Mozilla Web browsers are potentially more vulnerable to attack than Microsoft's Internet Explorer, according to a Symantec report.
But the report, released Monday, also found that hackers are still focusing their efforts on IE.
The open-source Mozilla Foundation browsers, such as the popular Firefox, have typically been seen as more secure than IE, which has suffered many security problems in the past. Mitchell Baker, president of the foundation, said earlier this year that its browsers were fundamentally more secure than IE. She also predicted that Mozilla Foundation browsers would not face as many problems as IE, even as their market share grows.
Symantec's Internet Security Threat Report Volume VIII contains data for the first six months of this year that may contradict this perception.
According to the report, 25 vendor-confirmed vulnerabilities were disclosed for the Mozilla browsers during the first half of 2005, "the most of any browser studied," the report's authors stated. Eighteen of these flaws were classified as high severity.
"During the same period, 13 vendor-confirmed vulnerabilities were disclosed for IE, eight of which were high severity," the report noted.
The average severity rating of the vulnerabilities associated with both IE and Mozilla browsers in this period was classified as "high", which Symantec defined as "resulting in a compromise of the entire system if exploited."
The Mozilla Foundation did not immediately respond to requests for comment.
Symantec reported that the gap between vulnerabilities being reported and exploit code being released has dropped to six days on average. However, it's not clear from the report how quickly Microsoft and Mozilla released patches for their respective vulnerabilities, or how many of the vulnerabilities were targeted by hackers, though Microsoft generally releases patches only on a monthly basis.
Symantec admitted that "at the time of writing, no widespread exploitation of any browser except Microsoft Internet Explorer has occurred," but added that it "expects this to change as alternative browsers become increasingly widely deployed."
There is one caveat: Symantec counts only those security flaws that have been confirmed by the vendor. According to security monitoring company Secunia, there are 19 security issues that Microsoft still has to deal with for Internet Explorer, while there are only three for Firefox.
The report also highlighted a trend away from the focus of security being on "servers, firewalls, and other systems with external exposure." Instead, "client-side systems--primarily end-user systems--(are) becoming increasingly prominent targets of malicious activity."
Web browser vulnerabilities are becoming a preferred entry point into systems, the report stated. It also highlighted the trend of hackers operating for financial gain rather than recognition, increased potential exposure of confidential information, and a "dramatic increase in malicious code variants".
Tom Espiner of ZDNet UK reported from London. CNET News.com's Joris Evers contributed to this report.
Sounds to me like an incomplete report. From their own admission it doesn't take into consideration how fast a flaw is fixed or how many are still open.
It looks to me more like a one sided report trying to make open source look less secure than closed source. Not having read the report it sounds like what it might be saying is that flaws are easier to find in open source than in closed source.
Without consideration for how long each browser took to fix the flaw and the number of exploits before a patch was released this report just doesn't look like much to help a user or company make an informed decision on what browser to use (if that was the purpose of the report). Like I said though I haven't read the report and you can't go by what the press says, so it maybe just the oppisite of that.
- Scope of the bug in terms of the size of the affected area as opposed to just its severity. (e.g., a security bug in bookmarks vs. a bug in the Javascript engine)
- Speed of which bugs are fixed in terms of the complexity of the architecture. (e.g., fixing bugs in Notepad vs. Visual Studio)
- Quality of fix in terms of whether the bug is cerified not to affect other features or third-party applications. (Imagine if an IE fix actually disabled Microsoft Office! Havoc!)
- Quality of support in terms of providing help and documentation to the end-users, whom apply the patches. (ISO:9000)
Sounds to me like an incomplete report. From their own admission it doesn't take into consideration how fast a flaw is fixed or how many are still open.
It looks to me more like a one sided report trying to make open source look less secure than closed source. Not having read the report it sounds like what it might be saying is that flaws are easier to find in open source than in closed source.
Without consideration for how long each browser took to fix the flaw and the number of exploits before a patch was released this report just doesn't look like much to help a user or company make an informed decision on what browser to use (if that was the purpose of the report). Like I said though I haven't read the report and you can't go by what the press says, so it maybe just the oppisite of that.
