How many did you buy? Also do you think it's a cool logo or do you wish the communist would leave the mozilla movement?
Posted on 09/19/2005 7:01:42 PM PDT by Incorrigible
Mozilla Web browsers are potentially more vulnerable to attack than Microsoft's Internet Explorer, according to a Symantec report. But the report, released Monday, also found that hackers are still focusing their efforts on IE.
The open-source Mozilla Foundation browsers, such as the popular Firefox, have typically been seen as more secure than IE, which has suffered many security problems in the past. Mitchell Baker, president of the foundation, said earlier this year that its browsers were fundamentally more secure than IE. She also predicted that Mozilla Foundation browsers would not face as many problems as IE, even as their market share grows.
Symantec's Internet Security Threat Report Volume VIII contains data for the first six months of this year that may contradict this perception.
According to the report, 25 vendor-confirmed vulnerabilities were disclosed for the Mozilla browsers during the first half of 2005, "the most of any browser studied," the report's authors stated. Eighteen of these flaws were classified as high severity.
"During the same period, 13 vendor-confirmed vulnerabilities were disclosed for IE, eight of which were high severity," the report noted.
The average severity rating of the vulnerabilities associated with both IE and Mozilla browsers in this period was classified as "high", which Symantec defined as "resulting in a compromise of the entire system if exploited."
The Mozilla Foundation did not immediately respond to requests for comment.
Symantec reported that the gap between vulnerabilities being reported and exploit code being released has dropped to six days on average. However, it's not clear from the report how quickly Microsoft and Mozilla released patches for their respective vulnerabilities, or how many of the vulnerabilities were targeted by hackers, though Microsoft generally releases patches only on a monthly basis.
Symantec admitted that "at the time of writing, no widespread exploitation of any browser except Microsoft Internet Explorer has occurred," but added that it "expects this to change as alternative browsers become increasingly widely deployed."
There is one caveat: Symantec counts only those security flaws that have been confirmed by the vendor. According to security monitoring company Secunia, there are 19 security issues that Microsoft still has to deal with for Internet Explorer, while there are only three for Firefox.
The report also highlighted a trend away from the focus of security being on "servers, firewalls, and other systems with external exposure." Instead, "client-side systems--primarily end-user systems--(are) becoming increasingly prominent targets of malicious activity."
Web browser vulnerabilities are becoming a preferred entry point into systems, the report stated. It also highlighted the trend of hackers operating for financial gain rather than recognition, increased potential exposure of confidential information, and a "dramatic increase in malicious code variants".
Tom Espiner of ZDNet UK reported from London. CNET News.com's Joris Evers contributed to this report.
Not for commercial use. For educational and discussion purposes only.
Secunia Definition of Extreme: "Typically used for remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild." MS has 14% of their bugs in this category and as of today FF has 4%
Secunia definition of high: "Typically used for remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction but there are no known exploits available at the time of disclosure"
" Symantec: RAM-sucking garbage that's nearly impossible to uninstall when you get a decent anti-virus program that's freeware."
Boy howdy! My company requires it and I hate it. I use ZoneAlarm on my personal box and it's much faster and better in my opionion. The newest update of ZoneAlarm even caught Windows Messenger trying to read my keystrokes and turned it off. Who knew?
Looks like N3WBI3 is claiming it is old. Do you concur?
And Flash bunny is wrong in saying its new, it is new in the same way ie6 was new when it came out. A major release of new features..
LOL, I see I goaded you out from under the crib.
Read the parent article dood. You not only had more overall holes in Firefox, there were more classified as "high severity". Add the one from today now too, LOL. Maybe you should go back into hiding:
According to the report, 25 vendor-confirmed vulnerabilities were disclosed for the Mozilla browsers during the first half of 2005, "the most of any browser studied," the report's authors stated. Eighteen of these flaws were classified as high severity.
"During the same period, 13 vendor-confirmed vulnerabilities were disclosed for IE, eight of which were high severity," the report noted.
But what's your point? I've been use extremes to point out that all software is at risk. To claim it only has 4% is a weak argument, because as LinuxWorld states it is/will be getting exploited more and more (if it continues to gain in popularity).
I'm not really saying IE or windows is the best platform on the earth, but I'm saying it's getting a bad wrap because of zealots. This goes back to the very first "discussion" you and I had. OSS zealots keep changing the target everytime Microsoft hits a bulls-eye or whenever their arguments are proven wrong.
Like OSS is more secure because it has more eyes on the code. I believe that argument has been pretty much debunked by now.
Or when OSS fanboys claim cell phones with only 100K users are hacked, so that's proof Linux/Mac/FF/etc... get hacked at the same rate as windows. Once again this just doesn't stand up to logic and reason.
When all these bogus points are dropped then we can concentrate on what really matters and that's improving security.
In case you heed help with the word in boldface
part·ly Pronunciation Key (pärtl)
adv.
In part or in some degree;not completely.
Are you saying you agree with Linux world when they say that thats only part of the reason? Because I have said that market share does not damage your hit profile, it only affects how many people are shooting at it.
But lets say Linux world said it was completely market share, what would I do then... Ummm I would just disagree with them. Unlike you and GE I don't get marching orders, provided on index cards, for any of my views. I come to them myself through my education and experience...
I saw that Zone Alarm had a new freeware version! Belarc also updated its Advisor program to analyze your machine for Windows security updates (or lack thereof). Of course, you can't use Belarc for corporate, but it's great for friends and family.
But you have claimed otherwise. Now that you know partly means it does contribute you have to admit I was correct. Now to what percentage that accounts for hackers not attacking is debatable, but to say it's not a factor is just plain stupid.
No spunky, I teach tuesday nights go ahead and chek my posting history this month to see what I have done.. Im working on two certs, were replacing a mainframe with J2EE / Oracle applications, and I teach 5 hours a week. Sorry if you rate somewhere lower in my life than all of that...
OSS loses on security when compared directly to their closest closed source competitors. 3rd party browser? Opera (closed source) smokes Mozilla, big time. Operating System? Any closed source Unix smokes Linux, big time. They chant their little OSS mantras, over and over until they brainwash themselves into actually believing them. Then to have the cold water of facts thrown on them by us. Must suck to be stuck down at <10% and nobody care.
So how does it feel? I remember you accusing b2k of hiding when he was on vacation. LOL, how things come back around.
I hope it ain't English. And yes that was a joke.
Hey they have something else in common with the democrats. Repeat the lie often enough and the sheeple will believe you.
Ooooohh! THAT'S gonna leave a mark!
Where? Where have I said Engineering is the *only* factor?
Now that you know partly means it does contribute you have to admit I was correct.
Saying it will be just as bad when as many people using it is not saying that its *PARTLY* because of market share its saying its entirely because of market share! So no you're not correct.
I have said Engineering is the most important factor, not the only one..
You're welcome to try to prove I'm wrong, you've had a tough time so far. Yes I admit to typos, but I don't go around spouting OBVIOUS lies like Microsoft is ending all Windows 2000 support when security patches are continuing for five (5) more years (365 days). That would be you, and you've still never owned up to that wonker.
How many did you buy? Also do you think it's a cool logo or do you wish the communist would leave the mozilla movement?
Well what did you imply with your cell phone virus mentioned above?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.