Posted on 09/19/2005 7:01:42 PM PDT by Incorrigible
Mozilla Web browsers are potentially more vulnerable to attack than Microsoft's Internet Explorer, according to a Symantec report. But the report, released Monday, also found that hackers are still focusing their efforts on IE.
The open-source Mozilla Foundation browsers, such as the popular Firefox, have typically been seen as more secure than IE, which has suffered many security problems in the past. Mitchell Baker, president of the foundation, said earlier this year that its browsers were fundamentally more secure than IE. She also predicted that Mozilla Foundation browsers would not face as many problems as IE, even as their market share grows.
Symantec's Internet Security Threat Report Volume VIII contains data for the first six months of this year that may contradict this perception.
According to the report, 25 vendor-confirmed vulnerabilities were disclosed for the Mozilla browsers during the first half of 2005, "the most of any browser studied," the report's authors stated. Eighteen of these flaws were classified as high severity.
"During the same period, 13 vendor-confirmed vulnerabilities were disclosed for IE, eight of which were high severity," the report noted.
The average severity rating of the vulnerabilities associated with both IE and Mozilla browsers in this period was classified as "high", which Symantec defined as "resulting in a compromise of the entire system if exploited."
The Mozilla Foundation did not immediately respond to requests for comment.
Symantec reported that the gap between vulnerabilities being reported and exploit code being released has dropped to six days on average. However, it's not clear from the report how quickly Microsoft and Mozilla released patches for their respective vulnerabilities, or how many of the vulnerabilities were targeted by hackers, though Microsoft generally releases patches only on a monthly basis.
Symantec admitted that "at the time of writing, no widespread exploitation of any browser except Microsoft Internet Explorer has occurred," but added that it "expects this to change as alternative browsers become increasingly widely deployed."
There is one caveat: Symantec counts only those security flaws that have been confirmed by the vendor. According to security monitoring company Secunia, there are 19 security issues that Microsoft still has to deal with for Internet Explorer, while there are only three for Firefox.
The report also highlighted a trend away from the focus of security being on "servers, firewalls, and other systems with external exposure." Instead, "client-side systems--primarily end-user systems--(are) becoming increasingly prominent targets of malicious activity."
Web browser vulnerabilities are becoming a preferred entry point into systems, the report stated. It also highlighted the trend of hackers operating for financial gain rather than recognition, increased potential exposure of confidential information, and a "dramatic increase in malicious code variants".
Tom Espiner of ZDNet UK reported from London. CNET News.com's Joris Evers contributed to this report.
Not for commercial use. For educational and discussion purposes only.
Well, it's not like storage is cheap, or anything like that. ;-)
Saw a 1-gig jump drive for $60 this week. Wonder how much they paid you to try to recover their data, divided by 60? ;-)
Now keep in mind this is Linuxworld we're talking about. You know when a product like FF has more bugs than IE and it doesn't get exploited as much can be only one of two reasons. One the hackers don't want to waste their time attacking firefox because there's not enough notoriety in it. Or the hackers are supporters of firefox.
I'm not here to pick fights, I'm here to correct the record from all the BS you boys post. Ever going to admit you were lying when you went on for weeks insisting Microsoft was ending all Windows 2000 support? Haven't yet.
I dont care one way or the other, whats your take on Bill gates giving money to planned parenthood? how much have you given?
LOL! I actually have a pretty nice "Unbreakable" ballcap that I got as "graft" a few years back. Nobody knows what it means. ;-)
You must not have been on those threads, usually I am addressing somebody saying 'when linux has .... it will be just as bad' which completely ignores the huge issue of engineering. at those times I dont bother with market share because its not what I am addressing, but I never say its all about engineering, just that engineering is more important..
Actually "people" don't bother. One idiot writing a hack doesn't make "people". So you're implying (or at least one of the ways many people take what you're saying) is that people will attack all systems given an opportunity. And that's just not the case. People will attack for a couple of reasons and the biggest is notoriety. So with a small user base you protect yourself via obscurity.
As far as would linux get hacked more if it had a larger user base, I give an emphatic heck yeah! Think about all that crap on a linux distro that users would install because they don't know what they are doing. The bigger the user base the bigger pool of idiot users you have. They will install everything and they won't patch it. So Linux distros would be exploited even worse than Windows.
Bunk, change the current user bases between Linux and Windows and # of exploits would switch as well. Perfect reason being you can take a Windows box, load the patches on it, run as a normal user, and that box is as hack proof as any Linux box there is. There's nothing major different between the two now but typical user and user rights, to claim otherwise is obvious fanaticism.
Yea what notoriety would there be in taking down google and amazon..
I hate it! He does a bunch of liberal junk I don't like; however, he's definitely not a communist. And he sure as hell doesn't wear pro-communist t-shirts and propaganda.
I find it amazing you don't care about the communist ties in their advertisements. That says a lot!
When Google and Amazaon have a desktop OS let me know.
Easy, hackers hate "M$", and love open source. Especially in foreign countries where the worst of this crap comes from.
No he just gives money to a group founded by a Nazi Eugenicist
And he sure as hell doesn't wear pro-communist t-shirts and propaganda.
Nor do I, whats your point?
I find it amazing you don't care about the communist ties in their advertisements. That says a lot!
It says that Unlike some people (you, GE, and the tee shirt wearing communist idiots) I can tell the difference between software and politics, even if howard dean cant..
The heads of your favored browser are wearing pro-communist shirts and that doesn't bother you...that's my point.
See I say its engineering and market share, you say its just market share..
Nope, you're mixing apples and oranges and forgetting about pineapples. The biggest factor of them all is operations. If you don't properly manage your systems (UNIX, Linux, Apple, Windows, etc...) you're in danger of getting hacked.
Now if you're slow to patch you're more at risk if you're running an OS with a large market share because script kiddies will be able to exploit your box.
Gives most of his money to fight diseases. If only he would give his software away, you'd be singing his praises.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.