- Scope of the bug in terms of the size of the affected area as opposed to just its severity. (e.g., a security bug in bookmarks vs. a bug in the Javascript engine)
- Speed of which bugs are fixed in terms of the complexity of the architecture. (e.g., fixing bugs in Notepad vs. Visual Studio)
- Quality of fix in terms of whether the bug is cerified not to affect other features or third-party applications. (Imagine if an IE fix actually disabled Microsoft Office! Havoc!)
- Quality of support in terms of providing help and documentation to the end-users, whom apply the patches. (ISO:9000)
Symantec is MS licensor of several technologies, such as the defragmenter, and most likely the future anti-virus. Whatever happened to disclosing such financial ties. Guess corporate misinformation suits did not go far enough. Arr the pirate sez: "arrrr ye matey me smell a rat."
Like you said, more users of IE, more market for Symantec.
Symantec has always been a Microsoft lackey. They are one of those companies who forced their clients to buy upgrades for their software just to make it compatible with Windows XP when it was first released. It's not surprising that they put out reports flaming open source browsers (like someone said, if people use IE, it means more profit for them).
Symantec is MS licensor of several technologies, such as the defragmenter, and most likely the future anti-virus. Whatever happened to disclosing such financial ties. Guess corporate misinformation suits did not go far enough. Arr the pirate sez: "arrrr ye matey me smell a rat."
Like you said, more users of IE, more market for Symantec.
Symantec has always been a Microsoft lackey. They are one of those companies who forced their clients to buy upgrades for their software just to make it compatible with Windows XP when it was first released. It's not surprising that they put out reports flaming open source browsers (like someone said, if people use IE, it means more profit for them).
The foundation OS, is the FLAW, no matter the browser veiled ovder it
Windows security is Non-existent, thats the basis of this study. No matter what internet browser is placed on top if Windows, the cracks or hooks in this operating system are still present no matter what browser is used.
Sure, Firefox browser doesnt have as many pre-built hooks down into Windows as Internet Explorer does, probably because reverse-engineering Windows code is against the law for them, but if the bricks of this Internet house are built on top of Windows, there is only so much protection you can have.
The ultimate goal would be for MSFT to build a true Internet OS, one that is not for the desktop, does not have hooks to DCOM, or .exe, or Active-X. Until Windows is locked down, by design, from the start, no browser will be able to protect PC users from the features Windows offered to businesses for tying data together, that are subsequently used by the hackers to tie the hooks into a "web" of unintentional process calls and backdoor traps.
Using a more secure OS from the beginning is the only solution, and with Bill Gates screwing his unknowing customers any chance he gets, this will not happen anytime soon.
What a shame as we waste countless hours and billions of dollars while he got the fortunes by making a horses rump of you with his desire to stop Netscape at any cost; lets just mash IE into Windows.
Although Gates is dumb, he is betting that many others are dumber than he is, thus they keep buying Windows.
Let's try that again ... The problem seems to reside more in the "cattle herd" mentality of the American people, even though the cut-throat practices of Bill Gates are not to be denied. If Bill/WINDOWS perished tomorrow, would we be able to accelerate the development of LINUX to replace WINDOWS, any more than we could accelerate billions of dollars of relief to the victims of Hurricane Katrina at New Orleans? As a mathematician/chemist/electronics engineer, I can only comment about the disapproval of my purchase of a 2000 HONDA Insight. I was told how stupid it was to buy untried motor-based technology, even if we've known how to wind a motor since the beginning of the last century. Five years later, modulo a small amount of aftermarket modification (AMSOIL synthetics in place of "genuine HONDA"), here I am getting as much as 90.0 mpg @ warm weather/level highway cruising, while the rest of you are green with envy as you get pummelled with wild fluctuations of gasoline prices. Analogously, we can talk about the better security accoutrements of LINUX/UNIX, but I don't suppose that we can expect LINUX to take the place of WINDOWS until China and a lot of other nations adopt LINUX and thereby force the hand of the United States to do likewise.
The foundation OS, is the FLAW, no matter the browser veiled ovder it
Windows security is Non-existent, thats the basis of this study. No matter what internet browser is placed on top if Windows, the cracks or hooks in this operating system are still present no matter what browser is used.
