Portal Home > Knowledgebase > Articles Database > IE is considered MORE secure than Firefox


IE is considered MORE secure than Firefox




Posted by The Dude, 11-18-2009, 05:21 PM
http://gcn.com/articles/2009/11/16/o...-security.aspx Firefox was the most vulnerable browser, logging 44 percent of the total vulnerabilities found, according to the report. Safari, at 35 percent, ranked next to Firefox at the bottom. IE had 15 percent of the vulnerabilities, and Opera only 6 percent. Interesting indeed......

Posted by e-Sensibility, 11-18-2009, 05:33 PM
That's true for almost all open source software. The reason is because open source communities actively audit their code-bases and proactively patch vulnerabilities. I read a paper a while back that featured a breakdown of Apache vulnerabilities and IIS vulnerabilities; it took into account both the severity and the actual real-world impact that the vulnerabilities had. Apache hands down had more vulnerabilities. The vulnerabilities, however, were also far less severe and were less often exploited in the wild. The lesson to take from here is this -- Just because microsoft chooses not to maintain its software as proactively as open source communities do, mozilla as one example, does not make microsoft software more secure. If anything it's cause for concern.

Posted by AirJordansHead, 11-18-2009, 09:27 PM
Firstly, IE is there for a longer time than its competitors. Secondly, I think the hackers might lose interests in hacking IE.

Posted by soulhunter, 11-18-2009, 09:50 PM
mmm.... Netscape was before IE, Netscape then gave birth to Mozilla, which in turn gave birth to firefox... before Netscape.... NCSA Mosaic? I'm not quite sure. The first one I used was Mosaic. Last edited by soulhunter; 11-18-2009 at 09:50 PM. Reason: typo

Posted by keserhosting, 11-19-2009, 10:46 AM
Firefox comes with virus scanner integrated into its download manager which scan all the downloaded files. Thus the IE does not support such virus scanner.

Posted by network82, 11-19-2009, 09:11 PM
I remember years ago there was a "Browser" that basically ran on IE but had loads of enhancements, but i can't remember what it was called, something like neo or nero?

Posted by mwatkins, 11-20-2009, 03:41 AM
The title of this thread is not supported by the "report". While the reports' author, Cenzic, a firm which sells a security application, goes to great lengths to sensationalize *reported vulnerability counts*, these are not and cannot be directly linked to software quality or security. Reported vulnerabilities is not the key metric one wants to see. Exploited vulnerabilities is. Of course the "study" has no words on that. It's a fluffy marketing piece designed to help them sell their security solution. That said none of the vulnerabilities Cenzic identified as "top ten" issues were browser related. If you do want to take the report at face value, shut down your PHP and Java web apps, or consider changing the title of the thread to: PHP and Java applications dominate "top ten" list of security threats Or 90% of web-related threats are web-application related, not browser related Or This report is misleading but I'll quote it as if it is meaningful anyway! A copy of the report (PDF): http://www.cenzic.com/downloads/Cenz...Q1-Q2-2009.pdf Note: the author of the article (Jabulani Leffall) in Government Computer News is a freelancer who rather conveniently has written about Cenzic before (a quick search unearthed several articles by Leffall on Cenzic reports in 2008 and 2009). This leads me to ask the pregnant question: is he is paid by the company to submit these articles when their "reports" come out? Last edited by mwatkins; 11-20-2009 at 03:54 AM.

Posted by mwatkins, 11-20-2009, 04:01 AM
or more likely the author simply uses the release of such reports from firms like Cenzic as an easy base from which to concoct an article which he then must sensationalize to flog it off to a buyer. Pumping up the volume by highlighting browsers - something we all use - in a misleading way is the real crime here. "If it bleeds, it leads"

Posted by moneymen, 12-02-2009, 07:06 PM
ya FF have more vulns than IE and opera but those are lower risk vulns considering those on opera and ie for example (file upload vuln via ie)...

Posted by Dave Parish, 12-02-2009, 07:12 PM
there are a few now check out http://en.wikipedia.org/wiki/List_of_web_browsers

Posted by plumsauce, 12-02-2009, 08:04 PM
That's one way to spin it. Except that the vulnerabilities are discovered by third parties *after* release. That means it got past any pre-release code-base audit and whatever little qa testing they bother with. If you look at the mozilla bug reporting system you'll see that they have adopted "not a bug, it's by design" as an excuse for closing bug reports so they can release the next steaming pile of cabbage as their entry in the browser arms race. Since the Netscape code release, the code base has only gotten worse, not better. If in doubt, read the code.

Posted by plumsauce, 12-02-2009, 08:06 PM
Hardly surprising.

Posted by ZenMonk, 12-03-2009, 05:57 AM
Its a monopoly......More security issues may arise because there is a larger customer base using. Infact, i would take it as an indication of how popular firefox is these days. Any software would have vulnerabilities but it the evolution rate that matters and for that reason i would still continue to use firefox

Posted by tim2718281, 12-03-2009, 06:58 AM
Well, let's see what the report says. 1) "During this period, Cenzic identified about 3,100 total vulnerabilities." 2) "78 percent of the total reported vulnerabilities affected Web technologies, such as Web servers, applications, Web browsers. Plugins and ActiveX, 78% of "about 3100" is about 2400. 3) "Of the Web vulnerabilities, Web Browser vulnerabilities comprised eight percent of the total vulnerabilities found ..." 8% of about 2400 is about 200. 4) "Of the browser vulnerabilities, the big surprise was that Firefox at 44 percent had significantly more vulnerabilities than the other browsers. What was also surprising was that Safari vulnerabilities which are usually very low came in at 35 percent, significantly higher than even Internet Explorer which comprised 15 percent of the browser vulnerabilities." 44% of about 200 is about 90 for Firefox 35% of about 200 is about 70 for Safari 15% of about 200 is about 30 for Internet Explorer 6% of about 200 is about 10 for Opera Note that these figures include browser plug-ins. Unfortunately, the report does not give further details of browser vulnerabilities. I think the main message is: do not assume that whatever browser you are using keeps you safe from attack.



Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
DNS, 1&1 and Google (Views: 291)
Firewall (Views: 323)