« previous: Simple Linux Process Accouting | next: AJAX Uploader Supports Multi-File Uploads! »

IE More Secure Than Firefox?

# Filed on Nov 15, 2005 by Anthony DiSante 2 replies

The other day, someone told me that they believed Internet Explorer was more secure than Firefox.  If it had been just some random person, I would have simply written them off as part of the uninformed/uneducated/unwashed masses, but this was someone who works in the computer industry and knows a ton about these kinds of things.

I was flabbergasted; I didn’t even know how to respond.  I didn’t know there actually existed people who could believe something like that.

When I regained my wits, I did some quick research to make sure it wasn’t me who was crazy.  Here’s what I found:

SecurityFocus:
IE: 64 vulnerabilities
Firefox: 0 vulnerabilities (select latest version after page loads)

CERT:
IE: 161 vulnerability notes
Firefox: 34 vulnerability notes

Secunia:
IE: 89 vulnerabilities, 21 unpatched; rated "Highly critical"
Firefox: 25 vulnerabilities, 2 unpatched; rated "Less critical"

It’s hard to argue with numbers like that.

Comments:

01. Oct 31, 2006 at 01:48am by Eric:

"It’s hard to argue with numbers like that."

Actually, it’s easy to.

What you found were databases that contained *known* vulnerabilities. The reason there are so many known vulnerabilities in IE is the same reason there are so many known vulnerabilities in Windows compared to MacOS and Linux: because there are orders of magnitude more people *looking* for vulnerabilities in IE compared to Firefox.

Almost everybody on the planet uses IE.

There, I said it.

It’s not "most people", it’s not merely a "majority", it’s an *overwhelming* majority; almost everybody. If you’re a thief, you don’t waste your time learning to crack a safe that 1 bank out of 10 uses, you learn to crack the safe that the other 9 use.

If Firefox had 85+% of the marketshare, exploits would be coming out of the woodwork.

In fact, it’s safe to say, that in Vista, with IE7 running in protected mode, Firefox will be *far* more vulnerable to hackers (assuming it ever gets enough marketshare for the hackers to care).

02. Oct 31, 2006 at 07:25am by Anthony:

The reason there are so many known vulnerabilities in IE is ... because there are orders of magnitude more people *looking* for vulnerabilities in IE

That’s true to some extent, but it’s not the whole story, and your final comment regarding Vista illustrates it nicely.  One of the reasons IE is so insecure is because Windows is so insecure and IE hooks into Windows in insecure ways (hello, ActiveX).  With IE running in "protected mode" as it should have been all along, and on a new version of Windows that actually has half-decent privilege separation, IE will be much less insecure.

Reply to this message here:

Your name
Email (why?)
Website (if you have one)
Subject
search posts:

home | archives ]