Sure, Firefox browser doesnt have as many pre-built hooks down into Windows as Internet Explorer does, probably because reverse-engineering Windows code is against the law for them, but if the bricks of this Internet house are built on top of Windows, there is only so much protection you can have.
The ultimate goal would be for MSFT to build a true Internet OS, one that is not for the desktop, does not have hooks to DCOM, or .exe, or Active-X. Until Windows is locked down, by design, from the start, no browser will be able to protect PC users from the features Windows offered to businesses for tying data together, that are subsequently used by the hackers to tie the hooks into a "web" of unintentional process calls and backdoor traps.
Using a more secure OS from the beginning is the only solution, and with Bill Gates screwing his unknowing customers any chance he gets, this will not happen anytime soon.
What a shame as we waste countless hours and billions of dollars while he got the fortunes by making a horses rump of you with his desire to stop Netscape at any cost; lets just mash IE into Windows.
Although Gates is dumb, he is betting that many others are dumber than he is, thus they keep buying Windows.
Let's try that again ... The problem seems to reside more in the "cattle herd" mentality of the American people, even though the cut-throat practices of Bill Gates are not to be denied. If Bill/WINDOWS perished tomorrow, would we be able to accelerate the development of LINUX to replace WINDOWS, any more than we could accelerate billions of dollars of relief to the victims of Hurricane Katrina at New Orleans? As a mathematician/chemist/electronics engineer, I can only comment about the disapproval of my purchase of a 2000 HONDA Insight. I was told how stupid it was to buy untried motor-based technology, even if we've known how to wind a motor since the beginning of the last century. Five years later, modulo a small amount of aftermarket modification (AMSOIL synthetics in place of "genuine HONDA"), here I am getting as much as 90.0 mpg @ warm weather/level highway cruising, while the rest of you are green with envy as you get pummelled with wild fluctuations of gasoline prices. Analogously, we can talk about the better security accoutrements of LINUX/UNIX, but I don't suppose that we can expect LINUX to take the place of WINDOWS until China and a lot of other nations adopt LINUX and thereby force the hand of the United States to do likewise.
Released where? Since the story (conveniently) neglected to supply a link to the report, here it is. Although, you will have to give much personally identifiable information to Symantic, the Great Security Company that they are, in order to download the 106 page PDF report.
Released where? Since the story (conveniently) neglected to supply a link to the report, here it is. Although, you will have to give much personally identifiable information to Symantic, the Great Security Company that they are, in order to download the 106 page PDF report.
... we seem to have a solution in search of a problem. Symantec makes fairly good virus protection software, but other than for MS products, the need for Symantec's programs is quite low. With no threat, no sales.
As reported: "Symantec admitted that "at the time of writing, no widespread exploitation of any browser except Microsoft Internet Explorer has occurred," but added that it "expects this to change as alternative browsers become increasingly widely deployed.".
Can't blame them for trying to pump sales. But we don't have to pay any serious attention to their rather obvious marketing maneuvers.
... we seem to have a solution in search of a problem. Symantec makes fairly good virus protection software, but other than for MS products, the need for Symantec's programs is quite low. With no threat, no sales.
As reported: "Symantec admitted that "at the time of writing, no widespread exploitation of any browser except Microsoft Internet Explorer has occurred," but added that it "expects this to change as alternative browsers become increasingly widely deployed.".
Can't blame them for trying to pump sales. But we don't have to pay any serious attention to their rather obvious marketing maneuvers.
Quoting the article: "Mitchell Baker, president of the foundation, said earlier this year that its browsers were fundamentally more secure than IE. He also predicted that Mozilla Foundation browsers would not face as many problems as IE, even as their market share grows."
Mitchell Baker is a woman: <a class="jive-link-external" href="http://***********/dd9tm" target="_newWindow">http://***********/dd9tm</a>
Quoting the article: "Mitchell Baker, president of the foundation, said earlier this year that its browsers were fundamentally more secure than IE. He also predicted that Mozilla Foundation browsers would not face as many problems as IE, even as their market share grows."
Mitchell Baker is a woman: <a class="jive-link-external" href="http://***********/dd9tm" target="_newWindow">http://***********/dd9tm</a>
Be responsible in your reporting. A misleading title, in this case, can cause serious harm. Even though Mozilla may have had more security vulnerabilities discovered early in 2005, it is still much safer to NOT use IE.
