Symantec: Mozilla browsers more vulnerable than IE

Συζητήσεις και νέα σχετικά με την ασφάλεια των υπολογιστών και των virus που τους προσβάλουν...

Συντονιστές: Super-Moderators, Software & Hardware Moderators

Απάντηση
Άβαταρ μέλους
KGP
Honorary Member
Δημοσιεύσεις: 5857
Εγγραφή: 18 Ιούλ 2002 01:50
Τοποθεσία: Mr Wonderful

Symantec: Mozilla browsers more vulnerable than IE

Δημοσίευση από KGP » 20 Σεπ 2005 07:46

Den mou aresei pou epiveveonomai gia ektimiseis mou tou parelthontos eidika se themata IT and Security...


http://news.com.com/Symantec+Mozilla+br ... g=nefd.top

Mozilla Web browsers are potentially more vulnerable to attack than Microsoft's Internet Explorer, according to a Symantec report.

But the report, released Monday, also found that hackers are still focusing their efforts on IE.

The open-source Mozilla Foundation browsers, such as the popular Firefox, have typically been seen as more secure than IE, which has suffered many security problems in the past. Mitchell Baker, president of the foundation, said earlier this year that its browsers were fundamentally more secure than IE. She also predicted that Mozilla Foundation browsers would not face as many problems as IE, even as their market share grows.

Symantec's Internet Security Threat Report Volume VIII contains data for the first six months of this year that may contradict this perception.

According to the report, 25 vendor-confirmed vulnerabilities were disclosed for the Mozilla browsers during the first half of 2005, "the most of any browser studied," the report's authors stated. Eighteen of these flaws were classified as high severity.

"During the same period, 13 vendor-confirmed vulnerabilities were disclosed for IE, eight of which were high severity," the report noted.

The average severity rating of the vulnerabilities associated with both IE and Mozilla browsers in this period was classified as "high", which Symantec defined as "resulting in a compromise of the entire system if exploited."

The Mozilla Foundation did not immediately respond to requests for comment.

Symantec reported that the gap between vulnerabilities being reported and exploit code being released has dropped to six days on average. However, it's not clear from the report how quickly Microsoft and Mozilla released patches for their respective vulnerabilities, or how many of the vulnerabilities were targeted by hackers, though Microsoft generally releases patches only on a monthly basis.






Previous Next Symantec admitted that "at the time of writing, no widespread exploitation of any browser except Microsoft Internet Explorer has occurred," but added that it "expects this to change as alternative browsers become increasingly widely deployed."

There is one caveat: Symantec counts only those security flaws that have been confirmed by the vendor. According to security monitoring company Secunia, there are 19 security issues that Microsoft still has to deal with for Internet Explorer, while there are only three for Firefox.

The report also highlighted a trend away from the focus of security being on "servers, firewalls, and other systems with external exposure." Instead, "client-side systems--primarily end-user systems--(are) becoming increasingly prominent targets of malicious activity."

Web browser vulnerabilities are becoming a preferred entry point into systems, the report stated. It also highlighted the trend of hackers operating for financial gain rather than recognition, increased potential exposure of confidential information, and a "dramatic increase in malicious code variants".
*Στην Ελλάδα δεν χρειάζεται να σκέφτεσαι...χάνεις πολύτιμο χρόνο!
*"The power of accurate observation is frequently called cynicism by those who don't have it." -George Bernard Shaw (1856-1950)
*The purpose of argument should not be victory, but progress.

Άβαταρ μέλους
cordis
Administrator, [F|H]ounder, [C|S]EO
Δημοσιεύσεις: 27616
Εγγραφή: 09 Οκτ 1999 03:00
Τοποθεσία: Greece
Επικοινωνία:

Symantec: Mozilla browsers more vulnerable than IE

Δημοσίευση από cordis » 21 Σεπ 2005 16:03

Αηδίες..
http://news.zdnet.co.uk/0,39020330,39219186,00.htm

Mozilla hits back at browser security claim

Mozilla 'is in much better shape' than Microsoft when it comes to fixing security problems, claims the organisation


Mozilla has reacted to a Symantec report issued on Monday which said serious vulnerabilities were being found in Mozilla's browsers faster than in Microsoft's Internet Explorer. The study was conducted over the first six months of 2005.

Tristan Nitot, president of Mozilla Europe, hit back by claiming on Monday that when a vulnerability is found Mozilla's "ability to react, find a solution and put it into the user's hands is better than Microsoft."

Nitot said that Mozilla's reaction time was faster than Microsoft's. "If you look at our ability to respond, we are in much better shape. On 6 September an IDN buffer issue was reported to Mozilla. On 8 September it was publicly disclosed. We ask our developers not to mention any problems until we have a fix for them, but for some reason he went public. On 9 September we had a configuration change that disabled the IDN problem, that users could implement manually, or they could use a patch. Within ten days we had a newer version that was fixed completely."

"If you look at Microsoft — this month they decided to skip a security patch," so any vulnerabilities won't be addressed, according to Nitot. "That's not the kind of thing that happens with us," he said.

He also argued that, according to security company Secunia's statistics, the Microsoft vulnerabilities were more critical, and had been so over a longer timescale. In the period 2003 to 2005 Secunia have issued 22 security advisories regarding Firefox 1.x, and rate it as "less critical". In the same period Microsoft Internet Explorer 6.x had 85 Secunia advisories, and is rated as "highly critical".

