Linux & Open Source - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Linux & Open Source


Firefox Still Tops IE for Browser Security



 By: Steven Vaughan-Nichols
2005-09-29
Article Rating:starstarstarstarstar / 1


There are 0 user comments on this Linux & Open Source story.


  Table of Contents:
  1. Firefox Still Tops IE for Browser Security
  2. ' Nothing Is Safe '

Rate This Article:
Poor Best
Firefox Still Tops IE for Browser Security
( Page 1 of 2 )

Opinion: The number of security holes that occur isn't as telling as how they're handled.Recently, there was quite a flap about a Symantec study, which showed that—horrors!—Firefox had more security holes than Internet Explorer.

But, what did Symantecs Internet Threat Report really show?

I asked Elias Levy, aka Aleph One, former moderator of Bugtrac and today, a Symantec architect. He told me that Symantec reported on the number of flaws that had been confirmed by the vendor.

"Mozilla is forthcoming about vulnerabilities," Levy said, whereas "it takes Microsoft far longer to acknowledge vulnerability."

How much longer? "In the last reporting period, the second half of last year, Microsoft had acknowledged 13 vulnerabilities. Weve now revised it to 31. The difference is that now Microsoft has acknowledged these vulnerabilities."

Resource Library:
Thats more than double the number of problems Microsoft started with.

In the first half of this year, Symantec reported 18 high-severity vulnerabilities for the Mozilla browsers and eight high-severity holes for Internet Explorer. Were Microsoft to reveal more problems as time went on at the same rate the company did last year, the result would be 22 high-severity vulnerabilities.

The numbers really dont tell the story though. Levy and I agree on that. Its also a matter of whats done about those security holes.

Its not that Firefox, and other open-source programs, dont have security holes. They do. The key difference, from an open-source advocates viewpoint, is that everyone can see whats going on, so as soon as a problem is reported it can be fixed.

As Chris Beard, head of products for Mozilla Corp., told me, "We believe that Mozillas open and transparent development process, bug bounties, and open-source nature—which allows for virtually unlimited peer review—combine to accelerate both the time to discovery and resolution of potential vulnerabilities."

But you expect people like us to say that, dont you? Well, guess what? Symantec agrees with us.

"Mozilla can turn around on a dime," Levy said. "Open-source programmers can recognize a problem and patch it in days or weeks."

And as for Microsoft?

"If a vulnerability is reported to Microsoft, Microsoft doesnt acknowledge it for at least a month or two. Theres always a certain lag between knowing about a bug and acknowledging it," Levy said.

Some of them are a lot older than that. One hole that eEye Digital Security uncovered is more than six months old now.

Microsoft also takes its own sweet time in patching problems. After all, "Microsoft has gone to a single patch Tuesday," Levy said.

Now, there are some good reasons for that. The constant flood of Microsoft patching was overwhelming understaffed IT desks.

When theres a serious problem, I, for one, would like to have a fix sooner than later.

As Levy pointed out, "IE over the years has been integrating with many Windows subsystems. This gives hackers the ability to open the way to many vulnerabilities."

Next Page: Nothing is safe.





  Reader Comments: Firefox Still Tops IE for Browser Security
>>> Be the FIRST to comment on this article!
 


 
 
>>> More Linux & Open Source Articles          >>> More By Steven Vaughan-Nichols
 


