September 20, 200520 yr http://www.informationweek.com/story/sh ... =171000002 Mozilla's popular Firefox browser has been subjected to nearly double the vulnerabilities of Microsoft's leading Internet Explorer, Symantec said Monday as it released its semi-annual report on the state of Internet security and threats against personal computers. According to Symantec's Internet Security Threat Report, which used stats from January through June, 2005, Mozilla's browsers suffered from 25 vendor-confirmed bugs in the first six months of the year. Internet Explorer, on the other hand, was pegged with only 13. Of Mozilla's 25 vulnerabilities, 18, or 72 percent, were tagged as "high severity," up from the 14 most-severe flaws disclosed in the last half of 2004. Meanwhile, IE's total of 13 was fewer than half the 31 made public in the last six months of last year. "Firefox's vulnerabilities are almost double that of IE," said Oliver Friedrichs, the senior manager of Symantec's security response research team. "[but] when you take a step back, two factors make that less severe." First, he said, is that by nature IE vulnerabilities pose more problems to more people. "Because IE has a much larger base, a vulnerability within IE is far more widespread and generally has a much more severe impact than those in the Mozilla family," acknowledged Friedrichs. Second, Mozilla's browsers are almost always patched quickly, while IE's problems often languish for months before they're fixed, exposing users to possible "zero-day" attacks for months. "You're much more likely to have vulnerabilities fixed quickly with open-source software like Firefox," said Friedrichs. "So the exposure time is much less." While the news of Firefox flaws will likely raise hackles of the Mozilla faithful, even with Friedrichs' caveats, that's not the only news in Symantec's report. Bots, it seems, are on the upswing again after a temporary drop last year. In March, when Symantec last published its twice-a-year report, it noted a significant drop in the number of bots, and theorized that the plunge was due to Windows XP SP2's rollout in the second half of 2004. That fall-off in bots -- didn't last long, however. In the first half of 2005, the median bot count per day was 10,352, more than double the 4,348 bots per day in December, 2004. Strangely enough, now Symantec's saying that the increase is due to security being tightened in 2004. "As hosts vulnerable to exploitation become less common, bot networks must work harder to maintain their current size and continue to grow," said the new report. "It's likely that in order to maintain viability, bot network owners stepped up their attack activity, resulting in increasingly coordinated efforts." The good news is that while the median number of bots spotted per day is up substantially over 2004, the count actually peaked in February 2005, and trended down, more or less, from then through June. Much of the rest of Symantec's threat report reiterated past warnings, including ones made by the Cupertino, Calif.-based security giant, by rivals, and by analysts at firms such as Gartner, that malicious code writers are increasingly motivated by profit, not notoriety. "The general trend is that attackers aren't concentrating on 'far and wide,' worms, but on financial gain," said Friedrichs. Everything from the explosion in an number of worm variants to a boom in phishing to the rise of so-called "ransom-ware" threats is, claimed Friedrichs, tied to this over-arching movement by hackers to make money rather than front page headlines. With attackers targeting smaller audiences in order to escape detection as they try to rip off consumers and corporations both, it's no surprise, said Friedrichs, that the day of the big Internet attack seems be over. "So far this year, Symantec has labeled four category "3" threats," said Friedrichs, referring to his company's 1 through 5 ranking system. "In all of 2004, we had 33 category "3" threats. "Attacks just aren't after the Internet as a whole," he said. At first I didn't think this was true, but I guess Mozilla is being targeted more than IE now because of the increase of Mozilla users? I'm sure that all of the necessary patches are being put out there, but TWICE the flaws of IE is something to think about. *hugs Opera browser* Comments? By The_Jeppoz :wink:
September 20, 200520 yr Well, people did say that if the FireFox usergroup got big enough, people would start to target it. You have people saying the same thing about Apple. If Mac OS was more popular you would find more viruses and spyware and whatnot for it. But because the usergroup is so small people just can't be bothered (same for Linux and such). At least Mozilla get their software patched fairly quick. It's the only thing which really keeps any major threats on the back foot.
September 20, 200520 yr All that and the fact that in general, Mozilla gets far less severe ratings for its vulnerabilities. IE tends to have more of the 'critical' ones. And anyhow, all the vulnerability checking is getting old. One could even argue that especially Firefox being such a new browser, should be compared to the earlier versions of IE (guess what, they also had a lot more vulnerabilities...). In the end it all comes down to patching security vulnerabilities quickly so the users are not at risk. While you can try very very hard, software without security problems is hard to do. It's a shame that Firefox was once advertised as being the browser without security problems, because that's obviously not true. Nor is Opera, Safari, Konqueror or any other browser without security glitches. In the end, all those browsers are still miles safer than IE, not just because of the security holes, but because of the general problem of ActiveX and VBScript: in the original default 6.0 version of IE (ie, default configuration for prefs/options and the like) it was possible to have a page with an ActiveX control that read all the files on your machine and uploaded them, without IE doing much more than asking you if you wanted to enable the signed additional content on this page (how many people do you know who just hit 'Yes' to that?)