"Basically their vulnerabilities are more critical. With Firefox — yeah, you have holes, but they're much less serious." Nitot likened the differences between Firefox and IE vulnerabilities as being like injuries: "Which would you prefer, to have a broken finger, or your head ripped off?"

Ollie Whitehouse, a researcher at Symantec, thought that the results were surprising but were due to a number of factors, primarily the short uptake time for Firefox and the fact that it was open source.

"Firstly, there has been a wide adoption of Firefox in a short space of time. More security researchers and people with more nefarious motives have been able to look at the code base. Secondly, as Firefox is open source more people have access to the code base, so they are free to look for bugs. IE is closed source, and so it's more difficult to access the code."

"Rogue Web sites find Firefox is quite difficult to exploit because it runs on a large number of platforms."

When asked to comment on Nitot's point about the short timeframe of the study, Whitehouse responded, "Up until now Firefox has had a lot less holes [than IE] — but it has had a wider adoption in the last six months. It will be interesting to see whether this is a blip, or whether the trend will continue."

"As Firefox becomes more popular, it becomes a more attractive target. People who have swapped [from IE to Firefox], even if this is a blip, should ask whether the assumption that Firefox is more secure than IE is valid anymore. They shouldn't just rely on changing their browser, but may think about having to look at a different configuration."
Δεν απαντάω σε προσωπικά μηνύματα με ερωτήσεις που καλύπτονται από τις ενότητες του forum. Για ο,τι άλλο είμαι εδώ για εσάς.
- follow me @twitter

Άβαταρ μέλους
KGP
Honorary Member
Δημοσιεύσεις: 5857
Εγγραφή: 18 Ιούλ 2002 01:50
Τοποθεσία: Mr Wonderful

Symantec: Mozilla browsers more vulnerable than IE

Δημοσίευση από KGP » 21 Σεπ 2005 16:26

cordis ksereis ti simenei BS .... auto akrivos... ante geiaaaa netscape rules alla na doume pote tha vgei telios.......epitelous
*Στην Ελλάδα δεν χρειάζεται να σκέφτεσαι...χάνεις πολύτιμο χρόνο!
*"The power of accurate observation is frequently called cynicism by those who don't have it." -George Bernard Shaw (1856-1950)
*The purpose of argument should not be victory, but progress.

Άβαταρ μέλους
Rapid-eraser
WebDev Moderator
Δημοσιεύσεις: 6851
Εγγραφή: 05 Απρ 2003 17:50
Τοποθεσία: Πειραιάς
Επικοινωνία:

Symantec: Mozilla browsers more vulnerable than IE

Δημοσίευση από Rapid-eraser » 09 Οκτ 2005 15:51

Basika eivai toso astio va sizitas gia security pavo se ipologistika sistimata oso o tetragovismos tou kiklou me kavova kai diabiti.

To internet stnv simerivitou morfi exei basistei se arxes outopias. Ekei pou evas idavikos komos 8a ipirkse kai kavevas dev 8a avakatebotav sta tou allou.
To idio exei simbei kai me ta idia ta ipologistika sistimata.

Av skeftite oti iparxouv aftomatopiimeva sistimata pou kavouv exploits pavo se programata kata-boulisi , eivai profaves oti n 'asfalia' eivai kati pou pote dev eixame oute exoume oute 8a exoume.
H ka Mitchell Baker malov dev exei epafi me tnv pragmatikotita... dev mas eipe kai pou dev kserame.
Ola ta opensource programata exouv eva public rate avakivosis flows pavo kato to idio.
Hte eivai 1 to trimivo nte eivai 1 tnv imera ... praktikos dev exei megali diafora.
Eivai to idio epikivdivo kai stis dio periptoseis av dev avtimetopistei.

Bebea edw 8a prepei va poume oti kai o FF exei arketa arketa problimata , alla afto dev tov kavei xirotero n kalitero apo opoiodipote allo browser.

Avtistixos dev simevei oti epidi o IE bgazei 2 -3 maijor problimata to 4amivo eivai kaliteros apo tous allous browser... (se 8emata asfalias pavta milame)

To problima pavta egkite sto oti to meso pou xrisimopioume dev eivai sxediasmevo gia va parexei asfalia.

PX to ip V6 (internet 2 opos to apokalouv oi dimoseografoi :P) rotokolo pou 8a eivai o avtikatastatis tou ipV4 exei perisotero baros stnv asfalia metagogis dedomevwv ... alla fisika kai afto dev pabei va exei arketa problimata.

So, H asfalia eivai avtistrofos avalogi me tis efkolies pou parexei eva sistima.
Cu, Rapid-eraser, Tα αγαθά copies κτώνται.
Love is like oxygen, You get too much you get too high
Not enough and you're gonna die, Love gets you high

Άβαταρ μέλους
ThyClub
Honorary Member
Δημοσιεύσεις: 5312
Εγγραφή: 17 Νοέμ 2003 00:21
Τοποθεσία: Hell's Kitchen
Επικοινωνία:

Symantec: Mozilla browsers more vulnerable than IE

Δημοσίευση από ThyClub » 09 Οκτ 2005 20:25

Kudos @Rapid0 :wink:

Απάντηση

Επιστροφή στο “Security, antiVirus & antiSpyWare”

Μέλη σε σύνδεση

Μέλη σε αυτήν τη Δ. Συζήτηση: Δεν υπάρχουν εγγεγραμμένα μέλη και 0 επισκέπτες