Firefox not so secure after all?

Firefox, Internet Explorer, Security 1 Minute

Why does a top evangelist for Firefox feel it’s necessary to misquote, distort, and generally avoid the truth about IE? Maybe he thinks his readers are stupid.

Unknown's avatar

Published by Ed Bott

Tech journalist. Author of 25+ books. ZDNET Contributing Editor since 2006. Contact info: https://edbott.com/contact-me/

Published

3 thoughts on “Firefox not so secure after all?

  1. Ed,

    I’m not going to defend what Asa said, as you correctly pointed out that the release versions of Firefox and IE are equally susceptible to phishing.

    I do think it’s inaccurate to ignore the historical security problems of IE vs. Firefox. Historically, IE has been an absolute security disaster. Firefox has generally had a good security history and very low browser-sourced infection rate.

    Here’s a personal exmaple: I recently setup a brand new Windows XP SP2 laptop for an end user. The laptop was outfitted with all the patches, Microsoft Update auto install turned on, Symantec Corporate A/V, Windows Defender and Firefox as the default browser. This person decided to use IE instead of Firefox. Two weeks after deploying the laptop, it’s infected with spyware – at least Adware.ZangoSearch, and possibly more. Symantec Corporate Antivirus will no longer run a scan and IE no longer works properly.

    I don’t know exactly how the user got the malware, though I strongly suspect they were prompted to install it through IE and agreed. I’d be willing to bet that a Firefox user would never have seen the install prompt in the first place. I’ve been using Firefox since 0.6 on thousands and thousands of sites and I’ve never seen spyware even attempt to install. To be perfectly honest, I wonder how it’s even possible for people to be infected with spyware at such a high rate, but as I said, I don’t use IE.

    So yes, Dotzler misquoted Mike Danseglio. But that doesn’t change the fact that IE has a horrendous security track record and shouldn’t be trusted, in my opinion. IE7 may change that, but I want to see a history of improved security before I’ll believe it.

    For the record, so much of the Firefox vs. IE thing is a stupid religious war. I care about results: about not wasting time cleaning up PCs, about not losing data and about people being able to do their jobs without interruption from computer security problems. Right now, Firefox is better at accomplishing those goals.

  2. Oy, I hate trying to read comments at ZDnet — one at a time. Great reporting, and oddly I’ve missed this chapter in Firefox history because I’ve been using Opera as a secondary browser. I gave up on Firefox once the early security issues weren’t fully addressed and that I grew tired of chasing valid extensions for the latest version. I shouldn’t have to “fix” software each time its upgraded. Maxthon running IE7’s engine has given me the results Carl desires.

  3. Fantastic article Ed. This has been something I have been saying for a long time. The main attack vector as of the last year or so has been Phishing attacks and I see them growing at an alarming rate. This is due to the increased security in all the browsers but especially IE. The nonsense online about IE being so insecure is just that. Microsoft has been very good about releasing security updates for the last few years and really taking security seriously. When I find an infected machine you can count on one of a few things

    -All the updates were not applied
    -AV is either out of date or not installed
    -MSJVM is present on the system

    Once you patch the security holes IE is safe to use. As for Firefox’s Security Issues, I go into more detail at http://www.FirefoxMyths.com

    Since Firefox v1.x was released, users have been exposed to over 100 security vulnerabilities and counting.

    Secunia – lists 108 security vulnerabilities in Firefox, 64 of which are rated as Highly Critical and 1 Extremely Critical.

    Notes – The number of Secunia advisories (32) does not equal the actual amount of vulnerabilities (108). Over 10 advisories have multiple vulnerabilities, look carefully. SA19631 – Lists 24 Vulnerabilities Alone!

    Mozilla – lists 113 “known” security vulnerabilities in Firefox, 24 of which are rated as High and 47 Critical.

    CVE – lists 165 security vulnerabilities in Firefox.

    Here is an auto-installing Firefox exploit in action:

    http://sunbeltblog.blogspot.com/2006/04/pssstyou-wanna-see-
    firefox-exploit-in.html

    Oh yes it infects an older version of Firefox but these are the same types of infections that infect unpatched versions of IE. So now you have people spreading IE Zero Day hysteria because the nonsense about Firefox being secure is long over.

    Here is a great article about the online FUD about ActiveX:

    http://www.eweek.com/article2/0,1759,1785769,00.asp

Comments are closed.