Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mozilla Hits Back at Browser Security Claim

Posted by ScuttleMonkey on from the community-loves-responsive-developers dept.

UltimaGuy writes "Mozilla has reacted to the Symantec report issued on Monday which said serious vulnerabilities were being found in Mozilla's browsers faster than in Microsoft's Internet Explorer. Tristan Nitot, president of Mozilla Europe, hit back by claiming on Monday that when a vulnerability is found Mozilla's 'ability to react, find a solution and put it into the user's hands is better than Microsoft.'"

5 of 295 comments (clear)

  1. maybe IE has more by Coneasfast · · Score: 4, Interesting

    maybe more vulnerabilities are found in mozilla because it is open-source

    arguably, one could say this is better than in IE, where there may be some which are not known until some hacker exploits it.

    --
    Marge, get me your address book, 4 beers, and my conversation hat.
  2. The interesting questions by tmk · · Score: 4, Interesting
    Do you know someone who has got compromised through Firefox vulnarabilities?

    Does Symantec know customers who did?

    Is Ed Gibson a Firefox user?

  3. Re:mozilla vs M$ or by n0-0p · · Score: 4, Interesting

    The Mozilla security fixes always end up public eventually, whereas silent patching is a common practice for most software vendors (including MS). This occurs more often with internally discovered vulnerabilities of lower severity or by grouping a number issues under a single umbrella.

    It's hard to blame vendors for taking this route though. I've heard from MS devs say that the best way to push a fix through these days is to label it as a security bug. I can only imagine what MS' track record would look like if all of those internal bug reports were made public.

    With that in mind I expect that OSS will generally have more documented security issues than eqivalent quality closed source software. It's just a side effect of a transparent development model. Well... mostly transparent, but I'm glad they hide the security bugs until they're patched.

  4. Real world example vis Symantec vs. Mozilla by Anonymous Coward · · Score: 5, Interesting

    I volunteer to fix PCs for a group of teachers in the US. I am not part of their official school board sanctifed tech support crew (because those guys are snowed under).

    The group of teachers were given Compaq and Dell laptops a few years back... and encouraged to use them at school and at home to help them in their work.

    The schools gave them Symantec free subscriptions for a year... and Windows 98.

    Over this summer I have fixed five of those PCs... a lot of hours in total. They were finally slowing to a halt (it is like a plague really finally hit those old Windows 98 machines) but the hardware was still going strong for what they needed. They were hijacked, malwared, and spywared to bits.

    None of those teachers had bothered to upgrade their PCs via Microsoft Update ever as they did not know they had to (all of those laptops needed an update as far back as 2001 from MS), none of the teachers were going to shell out any money personally to keep their Symantec subscription up to date, and none of them had anytime to learn how to protect their machines.

    Why? Because they are too frigging busy doing other things!

    But they were pissed that their machines were hosed and all they used them to do was write out lesson plans on MS Word and surf the net.

    I did the usual Micorsoft Update (and update and restart and update), Ad-Aware install and scan, Spybot install, schedule and scan, Spyware Blaster install, uninstall Symantec, install AVG-free, schedule and scan, remove IE shortcut from the desktop, install Firefox with a shortcut on the desktop pointing to it as the "new" IE, and give a quick tutorial (with a printout) to them when they came around to pick their machines up.

    A few months later after the start of the school year and no call-backs. None.

    Symantec + IE vs. AVG/Spybot/Ad-Aware + Firefox? No contest.

    In my mind, and the minds of the users I helped, Symantec is part of the problem.

    They never got five subscriptions from those users and they never will.

    Symantec are like a bunch of gangsters selling "protection". They need their own series on HBO!

  5. *ahem* by vena · · Score: 5, Interesting

    eEye's "upcoming advisories" page is worth a look if you're interested in just how severe microsoft's lapse in patching can be. note that this page only catalogues vulnerabilities that microsoft acknowledge and the time since such acknowledgment, not since exploit nor since they were notified.

    quoth eEye's product manager: "The more critical, the more pervasive the vulnerability, the longer it takes Microsoft to patch."