September 20, 200520 yr It should be noted that Symantec does not aim to please the public, Symantec aims to sell Anti-virus programs. This is best accomplished by ensuring the public feels unsecure. I doubt they would lie and expect to get away with it, but I am fairly certain they would have no problem with naming certain problems as far more serious than they are. In the end, I have never had any exploit run on any version of Firefox I've used. When that happens, I'll consider an alternative, but before then I don't see any point in caring about what Symantec wants to say to help them advertise.
September 20, 200520 yr well here is the thing 1. firefox is open source it will be updated quickly (mircosoft knew about the jpeg vunerability about 1-2 years before they patched it.) mozilla does lable things severe but they patch it before it goes wild. MS waits till its wild. 2. Over the years that MS has had IE how many security flaws have been found. 3. Because Firefox has no monitary benifit to the p[eople they do it because they want to get it right. they don't just ship something out. The following statement is true. The previous statement is false. 60% of all statistics are made up 90% of the time andrew i love you & want you to have my babys!!! Finally, I get to save the Earth with deadly lasers instead of deadly slide shows!
September 20, 200520 yr well im not takign chances buh buy mozzila, (in a scary man voice) hellllo Explorer
September 20, 200520 yr well im not takign chances buh buy mozzila, (in a scary man voice) hellllo Explorer Go read what others have posted... :: Guess the Movie Contest Champion: pfilc23 ::
September 20, 200520 yr well im not takign chances buh buy mozzila, (in a scary man voice) hellllo Explorer The difference between exploits in mozilla and ie is that the ones in firefox dont enable someone else to take complete control of your pc. Mercifull <3 Suzi "We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12
September 21, 200520 yr I've used IE all my life and never had *one* problem with computer security whatsoever (never a virus, never been hacked, spybot never turns any results, etc) Maybe this isn't consistent with the general population though.
September 21, 200520 yr I've used IE all my life and never had *one* problem with computer security whatsoever (never a virus, never been hacked, spybot never turns any results, etc) Maybe this isn't consistent with the general population though. Definitely not And you also have to remember that being open source it's codebase is under the scrutiny of *anyone* I just posted something! ^_^ to the terrorist...er... kirbybeam.
September 21, 200520 yr I've used IE all my life and never had *one* problem with computer security whatsoever (never a virus, never been hacked, spybot never turns any results, etc) Maybe this isn't consistent with the general population though. Definitely not And you also have to remember that being open source it's codebase is under the scrutiny of *anyone* and the fact that millions of poeple got viruses because of ms making exploitable code... code that should have had more review but because a pencil pushers pushing for a release to increase microsofts 46 billion surplus has anything to do with it? hmmm open source = no profit. = respect and pride The following statement is true. The previous statement is false. 60% of all statistics are made up 90% of the time andrew i love you & want you to have my babys!!! Finally, I get to save the Earth with deadly lasers instead of deadly slide shows!
September 21, 200520 yr I've used IE all my life and never had *one* problem with computer security whatsoever (never a virus, never been hacked, spybot never turns any results, etc) Maybe this isn't consistent with the general population though. Definitely not And you also have to remember that being open source it's codebase is under the scrutiny of *anyone* and the fact that millions of poeple got viruses because of ms making exploitable code... code that should have had more review but because a pencil pushers pushing for a release to increase microsofts 46 billion surplus has anything to do with it? hmmm open source = no profit. = respect and pride A little OT, but its always bugged me WHAT THE **** is your avatar!? A pumpkin with eyes? I just posted something! ^_^ to the terrorist...er... kirbybeam.
September 21, 200520 yr I've used IE all my life and never had *one* problem with computer security whatsoever (never a virus, never been hacked, spybot never turns any results, etc) Maybe this isn't consistent with the general population though. Definitely not And you also have to remember that being open source it's codebase is under the scrutiny of *anyone* Pfffft... with me being a respected Runescape player moderator and tip.it moderator it's a wonder I'm not constantly under attack :lol:. for those of you that can't recognize textual sarcasm... d:
September 21, 200520 yr Why do people expect an invulnerable program? It's IMPOSSIBLE. There will always be something that IE has that Firefox doesn't, and vice versa. If you're stupid enough to put yourself into a situation which allows a vuln to be exploited then you deserve it. Quit trying to download your "1337 h4x0r pr0gz" and all your "pr0n" and you won't have to worry about any on-page vulns.
