > requiring updates far more frequently than other browsers like Konqueror
> > or links2.
>
> Aside from the fact that one software really can be more secure than another one
> is this the result of an increased usage. The more people use Gecko browsers,
> the more bugs can be found willingly or unwillingly. And the more people use
> Gecko browsers, the more lucrative is it to find security holes and damage
> systems this way.

Isn't this the same argument Windows weenies use against Linux when
their platform of choice is rightfully chastised for being a complete
and total security nightmare? And most of the time, it's laughed
off...if I'm not mistaken, because of fundamental design differences
between Linux and Windows--e.g. in Windows the vast majority of
software will not run correctly without administrator privileges (yes,
even in Vista) so you have a situation equivalent to running your
desktop environment session as root, which, if more people did,
perhaps we'd have a similar security situation on the Linux desktop?

> Regards, Mathias
>
>
> --
> debian/rules
>
>
>


--
Andrew Barr

We matter more than pounds and pence,
your economic theory makes no sense...


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/26/07 14:01, Andrew J. Barr wrote:
> On 7/26/07, Mathias Brodala <info@noctus.net> wrote:
>> Hi Douglas.
>>
>> Douglas Allan Tutty, 26.07.2007 18:23:
>> > It seems that the mozilla-derived browsers have security issues
>> > requiring updates far more frequently than other browsers like
>> Konqueror
>> > or links2.
>>
>> Aside from the fact that one software really can be more secure than
>> another one
>> is this the result of an increased usage. The more people use Gecko
>> browsers,
>> the more bugs can be found willingly or unwillingly. And the more
>> people use
>> Gecko browsers, the more lucrative is it to find security holes and
>> damage
>> systems this way.
>
> Isn't this the same argument Windows weenies use against Linux when
> their platform of choice is rightfully chastised for being a complete
> and total security nightmare?

Yes.

But it's also "more eyes makes shallower bugs".

> And most of the time, it's laughed
> off...if I'm not mistaken, because of fundamental design differences
> between Linux and Windows--e.g. in Windows the vast majority of
> software will not run correctly without administrator privileges (yes,
> even in Vista) so you have a situation equivalent to running your
> desktop environment session as root, which, if more people did,
> perhaps we'd have a similar security situation on the Linux desktop?

Except that Unix doesn't have VBA (Visual Basic for Applications),
which allows for all sorts of scripted nastiness.

But yes, running 100% as root would let bad guys install viruses
just like in Windows.

- --
Ron Johnson, Jr.
Jefferson LA USA

Give a man a fish, and he eats for a day.
Hit him with a fish, and he goes away for good!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGqPn1S9HxQb37XmcRAjQ+AKDIeAkQXwK3cmS+ossluM z5AMGp0gCgoCRg
AxC0vGTbGuVbR+qEXqpRgl4=
=MoUb
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Douglas Allan Tutty wrote:
> It seems that the mozilla-derived browsers have security issues
> requiring updates far more frequently than other browsers like Konqueror
> or links2.
>
> I'm curious as to why this is. Does anyone have any ideas?
>
> I'm on dialup and switched to Konq for this very reason but sometimes I
> have a website that doesn't work and its handy to see if iceweasel will
> view it. (so far the only one is the adobe flashplayer test page).
>
> Doug.

As you can see from the other answers, nobody has a clue if the
mozilla-based browsers are less secure than the konq or not. I haven't
inspected the code either, so I don't have any more facts than anyone
else. I do NOT agree with the other answers however.

If there are fewer security alerts with Konq the only reasonable
conclusion, if you don't have strong facts pointing the other way, is
that Konq is more secure, and that this is partly because of better
code. The larger userbase of Firefox is very likely to generate a larger
number of discovered security issues, but as far as I know, no one can
tell you how many more bugs are generated per user or per extra
programmer, and probably no one can tell you the how user base and
security issue rate correlate more precisely. From this, the most
reasonable conclusion is that Konq is more secure.
Anyhow, the basic fact that there is fewer security alerts in Konq makes
this a more secure browser, whether this maybe is because only of a
smaller user base or not.