xr80VӮc]mT!rYӶT婎PP$$Mz%Ο 7](vUϖ˖pID"H@ggOD]ݴ1p͙M55|zg`HRsgޅ-34 @oRQP ĠxnwݶN`P'~ > \?g3;Y| tjGt0.Pk< Z5754o/ne0S.ڎIQ>*V!j:iݑ |i @I>b(áh] ]( ѼeMGQR`}{Td膡;S[BT|@Jk4݋ϣшIG/00;/<Pcw̪Ҵv[P;EyQ5hw/E@Z#BLȡ[Boi=Tݱ[ D=iLVw2*-!{1ҡke5\ar*zHZ6tG-#H`N$=+A<ЌaS/!)d0F#K+F?ĶhG'tq:rˆ_ֽyoסn܎}wdo&a-vQKwTmBO|lM=P>I CuaOG@uh3X 2n eþ=Je_+aV+C罨r_ӽl˙=X^poFzJU4Eٿ]vή $Qw; V҃uT\ti\v? 9N N7߉QR"jt8MQI 1q${/@B oVS+~ISC 40" AK1zĢ>Q}?M-~k~>EN,sA4 衊Ġ+WK֟e`9=y\toz{MNڟ:gw:Rڟ+̊o*}m p6O|m5H54Y01\ \^Kj=O'6Py$Y)IqN X(-t[ۗRH3}c-? ,+RY4C! ,#2ɔcPu t:Csƒf}+tW&T7ohH2 SI3Q8j\K}0F &\ QC|dMil&XJp?є6`i+1TE0mESt= (J"bN3 IE KH@!=F!8N 8S%Kuu7p@e-CrNԖڂ1S|{g?H nCuv}BzW^?]{և6,qH"0U`N). 8ǵ:.o:j~:V@r }U9=b(WZdL41,{Lt차Y8;}J_wSjZic;N*5b}4>'AGAtiš4ϬP7&hC:}ҍ;LZ 'pGb.HۋrX¤$֔^탊I$i-D@wMPIe+f!S@uGA LνbrgmMA(oInPh^0vhiqppYY?0B]uCb賀B=`MAkweC93(u`Hd˥Ns}"@F>HHB4"BQF T * g #"K@#'G@@wgO$^Vi-RaDT*Oq$cwV*2JX)gQYlp[엢/)r2dV0e 򃜘4AN/a+)V&v;pဥZ#׉{ %UVLLXV[)ZPr= X;lA x1NvRRy5>ǮAwmPH{{L'!|/H) z7HpBa e.֣BS몶dg`m1Lx>x# d46, ,[b)#C.W鍥k?N=Kw7MeﴽJ-.fFh>n G[Q@r(aNgT3aAKY6 ~\Mb^ zjMugדaT5cclq-ZʠbcMWѹrH"?AL ˙P7UX8_ΆOCBM&Hy Ӡ8TU@E˿^v1 !ܔv R6󈧬SwhlrKcJRE}X{" Qքa'MtyE~V>А!as`Ez . Z 0DrIa TWk藑`..7]T6AÎ'"%1ڣ>s!b*/w+ f)\|;Ogz^*k :ЪZZkUwYP2<Œ&PCV6őG@=<@+:2 Z 0(hE}h⦉!NԀHVFl.W2ٝg'(U2v-p;_>Z=-`@"gKjEv~ia#ףf~v+ˣ {i# MaFž nJm^R+{9i7,8m[D ZDň i{<qŁj ӚJ''Hy3V|9y^%qfR+2yYVz|uƥ!YhyE3isU":+_MˀdyM?:Z=A#J-7ƹW<qƇ~ڷBYHjF N|9vܔyeCmjEԽ@?}誦URC2|,T̩,BftDκVU Tٔi\:+ֺrďtv'e-&sZ#td[P=sM7b0޵ J͆RiemRܑN\X c ($jAç{,t2jUk7ʠˤ ZDZvV &,c \9x "$DDOCVi&g'+ʸ @<8'ov/>B05A AE@"Dj?%  /Ѝ ?FPX6;"NsEY)*7)i{ٗN[x;Ȅuut'n_u{~{y[;qA^vиa`>&u.O: C_?\w?^Hև6tȁYM $ȅ XCfOճ2urҹ ]:lQy9p0\!=ШQ^8K%y_;$˶u߽9$x!;.Xx G]9>oOM1+&03hĜ<⑩!g`B`q,5'tt}՘r qbQ5ÕhLy;K*a Bb-3b!ibNׇAPC{ v P)'$-'ys|;+38Ǟw[}h!,酘:Ua2"籔(BR.HHOW4v>^8Q9lw FGNd^v[ⷚoWȘkwtAh[(+x,UdkJ=tQ?xD>6Btz?