Blogs3,454 Entries
Blogs by topic:
Business | CES | Digital audio | Gadgets | Games | Green computing | Home entertainment | Internet & broadband | Laptops | Linux | Macs | PC Peripherals & components | PC security | PCs & laptops | Mobile phones | Digital photography & video | Software | Wi-Fi & networking
What's safer: Internet Explorer or Firefox?
December 5, 2007
Which browser is more secure Internet Explorer or Firefox? We all have our opinions, but rarely do we get a chance to hear Microsoft and the makers of the Firefox browser, Mozilla, debate the issue.
Get the latest PC security news, reviews and tips & tricks at Security Advisor.
On Friday Microsoft Security Strategy Director Jeff Jones released a study "Download: Internet Explorer and Firefox Vulnerability Analysis" that proclaims Internet Explorer 7.0 is safer than Firefox (Did we expect a Microsoftie to tell us anything else?). The report can be accessed through Jones' blog.
In the study, Jones argues, because Microsoft releases new versions of its web browsers less frequently and continues to patch older IE browser releases for longer periods of time, IE users are safer from security vulnerabilities than Firefox users.
"Over the past 3 years, supported versions of Internet Explorer have experienced fewer vulnerabilities and fewer High severity vulnerabilities than Firefox," according Jones' report.
He points out Microsoft released IE 6 in August 2004 and IE 7 in October 2006 and that both versions of IE are currently supported by Microsoft. Jones slams Mozilla for halting support on older versions of Firefox, instead directing users in many cases to simply upgrade to a newer version.
He gives the example of Firefox 1.5 which Mozilla stopped supporting in May 2007, according to Jones. Mozilla dropped the ball, he argues, because it was only 2 months after a Red Hat Enterprise Linux 5 (RHEL) shipped with Firefox 1.5 bundled with the OS.
Soon after the RHEL5 release Mozilla reportedly urged users to upgrade their Firefox browser to avoid a "severe vulnerabilities".
Jones suggests that because Mozilla chose not to patch the older version of the browser (prompting people to download a new version instead) many who declined the upgrade were left vulnerable.
As you might guess, Mozilla had a few thoughts on the subject as well. According to a post at the the official Mozilla Security Blog a contributor named Window Snyder responds to Jones' report:
"One of the goals of the bug counting report (Jones' study) is to demonstrate that Microsoft fixed fewer bugs for IE than Mozilla did for Firefox. Unfortunately for Microsoft (and for anyone trying to use this report as analysis of useful metrics) he does not count all the security issues. If he were able to count them all, Microsoft could get credit for all the bugs they fixed."
Synder argues that many of Microsoft's browser bugs are spotted by "contractors" who are "engaged" by Microsoft to stress-test IE for vulnerabilities. Because of this relationship many IE bugs never become publicly known.
"Unfortunately for Microsoft's users this means they have to wait sometimes a year or more to get the benefit of this work. That's a lot of time for an attacker to identify the same issue and exploit it to hurt users."
Synder points to a Washington Post blog by Brian Krebs who wrote in January 2007:
"For a total 284 days in 2006 (or more than nine months out of the year), exploit code for known, unpatched critical flaws in pre-IE7 versions of the browser was publicly available on the Internet.
In contrast, Internet Explorer's closest competitor in terms of market share - Mozilla's Firefox browser - experienced a single period lasting just nine days last year in which exploit code for a serious security hole was posted online before Mozilla shipped a patch to remedy the problem."
Synder continues: "It speaks to the strength of our community based security efforts to actively identify and quickly fix security issues. We don't let fixes languish on the tree waiting for a major release while users are vulnerable. We ship fixes regularly because securing our users is more important than protecting our PR team..."
Posted by: Tom Spring
Submit to:
Reddit
Comments
Posted by Speak Up Man on December 5, 2007 :
What's safer: Internet Explorer or Firefox?
What's safer: Mates or Durex?
What's safer: Telling the Truth or Pocketing the Referee?
In the end someone is getting shafted.
Posted by crazycanuck on December 7, 2007 :
Quite frankly I'm tired of all the 'smoke and mirror' antics of Microsoft and their supporters. The reality is that there are security issues with IE that just don't get fixed in a timely manner - if ever. The fact that Microsoft have a lower number of fixes THAT THEY HAVE DEEMED NECESSARY TO FIX doesn't mean they's more secure. There are plenty more that should be fixed, but aren't.
