Ad: Manage updates with the Download App

45 comments

Join the conversation! Add your comment

Speculating about Symantec

I am speculating here. Symantec makes its living with viruses. Imagine a world were all PCs runs a very safe OS (supposig one exists) and a very safe browser (not necessarily Firefox) rules; aPeople would surf the net more safely, their machines would be less likely be attacked by worms, viruses and Co. An antivirus would not be necessary.

Now imagine a parallel world where people use very unsafe browser and mailer on a very unsafe OS prone to catch a virus every minute. Of course an antivirus would be absolutely required.

If it's up to Syamtec to decide which of these two worlds we should live, what do you think their choice would be? A safer world with no need of antivirus programs or a very unsafe world with a very powerful antivirus?

This said, could it be that Symantec is making "politics" here, preferring IE/MS because of the higher number of expoited vulnerabilities than other browser/platforms?

Posted by aabcdefghij987654321 (1721 comments )

September 19, 2005 4:27 PM (PDT) Like Reply Link Flag

This Sounds Like Some Other Theories I've Heard...: "If it's up to Syamtec to decide which of these two worlds we should live, what do you think their choice would be? A safer world with no need of antivirus programs or a very unsafe world with a very powerful antivirus?"

This sounds an awful lot like the complaint that doctors and pharmaceutical companies have the cures for all kinds of diseases, but they keep them secret in order to keep up their revenues from drug sales. A good, old conspiracy theory.
Posted by Techno Guy (77 comments ): September 19, 2005 4:52 PM (PDT) Like Link Flag

Symantec needs to tell the truth: Good post. Even with Firefox and not IE, antivirus software would still be needed. It may not be as 'highly urgent' though, maybe medium urgent level. LOL. Symantec is way out of line with their claim. I think I'll recommend other antivirus to people after they making such a remark.
Posted by pentium4forever (193 comments ): September 19, 2005 8:55 PM (PDT) Like Link Flag

Exercise in Futility: It is futile to imagine a world of secure and virus free operating systems and browsers. As your secure and virus free software grows to become the defacto worldwide standard, thus drawing worldwide attention to itself on a massive scale, it ceases to become secure and virus free.

Further, God forbid that a business should seek to actually stay in business. A good business should seek to rid the world of the necessity of it's product. Hint: read as sarcasm.

If you don't like the company, avoid it. Don't preach.

And no, I'm not in any way affiliated with or a devotee of Microsoft or Symantec.
Posted by J_Satch (571 comments ): September 22, 2005 6:13 AM (PDT) Like Link Flag

What is Most Important?

I agree that the CNet summary of the Symantec report provides limited and incomplete information, as is typically the case with summaries. I also agree that the report (or at least the CNet summary of the report) raises some unaddressed issues, such as how many vulnerabilities has each browser averaged per year since its initial release?

The number of pending vulnerability reports is an interesting, and potentially significant figure. It would also be helpful to know what percentage of pending vulnerabilities historically have been validated as actual, patchable vulnerabilities for each browser. Is Mozilla/Firefox subjected to more rigorous analysis because it is an open-source project? Or is IE probed more closely by security analysts because its dominant share ensures that any verified vulnerability will be of more significance, or perhaps a source of greater acclaim for its discoverer? I think these are worthwhile questions to ask.

While Symantec is obligated to reveal any business relationships it has with any vendor whose software it is analyzing, I don't buy the notion that Symantec would willingly encourage the public to use a more vulnerable browser either out of deference to Microsoft or as a short-sighted effort to boost its own products. Symantec has a professional reputation to uphold that is far more valuable to it in the long run than any short-term gain as a sell-out in a report that virtually no one will read.

My conclusion is this: a respectable company with good security credentials has culled some factual information that suggests it is possible that Mozilla-based browsers may be more vulnerable to security threats, at least technically, than is Internet Explorer. As users of Mozilla-based browsers, instead of lashing out at the messenger (Symantec and CNet) or declaring without countervailing facts that the evidence meaningless, doesnt it make better sense to find out whether there is anything more that we can or should do to protect ourselves from these vulnerabilites? Which is more important: Mozillas untarnished honor, or your data?

Posted by Techno Guy (77 comments )

September 19, 2005 4:43 PM (PDT) Like Reply Link Flag

Symantec's outrageous claim: Excellent post. If you were to count the number of vulnerablities from the release date of IE 6 and Mozilla 1.0, IE 6 would have more. If I go to Windows Update, there are about 15 IE security updates which I haven't bothered to download. It'd be interesting to have someone count the number of both browsers. A user's data is more important anyday. Mozilla might be getting more hacker's attention now since it's ever so growing popularity.
Posted by pentium4forever (193 comments ): September 19, 2005 9:00 PM (PDT) Like Link Flag

What is Most Important?

