16 November 2009

Firefox Accounted As The Most Vulnerable Browser….Again.


While this may surprise a lot people, it has been found yet again that Firefox is the most unsecure browser. Not the opposite ,that is what many claim.


I know that some will find it shocking that IE is the second most secure browser in this study. I would claim that if scale of use would be taken into question it would come as the most secure one given the very small share Opera Browser got in the Desktop. The study was conducted by a web security company called Cenzic and it states that Firefox accounted for 44% of all Web Browser Vulnerabilities. Safari with 35% and Internet Explorer with 15%.

And as i said it would be even more interesting to take in count the scale of use and separate the IE versions to see which one is the most secure. I can bet it would be IE8.

But there are reasons on why Firefox is the most unsecure and that lies in 3 things:

1.-Mozilla Gecko Engine

Many will of course argue against me, but c’mon certain bug in Firefox has continued since it appeared up to now and that is its Memory Leak bug. A lot of hackers target that as it will make Firefox very unresponsive and it puts a toll on the OS while it crashes.

Making it Firefox leak memory as crazy and apply some malware must be a  hacker sport by now.

2.-Firefox Extensions

The biggest reason to use Firefox is the extension ecosystem and as it is awesome, it can all be a drag. A bad extension can take all the responsiveness of Firefox and make it crash. But since it is a Open Ecosystem it also means that there are a lot of good extension getting hijacked by malware pushers from the extension developers most of the times since it is harder to do that from the Addons Firefox gallery. One of the things that firefox has done to minimize the need of users going to the extension developers website or even Mozilla own website is to integrate the Addon Gallery to the Addon Manager. But this don’t take in count all the Addons users will find around the web that are linked from bad or good blogs that will end up with the user downloading, and installing a compromised extension.

3.-Drive By Hits

Because of Firefox known bugs and its extension ecosystem. Hackers also find new vulnerabilities opened by popular extensions and while these are found and resolved. They can target you from a compromised website based on the fact your Firefox and if you are using some of the Top 100 most popular Firefox Addons.

And Then?

Mozilla looks to be hard at work on implementing the process per tab and fail-safe per tab features that IE8 got and that later Chrome also implemented  (Many say it was the other way around, but no) and in the case of Windows also target security in a OS by OS case also like IE8 does.  The other thing is their Jetpack project that is meant to replace the extension system as it is now by  version 4.0 of Firefox. These measure should be more than enough to resolve Firefox current issues. The current extension system will remain but i guess they will want only the high and mid end extensions to be there and that developers use Jetpack for all the low end extensions as these must be most of the apps in the Firefox ecosystem.

Internet Explorer And Security

The problem about how IE security is perceived relies most in IE6 and IE in XP. IE6 is of course obsolete and insecure and it is only used in IT guarded environments that depend on Apps and Intranets designed to run in IE6.  The other problem is that IE in XP is the most insecure of the IE experiences because the IE7 and IE8 for XP are not equal to those in Vista and IE8 in Windows 7.

IE in XP even if you are up to date with IE8 is based on a mount over IE7 that is mounted in IE6 code. The phishing  and malware utility don’t works as fast as in Vista or 7 and the most important thing is that you don’t count with DEP mode either.

In vista if you got the phishing and malware utility enabled and DEP mode enabled with IE8, it will be a lot safer that the IE8 in XP, If you are in Windows 7 it will be also a little bit more safe than the very same thing in Vista.

Other levels of security are if you got UAC in high, if you are in a 64 bit based OS and  if you got your Windows Firewall profile customized.  That without even accounting if you got the best Anti-Virus for Windows or not. These of course also apply for Firefox security or any other browser security.

So IE8 is secure, it is just that the level of security will depend on what OS you are using it in and how proactive you are about your OS security.  This rant is simply for those that say that IE8 is not secure without knowing what they are talking about.

But it is just a single study that says Firefox is not secure.

Actually no, this is the third time it is being said. The first one was directly called by Microsoft but was of course dismissed as Too biased, The second one was from a study sponsored by Microsoft that was also dismissed as biased. In this third case it was not sponsored by Microsoft so i guess that this time it will count ;)


Firefox accounts for 44% of all security vulnerabilities



.(Some of the things i say should be taken with a sense of humor)


Anonymous said...

Put aside FireFox's continuous CPU issues with Flash and it's extensions and I might actual you use. But this completely changed my mind...

Avatar X said...

@Matt: In the end that is a good thing i guess


Web Analytics