$YZgō7w JE5PXIR"9oũp-ޱi'sfx!ul q%ӝrʥ BٸEO[ kmm̐s8'SѤ0 BgJȄb{e5a35R!MLCYOC/$$a;+B֓zs giMO6mn3ϼ K:n+G7; .VH_8_`w[B HY)o8-yb]Clb'hew*Bzc`|x R̄2/DYYQ/;hUNSB=q"p^3r xl\Qmxb1 ?nOa70ϲh^hta9`|;p='5 ];hFHxDucBA95zD˝O)i99mm~`6"%jMZ%79a+5L`aE8F$orhSrpr%>iפuba}%HD2`@wOL4b5zÿTfOf 95C/rBE}l(=lGtvڕvd{qOsr4]9hn4vdLc!I )VԺ5v7`ʜ9%'+xr52cӢ(o(P2P^:pC¤%sccf}ݸw[1rifwaoHP}I.=]awQ(;<ޝf][tY"ykF_SE+sTIzmzSDm֗Fݽ]vȿLĴxBwF"x :.;0ϯ3[S?67.p5vpzPh<[t:<|B%Lp'O `ۊF(".CN4|Y9>D.y9;)7{b;2g9x'Cv$ $qsIReiùLSUR|F?n[4bg=P!+`@CJ_}uQQ˕j4'uēF- ~ĶbRez@(gl/l%笆ˑ,ZP}JU鈆t@O,߼1(L:'T:vSvU]jtGRi՚,VL.8tI" b`#7BX#k S۞x ˈL2 ) ae|03.s~mA^TURoshX{qNnt t, O3I_*"O`Tg(jA:m_;H4;7@hiʝݗBWgc\ۓlJ'WU0JYJ,HPT* P/B#<7G8h'"BÖConW RpS*?> z廿bTɽp[(ܛ@j?xn01D(u /5i B_'3n@"h8D$ j":یM*iM+fk~(u>-E*] EUD-짩/ҙ#b-IXs D@ }]h>N)I$X})_R plCK=TS:}T^$=NZժv AXT}"GWAj~- ?amJCN ȓTG)P߁BrC%HG۱HWzCb EeǛb'QMů$MUkmEd _E,Xkgl̞ž-.D$ijMMMM޴]+JD^[ұ5e}&[49XwPw:{k$vk|U؋ͫb־bQΛ,j_}8AͰ)lACMuKX]"]3)ksbNzuTIu@u8J7xK: ڭpؤp=`DA M )b@x#H KnKxHW8]`@_\VDp/^ŮT"</lHY/fL9I'ڮi߸,ـ^HuQ<Α.BPb`!V:F6ܴ@Y=fnb=!((/u1GE RbtĐlҔ;@ǪU*ԑgu vI=2AB29z%'y~Bm4 irg3$v(S9s_跰,0]de IUyUlAf$تq5rW~H츇wwww+7UV{mFͷ4"}% ܑt~l[[zeR|Xa^Q?߶t)oA5$~}# >4 t<@5pd0nKWl~D5W[|6pHFV }."4l=5A/A u$|wt!ۼ\rk>qblC؆_?MJTce։V(}1Zb,Nk)3cQT 5z/$|p0Kפ{st:)8weQ =?a b闶QnO}K[ȼ(m-۞/NܓˬفatPx-b= D?\<=GE!o62= \6-n7#~GeCڌ9gzS`ڀK*ZWIY1+Y:7F#V@cTt !ŽƖ [EOq\dE'y{Hd:fD)zP3C[LA oNt/o-}d??~܉D!?YS;;ѫ)TXTC+A&"DPS_לǴI'H!{Dc]ɏ;/(W#=t?hql? FR^4oda"(@hF^G@]o~4숿|D?SM}1w'> ](8΅W{*=4i[A4>(CZP"Z’gM}I}r9|I|m @`jC G'&lZO8AXJzܘEJPa ye%ϸ@FPxI0(ha3, ^葫JW15ǜS'G.\(IQ,:+Ȓ~Wy=^^@֋+ nM׍"rRIo$zTG)׫*J$RMamq5g5Ԉ Rka,fBgV(؛L~vSߞc'~$ < sXdMw=;% z"P37OS)z =W oH,t:ssirBWDEnJ2\kV*^Dyj $Z$u,uz#/73#=F[YrR<.d3-nVTm}yV9F bx+}$g;  Cvg٣23?b)_6b~m>9lgZA,#l?zG(/bF).m2욶BwG#ˠkS0FB"E % rV%w>n~z*>Ode~f#Z]}{:5hMmãg|W:h|'O҅n,$MCh%o17cܤk¨`*[MI٫Tv!