Posted by Techno Guy (77 comments )

September 19, 2005 4:43 PM (PDT) Like Reply Link Flag

Symantec's outrageous claim: Excellent post. If you were to count the number of vulnerablities from the release date of IE 6 and Mozilla 1.0, IE 6 would have more. If I go to Windows Update, there are about 15 IE security updates which I haven't bothered to download. It'd be interesting to have someone count the number of both browsers. A user's data is more important anyday. Mozilla might be getting more hacker's attention now since it's ever so growing popularity.
Posted by pentium4forever (193 comments ): September 19, 2005 9:00 PM (PDT) Like Link Flag

Microsoft pays Shill to blab for them

Does anyone take anything they say or who they pay to seriously anymore?

Posted by sharkscott2 (3 comments )

September 19, 2005 4:48 PM (PDT) Like Reply Link Flag

Seriously?: NOPE!
Posted by Mister C (423 comments ): September 19, 2005 7:12 PM (PDT) Like Link Flag

Microsoft pays Shill to blab for them

Does anyone take anything they say or who they pay to seriously anymore?

Posted by sharkscott2 (3 comments )

September 19, 2005 4:48 PM (PDT) Like Reply Link Flag

Seriously?: NOPE!
Posted by Mister C (423 comments ): September 19, 2005 7:12 PM (PDT) Like Link Flag

It's official!!!

No browser is safe... yet. The sooner these vulnerabilities are detected and fixed, the better. Then maybe the browser will be safe...

Posted by Mendz (519 comments )

September 19, 2005 7:07 PM (PDT) Like Reply Link Flag

There is another alternative for security: I use FF with my XP partition. I also boot Linux for security reasons. I use Linux for the Internet and other "unsecure" multimedia. Everything else I use Windows. I have not had one problem with viruses, trojans and spyware since. Firefox is great for added security in Windows, but Linux is just plain more secure at the moment.
Posted by mstlyevil (39 comments ): September 22, 2005 8:39 PM (PDT) Like Link Flag

It's official!!!

No browser is safe... yet. The sooner these vulnerabilities are detected and fixed, the better. Then maybe the browser will be safe...

Posted by Mendz (519 comments )

September 19, 2005 7:07 PM (PDT) Like Reply Link Flag

There is another alternative for security: I use FF with my XP partition. I also boot Linux for security reasons. I use Linux for the Internet and other "unsecure" multimedia. Everything else I use Windows. I have not had one problem with viruses, trojans and spyware since. Firefox is great for added security in Windows, but Linux is just plain more secure at the moment.
Posted by mstlyevil (39 comments ): September 22, 2005 8:39 PM (PDT) Like Link Flag

It is possible: From what I see, I think it is very much possible. Firefox started with simple browser and it have kept on adding new features to do more, and hence increasing the code complexity.

I think in future it is very much possible that mozilla shall go the internet explorer way.

~Shantanu
<a class="jive-link-external" href="http://godisnear.blogspot.com" target="_newWindow">http://godisnear.blogspot.com</a>
Posted by (29 comments ): September 19, 2005 7:21 PM (PDT) Like Reply Link Flag

It is possible: From what I see, I think it is very much possible. Firefox started with simple browser and it have kept on adding new features to do more, and hence increasing the code complexity.

I think in future it is very much possible that mozilla shall go the internet explorer way.

~Shantanu
<a class="jive-link-external" href="http://godisnear.blogspot.com" target="_newWindow">http://godisnear.blogspot.com</a>
Posted by (29 comments ): September 19, 2005 7:21 PM (PDT) Like Reply Link Flag

Symantec should apologize to Mozilla!

Symantec are losing a little bit of respect from me after making such a remark. As the article states,

"There are 19 security issues that Microsoft still has to deal with for Internet Explorer, while there are only three for Firefox."

Security on the Internet is an on-going process. Hackers continue to target IE more than any other browser. The only reason there are more counted this year for Firefox is probably because security experts don't count the ones that weren't/or haven't been fixed. I hereby think less of Symantec for saying Firefox is more vulnerable to attacks. That is complete BS. Furthermore, keep in mind, Firefox is by Mozilla Organization which has Firefox open source. When there's a problem with Firefox, it gets fixed within hours, not weeks. With Microsoft and Internet Explorer, it may take weeks. However, that's if it's even patched.

Symantec, I say Firefox loyalists call you and demand you apologize to the Mozilla organization for your outrageous claim! It surely isn't true, IE is more vulnerable. The more something is used the more it is exposed resulting in more attacks. Mozilla takes security very seriously, that's why they don't leave any scraps on the floor for very long, they pick up after themselves unlike MS does with IE.

