Open Source Battle
I had another open source debate with someone I work with. We both take the extreme sides of our arguments to make things more interesting. I thought this one was fun. The first email that I sent was in response to a vulnerability announcement for Firefox that was forwarded to me by him. I point out that the Firefox bug is already fixed before an exploit was even available – while Microsoft has yet to fix a vulnerability more than a month old with a series of viruses that exploit it.
Let us compare:
Mozilla Firefox Download Dialogue Box File Name Spoofing Vulnerability
EXPLOIT:
No exploit is required to leverage this issue.SOLUTION:
The vendor has released a patch dealing with this issue.Mozilla Upgrade — Firefox 1.0
http://www.mozilla.org/products/firefox/
Microsoft Internet Explorer vulnerable to buffer overflow via FRAME, IFRAME, and EMBED elements
EXPLOIT:
W32.Mydoom.AI@mm is a mass-mailing worm that exploits the Microsoft Internet Explorer Malformed IFRAME Remote Buffer Overflow Vulnerability (as described in Bugtraq ID 11515). The worm also spreads by sending an email to the email addresses that it finds in the Windows address book.SOLUTION:
There is no complete solution to this problem.
The best mitigation is to avoid using Internet Explorer until patches are available.Open source rocks!
-Brint
Brint,
Some day you will wake up and realize you are no longer in the college fantasy land of open source, but instead you are in the real business world. How many business applications are written that officially support Firefox? IE?
WAKE UP!
And on the day I start believing that I will quit corporate IT and open a coffee shop. There are actually very few apps that will not work with FireFox; those that do not are caused by not following W3C standards. One day, companies will realize that it is easier to code by standards to ensure compatibility.
6% market share (20% in the IT field) and growing, we’ll see where this leads.
-Brint
Ahh… What fun 