/erik


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/26/07 15:52, Erik Persson wrote:
> Douglas Allan Tutty wrote:
>> It seems that the mozilla-derived browsers have security issues
>> requiring updates far more frequently than other browsers like Konqueror
>> or links2.
>>
>> I'm curious as to why this is. Does anyone have any ideas?
>> I'm on dialup and switched to Konq for this very reason but sometimes I
>> have a website that doesn't work and its handy to see if iceweasel will
>> view it. (so far the only one is the adobe flashplayer test page).
>>
>> Doug.
>
> As you can see from the other answers, nobody has a clue if the
> mozilla-based browsers are less secure than the konq or not. I haven't
> inspected the code either, so I don't have any more facts than anyone
> else. I do NOT agree with the other answers however.
>
> If there are fewer security alerts with Konq the only reasonable
> conclusion, if you don't have strong facts pointing the other way, is
> that Konq is more secure, and that this is partly because of better
> code. The larger userbase of Firefox is very likely to generate a larger
> number of discovered security issues, but as far as I know, no one can
> tell you how many more bugs are generated per user or per extra
> programmer, and probably no one can tell you the how user base and
> security issue rate correlate more precisely. From this, the most
> reasonable conclusion is that Konq is more secure.
> Anyhow, the basic fact that there is fewer security alerts in Konq makes
> this a more secure browser, whether this maybe is because only of a
> smaller user base or not.

That's just not logical.

For example, just because people didn't know about germs in 1825
didn't mean that they didn't exist.

- --
Ron Johnson, Jr.
Jefferson LA USA

Give a man a fish, and he eats for a day.
Hit him with a fish, and he goes away for good!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGqQ/xS9HxQb37XmcRAmEIAJ9jYuBKgCH8UqBl/af8cTTp07s1EACgzfQI
K43lCcCEtIpwz7MUIVlmX68=
=hR9W
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

On Thu, Jul 26, 2007 at 10:52:07PM +0200, Erik Persson wrote:

> Anyhow, the basic fact that there is fewer security alerts in Konq makes
> this a more secure browser, whether this maybe is because only of a smaller
> user base or not.

I'm sorry, and i hate to argue with people, but this last statement
just doesn't fly with me. security alerts are the result of someone
finding a security problem and reporting it. The fact that fewer
security alerts exist does _NOT_ mean that konq is more secure. It
only means it has fewer reported security problems. Now it _could_ be
that this is because there actually _are_ fewer security problems, but
it could _also_ be because no one has _found_ or reported
problems. There's an important distinction there.

WARNING! CAR ANALOGY!

if we have two cars parked side-by-side and mine is stolen (I'll
take the fall for this analogy and yours is not, does that mean
that your car is more secure? no. it means someone looked for a way
into my car and exploited it. maybe they never even looked at your
car. maybe they don't like your car. There are any number of reasons
why your car was not stolen. it could be that they looked at your car
and decided it was too hard to steal because it had an alarm, in which
case it would be more secure, but that isn't necessarily why it wasn't
stolen.

END CAR ANALOGY!

a more pertinent fake example.

programmer X finds a security hole in konq that when visiting a
carefully crafted website, allows remote execution of code, privilege
escalation and ultimately results in a box getting
rooted. okay. that's obviously a security problem. but programmer X
doesn't report this problem and no security alert is issued.

programmer Y finds a security hole in mozilla that allows an already
installed plugin at a certain version to escalate its own privileges and asa result
download and save a piece of code to disk with the name
"execute_me". Now if the user happens to see that file and thinks,
hmmm... I wonder what that is and executes it (after chmod +x) it does
a rm -rf on their home. programmer y reports this security hole and a
security alert is made detailing the problem.

now, clearly, the konq vulnerability is *much* more of a security risk
than the mozilla error, right? the mozilla one requires the plugin be
already installed and the right version and then requires the user to
actually chmod and execute the thing. the konq one just requires the
user to visit a carefully crafted website.

but based on what you've written above, because the mozilla one was
reported, then mozilla is less secure than konq. that doesn't add
up. And in fact, in my fake example above, the lack of security alert
makes konq even more of a security problem because 1) the right devs
might not know about the problem to issue a patch and 2) the public
doesn't know about the problem to avoid it until a patch comes along.

A

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGqRIUaIeIEqwil4YRAmlLAJ9wNHpvioo3yYjGIhY9cw L1MFP1xgCgzg6q
pkAaYRdEsd52obrQjBG0S0g=
=SGG8
-----END PGP SIGNATURE-----

Andrew Sackville-West wrote:
> On Thu, Jul 26, 2007 at 10:52:07PM +0200, Erik Persson wrote:
>
>> Anyhow, the basic fact that there is fewer security alerts in Konq makes
>> this a more secure browser, whether this maybe is because only of a smaller
>> user base or not.
>
> I'm sorry, and i hate to argue with people, but this last statement
> just doesn't fly with me. security alerts are the result of someone
> finding a security problem and reporting it. The fact that fewer
> security alerts exist does _NOT_ mean that konq is more secure. It
> only means it has fewer reported security problems. Now it _could_ be
> that this is because there actually _are_ fewer security problems, but
> it could _also_ be because no one has _found_ or reported
> problems. There's an important distinction there.

