There Is No Safe Web Browser

Michael writes "David Sheets has up an interesting article on browser security, and I have to agree with his conclusion: no web browser is safe. The article details the recent Netscape fiasco, and touches on the whole Firefox/Internet Explorer debate. From the article: 'So if it sounds as if we're all at the mercy of hackers just looking for some new challenge, that's partially true. As law enforcement officers will tell you, crime finds you if it wants you bad enough, no matter what preventative measures you take. But the vast majority of criminals have an Achilles' heel: They prefer convenience to challenge. For now, it's more convenient for them to pick on Internet Explorer.'"

Doesn't go far enough.

[El+Cubano]

David Sheets has up an interesting article on browser security, and I have to agree with his conclusion: no web browser is safe

No program that accepts input is safe. Even some programs that don't accept input aren't safe either. It is the nature of how complex software really is and how little of it we understand.

Nor is there a "safe" OS....

[Total_Wimp]

...at least not one you'd want to use. Sorry people, Linux is not "safe." Mac OS/anything is not "safe." There are a very few OSs that are pretty safe, but the only reason Mac and Linux fans can brag right now is that they're ignoring all the patches, hacks, etc that already exist for their OS of choice.

TW

Re:Nor is there a "safe" OS....

[NickFortune]

The flaw here lies in considering safe as an absolute. There is no safe method of travelling, but there are substanially more risks associated with skydiving than there are with walking.

Even apologists for MS poor security record acknowledge that firefox is more secure, if only with the argument "when more malware starts targetting it, then it will be just as bad"

And the same applies to OS security as well. Safe is a relative concept, and to try and confuse the issue by casting it as an absolute does no one any favours.

Hit the Nail on the Head

I think that this author has finally gotten it right. Note the increasing instances of popup ads that are tailored for firefox users etc.

As firefox gains in popularity, expect that the number of exploits aimed towards it will continue to rise.

That being said, the nice thing about firefox (and OSS), is that lots of eyeballs can look at, and fix, the code in a timely manner.

Re:Hit the Nail on the Head

[jedidiah]

No, the greatest thing about Firefox is that it exists for the benefit of it's end users. This means that it is far more likely that Firefox will be changed (and changed quickly) to suit end user requirements than IE.

If it turns out that there is some feature or technique that really should never be in a browser, we have some hope that Firefox would expunge it and do so quickly.

Obvious -1

[Nom+du+Keyboard]

I'd give this article an Obvious -1 simply because it is axiomatic, and everybody should have realized by now that There is no 'safe' web browser. Especially how after it was demonstrated that a Firefox exploit allowed infection of IE when IE itself would have blocked the malware site. Cute!

Integration with the OS is B-A-D.. BAD

[TheCeltic]

When a webbrowser is integrated with the OS, this greatly increases the ways a hacker can damage the system. Hence, while no browser is secure, one can is MORE secure simply because it is NOT woven into the OS. Of course, having updates frequently and being in more active development are good things as well.

Come on

[a_greer2005]

The problem is ignorant users, the headline is like saying "THERE IS NO SAFE CAR" of cource no car is safe when you dont buckle up, drive 120MPH and swirve, but when proper precautions are taken, I dare say a Lexus is safer than a Pinto.
Browsers can be totaly safe, as much as I hate to say it, IE can be pretty safe too. just follow these rules:
1:USE A FIREWALL
2: update your browser
3:disable ActiveX, any site that uses it is a site you should learn to live without.
4: (the one most often broken) DONT CLICK YES ALL THE TIME, warnings are there for a reason.
5: Dont DL and run STUPID executables

Most Browsers do a decent job of protecting you fron the bad stuff, but NOTHING can protect you from yourself, short of cutting the cable, and if you do that, dont run with scisors

Re:Dictionary Security Definition

[Tenebrious1]

While I understand the point that Mr. Sheets is making, however, I disagree with his definition of safe.

I have Firefox on a computer, and it's 100% safe. I have IE loaded on that machine, heck it's unpatched Win2K, and even that's 100% safe. The reason it's "safe" is because the power supply died a few months ago and I haven't been able to turn it on.

So in this case, 100% safe = 0% usability. Which doesn't help me much, there has to be some acceptable level of "safe" that corresponds to a high level of usability, and that's where Firefox wins over IE.

I don't think you understand economics

[geekee]

"Market forces of the sheer user base would dictate that if this were not so, more spyware would have been ported to Firefox by now. 25 million downloads, right? That's a sizable chunk for any malware vendor, or aspiring intruder, to infiltrate."

If 1 hack hits 90% of the market, spending more money to get a hack for the rest may not be worth the effort even if Firefox has as many holes as IE. Simple economics.