Spyware Makers Noticing Firefox

from the what-else-can-we-switch-to? dept

Many people have pointed out recently that the reason “alternative” browsers like Safari, Firefox and Opera seemed to be more secure than IE was because no one was using them. That is, they aren’t any more secure in reality, but the people who exploit security holes saw no reason to target them. With the recent growth (and related attention) of Firefox, however, some now expect spyware makers to start targeting that browser as well. The question, really, is how well Firefox/Mozilla will be able to fend off these attacks compared to IE. That might show how secure Firefox really is in comparison to IE.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Spyware Makers Noticing Firefox”

Subscribe: RSS Leave a comment
nonuser says:

half correct

Windows XP (many users log in as administrators, all windowing code runs in kernel mode, scriptable media applications are considered non-removable parts of the OS) and IE (think ActiveX) really are architecturally less secure, but it’s also true they are the main targets. I expect to see more successful attacks on both Linux and FireFox… and the open source community will start sounding more like MS when they say that responsible users need to download the patches as soon as they become available.

Anonymous Coward says:

Re: half correct

The notable difference is that, so far, the turnaround time for security bug-fixes in large open-source projects is far less than the turnaround time for MS to release security fixes. I’m talking 24 hours vs 6 months as a kind of comparison.

I think that open-source projects are only marginally more secure than closed-source projects by their open nature, and comparing actual security in general isn’t possible on that scale; it’s a project-by-project thing, because it depends on the number and calibre of people involved vs the project complexity.

Open source projects should have better peer-reviewed fixes that come out in a more timely fashion, and that’s the only difference. I think such a difference is a really important one, and that, while OSS stuff can’t always be vastly more secure inherently, that the turnaround time makes a very big difference.

opo says:

spyware is not security

you are confusing the issue of spyware and security. IE has many security problems that are completely unrelated to spyware. The alternate browser crowd is more secure because they do not have these same gaping holes.

Spyware can be avoided by using an antispyware program, security holes in the browsers can only be handled by fixing the security holes.

Tim (user link) says:

Jumping the gun

I’ve seen this a few times, now: in earlier days, open-source was just plain `more secure’. Then it was `more secure because updates come out faster’. These were days before Firefox, nae even Mozilla, was a glint in a web-surfer’s eye. Since then, open-source has had to deal with scalability: the packages we know and love are now *huge*, beyond many a solitary programmer’s wit to debug, let alone tweak to integrate with anything else.

So we’ll have to see how the Firefox team copes with pushing out an increasing number of fixes, and whether the Internet population actually bothers applying them in a timely enough fashion.

In fact, I’m going to go out on a limb and predict that a return to modularity is going to be required in the near future. The javascript engine *should* be farmed-out to shared libraries for the purpose. So should the UI. Let Firefox be a *minimal* refactored core with lots and lots of semi-optional libraries, preferably that can all be updated from the core itself. The plugin architecture is right, but it’s too high-level for the bugs remaining to be discovered.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...