As for the issue of supporting older browsers, people need to understand that open source is a different culture. Moving on to the next version of a browser (or any open source application) is the prefered method of staying secure. These upgrades are free, readily availabe, easy to install, and usually take just a couple of minutes to put in place - all with no need to reboot, to transfer any data, to do anything more than click on a button.
Concentrating efforts on fixing so many previous versions is just a waste of time and resources. The FIX is the upgrade.
Posted by 284 days aint that bad! on December 8, 2007 :
dependent on the severity!
fakesteveballmer.blogspot.com
PC Advisor staff
Daily news, views and thoughts from the PC Advisor staff as they put together the magazine. Collectively the PC Advisor team has over 100 years of computing experience, so as you'll imagine they're never short of an opinion or two.
Email author(s)
Latest entries
- Smartphone blogs: best apps, best phones, best freeware
- Smartphone focus: Twitter - will Apple, Google dislodge BlackBerry?
- Google plots instant translator for smartphone
- Free and friendly Windows security software? What's the catch?
- Google Books: time for a rethink?
- Apple iPad trademark dispute, and other madness
- Smartphone blogs: Are smartphones good for business?
- Smartphone Focus: Twitter - what do you use your mobile phone for?
- Nexus One gets multi-touch. And the rest?
- Protect yourself from online shopping perils
- What's your favourite gardening website?
- Windows 7 RC users: prepare for shutdowns
- Amazon sells 'millions' of Kindles: Is Apple too late?
- Microsoft Zune Phone: who cares?
- Apple's iPad ready to challenge the Kindle
Entries by month
| Feb10 | | | Jan10 | | | Dec09 | | | Nov09 |
| Oct09 | | | Sep09 | | | Aug09 | | | Jul09 |
| Jun09 | | | May09 | | | Apr09 | | | Mar09 |
| Feb09 | | | Jan09 | | | Dec08 | | | Nov08 |
| Oct08 | | | Sep08 | | | Aug08 | | | Jul08 |
| Jun08 | | | May08 | | | Apr08 | | | Mar08 |
| Feb08 | | | Jan08 | | | Dec07 | | | Nov07 |
| Oct07 | | | Sep07 | | | Aug07 | | | Jul07 |
| Jun07 | | | May07 | | | Apr07 | | | Mar07 |
| Feb07 | | | Jan07 | | | Dec06 | | | Nov06 |
| Oct06 | | | Sep06 | | | Aug06 | | | Jul06 |
| Jun06 | | | May06 | | | Apr06 | | | Mar06 |
| Feb06 | | | Jan06 | | | Dec05 | | | Nov05 |
| Oct05 | ||||||
Search blogs
Other blogs
Sponsored Content
-
Take the internet to new places with the Nokia N800
Communicate how you want to, where you want to with instant messaging, email and internet calling. View movies, browse the internet wirelessly and watch TV on the high-resolution screen and listen through high-quality stereo speakers with headphone jack.
Buy now
Latest digital arts news:
Sponsored links
-
New - BlackBerry Advisor
Get hands-on with our exclusive Virtual BlackBerry handset and check out the latest reviews of BlackBerry smartphones and software. -
Crucial Memory Upgrades
Go to Crucial.com and use either our Memory Advisor Tool or System Scanner to find a 100% compatible memory upgrade for your system, from the Best Memory Manufacturer of 2008! We offer free delivery, free technical support, and lifetime warranty. -
Award-winning Spyware Doctor with AntiVirus 2010
delivers powerful antivirus and antispyware protection using layered technologies to defend your PC. Download now for a free scan! Discover how our award-winning ThreatFire™ Behavioural Intelligence blocks new threats faster than traditional signature methods. -
PC Advisor Smartphone Focus
Latest news and resources on how smartphones are facilitating mobile and flexible working in the enterprise. Find out more and join the discussion here. -
Custom built PCs
Visit our website to see our full range of custom-built PCs. Customise any specification and have the order dispatched the next working day. A massive range of PCs - from £250 to £1,000-plus - and a full list of low-cost components are available. -
Free whitepaper
Legal risks of uncontrolled email and web use. -
Free whitepaper
Is social networking really bad for business? -
Free whitepaper
Phishing for victims: Truth, myth and cybercrime. -
Free whitepaper
Threat predictions, messaging security issues and trends for 2010. -
Free whitepaper
Email archiving: Top 10 myths and challenges. -
Free whitepaper
Managing email: Exploring common email management challenges (and how to overcome them).
About PC Advisor | Privacy policy | Media information | Site map | Contact | About IDG
All contents ©IDG 2010 | webmaster@pcadvisor.co.uk