Headline FeedsTechNewsWorld Talkback
|
|
See Full Story
Secunia has debunked a myth held dear by Linux devotees and anti-Microsoft grousers: that Firefox is safer than Internet Explorer. There were 115 reported security vulnerabilities in Firefox last year -- almost twice as many as Internet Explorer and Apple's Safari browser combined, according to a new report by the security researcher. Firefox did surpass IE in one respect, though. Mozilla was much faster at repairing bugs once they were reported or discovered than Microsoft was.
Sorry, this is at least half FUD
Posted by: Runaway1956 2009-03-11 11:54:23 In reply to: Erika Morphy
The fact is, EVERY SOFTWARE has vulnerabilities. It's a fact, don't try to dispute it. The real question is, who finds the vulnerabilities, and what do they do with it? In the case of open source software, a lot more people have in interest in patching rather than exploiting the holes. In the case of proprietary software, only a very small number of people are CAPABLE of patching the holes, while a relatively large number of people have an interest in exploitation. Look at the track record: in terms of lost revenue due to exploits, Microsoft has been more expensive than ALL OTHER SOFTWARE COMBINED! IE, Outlook, and WMP, all combined with ActiveX provide so many security holes, that it would be difficult to DESIGN a less secure system than Microsoft offers!!
From secunia:
Microsoft Internet Explorer 6.x
Affected By 135 Secunia advisories
142 Vulnerabilities
Unpatched 16% (22 of 135 Secunia advisories)
Microsoft Internet Explorer 7.x
Affected By 34 Secunia advisories
72 Vulnerabilities
Unpatched 26% (9 of 34 Secunia advisories)
Mozilla Firefox 2.0.x
Affected By 29 Secunia advisories
154 Vulnerabilities
Unpatched 10% (3 of 29 Secunia advisories)
Mozilla Firefox 3.x
Affected By 11 Secunia advisories
55 Vulnerabilities
Unpatched 9% (1 of 11 Secunia advisories)
Microsoft Internet Explorer 6.x
Affected By 135 Secunia advisories
142 Vulnerabilities
Unpatched 16% (22 of 135 Secunia advisories)
Microsoft Internet Explorer 7.x
Affected By 34 Secunia advisories
72 Vulnerabilities
Unpatched 26% (9 of 34 Secunia advisories)
Mozilla Firefox 2.0.x
Affected By 29 Secunia advisories
154 Vulnerabilities
Unpatched 10% (3 of 29 Secunia advisories)
Mozilla Firefox 3.x
Affected By 11 Secunia advisories
55 Vulnerabilities
Unpatched 9% (1 of 11 Secunia advisories)
IE market share has not moved substantially: http://www.statowl.com/web_browser_market_share_trend.php
as another reply has already pointed out, the bare number of fixes doesn't tell you anything about the risk. but IMO the bigger missed point here is that it's Firefox under _Linux_ which is dramatically safer than IE under Windows. there's a huge population of people who mainly use computers for web access, and only use Windows by default. They are the ones who would be much better served, especially security-wise, by switching to Firefox+Linux.
This doesn't mean less secure or more secure
Posted by: psiclone 2009-03-06 19:41:56 In reply to: Erika Morphy
I heard all of this at a tech conference last year. Yet, I've been in IT for over 11 years, most of which was for the Air Force. The bottom line is this. The number of patches does not equate to how secure something is. It is the severity of those patches.
In addition, patching something quickly can effectively shorten the risk, but that only works if you beat the hacker(s)' attempt(s). Meanwhile, having worked in the industry for as long as I have and having used computers for over 30 years now, I have to state that I had more problems with Microsoft Windows than Apple machines, more problems with Internet Explorer (every version since its inception) than Firefox or Safari, and more problems with payed-for products than the free ones.
I highly recommend not taking this article too seriously, as it does not address the severity of the patches applied, nor does it address how many problems arose from one or the other because of their vulnerabilities. To say that IE is more of a target because of it's preponderance appears to be speculation here, rather than a true relationship of correspondence or of causation.
In addition, patching something quickly can effectively shorten the risk, but that only works if you beat the hacker(s)' attempt(s). Meanwhile, having worked in the industry for as long as I have and having used computers for over 30 years now, I have to state that I had more problems with Microsoft Windows than Apple machines, more problems with Internet Explorer (every version since its inception) than Firefox or Safari, and more problems with payed-for products than the free ones.
I highly recommend not taking this article too seriously, as it does not address the severity of the patches applied, nor does it address how many problems arose from one or the other because of their vulnerabilities. To say that IE is more of a target because of it's preponderance appears to be speculation here, rather than a true relationship of correspondence or of causation.