During the last two years, several friends have solicited my help repairing their computers after receiving trojans through IE or Outlook Express. Trojans are at epidemic proportions right now and MS is slow fixing the vulnerabilities because they don't have any competition.
BTW, my favorite browser is currently Opera. <a class="jive-link-external" href="http://opera.com/" target="_newWindow">http://opera.com/</a>
Be responsible in your reporting. A misleading title, in this case, can cause serious harm. Even though Mozilla may have had more security vulnerabilities discovered early in 2005, it is still much safer to NOT use IE.
During the last two years, several friends have solicited my help repairing their computers after receiving trojans through IE or Outlook Express. Trojans are at epidemic proportions right now and MS is slow fixing the vulnerabilities because they don't have any competition.
BTW, my favorite browser is currently Opera. <a class="jive-link-external" href="http://opera.com/" target="_newWindow">http://opera.com/</a>
As revealed, the total vulnerability picture is different than the one you've permitted Symantec to market. Proper balance in your story--aside from a less controversial title--calls for showing the Secunia statistics and explaining the difference between the numbers. It would seem that Mozilla quickly owns up to vulnerabilities (and fixes them in short order), whereas MS sits on vulnerabilities and won't acknowledge them. There can be good reasons to not acknowledge a vulnerability, including reasonable time to verify, but they shouldn't preclude reporting the whole story.
The argument for open source has always been thousands of eyes means less bugs in the wild.
By my count, you are only 3 better.
The reality is many components in Open Source projects are written by very small teams or even a single individual and code reviews are only done when problems surface with application testing.
I'm not knocking Open Source (I have actually worked on three projects). I'm just tired of people overhyping technology. Its a complex application made by humans...there will be problems.
As revealed, the total vulnerability picture is different than the one you've permitted Symantec to market. Proper balance in your story--aside from a less controversial title--calls for showing the Secunia statistics and explaining the difference between the numbers. It would seem that Mozilla quickly owns up to vulnerabilities (and fixes them in short order), whereas MS sits on vulnerabilities and won't acknowledge them. There can be good reasons to not acknowledge a vulnerability, including reasonable time to verify, but they shouldn't preclude reporting the whole story.
The argument for open source has always been thousands of eyes means less bugs in the wild.
By my count, you are only 3 better.
The reality is many components in Open Source projects are written by very small teams or even a single individual and code reviews are only done when problems surface with application testing.
I'm not knocking Open Source (I have actually worked on three projects). I'm just tired of people overhyping technology. Its a complex application made by humans...there will be problems.
sometimes i think that certin companies are in certin other companies back pockets ive noticed not just symantec but several other companies bad mouthing firefox for the last couple of months ever since they broke the 15% marketshare usage barrier its like somone is afraid ;) well if you are realy wanting tobe secure you can use the updated CVS versions of Mozila and firefox updated almost every day to keep up with all the security problems or do like i do and grab the most recent major revision when ever an update is available
sometimes i think that certin companies are in certin other companies back pockets ive noticed not just symantec but several other companies bad mouthing firefox for the last couple of months ever since they broke the 15% marketshare usage barrier its like somone is afraid ;) well if you are realy wanting tobe secure you can use the updated CVS versions of Mozila and firefox updated almost every day to keep up with all the security problems or do like i do and grab the most recent major revision when ever an update is available
What everyone fails to realize is that Symantec found 25 flaws in the first 6 months of this year, in Firefox. How many flaws have been found in IE, since its release? What version of IE are we on now, and we are still dealing with the same flaws as the previous versions. Let's not even take into account the length of time that we are exposed to vulnerabilities, with IE. Firefox gets fixed, quickly.
Looking at the number of flaws is one thing..... looking at how fast those flaws are patched...and if they were taken advantage of is entirely different. As we all know.. Microsoft is in the habit of waiting until it is too late.
Plus... there were 10,866 new Microsoft Windows virus and worm variants in first half 2005... scary.
What everyone fails to realize is that Symantec found 25 flaws in the first 6 months of this year, in Firefox. How many flaws have been found in IE, since its release? What version of IE are we on now, and we are still dealing with the same flaws as the previous versions. Let's not even take into account the length of time that we are exposed to vulnerabilities, with IE. Firefox gets fixed, quickly.