The assumption is of course that there is no significant difference in
the ratio of reported security issues to discovered security issues, and
I can't see any reason those should differ.

Anyhow, it is more likely that a browser with more reported security
issues have more discovered security issues. And it is also more likely
that a browser with more discovered security issues have more security
issues. Both, of course, under the assumption that there is no
information that changes this.

>
> WARNING! CAR ANALOGY!
>
> if we have two cars parked side-by-side and mine is stolen (I'll
> take the fall for this analogy and yours is not, does that mean
> that your car is more secure? no. it means someone looked for a way
> into my car and exploited it. maybe they never even looked at your

It also mean that it is more likely that your car is less secure. It is
not much data to do reliable statistics on, but since we have some data
and it points towards your car being less secure, that would also be the
best guess. It may not be the correct guess, but it will be the best guess.
Let's say we have 10 cars of type A parked along 10 cars of type B, and
there is 8 stolen cars of type A and only one of type B. Then you should
guess, if no more information was available, that car type A was less
secure.
If you have 10 cars of type A and 5 of type B and 2 A cars, and one B
car was stolen, you should guess, if no more information was available,
that the cars were about equally secure. No, if you have 10 A cars, and
5 B cars, and 1 A car was stolen and 4 B cars, you should guess that the
B cars were less secure.
Now, if you have x A cars and y B cars and you don't know x and y, but
you know that more A cars are stolen, it is more likely that the A cars
are less secure, since there is no reason to believe that x
is larger than y, than believing the opposite.

> END CAR ANALOGY!
>
> a more pertinent fake example.
>
> programmer X finds a security hole in konq that when visiting a
> carefully crafted website, allows remote execution of code, privilege
> escalation and ultimately results in a box getting
> rooted. okay. that's obviously a security problem. but programmer X
> doesn't report this problem and no security alert is issued.
>
> programmer Y finds a security hole in mozilla that allows an already
> installed plugin at a certain version to escalate its own privileges and as a result
> download and save a piece of code to disk with the name
> "execute_me". Now if the user happens to see that file and thinks,
> hmmm... I wonder what that is and executes it (after chmod +x) it does
> a rm -rf on their home. programmer y reports this security hole and a
> security alert is made detailing the problem.
>
> now, clearly, the konq vulnerability is *much* more of a security risk
> than the mozilla error, right? the mozilla one requires the plugin be
> already installed and the right version and then requires the user to
> actually chmod and execute the thing. the konq one just requires the
> user to visit a carefully crafted website.

If this would be the case in the mozilla vs konq situation, you have to
explain to me why:
1) konq security issues should be reported at a lower ratio
2) why security issues in konq are more severe
eg. why there should be reason to believe that there is a statistically
significant bias between the browsers in factors such as reporting
security issues and severity of security issues.

I can see no reason to believe one or the other. I just look at the
facts - there are less security issues reported for konq. The only
reasonable conclusion is that konq is more secure.

> but based on what you've written above, because the mozilla one was
> reported, then mozilla is less secure than konq. that doesn't add
> up. And in fact, in my fake example above, the lack of security alert
> makes konq even more of a security problem because 1) the right devs
> might not know about the problem to issue a patch and 2) the public
> doesn't know about the problem to avoid it until a patch comes along.

As I stated above, you have to explain how this constructed example
could have any impact at all on the real mozilla vs konq case.

Do you really mean that there is some sort of bias in how security
issues are reported and that this is to the advantage of firefox?

As I said, if it is a fact that there is fewer security alerts in konq,
the only reasonable conclusion is that konq has less security issues.
All other conclusions rely on some sort of asymmetry between the
browsers, for example when it comes to the severity of the reported
security issues, the presumed not found or not reported security issues,
in the the ratio of reported found security issues etc.
If you don't have any facts supporting such kind of asymmetry, you can't
argue that there exist such asymmetry, and especially you can't argue
that such asymmetry is to the advantage of Firefox (it could just as
likely be to the advantage of konq - if it existed).

