Tuesday, November 14, 2006

Sun Opens Java

After 10 years of living together, Java and Open-Source have finally decided to "Tie-The-Knot"...!

"On Monday, Sun released the first pieces of source code for Sun's implementation of JSE (Java Platform Standard Edition) and a buildable implementation of JME (Java Platform Micro Edition). Sun will also be making JEE (Java Platform Enterprise Edition) available under the GPLv2 license. JEE had already been available under Sun's CDDL (Common Development and Distribution License), through Project GlassFish."

Read on...
http://www.sun.com/2006-1113/feature/story.jsp
http://today.java.net/pub/a//today/2006/11/13/open-source-java-editorial.html

Blessings from Father of the Bride...:)
http://www.sun.com/software/opensource/java/gosling_letter.jsp

Sunday, September 10, 2006

Internet Explorer 6.x More Secure than Firefox 1.x in 2006 (Really...?)

I recently stumbled across this post from OSNews.

While I'm a big fan of Firefox, I also use IE6 (to make sure some of the applications I develop are working as expected..., and for Intranet applications while at work). But when it comes to things for which security matter (i.e. banking online), I trust Firefox. So after seeing this post, it made me do some research my own to see how safe my choice of browser really was.

So I went to the secunia website myself and pulled up the stats for Mozilla Firefox 1.x and Internet Explorer 6.x for myself to compare.

On the surface of it the summary read;


Mozilla Firefox 1.x Internet Explorer 6.x
Affected By 35 Secunia advisories 105 Secunia advisories
Unpatched 11% (4 of 35 Secunia advisories) 17% (18 of 105 Secunia advisories)

This not only gives Firefox a clear advantage of having only 35 advisories to 105 advisories for IE6. Firefox has only 4 unpatched advisories (out of 35, ~11%) while IE6 has 18 unpatched advisories (out of 105, ~17%). While the percentages are not significantly different the raw numbers do tell a different story indeed (4 for Firefox vs. 18 for IE6).

Apart from that, the most critical unpatched advisory for Firefox is categorized as "less critical". While for IE6 the corresponding is categorizes as "moderately critical".

Not just being content at looking at the summary, I dug in deeper. And here's what I came up with.

If you compare the paretos of the criticality of reported advisories,

For Firefox the sum of "Highly" and "Moderately" categories is 34%, while for IE6 the corresponding percentage is 46%. While the percentages are not vastly different (12%), you have to remember that the total advisories for the two respective browsers are 35 for Firefox and 89 for IE6 (for the period between 2003-2006). That means for Firefox around 12 advisories are "Highly"/"Moderately" critical, while for IE 41 of those are "Highly"/"Moderately" critical.

When comparing the status of the patches for the reported advisories the picture is pretty much the same.

While Firefox has only 14% "unpatched" or "partial fix" reported advisories which is a total of 5, for IE6 the corresponding numbers are 31% or 28.

Looking at all this, I think I'll keep on trusting Firefox for things where security matters...!

Secunia themselves though make the following statement regarding using statistics of their security advisories to judge the security/safety of applications.
"Please Note: The statistics provided should not be used to compare the overall security of products against one another. Secunia advisories often cover multiple vulnerabilities and consequently the number of advisories issued for a product will not always reflect the number of security issues that have been disclosed. Additionally, some operating systems bundle a number of software packages and are therefore affected by vulnerabilities that would not affect other operating systems / platforms. Factors such as vendor response times and ability to properly fix vulnerabilities should also be considered."
So at the end of the day, there's no better protection for web security than the precautions that one can take to safeguard ones digital identity. Because, as we can see from here no browser is bullet proof. It's only a matter of time before even the safest/most secure browsers are also exploited. If I were to use an old cliche "Buyers, Beware...", is pretty much what goes for safeguarding ones digital identity and I'll leave it at that...

Hope you had fun reading this....!

For those of you who are going to tell me that I haven't compared Opera or Safari, this by no means is a complete effort on finding out which browser is the safest. This was a result of what I needed to find out for myself. i.e. out of the two browsers I frequently use, which is the more secure one...!

For those that are interested in these other browsers, here are the links. I recommend that you do the hard yards yourself to find out. Hopefully, you'll learn a few other things that you didn't know in the process....

Opera 7.x, 8.x, 9.x

Safari 1.x, 2.x

Konqueror 3.x

Epiphany...

Lbrowser...

cheers...
-kcs

PS: I couldn't find any advisories for Epiphany and Lbrowser at all from Secunia. Does that mean they are the safest...?

I finally did it...

Well..., I've been tempted for sometime now, to start a weblog for voicing out my thoughts on the things I'm passionate about.

One post I recently stumbled across from OSNews finally made me do it.

You can read more about it here...