why is firefox more secure?
Page 1 of 3 123 LastLast
Results 1 to 10 of 25

Thread: why is firefox more secure?

  1. #1
    Senior Member
    Join Date
    Apr 2002
    Posts
    161

    why is firefox more secure?

    Hi all,

    Could anyone give a concise answer on why is firefox more secure than IE? Or maybe point me to some good articles.


    cheers,

    j

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Right now, firefox and other browsers are "more secure" because of their lack of being tied so closely to the OS as well as requiring more interaction with the user (in regards to downloads and spyware activity). Additionally, there are few spyware/malware in existence that take advantage of firefox.

    This might change since it has become more popular. It is still subject to various phishing exercises and flaws in URLs. You can find info on the various firefox/mozilla flaws here. IMO, it still comes down to how the user uses the product and how aware they are of issues that exist out there in the wilds of the Internet.

    Howstuffworks: Firefox Security might also give you some simple insights.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Member
    Join Date
    Feb 2005
    Posts
    56
    Security comes with lack of knowledge. The less people know about something the less people are gonig to try to exploit it. No point in working hard on something if no one is using it. But like MsMittens was saying, anything can be secure if you know what needs to be secured.

    *Learn to code and make all your own software : )

  4. #4
    Banned
    Join Date
    May 2003
    Posts
    1,004
    Normally all applications are of equal security, due to the simple fact that applications cannot contain or isolate themselves. This is entirely upto the OS.

    Think about it, if application X has 100 known exploits, but is completely isolated by the OS and application Y has 1 known exploit but is not isolated at all... which application is more secure?

    All of that being said, in a network environment IE is "more secure" because it can be configured via the group policy. This allows the admin to enforce a higher level of control, resulting in greater consistancy.

    Additionally because IE is bound to the OS, installing an additional browser merely adds to the system and I'm sure by know we all know that the key to high assurance/security is simplicity.

    cheers,

    catch

  5. #5
    Senior Member
    Join Date
    Apr 2002
    Posts
    161
    How about when working with secure connections / protocols (SSL, IPSEC). I reckon that since those are standards the level of security or encryption will be same on both browsers.

    thnx

  6. #6
    Banned
    Join Date
    Apr 2004
    Posts
    843
    Everyone has said it or thought about it, firefox is everything IE was a year ago.

  7. #7
    Ninja Code Monkey
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027
    Not necessarily. Even on things such as ssl there can be implementation flaws that come with the browser itself. It's usually something that works with ssl that breaks such as the following examples:

    http://netscape.intelligent.net/redisa/ssl_spoof.html
    http://news.zdnet.co.uk/software/0,3...2068733,00.htm

    There was a flaw in netscape a few years ago i believe with the random number generator used for the crypto as well.

    Sometimes the flaws are shared, most time there is an implementation problem in one or the other.
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X

  8. #8
    T̙͓̞̣̯ͦͭͅͅȂͧͭͧ̏̈͏̖̖Z̿ ͆̎̄
    Join Date
    Dec 2004
    Posts
    3,171
    Firefox...safer...

    The report shows the Firefox browser was only exposed to a publicly known vulnerability without a patch for 65 days in 2004; IE, on the other hand, was safe for only seven days last year.
    http://www.internetnews.com/dev-news...le.php/3494316
    Mozilla Community Cashing in on Bug Bounties



  9. #9
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    fewer users...
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  10. #10
    Banned
    Join Date
    May 2003
    Posts
    1,004
    It would seem that many of you don't read... perhaps we can give this another shot:

    "Current security efforts suffer from the flawed assumption that adequate security can be provided in applications with the existing security mechanisms of mainstream operating systems."
    - The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments ( http://www.nsa.gov/selinux/papers/inevit-abs.cfm )

    You see what that says? Adequate security cannot be provided by applications... it must be accomplished at the OS level. What does this mean? Application security DOSE NOT MATTER! Unless your application is PERFECT sooner or later it will be exploited, and all applications get exploited in the same way. A BOF in Firefox is the same as one in LYNX and the same as one in MSIE.

    Counting exploits is not a viable measure of security. If an exploit is made public on Jan 1, 2005... that software was vulnerable since its inception, aka 100% of the year not 300 days, not even 358 days. Even though the exploit isn't widely known, it still existed.

    So again, I'll say it... the NCSC says it, the NSA says it, the good people at ISO say it, the CISSP exam says it.

    APPLICATION LEVEL SECURITY IS MEANINGLESS.

    cheers,

    catch

    edited for formatting

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •