IE more secure than Firefox?

Free Newsletter

Get the DailyTechRag in your inbox. Join 21,000+ IT management professionals who get the DailyTechRag for breaking hardware and software news, plus the latest IT security updates and product reviews. Sign up today!

About | View Sample | Privacy

Top Tags

More tags…

Whitepapers

View all whitepapers

About DailyTechRag

DailyTechRag gives IT professionals the latest IT news and reviews covering IT security, IT technology, IT storage, hardware news, software news, patch management, tech gadgets, industry gossip and more. Sign up today for your FREE daily IT newsletter.

Send our editors an anonymous tip

December 3, 2007

Tags Vulnerabilities Internet Explorer (IE) Firefox Mozilla

Tools

Well, that’s certainly not a headline that you see every day. According to a report authored by Jeffrey Jones, a researcher and the Security Strategy Director at–where else?–Microsoft’s Trustworthy Computing group, Internet Explorer is a more secure browser than Mozilla’s Firefox. As the grounds for his report, he compared the security track records of Firefox 1.5 and IE6 as well as Firefox 2.0 and IE7. For his purposes, he breaks down vulnerabilities into three distinct levels of severity: high, medium and low. The most telling statistic is as follows: “Since November 2004, Microsoft has fixed 87 total vulnerabilities in Internet Explorer 6 and 7, while Mozilla has issued 199 fixes to Firefox 1, 1.5, and 2.0.”

Of course, a Microsoft study of a Microsoft product is not going to go uncontested and to that end, Mozilla responded to the report in a recent blog post. “We count every defect distinctly,” Mozilla chief evangelist Mike Shaver wrote. “We count the ones that Mozilla developers find in-house. We count the things we do to mitigate defects in other pieces of software, including Windows itself and other third-party plugins. We count memory behavior that we think might be exploitable, even if no exploit has ever been demonstrated and the issue in question was found in-house. We open our bugs up after we’ve shipped fixes, so that people don’t have to take our word for our severity ratings.” What’s more, he suggests that Microsoft spend more time addressing vulnerabilities instead of “hoping that defects aren’t found by someone who they can’t keep quiet.” Oooh, burn!

At any rate, what’s clear here is that you can probably prove that anything is secure, provided that you choose the right parameters by which security is measured. As Ars Technica aptly points out, this study in particular “neatly coincides with the release of IE 6 for Windows XP SP2,” which, as you may already know, “was the culmination of a massive two-year refocusing on security by Microsoft that mandated security training for every developer in the company.” Ultimately, it’s difficult to take the results of this report too seriously though it does raise an interesting question–which browser really is more secure? Hit us up in the comments with your thoughts.

For more on the report:
– see this Ars Technica article

Comments (1) | Post a comment

More stories about Vulnerabilities Internet Explorer (IE) Firefox Mozilla

Share & Save

Digg
Reddit

Comments

By Anonymous | Posted 6:52pm | December 3, 2007

My experience as a 25-year developer has taught me that any browser or other program that is inherently a part of an operating system is going make that operating system less secure.

I applaud Microsoft for trying to make such a robust platform. They have some very good ideas. But, I think those same great ideas could be implemented without have the browser as part of the OS. It wouldn’t be as efficient, but I believe the trade off of having fewer hooks into the OS would be a good one.

From the Blogosphere

Events

FierceMarkets Publications