Comments on: IE More Secure Than Firefox? http://mozillalinks.org/2006/10/ie-more-secure-than-firefox/ Your source for Mozilla news, tips, reviews, and more. Sat, 24 Mar 2012 19:31:28 +0000 hourly 1 http://wordpress.org/?v=3.3.2 By: percy http://mozillalinks.org/2006/10/ie-more-secure-than-firefox/comment-page-1/#comment-251 percy Fri, 06 Oct 2006 12:44:22 +0000 http://mozillalinks.org/wp/2006/10/ie-more-secure-than-firefox/#comment-251 Andrew, in the article I don't try to establish which browser is more secure but instead mention just a few factors that should be considered and it's more about questions rather than answers. You point to the number of security vulnerabilities patched during this year and numbers are fine and OK. The problem is how can you conclude which one is more secure based on this fact alone. Say Firefox have had and accrued 60 vulnerabilities since it shipped 1.0. Today it would be perfectly secure according to those numbers. If IE had the same numbers of vulnerabilities it would still have 30 flaws. What if Firefox really had 100 flaws? Then there are 40 around and yes IE is more secure even when patching less. The problem is without knowing the total number of flaws a software has, you can't know how many flaws are left. Also you aren't factoring how critical each flaw is. It's one thing to have a crash (Denial of service) than allow remote execution which could in fact make a zombie of your computer. Then what about attack surface. What exactly can an attacker do once your browser is possessed? Can it take full control of your computer or just browser functionality? I am no security expert and just try to make my best decision based on as much information I can get and understand. I guess we all try to do that. I would really like to hear about better ways to measure a browser security. Andrew, in the article I don’t try to establish which browser is more secure but instead mention just a few factors that should be considered and it’s more about questions rather than answers.

You point to the number of security vulnerabilities patched during this year and numbers are fine and OK. The problem is how can you conclude which one is more secure based on this fact alone.

Say Firefox have had and accrued 60 vulnerabilities since it shipped 1.0. Today it would be perfectly secure according to those numbers. If IE had the same numbers of vulnerabilities it would still have 30 flaws.

What if Firefox really had 100 flaws? Then there are 40 around and yes IE is more secure even when patching less.

The problem is without knowing the total number of flaws a software has, you can’t know how many flaws are left.

Also you aren’t factoring how critical each flaw is. It’s one thing to have a crash (Denial of service) than allow remote execution which could in fact make a zombie of your computer.

Then what about attack surface. What exactly can an attacker do once your browser is possessed? Can it take full control of your computer or just browser functionality?

I am no security expert and just try to make my best decision based on as much information I can get and understand. I guess we all try to do that. I would really like to hear about better ways to measure a browser security.

]]> By: Andrew http://mozillalinks.org/2006/10/ie-more-secure-than-firefox/comment-page-1/#comment-248 Andrew Fri, 06 Oct 2006 03:36:45 +0000 http://mozillalinks.org/wp/2006/10/ie-more-secure-than-firefox/#comment-248 Read these: www.firefoxmyths.com http://poptech.blogspot.com/2006/09/internet-explorer-6x-more-secure-than.html Read these:

http://www.firefoxmyths.com

http://poptech.blogspot.com/2006/09/internet-explorer-6x-more-secure-than.html

]]>