Looking at the number of flaws is one thing..... looking at how fast those flaws are patched...and if they were taken advantage of is entirely different. As we all know.. Microsoft is in the habit of waiting until it is too late.
Plus... there were 10,866 new Microsoft Windows virus and worm variants in first half 2005... scary.
So, the term "vendor-confirmed vulnerabilities" is an interesting one. The Mozilla group seems to be very responsive to user input, so I expect that they will confirm any actual vulnerabilities as quickly as possible. In contrast, Microsoft wants to maintain an image of reliance and security (though many question whether it has either), so they seem to drag their feet with confirming vulnerabilities, at least to the public. Good luck ever getting good data out of Microsoft for actual vulnerability comparisons.
So, the term "vendor-confirmed vulnerabilities" is an interesting one. The Mozilla group seems to be very responsive to user input, so I expect that they will confirm any actual vulnerabilities as quickly as possible. In contrast, Microsoft wants to maintain an image of reliance and security (though many question whether it has either), so they seem to drag their feet with confirming vulnerabilities, at least to the public. Good luck ever getting good data out of Microsoft for actual vulnerability comparisons.
Secunia stats seem a bit more accurate www.secunia.com It isnt at all suprising that symantec would lick the hand that feeds them. The problem is people believe this garbage
Secunia stats seem a bit more accurate www.secunia.com It isnt at all suprising that symantec would lick the hand that feeds them. The problem is people believe this garbage
I am speculating here. Symantec makes its living with viruses. Imagine a world were all PCs runs a very safe OS (supposig one exists) and a very safe browser (not necessarily Firefox) rules; aPeople would surf the net more safely, their machines would be less likely be attacked by worms, viruses and Co. An antivirus would not be necessary.
Now imagine a parallel world where people use very unsafe browser and mailer on a very unsafe OS prone to catch a virus every minute. Of course an antivirus would be absolutely required.
If it's up to Syamtec to decide which of these two worlds we should live, what do you think their choice would be? A safer world with no need of antivirus programs or a very unsafe world with a very powerful antivirus?
This said, could it be that Symantec is making "politics" here, preferring IE/MS because of the higher number of expoited vulnerabilities than other browser/platforms?
This Sounds Like Some Other Theories I've Heard...
"If it's up to Syamtec to decide which of these two worlds we should live, what do you think their choice would be? A safer world with no need of antivirus programs or a very unsafe world with a very powerful antivirus?"
This sounds an awful lot like the complaint that doctors and pharmaceutical companies have the cures for all kinds of diseases, but they keep them secret in order to keep up their revenues from drug sales. A good, old conspiracy theory.
Good post. Even with Firefox and not IE, antivirus software would still be needed. It may not be as 'highly urgent' though, maybe medium urgent level. LOL. Symantec is way out of line with their claim. I think I'll recommend other antivirus to people after they making such a remark.
It is futile to imagine a world of secure and virus free operating systems and browsers. As your secure and virus free software grows to become the defacto worldwide standard, thus drawing worldwide attention to itself on a massive scale, it ceases to become secure and virus free.
Further, God forbid that a business should seek to actually stay in business. A good business should seek to rid the world of the necessity of it's product. Hint: read as sarcasm.
If you don't like the company, avoid it. Don't preach.
And no, I'm not in any way affiliated with or a devotee of Microsoft or Symantec.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
Whether Apple will release a new iPad next month doesn't seem to be the question as much as what day it will happen. A new rumor has it down to the day.
Tommy Jordan, the man who shot his daughter's laptop for YouTube, gets a visit from police and child protection services. Oh, and Good Morning America.
Along with green-lighting Google's buy of Motorola, the Justice Department today OKs an Apple-Microsoft-RIM partnership deal to buy Nortel patents, and Apple's plan to acquire Novell patents.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
"Never Stop Playing" campaign for upcoming portable marks Sony's largest platform launch marketing spend, with ads to reach YouTube, Facebook, TV, and billboards in major cities.
As UC Berkeley students, the co-founders of "Back to the Roots" discovered they could grow mushrooms using recycled coffee grounds. Now their mushroom kit sells at grocery stores across the country.
