IE8 is One of the Safest Browsers, Flash Makes Them All Vulnerable
Posted March 1, 2010 at 7:27pm by iClarified
Charlie Miller, winner of the Pwn2Own contest for the past two years, offers his thoughts on the most secure operating system and browser during an interview with oneitsecurity.
Pwn2Own 2010 will be held for three days starting on March 24th as part of the CansecWest Conference.
Miller says told oneitsecurity that Windows 7 is actually slightly harder to hack then Snow Leopard "because it has full ASLR (address space layout randomization) and a smaller attack surface (for example, no Java or Flash by default). Windows used to be much harder because it had full ASLR and DEP (data execution prevention). But recently, a talk at Black Hat DC showed how to get around these protections in a browser in Windows."
When asked if Linux was excluded from the competition because it was more difficult, Miller said, "No, Linux is no harder, in fact probably easier, although some of this is dependent on the particular flavor of Linux youre talking about. The organizers dont choose to use Linux because not that many people use it on the desktop. The other thing is, the vulnerabilities are in the browsers, and mostly, the same browsers that run on Linux, run on Windows."
Interestingly when asked what the safest operating system and browser combination is, Miller said, "Thats a good question. Chrome or IE8 on Windows 7 with no Flash installed. There probably isnt enough difference between the browsers to get worked up about. The main thing is not to install Flash!"
Read More [via CrunchGear]
Pwn2Own 2010 will be held for three days starting on March 24th as part of the CansecWest Conference.
Miller says told oneitsecurity that Windows 7 is actually slightly harder to hack then Snow Leopard "because it has full ASLR (address space layout randomization) and a smaller attack surface (for example, no Java or Flash by default). Windows used to be much harder because it had full ASLR and DEP (data execution prevention). But recently, a talk at Black Hat DC showed how to get around these protections in a browser in Windows."
When asked if Linux was excluded from the competition because it was more difficult, Miller said, "No, Linux is no harder, in fact probably easier, although some of this is dependent on the particular flavor of Linux youre talking about. The organizers dont choose to use Linux because not that many people use it on the desktop. The other thing is, the vulnerabilities are in the browsers, and mostly, the same browsers that run on Linux, run on Windows."
Interestingly when asked what the safest operating system and browser combination is, Miller said, "Thats a good question. Chrome or IE8 on Windows 7 with no Flash installed. There probably isnt enough difference between the browsers to get worked up about. The main thing is not to install Flash!"
Read More [via CrunchGear]