Comments on: Symantec: Mozilla browsers more vulnerable than IE

But the security specialist also finds that Microsoft's browser is the only one widely exploited by hackers today.

vendor-confirmed vulnerabilities

So, the term "vendor-confirmed vulnerabilities" is an interesting one. The Mozilla group seems to be very responsive to user input, so I expect that they will confirm any actual vulnerabilities as quickly as possible. In contrast, Microsoft wants to maintain an image of reliance and security (though many question whether it has either), so they seem to drag their feet with confirming vulnerabilities, at least to the public. Good luck ever getting good data out of Microsoft for actual vulnerability comparisons.

vendor-confirmed vulnerabilities

So, the term "vendor-confirmed vulnerabilities" is an interesting one. The Mozilla group seems to be very responsive to user input, so I expect that they will confirm any actual vulnerabilities as quickly as possible. In contrast, Microsoft wants to maintain an image of reliance and security (though many question whether it has either), so they seem to drag their feet with confirming vulnerabilities, at least to the public. Good luck ever getting good data out of Microsoft for actual vulnerability comparisons.

Check Secunia

Secunia stats seem a bit more accurate
www.secunia.com
It isnt at all suprising that symantec would lick the hand that feeds them. The problem is people believe this garbage

Check Secunia

Secunia stats seem a bit more accurate
www.secunia.com
It isnt at all suprising that symantec would lick the hand that feeds them. The problem is people believe this garbage

[aabcdefghij987654321]

Speculating about Symantec

I am speculating here. Symantec makes its living with viruses. Imagine a world were all PCs runs a very safe OS (supposig one exists) and a very safe browser (not necessarily Firefox) rules; aPeople would surf the net more safely, their machines would be less likely be attacked by worms, viruses and Co. An antivirus would not be necessary.

Now imagine a parallel world where people use very unsafe browser and mailer on a very unsafe OS prone to catch a virus every minute. Of course an antivirus would be absolutely required.

If it's up to Syamtec to decide which of these two worlds we should live, what do you think their choice would be? A safer world with no need of antivirus programs or a very unsafe world with a very powerful antivirus?

This said, could it be that Symantec is making "politics" here, preferring IE/MS because of the higher number of expoited vulnerabilities than other browser/platforms?

[Techno Guy]

This Sounds Like Some Other Theories I've Heard...

"If it's up to Syamtec to decide which of these two worlds we should live, what do you think their choice would be? A safer world with no need of antivirus programs or a very unsafe world with a very powerful antivirus?"

This sounds an awful lot like the complaint that doctors and pharmaceutical companies have the cures for all kinds of diseases, but they keep them secret in order to keep up their revenues from drug sales. A good, old conspiracy theory.

[pentium4forever]

Symantec needs to tell the truth

Good post. Even with Firefox and not IE, antivirus software would still be needed. It may not be as 'highly urgent' though, maybe medium urgent level. LOL. Symantec is way out of line with their claim. I think I'll recommend other antivirus to people after they making such a remark.

[J_Satch]

Exercise in Futility

It is futile to imagine a world of secure and virus free operating systems and browsers. As your secure and virus free software grows to become the defacto worldwide standard, thus drawing worldwide attention to itself on a massive scale, it ceases to become secure and virus free.

Further, God forbid that a business should seek to actually stay in business. A good business should seek to rid the world of the necessity of it's product. Hint: read as sarcasm.

If you don't like the company, avoid it. Don't preach.

And no, I'm not in any way affiliated with or a devotee of Microsoft or Symantec.

[aabcdefghij987654321]

Speculating about Symantec

I am speculating here. Symantec makes its living with viruses. Imagine a world were all PCs runs a very safe OS (supposig one exists) and a very safe browser (not necessarily Firefox) rules; aPeople would surf the net more safely, their machines would be less likely be attacked by worms, viruses and Co. An antivirus would not be necessary.

Now imagine a parallel world where people use very unsafe browser and mailer on a very unsafe OS prone to catch a virus every minute. Of course an antivirus would be absolutely required.

If it's up to Syamtec to decide which of these two worlds we should live, what do you think their choice would be? A safer world with no need of antivirus programs or a very unsafe world with a very powerful antivirus?

