Internet Explorer's poor reputation for security is undeserved, with
Mozilla Firefox actually the most vulnerable internet browser in common
usage.
That's according to research by network security solutions provider
Sourcefire, which examined vulnerability data from the past 25 years.
Further reading
In the Common Vulnerability Scoring System (CVSS) framework, factors
including the location of the vulnerability, what it affects and whether
confidential data is at risk are combined to give a CVSS score: Low
(0-4), Medium (4-7) High (7-9) or Critical (10). Mozilla Firefox came
out of the research as the browser with the highest number of "critical"
vulnerabilities, and second in terms of both "high" and total
vulnerabilities.
"One of the conclusions that we saw was Internet Explorer's bad
reputation might not be completely deserved because Firefox actually has
a lot more vulnerabilities than [Microsoft] Internet Explorer," Dr Yves
Younan, senior research engineer in Sourcefire's Vulnerability Research
Team and author of the report told Computing.
"Firefox is the one with the most critical vulnerabilities: 174 over
the period we looked at. Then we found that actually the top three
products are Mozilla products, so SeaMonkey and Thunderbird are numbers
two and three. Because they share code bases, the same vulnerabilities
will be in all these products from Mozilla," said Younan.
Of Firefox's main competitors in the browser market, Google Chrome
was found to have the second highest number of critical vulnerabilities
(95), followed by Internet Explorer then Safari.
Younan also told Computing that Abode's Flash Player may also be undeservedly getting the blame for poor security.
"Another interesting thing we saw is although Flash Player has a bad
reputation for security, it's actually only number five in the critical
vulnerabilities list," he said.
Sourcefire also tested mobile operating systems and discovered Apple
iOS for iPhone has more vulnerabilities overall than its three main
rivals combined.
"iPhone had a total of 210 vulnerabilities, followed by Android with
24, Windows 14 and BlackBerry with 11. So even though Android has a
larger market share, it actually has fewer vulnerabilities than iPhone,"
said Younan, adding that Google Android is subject to more malware "due
to its open system and fragmented OS."
According to Sourcefire, the way to prevent vulnerabilities in
software on all systems and products is to improve the quality of the
code they're built upon.
"The best approach is better programming: better quality control that
adheres to programming standards. Making sure that programmers don't
use vulnerable functions," said Younan.
Adobe Flash Player and Oracle's Java are among products that have suffered from security scares in recent months because of vulnerabilities within their code.
No comments:
Post a Comment