Sacred Cow Dung

« One for My MISS LIST - TRANSNEURONIX | Sacred Cow Dung Home | FIND OF THE WEEK - Confused About Web 2.0? Web 2.0 - The Diagram »

September 17, 2005

Soon-To-Be Myth? FireFox is Less Vulnerable than Internet Explorer (IE)

My experience has been that Techies never miss a beat whenever someone has a problem with any Redmond product — always a good occasion to rub in how much better [Open Source | Linux | FireFox | Mozilla | Thunderbird | MacOS | or whatever] is than anything with a Microsoft imprimatur. 

I must admit that I did shift over from IE to Firefox as my default brower quite awhile ago — partly for stability & reliability reasons — but mostly for interface workflow reasons.  I find the feature set for Firefox is just more efficient for me (tabbed windows alone makes Firefox a better choice — for now at least).  Still, I do need IE from time to time for certain sites or for client specific features I occasionally use.  But vulnerabilites has NOT been one of my reasons to switch (although I heard this reason ALOT from my techies).

Well, I suppose it was inevitable that the more resourceful digital troublemakers out there would begin to shift their focus to a platform that has growing, and finally, some significant marketshare. 

Of course, in the mind of a “troublemaker” —

Increasing Marketshare = Increasing Disruption Potential = Increasing Target Attractiveness

Related Links

» Is the Firefox honeymoon over? | George Ou | ZDNet.com

Here is a break down of recent vulnerabilities:

Month	Firefox 1.x Vulnerabilities	IE 6.x Vulnerabilities
Sept 2005	1	0
Aug 2005	0	4
July 2005	10	1
June 2005	2	1
May 2005	3	1
Apr 2005	9	3
Mar 2005	15	0
Total	40	10

Note that this is not a count of the number of advisories because advisories can contain multiple vulnerabilities.  This is a count of the actual number of vulnerabilities.

Here is a break down of recent published exploits: 

Month	Firefox Exploits	IE Exploits
Sept 2005	1	0
Aug 2005	0	3
July 2005	4	1
June 2005	0	0
May 2005	4	0
April 2005	2	2
Total	11	6

As you can see, the facade that Firefox is the cure to the Internet Explorer security blues is quickly fading.  It just goes to prove that any popular software worth hacking that has security vulnerabilities will eventually have to deal with live working exploits.  Firefox mostly managed to stay under the radar from hackers before April of 2005.  Since that time, new exploits are being released almost on a monthly basis.

Vulnerabilties ARE NOT Exploits -- Stephen's comment on "Is the Firefox honeymoon over?" | TalkBack on ZDNet

For the moment though, as I have already indicated, not forever, Firefox still enjoys a big lead in a far lower level of exploits.

Also you err … in comparing high vulnerabilities of a new product (Firefox) with the low levels in a mature product (Explorer).

As any good manufacturing engineer will tell you, every new product goes through what is called the Bathtub Curve (named after the shape of thew curve, reminiscent of a section through a bath). Initial fault rates (bugs, in software terms) are always high, but rapidly drop off over time then (the model assumes that no major revisions are made to the product) there is a period during which the product is highly productive, partly due to the fact that the curve is low and flat - the product is stable. Then, towards the end of it's life a products bits and pieces simply start to wear out and we see the other 'side' of the bathtub shape emerge in our error vs. time graph. This side of the curve, of course, doesn't usually arise in software.

Posted by cmayaud at 12:49 PM | Permalink| Comments (1)
Del.icio.us Tagging | Digg This | Posted to DID YOU SEE THIS | MYTH of the Week | Open Source | RULE OF THE WEEK | SOFTWARE IT | TRENDS

Comments

Posted by: Wesley Walser at November 9, 2005 11:22 PM

Post a comment