Slashdot Mirror

← Back to Stories (view on slashdot.org)

IE More Secure Than Mozilla?

Posted by CmdrTaco on from the now-wait-a-minute-here dept.

killproc writes "Symantec has issued a report that suggests that Internet Explorer may be more secure than the open source Mozilla Foundation browsers. "According to the report, 25 vendor-confirmed vulnerabilities were disclosed for the Mozilla browsers during the first half of 2005, "the most of any browser studied," the report's authors stated. Eighteen of these flaws were classified as high severity. "During the same period, 13 vendor-confirmed vulnerabilities were disclosed for IE, eight of which were high severity," the report noted." "

6 of 534 comments (clear)

  1. Symantec is a scourge by Shaman · · Score: 5, Interesting

    Anyone who thinks Symantec isn't acting in a *VERY* self-serving manner in the past few days worth of FUD is kidding themselves.

    I kid you not, Symantec has been saying "Don't use the Mac, it's insecure! Or Linux! Or Mozilla! They're not secure, oh noes!!!"

    Guess why... maybe it's because they don't have products for those operating systems... or maybe it's because there are no virii in the wild, and they haven't been able to figure out how to write good enough virii for those OS' to scare people into buying their shitty product?

    You decide. I already have.

    --
    ...Steve
  2. Re:Symantec? by FidelCatsro · · Score: 5, Interesting

    I think you may be confusing Symantec with another company . Last I heard Symantec were a menace who enjoyed spreading fear so people would buy their security products (which in a lot of cases did more harm than good) .

    --
    The only things certain in war are Propaganda and Death. You can never be sure which is which though
  3. Re:How many? by minginqunt · · Score: 5, Interesting


    What drivel.

    There are several massive logical ballsups here, made by the linker and the linkee.

    1) Not all exploits are created equal. Look at the number of those Moz exploits rated by Secunia as 'Extremely Severe' or 'Critical' compared to those for IE.

    2) Mozilla Firefox is not bug free. No piece of software is bug free, and only a mentally retarded moron would believe otherwise. What is important is not that security flaws get found, but (a) how open the organisation is about the flaw [full disclosure] and (b) timeliness of fixes.

    3) Mozilla believes in full disclosure, Microsoft does not.

    4) The average time taken to patch a flaw in Firefox is two days. IE has unpatched vulnerabilities going back SIX YEARS.

    5) Critical components of Firefox run in an sandboxed unprivileged space. When Firefox flaws are discovered, the damage done is minimised. IE runs everything with administrator privileges. When IE is exploited (regularly), a full-on system-rape inevitably follows.

    6) ActiveX. The unsafe system by which 90% of spyware, adware, trojans, porn diallers etc. enter your system. Guess which browser has ActiveX turned on by default? Yes, IE. Firefox doesn't support ActiveX because it's just too bloody dangerous.

    The security arguments being made about IE vs Firefox in that argument are unreconstructed luddite ballacks.

    Although, honestly, we all know security is not the reason we geeks like Firefox. We like it because OMG 3XT3NSI0NZ!!!

    So squish.

    Martin

  4. Re:Questions by SpectreBinary · · Score: 5, Interesting

    Saw a great comparison on firefox and mozilla a few months ago. Looking at the age of critical vulnerabilities and the time it took to patch them, IE was safe to use for a total of seven days in 2004. All other days had an unpatched known critical vulnerability. Firefox fared better by far, being only vulnerable for small patches at a time.

    If I weren't so lazy I'd find the comparison. I'll leave that as an exercise for the reader and google.

  5. With a MAJOR Caveat by mjh · · Score: 5, Interesting
    From TFA:
    There is one caveat: Symantec counts only those security flaws that have been confirmed by the vendor. According to security monitoring company Secunia, there are 19 security issues that Microsoft still has to deal with for Internet Explorer, while there are only three for Firefox.
    Interesting methodology. That means that the browser vendor is in complete control of the vulnerability counts. This is NOT the kind of reporting of vulnerabilities that I think should be encouraged. I'd rather see vulnerability reports that encourage full disclosure. This creates an incentive for the vendor to hide vulnerabilities. I think that's bad.

    How about this: a report that identifies the vulnerabilities associated with a vendor, and not a product. In other words, after the initial public announcement of a vulnerability, we report how long it took the vendor to release a patch. Lower scores are better.

    Anybody think that'll work? If not, why not?

    --
    Key to financial independence: Spend less than you earn. Save and invest the difference. Do it for a long time.
  6. Bug Free by Mark_MF-WN · · Score: 5, Interesting

    Bug free software is quite possible. It's just prohibitively expensive, because it usually requires that the developers use a mathematical validation system. Thus it's typically confined to projects where system failure would result in Human casualties. It's an irrelevant quibble though, since web browsers are far, far too complex to ever be formally validated.