double standards star me off

15 May 2005, 2:12 pm

The vulnerability in Firefox 1.03 that theoretically allowed a malicious website to install arbitrary software to a user’s desktop got a lot of press attention, some of which was certainly warranted. I don’t think that open source software should be judged less harshly than closed software.
However, the “Firefox not so safe after all” slant isn’t justifiable. Omitted from many of the press clips I saw was the fact that the vulnerability only exists if the malicious site has already been granted permission to install software. On Slashdot a couple of weeks ago I saw a link to Fred Langa’s article about Firefox security, which referenced a highly questionable Symantec report.
What incensed me was that total number of uncovered flaws was the primary metric — there was no attempt to take into account the severity and ramifications of a given flaw.
It was in September 2001 that my general unease with Microsoft’s business practices and annoying interface choices solidified into real disgust and a conviction that the hegemony of Microsoft had become hazardous to the health of the US software industry.
There were other things on people’s minds at the time, certainly, but I’ve never gotten a satisfactory answer to the question of why the one-two punch of Code Red and Nimda didn’t cause most business running Microsoft Web servers to switch by the end of the year.


Comments are subject to moderation. Unless you have been whitelisted, your comment will not appear on the site until it is approved. Links are allowed for whitelisted commenters; images are not permitted.