> A

/erik


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Ron Johnson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 07/26/07 15:52, Erik Persson wrote:
>> Douglas Allan Tutty wrote:
>>> It seems that the mozilla-derived browsers have security issues
>>> requiring updates far more frequently than other browsers like Konqueror
>>> or links2.
>>>
>>> I'm curious as to why this is. Does anyone have any ideas?
>>> I'm on dialup and switched to Konq for this very reason but sometimes I
>>> have a website that doesn't work and its handy to see if iceweasel will
>>> view it. (so far the only one is the adobe flashplayer test page).
>>>
>>> Doug.
>> As you can see from the other answers, nobody has a clue if the
>> mozilla-based browsers are less secure than the konq or not. I haven't
>> inspected the code either, so I don't have any more facts than anyone
>> else. I do NOT agree with the other answers however.
>>
>> If there are fewer security alerts with Konq the only reasonable
>> conclusion, if you don't have strong facts pointing the other way, is
>> that Konq is more secure, and that this is partly because of better
>> code. The larger userbase of Firefox is very likely to generate a larger
>> number of discovered security issues, but as far as I know, no one can
>> tell you how many more bugs are generated per user or per extra
>> programmer, and probably no one can tell you the how user base and
>> security issue rate correlate more precisely. From this, the most
>> reasonable conclusion is that Konq is more secure.
>> Anyhow, the basic fact that there is fewer security alerts in Konq makes
>> this a more secure browser, whether this maybe is because only of a
>> smaller user base or not.
>
> That's just not logical.
>
> For example, just because people didn't know about germs in 1825
> didn't mean that they didn't exist.

That's just the point. You can't be sure about firefox being less secure
- there could be reasons that explains the assumed difference in
reported security issues and yet firefox being more secure.
However, if we don't know, we can't say. We can only say what we know,
and what this is likely to represent.
Exactly as it would have been very unwise to argue for the existence of
germs in 1825 without having some evidence of their existence.

As I said, we must have some strong evidence to argue that the assumed
larger rate of reported security issues in firefox is not because of
more security flaws.

If there are fewer reported security issues in konq, the most likely
explanation is that there are fewer found security issues in konq. If
there are fewer found security issues in konq, one likely explanation is
that there are fewer security issues in konq. There are however more
people using firefox and there are more developers(?) developing
firefox, but since we have no clue as to how this equates to the above,
we really can't say much about it other than that it will probably
decrease the difference to some extent (maybe all the way, maybe to the
degree that konq is less secure - but we don't know).
As long as nobody is interested in exploiting the konq bugs and everyone
wants to exploit the firefox bugs, I will be more secure using konq even
if there are more flaws in konq. Security when using a browser has to do
with the risk being attacked, not the number of presumed security flaws
in the code (even if this if one factor that influences the risk of
being attacked). Is there any reason to believe that people are more
interested in finding security problems in firefox? yes there is - more
bugs are found in firefox according to the OP.
What I'm saying here is that the larger user base probably will lead to
more security issues being found and corrected in firefox, but it will
also lead to firefox being more of a target, and this will to some
extent reduce the advantage of having more eyes on the code.

This sounds as if I advocate for security by obscurity, which is not the
case. In the long run, the code with the larger number of eyes on it
will be more secure and the better choice from a security standpoint.
In a situation in which one product seems to have more reported security
flaws than the other, but more users and developers looking at the code,
the situation is not as easy.

> - --
> Ron Johnson, Jr.
> Jefferson LA USA

/Erik Persson.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

On Fri, Jul 27, 2007 at 04:49:41AM +0200, Erik Persson wrote:
> Andrew Sackville-West wrote:
>> On Thu, Jul 26, 2007 at 10:52:07PM +0200, Erik Persson wrote:
>>> Anyhow, the basic fact that there is fewer security alerts in Konq makes
>>> this a more secure browser, whether this maybe is because only of a
>>> smaller user base or not.
>> I'm sorry, and i hate to argue with people, but this last statement
>> just doesn't fly with me. security alerts are the result of someone
>> finding a security problem and reporting it. The fact that fewer
>> security alerts exist does _NOT_ mean that konq is more secure. It
>> only means it has fewer reported security problems. Now it _could_ be
>> that this is because there actually _are_ fewer security problems, but
>> it could _also_ be because no one has _found_ or reported
>> problems. There's an important distinction there.
>
> The assumption is of course that there is no significant difference in the
> ratio of reported security issues to discovered security issues, and I
> can't see any reason those should differ.

I can't see any reason why they _should_ differ either, but it is
entirely possible that they do and that's the point.

