News >> Browse Articles >> Security
News >> Browse Articles >> Software & Web Development
Firefox Heads Risky Business App List
Featured Author:
DailyTech
DailyTech is a leading online magazine for a well-educated, tech audience. Its readers enjoy hard-hitting and up to the minute CE, PC, IT and information technology news. DailyTech’s fast-moving content also reaches out via news syndications, public portals, and forums.
Jason Mick / DailyTech
December 13, 2008
‘The good old FF browser gets little love when it comes to security.’ -
Firefox has its plate full when it comes to security. It has grown a substantial enough market share to place it in a strong second after Microsoft. This gives it a high profile and leaves it a desirable target to be exploited by hackers and malware writers. Worse yet, it has less money to fund security efforts that Microsoft, and according to some experts, less focus as well.
While small market share browsers like Opera and Chrome have built a reputation on their security (with Safari’s reputation for insecurity being a notable exception), Firefox continues to plod along in a day to day fight, trying to remain a secure platform while dealing with the challenges of browser celebrity.
Perhaps for this reason, Bit9, an application whitelisting firm that helps employers block employee access to certain apps, placed Firefox on the top its list of most vulnerable apps. The remaining spots on the list were filled out with more familiar names, with two through twelve respectively being: Adobe Flash & Acrobat; EMC VMware Player, Workstation, and other products; Sun Java Runtime Environment; Apple QuickTime, Safari, and iTunes; Symantec Norton products; Trend Micro OfficeScan; Citrix products; Aurigma and Lycos image uploaders; Skype; Yahoo Assistant; and Microsoft Windows Live Messenger.
The Bit9 study looked at several factors in ranking vulnerability. One factor was how popular the applications were. Another factor was how many known vulnerabilities existed, and how severe they were. Lastly, it looked at how hard patching was for the particular application.
In order to make the list, programs hand to run in Windows and not be centrally updatable via services such as Microsoft SMS and WSUS. Many say that the survey was unfair to Apple products because it kept easier patched Microsoft applications off the list.
In some ways, though Bit9’s list is a useful benchmark. It aptly points out that many networks have Firefox installations running on machines, without the system administrator being fully aware of the instance of these installs. Thus, despite the fact that most of the vulnerabilities looked at have been patched, the installs may not receive these patches immediately, until the employee upgrades to the next edition of the browser.
The study’s conclusions only marginally apply to the consumer market. However, when it comes to the business market, the study argues that picking or allowing employees to run Firefox, even with its security plug-ins, is a ticket to the IT danger zone as malware increasingly targets application layer targets such as Firefox.
© 2008, DailyTech
eevargas
11 months ago
2 comments
Seems like Microsoft propaganda.
Is not about money, is about good code, Microsoft has money, but never had good code.
doorun
11 months ago
8 comments
2 reasons I don't use IE: 1) ACTIVE X is inherently insecure, and 2) IE's apparent disregard for HTML standards which causes a pain in the keister for developers ---- ok 3 reasons ,,, 3) FF catches my spelling errors like when I just now spelled "inherently" and "keister" wrong!
The problem is when you rely on your browser for security - Because the Internet is not secure (by best practices policy anyway) you can't rely on a browser for security. Security is handled by firewalls, anti-virus and policy, not browsers.
cthenkhaus
11 months ago
102 comments
Seriously? You have nothing better to do than check grammer in an online article? Yeah I caught those too but I'm smart enough to just change the text in my head so it read correctly. And Ggryck, you have to include popularity to an extent bc hackers aren't going to go after software and apps that nobody uses, they would be wasting the virus or whatever is put out there.
0wner
11 months ago
2 comments
ur grammar is 7h3 sUx.
BugaBoo
11 months ago
46 comments
Good notice. It fits in with what we have been seeing, the way these hackers pick their targets.
However, the grammar should have been checked more closely. Example 1: in regard to Safari, should have read, "having a reputation." Example 2: in regard to programs on the list, should have read, "had to run in Windows." Neither one of these glitches would have been caught be Spellcheck, but by actually reading your own copy carefully before posting.
Ggryck
11 months ago
2 comments
This article is ridiculous. Firefox has it's issues, but to rank a "study" of "vulnerable apps" based partially on how "popular" the application is - is just asinine. Additionally to throw out Microsoft product just because they're centrally updated is equally dumb. Just look at the number of 0-day issues that Microsoft leaves un-patched each month.
Finally, Microsoft patches once a month - Firefox patches as necessary - thanks for showing us who signs your paychecks Bit9.
cuff23
11 months ago
2 comments
Sounds like a fear, uncertainty, and doubt article promoted by Microsoft to me. I've disinfected too many PCs due to IE vulnerabilities. I've yet to disinfect one because of FF.
I don't agree patching MS is easier than some of the apps on the list but even if it was, it certainly doesn't mean their security is more effective.
rvag60
11 months ago
4 comments
Sounds like Microsoft purchased this article to say what they wanted. Nobody uses IE anymore because it is just a huge sponge for vulnerabilities. FF has it's faults don't get me wrong, but out of the two, which is better.....Firefox wins by a landslide. which do I use....Opera.
bbaker410
11 months ago
6 comments
I don't know all that much about web browsers at the moment. What i do know is that in order to keep corporations honest they must have competition. Keep using alternative browsers and programs!
xmiles
11 months ago
4 comments
Please proof read!
xmiles
11 months ago
4 comments
Who's browser just had a huge security hole exploited that the news on tv told people not to use it? MICROSOFT!
lewandowskid
11 months ago
12 comments
Sorry, but I work in IT, and everyone I know uses Firefox.
We were actually just having a conversation about how much better Firefox is that IE right before I read this article.
rksii
11 months ago
8 comments
Maybe if all the security and corporate network guys didn't have their head so far up Microsoft's ***, users wouldn't have to try to sneak through holes to get updates for tools that actually increase their productivity instead of just increasing Bill Gates bank account.
fearsomeanna
11 months ago
4 comments
You know, adbednegoyulo, I think you might be onto something. When I was reading the article, the first thing that came to mind was "well, this plays right into MS hands". Isn't that convenient?
abednegoyulo
11 months ago
28 comments
"Another factor was how many known vulnerabilities existed, and how severe they were"
How many vulnerabilities does IE and FF have? How severe?
Vulnerabilities of IE7 and FF3:
http://secunia.com/advisories/product/12366/
http://secunia.com/advisories/product/19089/