This said, could it be that Symantec is making "politics" here, preferring IE/MS because of the higher number of expoited vulnerabilities than other browser/platforms?

[Techno Guy]

This Sounds Like Some Other Theories I've Heard...

"If it's up to Syamtec to decide which of these two worlds we should live, what do you think their choice would be? A safer world with no need of antivirus programs or a very unsafe world with a very powerful antivirus?"

This sounds an awful lot like the complaint that doctors and pharmaceutical companies have the cures for all kinds of diseases, but they keep them secret in order to keep up their revenues from drug sales. A good, old conspiracy theory.

[pentium4forever]

Symantec needs to tell the truth

Good post. Even with Firefox and not IE, antivirus software would still be needed. It may not be as 'highly urgent' though, maybe medium urgent level. LOL. Symantec is way out of line with their claim. I think I'll recommend other antivirus to people after they making such a remark.

[J_Satch]

Exercise in Futility

It is futile to imagine a world of secure and virus free operating systems and browsers. As your secure and virus free software grows to become the defacto worldwide standard, thus drawing worldwide attention to itself on a massive scale, it ceases to become secure and virus free.

Further, God forbid that a business should seek to actually stay in business. A good business should seek to rid the world of the necessity of it's product. Hint: read as sarcasm.

If you don't like the company, avoid it. Don't preach.

And no, I'm not in any way affiliated with or a devotee of Microsoft or Symantec.

[Techno Guy]

What is Most Important?

I agree that the CNet summary of the Symantec report provides limited and incomplete information, as is typically the case with summaries. I also agree that the report (or at least the CNet summary of the report) raises some unaddressed issues, such as how many vulnerabilities has each browser averaged per year since its initial release?

The number of pending vulnerability reports is an interesting, and potentially significant figure. It would also be helpful to know what percentage of pending vulnerabilities historically have been validated as actual, patchable vulnerabilities for each browser. Is Mozilla/Firefox subjected to more rigorous analysis because it is an open-source project? Or is IE probed more closely by security analysts because its dominant share ensures that any verified vulnerability will be of more significance, or perhaps a source of greater acclaim for its discoverer? I think these are worthwhile questions to ask.

While Symantec is obligated to reveal any business relationships it has with any vendor whose software it is analyzing, I don't buy the notion that Symantec would willingly encourage the public to use a more vulnerable browser either out of deference to Microsoft or as a short-sighted effort to boost its own products. Symantec has a professional reputation to uphold that is far more valuable to it in the long run than any short-term gain as a sell-out in a report that virtually no one will read.

My conclusion is this: a respectable company with good security credentials has culled some factual information that suggests it is possible that Mozilla-based browsers may be more vulnerable to security threats, at least technically, than is Internet Explorer. As users of Mozilla-based browsers, instead of lashing out at the messenger (Symantec and CNet) or declaring without countervailing facts that the evidence meaningless, doesn?t it make better sense to find out whether there is anything more that we can or should do to protect ourselves from these vulnerabilites? Which is more important: Mozilla?s untarnished honor, or your data?

[pentium4forever]

Symantec's outrageous claim

Excellent post. If you were to count the number of vulnerablities from the release date of IE 6 and Mozilla 1.0, IE 6 would have more. If I go to Windows Update, there are about 15 IE security updates which I haven't bothered to download. It'd be interesting to have someone count the number of both browsers. A user's data is more important anyday. Mozilla might be getting more hacker's attention now since it's ever so growing popularity.

[Techno Guy]

What is Most Important?

I agree that the CNet summary of the Symantec report provides limited and incomplete information, as is typically the case with summaries. I also agree that the report (or at least the CNet summary of the report) raises some unaddressed issues, such as how many vulnerabilities has each browser averaged per year since its initial release?

The number of pending vulnerability reports is an interesting, and potentially significant figure. It would also be helpful to know what percentage of pending vulnerabilities historically have been validated as actual, patchable vulnerabilities for each browser. Is Mozilla/Firefox subjected to more rigorous analysis because it is an open-source project? Or is IE probed more closely by security analysts because its dominant share ensures that any verified vulnerability will be of more significance, or perhaps a source of greater acclaim for its discoverer? I think these are worthwhile questions to ask.