It boils down to this argument you stated:

"Anyhow, the basic fact that there is fewer security alerts in
Konq make this a more secure browser...."

and that's ridiculous. It doesn't make it a mroe secure browser. It
makes it a browser with fewer reported security alerts. period. There
_may_ be other issues involved and it in fact _may_ be a more secure
browser, but that is not necessarily because it has fewer alerts.

The relationship between reported bugs in one piece of software versus
another is directly related to how many of those bugs have been found,
not how many bugs there are. True, there is a relationship between the
number found and the number that exist, but that doesn't mean that
because one has fewer reported bugs that it has fewer bugs. That is,
the number found will always be equal to or less than the number that
actually exist. But that is all you can know about the number of bugs
in a piece of software -- it has exactly or more than the number
reported. One piece of software could have 1000 bugs with one reported
while another piece could have 100 bugs with 99 reported. According to
your statement, the software with the 1 reported bug has fewer bugs
than the one with 99 reported but that's not necessarily true.

You can only know one thing about the number of bugs in a piece of
software and that is the number of _reported_ bugs.

>
> Anyhow, it is more likely that a browser with more reported security issues
> have more discovered security issues. And it is also more likely that a
> browser with more discovered security issues have more security issues.
> Both, of course, under the assumption that there is no information that
> changes this.


yes yes yes... _likely_ sure... given a reasonable assumption that the
number of users, testers and coders involved are sufficient to
effectively test the software, then yes, the one with more reported
issues _may_ be less secure. But that's not what you said. You said
the fact that Konq had fewer reported problems makes it more
secure. You didn't say likely, or reasonable assumed to
be... important distinction.

>
>> WARNING! CAR ANALOGY!
>> if we have two cars parked side-by-side and mine is stolen (I'll
>> take the fall for this analogy and yours is not, does that mean
>> that your car is more secure? no. it means someone looked for a way
>> into my car and exploited it. maybe they never even looked at your
>
> It also mean that it is more likely that your car is less secure.

...

> If you have 10 cars of type A and 5 of type B and 2 A cars, and one B car
> was stolen, you should guess, if no more information was available, that
> the cars were about equally secure. No, if you have 10 A cars, and 5 B
> cars, and 1 A car was stolen and 4 B cars, you should guess that the B cars
> were less secure.

no. you _could_ guess that. But it is equally valid to guess that car
B's, being rarer cars are more desireable and therefore more likely to
be stolen.

> Now, if you have x A cars and y B cars and you don't know x and y, but you
> know that more A cars are stolen, it is more likely that the A cars are
> less secure, since there is no reason to believe that x
> is larger than y, than believing the opposite.

no, again, you could believe that, but its equally valid to believe
that A cars getting a high price in the chop-shop market. There is
possibly some correlation, but not necessarily a causal relationship
between security and the numbers stolen. There are other factors
involved, just as in software there are other factors: programming
language, skill of the coders, number of testers, fundamental security
of the design, security of the linked libraries et etc etc.

but cars are a bad analogy, hence my BIG WARNING.

>
>> END CAR ANALOGY!
>> a more pertinent fake example.
>> programmer X finds a security hole in konq that when visiting a
>> carefully crafted website, allows remote execution of code, privilege
>> escalation and ultimately results in a box getting
>> rooted. okay. that's obviously a security problem. but programmer X
>> doesn't report this problem and no security alert is issued. programmerY
>> finds a security hole in mozilla that allows an already
>> installed plugin at a certain version to escalate its own privileges and
>> as a result
>> download and save a piece of code to disk with the name
>> "execute_me". Now if the user happens to see that file and thinks,
>> hmmm... I wonder what that is and executes it (after chmod +x) it does
>> a rm -rf on their home. programmer y reports this security hole and a
>> security alert is made detailing the problem. now, clearly, the konq
>> vulnerability is *much* more of a security risk
>> than the mozilla error, right? the mozilla one requires the plugin be
>> already installed and the right version and then requires the user to
>> actually chmod and execute the thing. the konq one just requires the
>> user to visit a carefully crafted website.
>
> If this would be the case in the mozilla vs konq situation, you have to
> explain to me why:
> 1) konq security issues should be reported at a lower ratio

because the person who found the bug likes knowing the bug and wants
to be able to utilise it to compromise machines, and thus keeps it
under his black hat...

> 2) why security issues in konq are more severe

it was an example showing how your premise that more reported
bugs means less secure. I was showing that the number of reported bugs
is not necessarily related to the security.

