« previous: Simple Linux Process Accouting | next: AJAX Uploader Supports Multi-File Uploads! »

IE More Secure Than Firefox?

# Filed on Nov 15, 2005 by Anthony DiSante 2 replies

The other day, someone told me that they believed Internet Explorer was more secure than Firefox.  If it had been just some random person, I would have simply written them off as part of the uninformed/uneducated/unwashed masses, but this was someone who works in the computer industry and knows a ton about these kinds of things.

I was flabbergasted; I didn’t even know how to respond.  I didn’t know there actually existed people who could believe something like that.

When I regained my wits, I did some quick research to make sure it wasn’t me who was crazy.  Here’s what I found:

SecurityFocus:
IE: 64 vulnerabilities
Firefox: 0 vulnerabilities (select latest version after page loads)

CERT:
IE: 161 vulnerability notes
Firefox: 34 vulnerability notes

Secunia:
IE: 89 vulnerabilities, 21 unpatched; rated "Highly critical"
Firefox: 25 vulnerabilities, 2 unpatched; rated "Less critical"

It’s hard to argue with numbers like that.

Comments:

01. Oct 31, 2006 at 01:48am by Eric:

"It’s hard to argue with numbers like that."

Actually, it’s easy to.

What you found were databases that contained *known* vulnerabilities. The reason there are so many known vulnerabilities in IE is the same reason there are so many known vulnerabilities in Windows compared to MacOS and Linux: because there are orders of magnitude more people *looking* for vulnerabilities in IE compared to Firefox.

Almost everybody on the planet uses IE.

There, I said it.

It’s not "most people", it’s not merely a "majority", it’s an *overwhelming* majority; almost everybody. If you’re a thief, you don’t waste your time learning to crack a safe that 1 bank out of 10 uses, you learn to crack the safe that the other 9 use.

If Firefox had 85+% of the marketshare, exploits would be coming out of the woodwork.

In fact, it’s safe to say, that in Vista, with IE7 running in protected mode, Firefox will be *far* more vulnerable to hackers (assuming it ever gets enough marketshare for the hackers to care).

02. Oct 31, 2006 at 07:25am by Anthony:

The reason there are so many known vulnerabilities in IE is ... because there are orders of magnitude more people *looking* for vulnerabilities in IE

That’s true to some extent, but it’s not the whole story, and your final comment regarding Vista illustrates it nicely.  One of the reasons IE is so insecure is because Windows is so insecure and IE hooks into Windows in insecure ways (hello, ActiveX).  With IE running in "protected mode" as it should have been all along, and on a new version of Windows that actually has half-decent privilege separation, IE will be much less insecure.

Reply to this message here:

Your name
Email (why?)
Website (if you have one)
Subject
search posts:

home | archives ]

Client Quotes

I just installed the demo of your product and got it up and running in no time.  I searched high and low for a decent login script and thank God I found yours.
– Adrian F.
I spent ages trying to find a way of making my own log in page for my website - if you're thinking of doing that forget it - don't waste your time!  UserBase is a 1st class product at a very reasonable price.  The software works faultlessly and can be adapted to any situation.  The service that I have received from Encodable is terrific!  I am very very impressed.  Nothing was too much trouble and I am most grateful to Anthony DiSante in particular for all his help and patience.
– Paul S.
Worked like a charm... man, this piece of software is a dream and I really appreciate all your customer service help getting this taken care of.
– Kyle M.
I just want to say you guys really stand alone in that you have a quality product and you provide genuine customer service.  It's sad but those qualities are seldom found separately, much less together.  Thanks again for your time and help.
– Alex S.
Also, I wanted to tell you that I was very skeptical about buying this script.  I've spent a lot of time and money over the past 3 months trying to find a solution that works, but I ended up having problems with so many of the scripts I tried that I was almost to the point of giving up.  But then I came across your script, and it actually does what it's supposed to.  An absolute wow.  A very impressive and powerful script indeed!  Many, many thanks!
– Mike E.
I can't thank you enough, I was up against a deadline that required me to get this up and running in 48 hours and you have probably the best customer service I've ever seen.
– Dan T.
Your scripts/software are the greatest, I mean I really love how customizable they are, how intuitive they are, and so on.  Thanks again, I love this stuff!
– Tucker O.
We searched for a long time for an application to password protect directories and allow file uploads.  Userbase & Filechucker are far superior to anything out there.  Simple yet powerful programming, extremely flexible in configuration, and great customer service.  Thanks for a superb product.
– Kat G.
Thank you VERY much for all of your help.  You've really impressed me.  We have support agreements for other software that costs thousands of dollars / year (just for the support), and most of them aren't as helpful as you have been.
– Keith Y.
There are a lot of these scripts out there, but I think they all pale in comparison to yours.
– Peter W.
The software has some great features, is well presented, runs where others are problematic and will make a good impression on our clients.  We look forward to reaping its benefits!
– Alex H.