More Flaws in Firefox Than in Internet Explorer

Discussion of non-phpBB related topics with other phpBB.com users.
Forum rules
General Discussion is a bonus forum for discussion of non-phpBB related topics with other phpBB.com users. All site rules apply.
Peter77s
Registered User
Posts: 260
Joined: Fri Sep 17, 2004 8:18 pm
Location: Michigan

More Flaws in Firefox Than in Internet Explorer

Post by Peter77s » Thu Sep 22, 2005 9:49 pm

In Symantec's latest Internet Security Threat Report, the security firm noted that Mozilla's Firefox browser has nearly double the amount of vulnerabilities found in Microsoft's Internet Explorer. But Symantec also noted that the flaws found in Internet Explorer are more severe.


The report, which brings together statistics from January through June 2005, examines Internet security threats in several key areas.

According to the report, Mozilla's browsers had 25 confirmed vulnerabilities in the first half of the year, while Internet Explorer had 13 vulnerabilities.

Matter of Perspective

Although Mozilla's vulnerability numbers are higher, Symantec did point out that Internet Explorer's flaws might pose a greater risk to users, most notably because Internet Explorer is used by far more people than use Mozilla's browsers.

Another factor in favor of Mozilla, Symantec found, is its speed in doing patching, although that speed can sometimes be double-edged.

"If you're quick to get patches out, sometimes later you have to issue a patch for the patch," said Secunia chief technology officer Thomas Kristensen. "But, in general, that's not so bad. It's good that Mozilla responds quickly."

Microsoft, however, has been criticized in the past for being sluggish in its response to security vulnerabilities. But Kristensen noted that some vulnerabilities require more time for fixes. "Not every vulnerability should be treated the same way because some are more severe, and those should be handled first," he said.

Threat Matrix

Symantec's report also commented on general security trends. The company emphasized that Internet attacks are being sparked by financial motivation rather than by the desire to be technologically infamous.

Because attackers are seeking profit rather than notoriety, it is likely that the type of attacks seen in the past year, such as targeting individuals and companies with identity-theft tactics, will continue to be an issue in the future.

In particular, Symantec noted, the number of worm variants tied to phishing activities has increased dramatically.

Source

IsaacWD
Registered User
Posts: 50
Joined: Sun Jul 06, 2003 12:46 am

Post by IsaacWD » Thu Sep 22, 2005 10:26 pm

The more people that use a piece of software, the more bugs that will be found. More reward for the people that figure out how to exploit them.

User avatar
phantomk
Registered User
Posts: 1039
Joined: Wed Apr 14, 2004 5:32 am
Location: Canada Eh?
Name: Daniel Lee
Contact:

Post by phantomk » Thu Sep 22, 2005 11:32 pm

According to the report, Mozilla's browsers had 25 confirmed vulnerabilities in the first half of the year, while Internet Explorer had 13 vulnerabilities

These aren't actual vulnerabilities in the current software. They are just takeing into account that the software had more fixes then the other. It could be that more threats are reported for Firefox then for IE, it could also turn out that thier are actually more problems in Firefox then that which were reported. The entire article is based on this little piece of evidence and is a complete load of garbage.

Kanuck
Former Team Member
Posts: 2791
Joined: Thu Jul 05, 2001 9:33 pm
Location: Toronto, Ontario

Post by Kanuck » Fri Sep 23, 2005 3:45 am

Internet Explorer is ancient, and they're still finding holes. Firefox is still very young, so it's certainly going to have some issues.

This is sort of common sense, no? Not to mention FUD and old news all at the same time.
Kanuck
Former phpBB.com team member

User avatar
nuckfan15
Registered User
Posts: 1849
Joined: Fri Jul 09, 2004 4:46 am
Location: Vancouver, BC
Name: Travis

Post by nuckfan15 » Fri Sep 23, 2005 5:04 am

I always update within 24 hours of a new release, so Im not worried. Its the same with phpBB, update and there should be no problem.
Travis aka Nuckfan15 - No Private Support
Make use of the Support Request Template when seeking support.

User avatar
starfoxtj
Registered User
Posts: 3714
Joined: Tue Jul 29, 2003 2:01 am
Contact:

Post by starfoxtj » Fri Sep 23, 2005 6:52 am

All software will have flaws.

At least with firefox, you dont need to download and install 70 different patch files, just download one file and your set.

I also feel that they seem to relalse both major and minor fixes VERY quickly.
Admin ToolKit v2.1a - An Admins most helpful tool for user management. Now Supports Mass User Deletion!
Change User's: names, passwords, emails, active status and avatar/pm permissions.
Ban/Unban Users, change Post and Resync Counts, and promote/demote users to admin.
Completely independent from your phpbb user account settings. No installation required, just upload one file.
User Upload ToolKit Beta - A quick and easy, 30 second-install, attachment mod. Now Supports Dynamic Thumbnails!

User avatar
smithy_dll
Former Team Member
Posts: 7630
Joined: Tue Jan 08, 2002 6:27 am
Location: Australia
Name: Lachlan Smith
Contact:

Post by smithy_dll » Fri Sep 23, 2005 7:33 am

starfoxtj wrote: All software will have flaws.

At least with firefox, you dont need to download and install 70 different patch files, just download one file and your set.

I also feel that they seem to relalse both major and minor fixes VERY quickly.


Internet explorer you update via windows update/microsoft update, very pain free,

Firefox is the same, though I do have to complain that it waits a number of days before the browser itself will warn you of an update, in IE windows will start the update for you as soon as patch tuesday comes out.