> eg. why there should be reason to believe that there is a statistically
> significant bias between the browsers in factors such as reporting security
> issues and severity of security issues.

because the whole conversation was predicated on the possibility that one
browser has significantly larger mind/eye-share and therefor has greater
opportunity to have problems discovered and reported. Sure there are
some folks looking at fire&iceweaselfox and hiding the vulnerabilities
they discover, but as the crowd of users/testers/coders grows, they
become statistically less significant than they would be for a program
with lower numbers of users/tester/coders.

>
> I can see no reason to believe one or the other. I just look at the facts-
> there are less security issues reported for konq. The only reasonable
> conclusion is that konq is more secure.

no. that is _a_ reasonable conclusion, but by no means the only one.

>
>> but based on what you've written above, because the mozilla one was
>> reported, then mozilla is less secure than konq. that doesn't add
>> up. And in fact, in my fake example above, the lack of security alert
>> makes konq even more of a security problem because 1) the right devs
>> might not know about the problem to issue a patch and 2) the public
>> doesn't know about the problem to avoid it until a patch comes along.
>
> As I stated above, you have to explain how this constructed example could
> have any impact at all on the real mozilla vs konq case.

I don't have to explain it because it doesn't. it was an example used
to illustrate how your assertion was false. But in fact, I believe
that in fact this sort of thing goes on all the time. An unreported
security vulnerability is _much_ more dangerous than a reported one. A
reported one gets fixed. An unreported one gets exploited.

>
> Do you really mean that there is some sort of bias in how security issues
> are reported and that this is to the advantage of firefox?
>

nope. I never said that. I merely pointed out that the assumption that
fewer reported security flaws means better security is not valid.

> As I said, if it is a fact that there is fewer security alerts in konq, the
> only reasonable conclusion is that konq has less security issues.

nope. konq has fewer security alerts == fewer reported security
problems !== fewer actual problems.


> All other
> conclusions rely on some sort of asymmetry between the browsers, for
> example when it comes to the severity of the reported security issues, the
> presumed not found or not reported security issues, in the the ratio of
> reported found security issues etc.

But these are all valid possibilities, not certainties. You have
stated that this:

fewer security alerts == fewer security problems

is a certainty. Or at least near enough so as not to be significant.

But its not a certainty. It may, in the final analysis be true, but
until _all_ the security problems from both programs have been found
and counted, then it is not a certainty. It is unknowable.

> If you don't have any facts supporting such kind of asymmetry, you can't
> argue that there exist such asymmetry, and especially you can't argue that
> such asymmetry is to the advantage of Firefox (it could just as likely be
> to the advantage of konq - if it existed).

I never argued that there _was_ such an asymmetry. I provided an
example of how such an asymmetry would make your assertion false.

Note that I have no bias regarding kong and iceweasel.

Also, I'm more than willing to embrace a counter example. OpenBSD has
had two remote holes in the base install in more than 10 years. And
I'm willing to wager that it is in fact probably the most secure OS
out there for common folk to use. BUt that is a special case because
we _know_ that it was built up piece by piece for one purpose -- to be
secure. Security has motivated every decision made about OpenBSD so we
have additional data on which to make the assumption that its number of
reported vulnerabilities is a good indicator of its security
overall. But just pulling two pieces of software out of the air and
comparing their security based on the number of reported
vulnerabilites doesn't work. Not without some additional information
to support those assumptions.

A

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGqXYRaIeIEqwil4YRAp36AJsE7FjxQkok/xnDiYBxAF5E2UxfmwCfZgNv
Xz2aJdZkWyye6zaSfMWQgF8=
=LkfI
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/26/07 23:05, Erik Persson wrote:
[snip]
> As long as nobody is interested in exploiting the konq bugs and everyone
> wants to exploit the firefox bugs, I will be more secure using konq even
> if there are more flaws in konq. Security when using a browser has to do

There are some flaws (XSS pops instantly to mind) that both FF & IE
suffer from, but for different reasons.

If konq also suffers from these kinds of flaws, then you *are* just
as vulnerable.

- --
Ron Johnson, Jr.
Jefferson LA USA

Give a man a fish, and he eats for a day.
Hit him with a fish, and he goes away for good!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGqZBeS9HxQb37XmcRAqB1AKC/InVBncl986dYkp7HZ+JtY5XbfQCeIUW1
owBO9cl1Xlv1I4oSX552tKw=
=gWKL
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org