dewt wrote: >The programming practices of microsoft are the biggest culprit in IE and >outlook security issues. for the most part, netscape's security history is >notably better, and you really only have to use the netscape smart update to >keep up to date. > Very true. I personally use Mozilla/Galeon for my web browsing and havn't come across any security vulns.
> >both browsers can be made more safe by disabling various functions,of course >this limits the functionality of some web pages. I believe netscape gives you >more specific control over this than IE (i haven't used ie in a while), and >the konqueror browser is likely the best with it's per site enabling of >java/javascript/user agent responses/etc., or lynx with it's lack of support >for exploitable protocols =P >as for reading mail, you might just want to have a stand alone email client. > Yes, Netscape/Mozilla allows more fine tuning. Don't forget that konqurer has made some very large strides in the last few months and can contend with the big guns now (Netscape/Mozilla, IE, Opera). >On Thursday 28 February 2002 03:51 pm, Gilles Poiret wrote: > >>Hi, >> >>I would like your advice about security aspects, concerning IE (e.g 5.5) vs >>Netscape Communicator (e.g 4.7x). >> IMHO I find that IE is way to integrated with the Operating System to use it without having security problems. IE can be tricked into all kinds of things, and since it is used to browse the system iteself via explorer it opens up many trust issues. >> >>I *very often* heard problems with IE, and Outlook. >>But Microsoft provides patches (for instance, a patch for Outlook to block >>dangerous attachments), and permits to control the surf (web site access, >>allow or not downloading,...) with IE. At the opposite, I never (since >>version 4.77) heard about security problem for Netscape Communicator. But >>to my knowledge, there is no embedded mechanism of protection in this >>browser. >> I don't know about 4.77, but all modern versions of Netscape have fine tuned controlls. Also, keep in mind that Microsoft doesn't always view a security hole as, well, a security hole and won't patch it for months. >> >>So I'm wondering what is the best (safest) browser, concerning security. >>Same thing for mail client (outlook vs messenger)... >> This is a very tough question to answer. I would say that any browser that you can constantly look at it's code to check for problems will be the safest. For one, you can test it yourself without making assumptions, and two you could patch it yourself if you had to. Between IE and Netscape/Mozilla I'd have to go with Net/Moz. As for E-Mail I'd recomend Mozilla Mail (OSS) or Eudora (Closed) for Windows, Mozilla Mail for Mac, and Evolution or Linux. >> >>For the moment, I think IE is safer (due to patches, and ability to >>control). If you have another opinion, please tell it me. >> Don't forget that patches don't make it any safer. Recall the teardrop fiasco that happend some time back. The orginal Microsoft patch only kept the string used by the teardrop expoit to be filtered out, if you sent something else, like "does this still work at all, joe?" it would be exploited. Of course, it took a little time for people to find it tout (closed patch, so it took about 3 days) but the fact that MS's patch was almsot a hoax didn't sit well with me. They eventually released a better patch. Cheers, Ash --- Darkfire Secure Linux -- http://www.gnulinux.net