Posted by pentium4forever (193 comments )

September 19, 2005 8:52 PM (PDT) Like Reply Link Flag

a bet: I bet you are one of the many who haven't actually read the "Internet Security Threat Report VIII", right?

Firstly, Symantec never said that "Firefox was more vulnerable to attacks". They only said that "Firefox has more vulnerabilities" in the pertained time frame. Similar words, but very different meanings.

Secondly, the report is an all-around 100 page report on the many aspects of the Internet architecture. Web browsers was only a mere whisper in the vast other more-important topics discussed. This article is only a fragment of the report taken out of context and made to appear that it is a war between Firefox and Internet Explorer.

Thirdly, Firefox, as well as many other browsers such as Opera, Konqueror and Safari, were equally discussed in the report. Each were equally criticized with measurable data as well providing justifications for those trends, some of which actually vindicated Firefox and explained away the discrepancies.
Posted by nrlz (98 comments ): September 19, 2005 10:18 PM (PDT) Like Link Flag

Symantec should apologize to Mozilla!

Posted by pentium4forever (193 comments )

September 19, 2005 8:52 PM (PDT) Like Reply Link Flag

a bet: I bet you are one of the many who haven't actually read the "Internet Security Threat Report VIII", right?

Firstly, Symantec never said that "Firefox was more vulnerable to attacks". They only said that "Firefox has more vulnerabilities" in the pertained time frame. Similar words, but very different meanings.

Secondly, the report is an all-around 100 page report on the many aspects of the Internet architecture. Web browsers was only a mere whisper in the vast other more-important topics discussed. This article is only a fragment of the report taken out of context and made to appear that it is a war between Firefox and Internet Explorer.

Thirdly, Firefox, as well as many other browsers such as Opera, Konqueror and Safari, were equally discussed in the report. Each were equally criticized with measurable data as well providing justifications for those trends, some of which actually vindicated Firefox and explained away the discrepancies.
Posted by nrlz (98 comments ): September 19, 2005 10:18 PM (PDT) Like Link Flag

Symantec to Cnet: Could you put our name in bold?: Blah blah, buy Symantec products.
Posted by M C (598 comments ): September 20, 2005 2:40 AM (PDT) Like Reply Link Flag

Symantec to Cnet: Could you put our name in bold?: Blah blah, buy Symantec products.
Posted by M C (598 comments ): September 20, 2005 2:40 AM (PDT) Like Reply Link Flag

Conflict of Interest?: Hmmm...

I repair computers for a living. Ever since IE and SpyWare have become full-fledged partners, I have literally been making a killing. Not my choice, just the way it works out; I would much rather work on hardware problems.

After I clean up all the SpyWare/MalWare, and remove all the trojans that IE helped download onto their systems, I put my customers on Firefox and don't hear anything else out of them concerning unexplained pc shutdowns, unwanted pop-up ads, unresponsive applications, etc.

Now Symantec (an Anti-Spyware vendor) is dogging Mozilla/Firefox about their security record?

Makes me think of that old legend about the electronics company that made radar detectors for the general public was the same company making radar guns for the police departments.

---
Max
Posted by (2 comments ): September 20, 2005 3:14 AM (PDT) Like Reply Link Flag

Conflict of Interest?: Hmmm...

I repair computers for a living. Ever since IE and SpyWare have become full-fledged partners, I have literally been making a killing. Not my choice, just the way it works out; I would much rather work on hardware problems.

After I clean up all the SpyWare/MalWare, and remove all the trojans that IE helped download onto their systems, I put my customers on Firefox and don't hear anything else out of them concerning unexplained pc shutdowns, unwanted pop-up ads, unresponsive applications, etc.

Now Symantec (an Anti-Spyware vendor) is dogging Mozilla/Firefox about their security record?

Makes me think of that old legend about the electronics company that made radar detectors for the general public was the same company making radar guns for the police departments.

---
Max
Posted by (2 comments ): September 20, 2005 3:14 AM (PDT) Like Reply Link Flag

I told you, you FireFox Harlots!

I Bob Knight have been foreseeing this for quite some time.

No matter what you think just do some simple math in your elitist little heads and you'll see. Hmm IE has 90% of the market and FireFox 5% or whatever they might be and you'll see that if IE has 13 vulnerabilities while FF has 3 the error rate sides for IE. Imagine if FF had more browser market share then it would have a Googolplex of bugs!

People will never test open source software better than commercial software. And don't say Linux, Red Hat makes you pay for it!

