Comments on: The..(ahem)… Browser Security Test… (cough)

By: Karel Donk » Archive » FireFox Security Getting Worse, Microsoft Improving

Mon, 02 Oct 2006 15:28:20 +0000

[...] Actually, FireFox security probably isn’t getting worse, but what may be happening is that people are now beginning to wake up to, and find, the security vulnerabilities in the software. When FireFox first became available, everyone seemed to believe the hype that it was the most secure browser available. As a result, many people started using it, thinking all of a sudden they were much safer while surfing the web. A false sense of security. [...]

By: Jason Thibeault

Jason Thibeault — Mon, 09 Jan 2006 17:20:52 +0000

Don’t forget that the underlying OS’ security architecture is responsible for a lot of the security. Firefox on Linux is not vulnerable to any Firefox-Windows or Firefox-Mac specific holes. Each OS may have their own flaws, but for the most part, the more generally secure the OS (architecture-wise, not vulnerability-wise — for instance, Linux vulnerabilities are fewer and farther between, and affect fewer machines per vulnerability, due mostly to the differentiation between user-level and administrator-level operations, the lack of necessity to have administrator privileges to run what one would normally consider user-space programs the way Windows sometimes does, and the lack of a monoculture in distributions and software used), the more secure every browser will be on it.

By: Karel Donk

Karel Donk — Mon, 02 Jan 2006 22:25:37 +0000

Hi Nick,
The best browser is whatever you prefer. As long as you know its strengths and weaknesses and don’t believe in things that are questionable (i.e. FireFox is more secure).
I agree that MS should patch vulnerabilities faster. But so should Mozilla. Also, consider your definition of KNOWN vulnerabilities. While you may think that a lot of vulnerabilities in Mozilla browsers are not publicly known, people who’d want to take advantage of them most likely know about them.

By: Nick

Nick — Mon, 02 Jan 2006 21:53:23 +0000

So, using your logic, the best web-browser is full of backdoors, security holes and late-patched vulnerabilities. In fact, it doesn’t even have any security. And the best system is one that doesn’t have any anti-spyware or virus scanners, nor should you ever, in a million years, update your operating system.

Why not? Well, because, as you so clearly explained, it is better to be cautious than to believe that your system can’t be attacked. In fact, you should be sure your system will be attacked, the more regularly the better. Oh, and any security holes you do find out, well, they should be published and known publically for as long as possible before patching, just to make sure every last hacker get’s a chance to test how cautious you can be.

Yeah, right, that’s the moral of this story. Not that Microsoft are too slow when it comes to developing IE and should patch the KNOWN vunerabilities quicker than they currently do, let alone providing additional protection against those we don’t yet know about.

By: Jona

Jona — Sat, 31 Dec 2005 12:22:21 +0000

Okay, I agree, but I think the main problem is, that most users don’t know how to behave in using the internet. Wether they use IE, FireFox or any other browser doesn’t matter because they provocate vulnerabilities as long as they don’t know how to deal with possible lack of security.

By: Karel Donk

Karel Donk — Sat, 31 Dec 2005 10:22:39 +0000

Tony: “but having had spyaxe install itself straight through my fully patched, ms anti spyware loaded, avg protected system.”

I’m not trying to explain away those issues. That is a terrible problem. However, bashing IE like it’s just Microsoft’s fault is the wrong thing to do. As I’ve said, FireFox could have the same problem as well. The vulnerabilities EXIST. Spyware writers just don’t use them yet, most likely because FireFox’s installed base is not very interesting yet.
So it’s not a question of whether FireFox has better security than IE, because they both have vulnerabilities. People need to understand this.

By: tony

tony — Sat, 31 Dec 2005 10:01:18 +0000

quite frankly thats a complete load of old tosh, i was a IE apologist (there the bigest people always pick on them, etc) but having had spyaxe install itself straight through my fully patched, ms anti spyware loaded, avg protected system. i must concur IE SUCKS!!!!