MozillaZine

France Telecom Switches to Communicator

Thursday October 14th, 1999

Jean-Luc Esser writes, "France Telecom - First French Telecom Company - switches to Netscape Communicator in all offices for their mail needs. Until then they were using IE! Way to go!!"

Great news! I'm not surprised they did this, and I would expect more companies (especially European companies) to make a similar move. IE5 is incredibly insecure; I can't imagine *any* company concerned with security wanting to standardize on it.

No URL for this news yet - let us know if you come across an article concerning the switch, and we'll post it here.


#2 Hrm...

by FrodoB

Thursday October 14th, 1999 12:35 PM

You are replying to this message

>or is that because it's made by Microsoft and is also more popular, and therefore is more likely to be attacked?

Probably a little of yes and a lot of no. Certainly, Linux crackers (as opposed to legitimate hackers, who are generally good-natured) may be more likely to attack IE, as it's from the evil giant of Redmond. But on the whole, I would say that's not the main reason, because most of the security holes are found by researchers at Princeton and related universities by people who are trained to know lots of ways to break most security impasses; it's their job to find holes like this. The holes found in this nature (by academic research) hardly are meant to cause harm to the software involved; indeed, the studies are to make the software more secure. But lately, many more bugs have been found in IE 5.0 than in Netscape (the one advantage of an old codebase is that security inevitably gets better over time); it's logical to think that the older product, with an adequate amount of fixing, would be more stable.

I don't expect Mozilla to change this trend, as security holes tend to be exceedingly obscure (even if you know where the hole is, it often doesn't make sense as to why it occurs). The only way to really have tight security is to have a team of crypto experts hammer on the product consistently in all possible fashions for months (essentially what the research labs do, unless the security hole is painfully obvious), or to do what's currently being done and patch the holes as they are found. However, Mozilla architecture might be good enough to squelch some holes; no one really knows yet.

Disclaimer: I'm not a security guru, and I make no guarantees as to the validity of what I just said. If it's wrong, I'll gladly take correction from someone more knowledgeable in the field than a college freshman.