September 21, 200520 yr I've used IE all my life and never had *one* problem with computer security whatsoever (never a virus, never been hacked, spybot never turns any results, etc) Maybe this isn't consistent with the general population though. Definitely not And you also have to remember that being open source it's codebase is under the scrutiny of *anyone* and the fact that millions of poeple got viruses because of ms making exploitable code... code that should have had more review but because a pencil pushers pushing for a release to increase microsofts 46 billion surplus has anything to do with it? hmmm open source = no profit. = respect and pride A little OT, but its always bugged me WHAT THE **** is your avatar!? A pumpkin with eyes? its a DRD from farscape The following statement is true. The previous statement is false. 60% of all statistics are made up 90% of the time andrew i love you & want you to have my babys!!! Finally, I get to save the Earth with deadly lasers instead of deadly slide shows!
September 21, 200520 yr I've used IE all my life and never had *one* problem with computer security whatsoever (never a virus, never been hacked, spybot never turns any results, etc) Maybe this isn't consistent with the general population though. I've been using IE for all my life as well and never had any major problems with it too. Ahh, I knew IE would be better someday in some catagory. :P
September 21, 200520 yr That's because neither of you are stupid and can actually protect yourself for such 'vulnerabilities' :P
September 21, 200520 yr When I used IE I never had any problems either. However IE has no tabbed browsing which was a big decider for me. I switched to Opera first and thought it was great till I tried firefox which was even better for me. It just has everything I need from a browser and when I go onto my Opera I just miss some features which I use in FF. I think it just up to the user's preference to what they need and use on a browser.
September 21, 200520 yr When you run dual monitors there is really no use for tab windows anymore. Well unless you have more then 2 tabs. :P I'll use Opera just to see what its like but wont switch over. :wink:
September 21, 200520 yr When you run dual monitors there is really no use for tab windows anymore. Well unless you have more then 2 tabs. :P I'll give Opera just to see what its like but wont switch over. :wink: Sometimes when I am looking up census statistics ill have 10+ tabs Usually i have about 5 open Mercifull <3 Suzi "We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12
September 21, 200520 yr My average tab count is about 6. Sometimes when I'm doing research for Uni assignments it's up around 15 or so :x
September 21, 200520 yr the new msn search toolbar (for ie) comes with tabbed browsing. Too little too late. I usually have 5 or 6 tabs open. Sometimes a lot more.
September 22, 200520 yr the new msn search toolbar (for ie) comes with tabbed browsing. Too little too late. I usually have 5 or 6 tabs open. Sometimes a lot more. again too little too late ms has always been playing catchup to other os's.. apple (taskbar and the like) IE is a catchup to netscape which rocked alot better then IE. and windows itself... which linux would be better if they came out with a unified structure (IE: one MAJOR KERNAL release every 2-3 years. and then updates as needed to fix bugs (no adding new features to consumer kernal) but the current kernals could be put out, just that softwear developers would be asked to keep there programs to a Common kernals api's) Consider this. if you run windows 2k or xp. your no longer running the original windows. they got rid of DOS and the DOS system all together.. they re-compiled in UNIX. which also.. is the basis for APPLE and LINUX.. so.. .UNIX is the dominant OS out there.. or at least the domoniat origin. IMHO though.. make linux with standard releases for consumers ever 2-3 years. copy settings from windows. increase wines ability to know windows api's.... and linux would rule the world The following statement is true. The previous statement is false. 60% of all statistics are made up 90% of the time andrew i love you & want you to have my babys!!! Finally, I get to save the Earth with deadly lasers instead of deadly slide shows!
September 22, 200520 yr Uh, the Command Prompt is DOS. Yes pretty much every OS is derived from Unix, but pretty much every car is derived from Benz, does that mean that one car should be above others? Each OS has it's place. Linux won't catch on enough to rival Windows anytime soon, and I doubt that Linux will EVER be bigger than windows. Usability- Windows Security- Linux Design- Mac the "average user" doesn't understand anything about security, they figure that as long as they have a firewall they are safe, so therefore Linux is always gonna be in the shadow. I think it's great that Dell is selling computers with Mandriva, but I don't think it's fair to the average PC user if they force them to learn an entirely new OS. I learned Linux by choice, I also CHOOSE not to learn Mac. :roll:
Create an account or sign in to comment