Posted on 09/19/2005 7:01:42 PM PDT by Incorrigible
Mozilla Web browsers are potentially more vulnerable to attack than Microsoft's Internet Explorer, according to a Symantec report. But the report, released Monday, also found that hackers are still focusing their efforts on IE.
The open-source Mozilla Foundation browsers, such as the popular Firefox, have typically been seen as more secure than IE, which has suffered many security problems in the past. Mitchell Baker, president of the foundation, said earlier this year that its browsers were fundamentally more secure than IE. She also predicted that Mozilla Foundation browsers would not face as many problems as IE, even as their market share grows.
Symantec's Internet Security Threat Report Volume VIII contains data for the first six months of this year that may contradict this perception.
According to the report, 25 vendor-confirmed vulnerabilities were disclosed for the Mozilla browsers during the first half of 2005, "the most of any browser studied," the report's authors stated. Eighteen of these flaws were classified as high severity.
"During the same period, 13 vendor-confirmed vulnerabilities were disclosed for IE, eight of which were high severity," the report noted.
The average severity rating of the vulnerabilities associated with both IE and Mozilla browsers in this period was classified as "high", which Symantec defined as "resulting in a compromise of the entire system if exploited."
The Mozilla Foundation did not immediately respond to requests for comment.
Symantec reported that the gap between vulnerabilities being reported and exploit code being released has dropped to six days on average. However, it's not clear from the report how quickly Microsoft and Mozilla released patches for their respective vulnerabilities, or how many of the vulnerabilities were targeted by hackers, though Microsoft generally releases patches only on a monthly basis.
Symantec admitted that "at the time of writing, no widespread exploitation of any browser except Microsoft Internet Explorer has occurred," but added that it "expects this to change as alternative browsers become increasingly widely deployed."
There is one caveat: Symantec counts only those security flaws that have been confirmed by the vendor. According to security monitoring company Secunia, there are 19 security issues that Microsoft still has to deal with for Internet Explorer, while there are only three for Firefox.
The report also highlighted a trend away from the focus of security being on "servers, firewalls, and other systems with external exposure." Instead, "client-side systems--primarily end-user systems--(are) becoming increasingly prominent targets of malicious activity."
Web browser vulnerabilities are becoming a preferred entry point into systems, the report stated. It also highlighted the trend of hackers operating for financial gain rather than recognition, increased potential exposure of confidential information, and a "dramatic increase in malicious code variants".
Tom Espiner of ZDNet UK reported from London. CNET News.com's Joris Evers contributed to this report.
Not for commercial use. For educational and discussion purposes only.
Most of the machines I work on that are compromised typically are owned by Net semi-literates who use only IE.
There is one caveat: Symantec counts only those security flaws that have been confirmed by the vendor.
Ding! We have a winner! The sun don't come up in the East if you refuse to admit it...
I didn't say that.
I said that to slow Mazilla down, the most respected security software company suddenly says Mozilla is more vulnerable than IE.
I've used IE since Windows arrived.
My computer has experienced less problems with Mozilla. That's all I need to see.
Currently, it's not considered a bug per se, it's just how the Gecko engine keeps up with web pages that suddenly grow in size.
A few people are lobbying on Bugzilla to have this corrected, but it's not going anywhere yet, since the devs have bigger headaches than page positioning right now.
Of course, FF 1.5 will have 3200+ bugfixes: this might be among them.
Symantec: RAM-sucking garbage that's nearly impossible to uninstall when you get a decent anti-virus program that's freeware.
Guaranteed to promise computer neophytes the world, then leave their machines exposed when the trial period runs out.
"Be sure to keep active X going. That's where all the fun comes from ;-)"
Active X is your friend!
All I know is I that after 8 months or so of using Firefox I have far fewer problems that can be blamed on my web browser. Not zero problems mind you...but far fewer.
I do agree that from my experience FF has been less vulnerable to pop-ups and other spyware. I have a router, firewall and anti-virus so I don't get too many "attacks" anyway.
Thing is, as most of us have said all along, the more popular FF becomes, the more appetizing it will become for hackers and that is starting to happen.
I saw a caveat in the article, didn't you?
IE: caveat emptor
Agreed. IE's problem is that it IS the browser for the world at large.
Active X has made me quite of bit of money over the years because companies have paid me to convert their Active X web sites into something less vulnerable to attack.
We have a study which just counts bugs and not one that considers how severe the bugs are..
What makes sense to me is my own experience that IE allowed trojans, pop-up ads and cookies to infect my computer like water going through a sieve, until it started screwing with my ability to run some programs; I cleaned the s*** out, got FF and the problem stopped. Any questions?
Ah, but this is only the beginning ... FF is quickly getting onto the radar of the hackers and the vulnerabilities will grow more severe as they pry deeper and deeper in mozilla's holes. Don't forget, hackers have had 10 years to pick thru IE, as opposed to a couple of years with FireFox.
According to security monitoring company Secunia, there are 19 security issues that Microsoft still has to deal with for Internet Explorer, while there are only three for Firefox.
Why would you want to refresh in the middle of reading a thread?
In addition only 14% of FF are still unpatched as opposed to 28% for IE
The largest source of FF vulnerabilities are spoofing (turn off IDN), the largest source of IE bugs are system access..
FF is a safer browser to use than IE, not perfect but a bit more secure..
If it takes a half truth to make MS look good (ignoring severity and longjecvity) its kinda sad for ie users..
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.