While Symantec is obligated to reveal any business relationships it has with any vendor whose software it is analyzing, I don't buy the notion that Symantec would willingly encourage the public to use a more vulnerable browser either out of deference to Microsoft or as a short-sighted effort to boost its own products. Symantec has a professional reputation to uphold that is far more valuable to it in the long run than any short-term gain as a sell-out in a report that virtually no one will read.

My conclusion is this: a respectable company with good security credentials has culled some factual information that suggests it is possible that Mozilla-based browsers may be more vulnerable to security threats, at least technically, than is Internet Explorer. As users of Mozilla-based browsers, instead of lashing out at the messenger (Symantec and CNet) or declaring without countervailing facts that the evidence meaningless, doesn?t it make better sense to find out whether there is anything more that we can or should do to protect ourselves from these vulnerabilites? Which is more important: Mozilla?s untarnished honor, or your data?

[pentium4forever]

Symantec's outrageous claim

Excellent post. If you were to count the number of vulnerablities from the release date of IE 6 and Mozilla 1.0, IE 6 would have more. If I go to Windows Update, there are about 15 IE security updates which I haven't bothered to download. It'd be interesting to have someone count the number of both browsers. A user's data is more important anyday. Mozilla might be getting more hacker's attention now since it's ever so growing popularity.

Microsoft pays Shill to blab for them

Does anyone take anything they say or who they pay to seriously anymore?

[Mister C]

Seriously?

NOPE!

Microsoft pays Shill to blab for them

Does anyone take anything they say or who they pay to seriously anymore?

[Mister C]

Seriously?

NOPE!

[Mendz]

It's official!!!

No browser is safe... yet. The sooner these vulnerabilities are detected and fixed, the better. Then maybe the browser will be safe...

[mstlyevil]

There is another alternative for security

I use FF with my XP partition. I also boot Linux for security reasons. I use Linux for the Internet and other "unsecure" multimedia. Everything else I use Windows. I have not had one problem with viruses, trojans and spyware since. Firefox is great for added security in Windows, but Linux is just plain more secure at the moment.

[Mendz]

It's official!!!

No browser is safe... yet. The sooner these vulnerabilities are detected and fixed, the better. Then maybe the browser will be safe...

[mstlyevil]

There is another alternative for security

I use FF with my XP partition. I also boot Linux for security reasons. I use Linux for the Internet and other "unsecure" multimedia. Everything else I use Windows. I have not had one problem with viruses, trojans and spyware since. Firefox is great for added security in Windows, but Linux is just plain more secure at the moment.

It is possible

From what I see, I think it is very much possible. Firefox started with simple browser and it have kept on adding new features to do more, and hence increasing the code complexity.

I think in future it is very much possible that mozilla shall go the internet explorer way.

~Shantanu
http://godisnear.blogspot.com

It is possible

From what I see, I think it is very much possible. Firefox started with simple browser and it have kept on adding new features to do more, and hence increasing the code complexity.

I think in future it is very much possible that mozilla shall go the internet explorer way.

~Shantanu
http://godisnear.blogspot.com

[pentium4forever]

Symantec should apologize to Mozilla!

Symantec are losing a little bit of respect from me after making such a remark. As the article states,

"There are 19 security issues that Microsoft still has to deal with for Internet Explorer, while there are only three for Firefox."

Security on the Internet is an on-going process. Hackers continue to target IE more than any other browser. The only reason there are more counted this year for Firefox is probably because security experts don't count the ones that weren't/or haven't been fixed. I hereby think less of Symantec for saying Firefox is more vulnerable to attacks. That is complete BS. Furthermore, keep in mind, Firefox is by Mozilla Organization which has Firefox open source. When there's a problem with Firefox, it gets fixed within hours, not weeks. With Microsoft and Internet Explorer, it may take weeks. However, that's if it's even patched.

Symantec, I say Firefox loyalists call you and demand you apologize to the Mozilla organization for your outrageous claim! It surely isn't true, IE is more vulnerable. The more something is used the more it is exposed resulting in more attacks. Mozilla takes security very seriously, that's why they don't leave any scraps on the floor for very long, they pick up after themselves unlike MS does with IE.