It looks to me more like a one sided report trying to make open source look less secure than closed source. Not having read the report it sounds like what it might be saying is that flaws are easier to find in open source than in closed source.
Without consideration for how long each browser took to fix the flaw and the number of exploits before a patch was released this report just doesn't look like much to help a user or company make an informed decision on what browser to use (if that was the purpose of the report). Like I said though I haven't read the report and you can't go by what the press says, so it maybe just the oppisite of that.
- Speed of which bugs are fixed in terms of the complexity of the architecture. (e.g., fixing bugs in Notepad vs. Visual Studio)
- Quality of fix in terms of whether the bug is cerified not to affect other features or third-party applications. (Imagine if an IE fix actually disabled Microsoft Office! Havoc!)
- Quality of support in terms of providing help and documentation to the end-users, whom apply the patches. (ISO:9000)
It looks to me more like a one sided report trying to make open source look less secure than closed source. Not having read the report it sounds like what it might be saying is that flaws are easier to find in open source than in closed source.
Without consideration for how long each browser took to fix the flaw and the number of exploits before a patch was released this report just doesn't look like much to help a user or company make an informed decision on what browser to use (if that was the purpose of the report). Like I said though I haven't read the report and you can't go by what the press says, so it maybe just the oppisite of that.
- Speed of which bugs are fixed in terms of the complexity of the architecture. (e.g., fixing bugs in Notepad vs. Visual Studio)
- Quality of fix in terms of whether the bug is cerified not to affect other features or third-party applications. (Imagine if an IE fix actually disabled Microsoft Office! Havoc!)
- Quality of support in terms of providing help and documentation to the end-users, whom apply the patches. (ISO:9000)
They will do anything to keep people using Windows and IE...more
profit.
Like you said, more users of IE, more market for Symantec.
They will do anything to keep people using Windows and IE...more
profit.
Like you said, more users of IE, more market for Symantec.
No matter what internet browser is placed on top if Windows,
the cracks or hooks in this operating system are still present no
matter what browser is used.
Sure, Firefox browser doesnt have as many pre-built hooks
down into Windows as Internet Explorer does, probably because
reverse-engineering Windows code is against the law for them,
but if the bricks of this Internet house are built on top of
Windows, there is only so much protection you can have.
The ultimate goal would be for MSFT to build a true Internet OS,
one that is not for the desktop, does not have hooks to DCOM,
or .exe, or Active-X. Until Windows is locked down, by design,
from the start, no browser will be able to protect PC users from
the features Windows offered to businesses for tying data
together, that are subsequently used by the hackers to tie the
hooks into a "web" of unintentional process calls and backdoor
traps.
Using a more secure OS from the beginning is the only solution,
and with Bill Gates screwing his unknowing customers any
chance he gets, this will not happen anytime soon.
What a shame as we waste countless hours and billions of
dollars while he got the fortunes by making a horses rump of
you with his desire to stop Netscape at any cost; lets just mash
IE into Windows.
Although Gates is dumb, he is betting that many others are
dumber than he is, thus they keep buying Windows.
Microsoft has the burden of maintaining compatiblity with Windows code that predates the Internet era and its risks.
What is Mozilla's excuse?
sudden demise of Bill Gates/WINDOWS
sudden demise of Bill Gates/WINDOWS
The problem seems to reside more in the
"cattle herd" mentality of the American people,
even though the cut-throat practices of Bill Gates
are not to be denied. If Bill/WINDOWS perished
tomorrow, would we be able to accelerate the
development of LINUX to replace WINDOWS, any more
than we could accelerate billions of dollars of
relief to the victims of Hurricane Katrina at
New Orleans?
As a mathematician/chemist/electronics
engineer, I can only comment about the disapproval
of my purchase of a 2000 HONDA Insight. I was
told how stupid it was to buy untried motor-based
technology, even if we've known how to wind a
motor since the beginning of the last century.
Five years later, modulo a small amount of
aftermarket modification (AMSOIL synthetics
in place of "genuine HONDA"), here I am getting
as much as 90.0 mpg @ warm weather/level highway
cruising, while the rest of you are green with
envy as you get pummelled with wild fluctuations
of gasoline prices.