I would have to say the age of the browser has absolutely zip, zilch, zero to do with it. The single factor is popularity vs (vunerabilities discovered over time), not the total in it's lifespan. The reason is because they get fixed every so often (in either project) and you end up with a secure platform to start from again.

I think instead of going, xyz is more secure, we have to go, xyz has a higher probability of remaining more secure for a longer period of time than abc. Naturally accepting that human reason can be flawed and security weaknesses are bound to be found no matter which camp you have your alliance to. There is no such thing as a sure thing.

Heimidal
Former Team Member
Posts: 958
Joined: Fri Jul 06, 2001 11:56 am
Location: Greeley, CO, US
Contact:

Post by Heimidal » Fri Sep 23, 2005 7:34 am

I don't think it's fair to assess the vulnerabilities of a software package by comparing it to something that has had about 400% more time to be exploited and patched.

Here's a better comparison: Firefox developers tend to have a patch or temporary quick fix posted in 24 to 48 hours of the vulnerabilities identification. Microsoft, on the other hand, has a "monthly" patch.

User avatar
trinest
Registered User
Posts: 23
Joined: Sat Feb 12, 2005 2:13 am
Contact:

Post by trinest » Fri Sep 23, 2005 7:35 am

I got IE 7.0 Beta 1 :D and its coolies

User avatar
smithy_dll
Former Team Member
Posts: 7630
Joined: Tue Jan 08, 2002 6:27 am
Location: Australia
Name: Lachlan Smith
Contact:

Post by smithy_dll » Fri Sep 23, 2005 7:50 am

Heimidal wrote: I don't think it's fair to assess the vulnerabilities of a software package by comparing it to something that has had about 400% more time to be exploited and patched.

With the kind of advertising firefox has recieved the past year has been ample time to asses it's security in a live widely used environment, even if it only has 8% market share.
Here's a better comparison: Firefox developers tend to have a patch or temporary quick fix posted in 24 to 48 hours of the vulnerabilities identification. Microsoft, on the other hand, has a "monthly" patch.

Firefox is still slow in prompting people to update, besides the vunerabilities in Internet Explorer in the period prior to the patch are never disclosed by Microsoft.

Every major project has downfalls when it comes to getting consumers to update. No system is perfect.

User avatar
smithy_dll
Former Team Member
Posts: 7630
Joined: Tue Jan 08, 2002 6:27 am
Location: Australia
Name: Lachlan Smith
Contact:

Post by smithy_dll » Fri Sep 23, 2005 7:52 am

trinest wrote: I got IE 7.0 Beta 1 :D and its coolies


Let me guess from your inability to properly engage in the actual topic at hand you got the illegal pirated Windows XP hack version.

User avatar
starfoxtj
Registered User
Posts: 3714
Joined: Tue Jul 29, 2003 2:01 am
Contact:

Post by starfoxtj » Fri Sep 23, 2005 7:59 am

smithy_dll wrote: Internet explorer you update via windows update/microsoft update, very pain free.

Thats the thing, I dont WANT to use windows update, because there are simply too many PCs. When I goto a customers house im not going to sit there and wait for 30+ patches to install for EVERY computer.

Microsoft does not provide a single cumulative patch that contains ALL past fixes that you can simply burn to a cd. They have cumulative patches yes, but it does not include the most recent patches (usually 5-15 fixes are not included from when I researched a particular cumulative patch a while ago).

Firefox has EVERYTHING in one exe file....upload it to a webserver, burn it to a cd, save it to a flash drive, thats it. And you dont have to spend hours hunting down all the current patches one at a time to burn to a cd.
Admin ToolKit v2.1a - An Admins most helpful tool for user management. Now Supports Mass User Deletion!
Change User's: names, passwords, emails, active status and avatar/pm permissions.
Ban/Unban Users, change Post and Resync Counts, and promote/demote users to admin.
Completely independent from your phpbb user account settings. No installation required, just upload one file.
User Upload ToolKit Beta - A quick and easy, 30 second-install, attachment mod. Now Supports Dynamic Thumbnails!

User avatar
trinest
Registered User
Posts: 23
Joined: Sat Feb 12, 2005 2:13 am
Contact:

Post by trinest » Fri Sep 23, 2005 8:05 am

smithy_dll wrote:
trinest wrote:I got IE 7.0 Beta 1 :D and its coolies


Let me guess from your inability to properly engage in the actual topic at hand you got the illegal pirated Windows XP hack version.


umm...no, I have offical betas :P

sonyboy
Registered User
Posts: 2980
Joined: Thu Oct 07, 2004 2:10 am

Post by sonyboy » Fri Sep 23, 2005 8:39 am

Since this is related to Firefox, Firefox 1.0.7 is released.

User avatar
Yawner
Registered User
Posts: 2161
Joined: Fri Jul 16, 2004 10:19 pm
Location: London, UK
Contact:

Post by Yawner » Fri Sep 23, 2005 9:46 am

smithy_dll wrote: Firefox is the same, though I do have to complain that it waits a number of days before the browser itself will warn you of an update, in IE windows will start the update for you as soon as patch tuesday comes out.


This is being addressed havily with the release of Fx 1.5.. As for the vulnerabilities.. as said, Fx is still young, still growing and if an expoilt is found then within days a fix is released, i cant believe how anyone in there right mind can say that IE is better on security..
Alan Kay : "The best way to predict the future is to invent it."
Support the OpenDocument Format!

Post Reply

Return to “General Discussion”

Who is online

Users browsing this forum: espen83 and 21 guests