чh:QhTJu `|$w{I̤7b?< 3Θ9kǝ<"a=X@2>d2G $}'cWdb$@_پiEzhuew=d#?37TGB?0L^I:E'l IeE.dc$d,v'ŋK8<9 ܰn?pVБ`%'r){J~k47^_}ne1 `8*pejT KL 2@k8%o|~wv$Ÿ&,! t}bZE!7Ƽ)i;i`Ccн\16Fiŷ^(l8*~vxcF>b|>g DW@ P"Wq:(tQ:.. o$H)kPk4(ϩB6DRKJLi$zs >7C`D+40 uA9@"\2Gza~2x :3Xfébܳ]:ovAN95j' P=X:Yأ~)s)aR;QIJ qXZ~DB(s V Ho}7@Fà s3fWtVjMD)J]W0u!xW`ǪZI]kWu 3nV?4%WPRh 4 V #vGCT(>0GT€،X\ݹ;O|?_)Qd3̋, qi|ecȤ urr|l%6N_NEoGPMfQ력2DGM*7c>oI]hF*5/ʶ΁s_sr!zuq (߅nN>Rzu झ ǫO?9!NyY9)4;'9пNN>ӹɇwrk??9/𵺜__^s E/>/r">G/s ?AYN? 9{3?9s w3]7]?͑/W@W9qr_\O诟CAVC_ S^>S>>o~orڿi&k$CnN pr+QT /׀a uy9@~N͡*lcr\-*sҿw2~6RA\wO qʕx^S_xڞꖽRqLڭeM9n@ G{2>Wi K{|y@ ⅇU4,)X96Ffm=AF2h?+))sOƺύh)Gsu9nνRUmhӉ{Z?Ě>/̙YmcLklR@z6xs=hV0 .ǐ2_|\~zK[,F$q3ޫ.^g4{`eZ㌰K ٴQbl1lh6kp"!H4? H-Ly3ONQ?ưs3PXt9^\6p?+# RfCZִZjVU ?'׈d6##)t5ɪ"+uw9 8]V*r `"$! L:QȀFuo*#F0njE=uÐa0VE!'\BHtlӿUYm\PH6T<'U~ m'd_@J=bŇ.>N"< #Ͼty1B<鰷4w[@.޹M| t8r2+cbmtBng,*&,7ƝBWja5!𞙄׌_ٓL!IU? ID{=4&F#o 9ݜ [2aсY{mD8k9t}`iM ůD|݆mwfJc1 93^oě}ܽ|۸<;ztF,2 ]3!ڤ",x`xނO@jg.x C?z!_L)_KwRx:~221亄mK=c-g^zjY:=&<'s{YRg\$&aI$SvB[PK b?94Ǟ”F|(.IkEyבy$&Nh݂ZsJdA2,KY܇Д0\oۛSVT"Emu;WdԦuP#vHϵg98X0E0Y~l+PUE0P;Cbrǣ4H`tѷkd9Hz%ze x&.!p#R.:OFǐ_R aoil/y>ඁ!:} S I:a3D:>yyPީ!/[v2 SL+4%RЌxS:xFY1mn;;Cbd:vΣ@U Cr 3ҚoSWGq2m|?/Ge{:okn>7q$Tr8`+L<-  `yMz@6eژH\*9lf 4 vkf㿝;P?Ba1\HdxkYoc5gx ?;<v; fC &K_W'K Ӷcd&5, $$r奖I6;;*7&|iy-cCv_)~ph[jA c;b|MSX }JP]4lmAb ;k[#)OY)Vv\ʙkSKҼA5|ylR$ܨC=#AH~Ð!goh=5gYBO\øpaJ)j胇AȽo~dZ>}]H',`,ӊ v"VTHKLΡnlpQ!UVF"5P!yXD]n-n_B@: εBgǾ | }{ >ŗ$NSX`0xDtWnrW?b#R|>o/S̅{ٗN[ܥ|;hYt0֎1Jebqx'ɾiw>dwϻ XںqsZǿ~~<6#EMB^ Tt>Vurҹ.u+ߴ[F5<#DYfCժZ-Nj~ۊ=iQf8&rYOr{;7r^†mJPU&s.csM-՗bX(^MCS9/; K&l&R2^cw˵n_tlI )