Analogously, we can talk about the better
security accoutrements of LINUX/UNIX, but I don't
suppose that we can expect LINUX to take the
place of WINDOWS until China and a lot of other
nations adopt LINUX and thereby force the hand
of the United States to do likewise.
No matter what internet browser is placed on top if Windows,
the cracks or hooks in this operating system are still present no
matter what browser is used.
Sure, Firefox browser doesnt have as many pre-built hooks
down into Windows as Internet Explorer does, probably because
reverse-engineering Windows code is against the law for them,
but if the bricks of this Internet house are built on top of
Windows, there is only so much protection you can have.
The ultimate goal would be for MSFT to build a true Internet OS,
one that is not for the desktop, does not have hooks to DCOM,
or .exe, or Active-X. Until Windows is locked down, by design,
from the start, no browser will be able to protect PC users from
the features Windows offered to businesses for tying data
together, that are subsequently used by the hackers to tie the
hooks into a "web" of unintentional process calls and backdoor
traps.
Using a more secure OS from the beginning is the only solution,
and with Bill Gates screwing his unknowing customers any
chance he gets, this will not happen anytime soon.
What a shame as we waste countless hours and billions of
dollars while he got the fortunes by making a horses rump of
you with his desire to stop Netscape at any cost; lets just mash
IE into Windows.
Although Gates is dumb, he is betting that many others are
dumber than he is, thus they keep buying Windows.
Microsoft has the burden of maintaining compatiblity with Windows code that predates the Internet era and its risks.
What is Mozilla's excuse?
sudden demise of Bill Gates/WINDOWS
sudden demise of Bill Gates/WINDOWS
The problem seems to reside more in the
"cattle herd" mentality of the American people,
even though the cut-throat practices of Bill Gates
are not to be denied. If Bill/WINDOWS perished
tomorrow, would we be able to accelerate the
development of LINUX to replace WINDOWS, any more
than we could accelerate billions of dollars of
relief to the victims of Hurricane Katrina at
New Orleans?
As a mathematician/chemist/electronics
engineer, I can only comment about the disapproval
of my purchase of a 2000 HONDA Insight. I was
told how stupid it was to buy untried motor-based
technology, even if we've known how to wind a
motor since the beginning of the last century.
Five years later, modulo a small amount of
aftermarket modification (AMSOIL synthetics
in place of "genuine HONDA"), here I am getting
as much as 90.0 mpg @ warm weather/level highway
cruising, while the rest of you are green with
envy as you get pummelled with wild fluctuations
of gasoline prices.
Analogously, we can talk about the better
security accoutrements of LINUX/UNIX, but I don't
suppose that we can expect LINUX to take the
place of WINDOWS until China and a lot of other
nations adopt LINUX and thereby force the hand
of the United States to do likewise.
<a class="jive-link-external" href="https://ses.symantec.com/content.cfm?articleid=1539" target="_newWindow">https://ses.symantec.com/content.cfm?articleid=1539</a>
<a class="jive-link-external" href="https://ses.symantec.com/content.cfm?articleid=1539" target="_newWindow">https://ses.symantec.com/content.cfm?articleid=1539</a>
makes fairly good virus protection software, but other than for
MS products, the need for Symantec's programs is quite low.
With no threat, no sales.
As reported: "Symantec admitted that "at the time of writing, no
widespread exploitation of any browser except Microsoft
Internet Explorer has occurred," but added that it "expects this
to change as alternative browsers become increasingly widely
deployed.".
Can't blame them for trying to pump sales. But we don't have to
pay any serious attention to their rather obvious marketing
maneuvers.
makes fairly good virus protection software, but other than for
MS products, the need for Symantec's programs is quite low.
With no threat, no sales.
As reported: "Symantec admitted that "at the time of writing, no
widespread exploitation of any browser except Microsoft
Internet Explorer has occurred," but added that it "expects this
to change as alternative browsers become increasingly widely
deployed.".
Can't blame them for trying to pump sales. But we don't have to
pay any serious attention to their rather obvious marketing
maneuvers.
"Mitchell Baker, president of the foundation, said earlier this year that its browsers were fundamentally more secure than IE. He also predicted that Mozilla Foundation browsers would not face as many problems as IE, even as their market share grows."