[nrlz]

a bet

I bet you are one of the many who haven't actually read the "Internet Security Threat Report VIII", right?

Firstly, Symantec never said that "Firefox was more vulnerable to attacks". They only said that "Firefox has more vulnerabilities" in the pertained time frame. Similar words, but very different meanings.

Secondly, the report is an all-around 100 page report on the many aspects of the Internet architecture. Web browsers was only a mere whisper in the vast other more-important topics discussed. This article is only a fragment of the report taken out of context and made to appear that it is a war between Firefox and Internet Explorer.

Thirdly, Firefox, as well as many other browsers such as Opera, Konqueror and Safari, were equally discussed in the report. Each were equally criticized with measurable data as well providing justifications for those trends, some of which actually vindicated Firefox and explained away the discrepancies.

[pentium4forever]

Symantec should apologize to Mozilla!

Symantec are losing a little bit of respect from me after making such a remark. As the article states,

"There are 19 security issues that Microsoft still has to deal with for Internet Explorer, while there are only three for Firefox."

Security on the Internet is an on-going process. Hackers continue to target IE more than any other browser. The only reason there are more counted this year for Firefox is probably because security experts don't count the ones that weren't/or haven't been fixed. I hereby think less of Symantec for saying Firefox is more vulnerable to attacks. That is complete BS. Furthermore, keep in mind, Firefox is by Mozilla Organization which has Firefox open source. When there's a problem with Firefox, it gets fixed within hours, not weeks. With Microsoft and Internet Explorer, it may take weeks. However, that's if it's even patched.

Symantec, I say Firefox loyalists call you and demand you apologize to the Mozilla organization for your outrageous claim! It surely isn't true, IE is more vulnerable. The more something is used the more it is exposed resulting in more attacks. Mozilla takes security very seriously, that's why they don't leave any scraps on the floor for very long, they pick up after themselves unlike MS does with IE.

[nrlz]

a bet

I bet you are one of the many who haven't actually read the "Internet Security Threat Report VIII", right?

Firstly, Symantec never said that "Firefox was more vulnerable to attacks". They only said that "Firefox has more vulnerabilities" in the pertained time frame. Similar words, but very different meanings.

Secondly, the report is an all-around 100 page report on the many aspects of the Internet architecture. Web browsers was only a mere whisper in the vast other more-important topics discussed. This article is only a fragment of the report taken out of context and made to appear that it is a war between Firefox and Internet Explorer.

Thirdly, Firefox, as well as many other browsers such as Opera, Konqueror and Safari, were equally discussed in the report. Each were equally criticized with measurable data as well providing justifications for those trends, some of which actually vindicated Firefox and explained away the discrepancies.

[M C]

Symantec to Cnet: Could you put our name in bold?

Blah blah, buy Symantec products.

[M C]

Symantec to Cnet: Could you put our name in bold?

Blah blah, buy Symantec products.

Conflict of Interest?

Hmmm...

I repair computers for a living. Ever since IE and SpyWare have become full-fledged partners, I have literally been making a killing. Not my choice, just the way it works out; I would much rather work on hardware problems.

After I clean up all the SpyWare/MalWare, and remove all the trojans that IE helped download onto their systems, I put my customers on Firefox and don't hear anything else out of them concerning unexplained pc shutdowns, unwanted pop-up ads, unresponsive applications, etc.

Now Symantec (an Anti-Spyware vendor) is dogging Mozilla/Firefox about their security record?

Makes me think of that old legend about the electronics company that made radar detectors for the general public was the same company making radar guns for the police departments.

---
Max

Conflict of Interest?

Hmmm...

I repair computers for a living. Ever since IE and SpyWare have become full-fledged partners, I have literally been making a killing. Not my choice, just the way it works out; I would much rather work on hardware problems.

After I clean up all the SpyWare/MalWare, and remove all the trojans that IE helped download onto their systems, I put my customers on Firefox and don't hear anything else out of them concerning unexplained pc shutdowns, unwanted pop-up ads, unresponsive applications, etc.

Now Symantec (an Anti-Spyware vendor) is dogging Mozilla/Firefox about their security record?

Makes me think of that old legend about the electronics company that made radar detectors for the general public was the same company making radar guns for the police departments.

---
Max