“How can I Trust Firefox” blog by Torr


Peter Torr has joined our group, working with development teams to help them through the Security Development Lifecycle and Final Security Review processes. He just posted an interesting comment about downloading and running Firefox.

http://blogs.msdn.com/ptorr/archive/2004/12/20/327511.aspx

Comments (7)

  1. Susan says:

    I think you are missing the point. Installing it is not where the issue lies [even though this is an exercise in downloading, do I, does anyone check the md5 checksums for those security patches that Shavlik sucks down? Do I check a security bulletin’s pgp key?

    The real "trust" is running any browser. By definition they do "active content". As per my understanding, JavaScript, Java, Active X by definition to "unload"the overhead on servers, runs code on "my" machine.

    Do I really need to have Javascript running to get a printer driver from hp.com?

    In reading the goals of the w3c project… we’ve run head first towards the use of the web as the platform of choice but the very design foundations sound more like a Woodstock convention [love, peace, embrace all platforms] than something that we’re running financial transactions across.

    The question is…"how can I trust Firefox?"… the real question I’m asking myself on behalf of my firm… is there ANY browser I trust?

    The answer right now as I see the secunia vulnerability notices pile up in my inbox for Opera, Mozilla, Netscape, Firefox and Internet Explorer is a resounding heck NO.

  2. E-Bitz - SBS MVP the Official Blog of the SBS says:
  3. E-Bitz - SBS MVP the Official Blog of the SBS says:
  4. ME says:

    The funny is that only the guys from M$ or that work for it, that approve and like that comment.

  5. I don’t trust the Mozilla folk and I don’t trust the Microsoft folk. My friends and I check the MD5 hash and the SHA-1 hash of all code that we download; we try to download from different sources and compare with each others results. Trust no one and verify is our motto.

  6. Ghent says:

    Make a better browser or we will fire you!