Mitchell Baker is a woman:
<a class="jive-link-external" href="http://***********/dd9tm" target="_newWindow">http://***********/dd9tm</a>
Good way to check the sources!
"Mitchell Baker, president of the foundation, said earlier this year that its browsers were fundamentally more secure than IE. He also predicted that Mozilla Foundation browsers would not face as many problems as IE, even as their market share grows."
Mitchell Baker is a woman:
<a class="jive-link-external" href="http://***********/dd9tm" target="_newWindow">http://***********/dd9tm</a>
Good way to check the sources!
During the last two years, several friends have solicited my help repairing their computers after receiving trojans through IE or Outlook Express. Trojans are at epidemic proportions right now and MS is slow fixing the vulnerabilities because they don't have any competition.
BTW, my favorite browser is currently Opera. <a class="jive-link-external" href="http://opera.com/" target="_newWindow">http://opera.com/</a>
During the last two years, several friends have solicited my help repairing their computers after receiving trojans through IE or Outlook Express. Trojans are at epidemic proportions right now and MS is slow fixing the vulnerabilities because they don't have any competition.
BTW, my favorite browser is currently Opera. <a class="jive-link-external" href="http://opera.com/" target="_newWindow">http://opera.com/</a>
13+18=31 for MS IE
25+ 3=28 for Firefox
By my count, you are only 3 better.
The reality is many components in Open Source projects are written by very small teams or even a single individual and code reviews are only done when problems surface with application testing.
I'm not knocking Open Source (I have actually worked on three projects). I'm just tired of people overhyping technology. Its a complex application made by humans...there will be problems.
13+18=31 for MS IE
25+ 3=28 for Firefox
By my count, you are only 3 better.
The reality is many components in Open Source projects are written by very small teams or even a single individual and code reviews are only done when problems surface with application testing.
I'm not knocking Open Source (I have actually worked on three projects). I'm just tired of people overhyping technology. Its a complex application made by humans...there will be problems.
ive noticed not just symantec but several other companies bad mouthing firefox for the last couple of months ever since they broke the 15% marketshare usage barrier
its like somone is afraid ;)
well if you are realy wanting tobe secure you can use the updated CVS versions of Mozila and firefox updated almost every day
to keep up with all the security problems or do like i do and grab the most recent major revision when ever an update is available
ive noticed not just symantec but several other companies bad mouthing firefox for the last couple of months ever since they broke the 15% marketshare usage barrier
its like somone is afraid ;)
well if you are realy wanting tobe secure you can use the updated CVS versions of Mozila and firefox updated almost every day
to keep up with all the security problems or do like i do and grab the most recent major revision when ever an update is available
those flaws are patched...and if they were taken advantage of is
entirely different.
As we all know.. Microsoft is in the habit of waiting until it is too
late.
Plus... there were 10,866 new Microsoft Windows virus and worm
variants in first half 2005... scary.
those flaws are patched...and if they were taken advantage of is
entirely different.
As we all know.. Microsoft is in the habit of waiting until it is too
late.
Plus... there were 10,866 new Microsoft Windows virus and worm
variants in first half 2005... scary.
www.secunia.com
It isnt at all suprising that symantec would lick the hand that feeds them. The problem is people believe this garbage
www.secunia.com
It isnt at all suprising that symantec would lick the hand that feeds them. The problem is people believe this garbage
Now imagine a parallel world where people use very unsafe browser and mailer on a very unsafe OS prone to catch a virus every minute. Of course an antivirus would be absolutely required.
If it's up to Syamtec to decide which of these two worlds we should live, what do you think their choice would be? A safer world with no need of antivirus programs or a very unsafe world with a very powerful antivirus?
This said, could it be that Symantec is making "politics" here, preferring IE/MS because of the higher number of expoited vulnerabilities than other browser/platforms?
This sounds an awful lot like the complaint that doctors and pharmaceutical companies have the cures for all kinds of diseases, but they keep them secret in order to keep up their revenues from drug sales. A good, old conspiracy theory.
Further, God forbid that a business should seek to actually stay in business. A good business should seek to rid the world of the necessity of it's product. Hint: read as sarcasm.
If you don't like the company, avoid it. Don't preach.
And no, I'm not in any way affiliated with or a devotee of Microsoft or Symantec.