Navigate This Site

Philip Ramsey Headlines

Thursday, December 23, 2010

New Internet Explorer vulnerability affecting all versions of IE

The article New Internet Explorer vulnerability affecting all versions of IE goes to show Microsoft still has not learned from it's past mistakes. Although Internet Explorer 7 and 8 are based on Mozilla Firefox 0.9 and 2.0 respectively, they still manage to inject the original Microsoft security issues into them.

As cloud computing becomes more important, the browser becomes even more important in everyday computer use as it is the interface that interacts with the cloud. This fact makes browser security even more important. How many more times is Microsoft going to "fix" their security issues before they really fix them? Why continue to risk your business, assets and reputation by using a browser and operating system that is not only insecure but the developers are incapable or unwill of making secure.

There are alternatives to Windows that are more secure and less expensive. Linux is one such alternative and OpenBSD is another. Both are free and both are based on Unix. However, Linux has over 300 distributions (a Linux distribution is a completely independent operating system using the Linux kernel with minor configuration tweaks to differentiate them) while openBSD is an open source version BSD Unix system that is geared towards server market.

Because Linux was initially designed as a web server, it has security built in. As more people learned about Linux's legendary high security reputation, they started demanding Linux for the desktop and laptop. This in turn encouraged Linux and open source developers to create more uses and applications for Linux.

The Linux and open source communities actively encourage users to modify the codes to suit their needs. The communities also encourage users to seek out security issues and vulnerabilities as well as develop fixes for the weaknesses found. This ensures that not only will Linux and the open source software that runs in it is secure but the vulnerabilities are addresses quickly.

This is a far cry from Microsoft's way of doing business. First of all Microsoft's End User (EU) agreement prohibits the end user from modifying the code to suits the users needs. Second, the EU prohibits reverse engineering the code to determine it's weaknesses. Only developers contracted or employed by Microsoft may work on the codes. Everyone else may be sued for breach of EU agreement or infringement of copyright. Because of this issues are not readily identifies or fixed. In some cases Microsoft has taken up to two years to fix a serious security flaw. The longest I have see the Linux/open source community to fix a major security issue is a few months.

I ask you what makes better sense - continue using expensive closed source systems and software that are insecure? or inexpensive open source systems that are secure?

Powered by ScribeFire.
Enhanced by Zemanta

No comments:

Post a Comment