Posted by (43 comments )

September 20, 2005 5:30 AM (PDT) Like Reply Link Flag

Hmmmm...: Arrogant... immature... and who did you want to listen to you?
Posted by ddesy (4338 comments ): September 20, 2005 8:57 AM (PDT) Like Link Flag

let's do that math you were talking about...: If you take into account the dates that alerts were posted, to the time they were fixed, IE was safe to use for a total of 4 days...in the last year. Then take in account that the vulnerabilities existed for weeks or months before Microsoft would officially admit they existed (if at all).

At the time of the IDN vulnerability in Firefox (Sept 8), the Mozilla Foundation had a fix (Sept. 9) config tweak/patch) the next day, and a new release within 6 days (Sept. 15). In retrospect, with 18 vulnerabilities (for IE alone) on the books, Microsoft chose to skip last month's patch release.

Your logic concerning open source testing provides no statistical analysis, no documentation, and no proof. Only FUD. The main fact that can be applied to your statement is that there is no guarantee that closed-source software does any testing, because no user can audit the code.

There are no bridges here troll...move along.
Posted by michaeldgeier (9 comments ): September 20, 2005 12:32 PM (PDT) Like Link Flag

Red Hat may make you pay.: You obviously are ignorant about Linux. Red Hat is not the only distro out there. There are plenty of very good free distro's like Ubuntu for example. Weather it is that Linux is built for better security or it is because Linux is not on 85% of the worlds pc's and therefore not a target, Linux is just plain more secure than Windows. Btw, Linux/Unix is run on 80% of the worlds servers for a reason.
Posted by mstlyevil (39 comments ): September 22, 2005 8:53 PM (PDT) Like Link Flag

I told you, you FireFox Harlots!

Posted by (43 comments )

September 20, 2005 5:30 AM (PDT) Like Reply Link Flag

Hmmmm...: Arrogant... immature... and who did you want to listen to you?
Posted by ddesy (4338 comments ): September 20, 2005 8:57 AM (PDT) Like Link Flag

let's do that math you were talking about...: If you take into account the dates that alerts were posted, to the time they were fixed, IE was safe to use for a total of 4 days...in the last year. Then take in account that the vulnerabilities existed for weeks or months before Microsoft would officially admit they existed (if at all).

At the time of the IDN vulnerability in Firefox (Sept 8), the Mozilla Foundation had a fix (Sept. 9) config tweak/patch) the next day, and a new release within 6 days (Sept. 15). In retrospect, with 18 vulnerabilities (for IE alone) on the books, Microsoft chose to skip last month's patch release.

Your logic concerning open source testing provides no statistical analysis, no documentation, and no proof. Only FUD. The main fact that can be applied to your statement is that there is no guarantee that closed-source software does any testing, because no user can audit the code.

There are no bridges here troll...move along.
Posted by michaeldgeier (9 comments ): September 20, 2005 12:32 PM (PDT) Like Link Flag

Red Hat may make you pay.: You obviously are ignorant about Linux. Red Hat is not the only distro out there. There are plenty of very good free distro's like Ubuntu for example. Weather it is that Linux is built for better security or it is because Linux is not on 85% of the worlds pc's and therefore not a target, Linux is just plain more secure than Windows. Btw, Linux/Unix is run on 80% of the worlds servers for a reason.
Posted by mstlyevil (39 comments ): September 22, 2005 8:53 PM (PDT) Like Link Flag

Misleading article.

Sure they have equal security risks but how far and wide had
Microsoft let their problems spread and corrode? How crappy
have they allowed their email and mail client to become
without upgrading? As of date Microsoft has around 15
vulnerabilities where Firefox has 3. Meaning Firefox fixes and
upgrades right away.

What would you choose?
Spoonfed by a lazy company that dishes out leftover table
scraps or a company that cares and actually wants to be
cutting edge?

Posted by Blito (436 comments )

September 20, 2005 6:47 AM (PDT) Like Reply Link Flag

I meant to say Symantec misleading not CNET article: I meant to say Symantec Misleading not CNET article.
Posted by Blito (436 comments ): September 20, 2005 7:31 AM (PDT) Like Link Flag

Misleading article.

Posted by Blito (436 comments )

September 20, 2005 6:47 AM (PDT) Like Reply Link Flag

I meant to say Symantec misleading not CNET article: I meant to say Symantec Misleading not CNET article.
Posted by Blito (436 comments ): September 20, 2005 7:31 AM (PDT) Like Link Flag

: i cannot open my yahoomail, they telling the security certificate was expired
Posted by rahmanr (1 comment ): July 3, 2008 6:45 AM (PDT) Like Reply Link Flag

Join the conversation

Report offensive content:

E-mail this comment to a friend.

Warning! You will be deleting this comment and all its replies (if applicable).