March 22, 2005 1:28 PM PST

Mozilla: We're more secure than Microsoft

Related Stories

PC Forum: From Firefox security to outer space

March 23, 2005

Firefox fix plugs security holes

February 24, 2005
SCOTTSDALE, Ariz.--Even with increased popularity, the Firefox Web browser won't face as many security problems as Internet Explorer, according to the president of the Mozilla Foundation.

"There is nothing that will be perfect," said Mitchell Baker, president and chief lizard wrangler of the Mozilla Foundation, during a panel discussion at PC Forum here. (PC Forum is owned by CNET Networks, publisher of News.com.)

Still, Firefox, developed by the Mozilla Foundation, won't harbor nearly as many security flaws as those that have Microsoft's Internet Explorer, and increasing popularity won't change that, Mitchell predicted.

Some critics challenge that assumption. Symantec CEO John Thompson and other security executives have claimed that open-source programs will become more vulnerable as they pick up more users, because more hackers will become attracted to it.

Last month, Mozilla issued a major security update to fix several flaws, including one that would allow domain spoofing.

"There is this idea that market share alone will make you have more vulnerabilities," Baker said. "It is not relational at all."

Part of Firefox's better security profile comes from how it is developed, compared with Internet Explorer, she said. "Not being in the operating system is a phenomenal advantage for us," Baker said.

Another benefit, Baker said, comes from the fact that Firefox does not support Active X plug-ins. For years, some consumers and analysts have dinged Firefox because it couldn't run Active X.

"It turns out it is only less convenient until you get hacked," she said. "Then it becomes a disadvantage."

Mozilla is part of an industry effort to create an Active X alternative that would let plug-in applications such as Macromedia Flash run within the Web browser without the security risks associated with Active X. Others involved in that effort include browser makers Opera Software and Apple Computer, and plug-in makers Sun Microsystems, Macromedia and Adobe Systems.

In general, classic code flaws tend to be fairly easy to fix once they are found, she said. More difficult problems to guard against are the ones that exploit human behavior, like phishing.

"In some of these cases, the solution is very difficult to determine," she said. "There are some circumstances where the speed won't be as fast."

On another note, Baker added that the open-source movement still faces some growing pains. Large commercial customers are often not completely comfortable with open-source licensing, particularly because they are familiar with traditional licensing models.

She also said that new forms of public licenses are inevitable, as are conflicts and inconsistencies between different public licenses.

"If someone comes up with something, they have the right to determine the terms under which they give it away," she said.

CNET News.com reporter Paul Festa contributed to this report.

16 comments

Join the conversation!
Add your comment
Hey Baker...
What's with the big "FP" banner/sign/WHATEVERITIS in your building? And what's with that incredibly CREEPY wooden statue (maybe an indian?) in the entryway.

Pretty weird, man...
Posted by katamari (310 comments )
Reply Link Flag
good security innovations
I like how Firefox stole the yellow information bar idea from IE6 in WinXP-SP2. It makes Firefox a lot more secure by reducing "warning fatigue".
Posted by nrlz (98 comments )
Reply Link Flag
So..
The article is talking about how Mozilla Firefox will have less critical holes and your talking about some info bar no one really cares about? wow..

As she said that no software is perfect but Mozilla and other open source projects have done a great job..I'm sure FF and other will not have to much trouble.. All the Anti-FF people try to rub it in that FF has some holes but IE has more holes then swiss cheese.I trust FF until it gives me a reason to change like IE did..until that time if it comes I do enjoy FF's features like tabbed browsing, extentions which make the browser highly customizable
Posted by Greenbeanx (35 comments )
Link Flag
I like how IE 6 is stealing FF tab browesing
who cares about a little yellow bar...???

My only issue with FF is that new novice users will have a harder time installing stuff like flash and FF doesn't have the servers to handle the secuirty updates.
Posted by saleen351 (36 comments )
Link Flag
Firefox
I see a lot of you pointing out that Firefox's tabbed browsing comes from Opera. Well, maybe it does, but tabs in a program have been around for a long time. Opera my have been first to use it in a web browsers, but they weren't the first to use it in a program.

Some of you have pointed out that it's innovation not reinvention that keeps the markets going. Firefox has copied many ideas from other venders and other venders will copy ideas from Firefox. It's one thing to copy an idea. It's another to rip off somebodies work. I would imagine that is a fine line.
Posted by System Tyrant (1453 comments )
Reply Link Flag
Yes, it is.
It's the difference between having a copyright and having a patent, for example.

It really isn't supposed to work this way, but with software patents and the review process being what it is, I wouldn't be surprised if Microsoft could get a patent on the little warning bar and Opera could get a patent on the tabbed browsing and so on and so forth.

Then, it would take several years for the patent to finally be reexamined and thrown out . . . of course, we all know software patents are here to advance the pace of innovation, right? Apparently, that's by making sure everyone has to file papers to use features that never should have been patented because they are obvious combinations of existing inventions (like tabbed browsing--oh, wow, I came up with the idea to put a taskbar, essentially, in a web browser instead of an OS). Obvious combination, right?

Well, similar stupidity does make it through the patent process. It would seem the debate over proper credit and what constitutes "stealing of ideas" is still alive and well.

Really, if we already had the "fine line", we would much better off. But, it seems like the line doesn't stay put. No wonder there are so many patent suits in this industry.
Posted by (282 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.