IE More Secure Than Mozilla?

← Back to Stories (view on slashdot.org)

Posted by CmdrTaco on Tuesday September 20, 2005 @03:10AM from the now-wait-a-minute-here dept.

killproc writes "Symantec has issued a report that suggests that Internet Explorer may be more secure than the open source Mozilla Foundation browsers. "According to the report, 25 vendor-confirmed vulnerabilities were disclosed for the Mozilla browsers during the first half of 2005, "the most of any browser studied," the report's authors stated. Eighteen of these flaws were classified as high severity. "During the same period, 13 vendor-confirmed vulnerabilities were disclosed for IE, eight of which were high severity," the report noted." "

4 of 534 comments (clear)

Min score:

Reason:

Sort:

Mozilla hits back at browser security claim by anandpur · 2005-09-20 03:14 · Score: 5, Informative

Mozilla has reacted to a Symantec report issued on Monday which said serious vulnerabilities were being found in Mozilla's browsers faster than in Microsoft's Internet Explorer. The study was conducted over the first six months of 2005.
http://www.zdnet.co.uk/print/?TYPE=story&AT=392191 86-39020375t-10000025c
Yawn. Follow the money. by petard · 2005-09-20 03:32 · Score: 5, Informative

Even symantec admits that this report is a steaming pile of crap.

From TFA:

Symantec counts only those security flaws that have been confirmed by the vendor. According to security monitoring company Secunia, there are 19 security issues that Microsoft still has to deal with for Internet Explorer, while there are only three for Firefox.

Nice. So in terms of checking off the reported vulnerabilities and counting each one equally, if the report would be honest, IE would have 32 issues and Firefox would have 29. For the sake of this report, all vulnerabilities are equally bad, right? Well, not according to TFA:

Symantec admitted that "at the time of writing, no widespread exploitation of any browser except Microsoft Internet Explorer has occurred," but added that it "expects this to change as alternative browsers become increasingly widely deployed."

So the IE vulnerabilities result in widespread exploitation and the Firefox ones don't, but firefox is somehow worse? I think the only way in which firefox is worse, from Symantec's perspective, is that the constantly malware-infested machines (where IE is the main infestation vector) inflate demand for the crap that Symantec peddles, and they're afraid that if people aren't constantly suffering from the pain of these infections this demand will evaporate.

Feh. Maybe I'm a cynic, but this looks like marketing poorly disguised as research to me...

--
.sig: file not found
Re:Questions by Directrix1 · 2005-09-20 03:36 · Score: 5, Informative

Just to show that CNet News is not unbiased against open source. Bugs Found In Open Source AntiVirus Tool talks about a bug that was only in versions from June 23 and BEFORE. And yet it makes the headlines today. And with an advertisement for Trend Micro. How peculiar.

--
Occam's razor is the blind faith in the natural selection of least resistance and in universal oversimplification. -- EF
Re:Questions by Zeveck · 2005-09-20 03:37 · Score: 5, Informative

Not true. Firefox does indeed make patches available. Look at Gentoo Linux - it is currently at Firefox v1.0.6_r7. That is seven revisions (i.e. patches) since v1.0.6. It was a decision of Mozilla to only bundle prebuilt-binaries as timely groupings of these patches. This was done, as far as I know, because it seemd the most intuitive way of doing so.