Spyware Makers Noticing Firefox

from the what-else-can-we-switch-to? dept

Many people have pointed out recently that the reason "alternative" browsers like Safari, Firefox and Opera seemed to be more secure than IE was because no one was using them. That is, they aren't any more secure in reality, but the people who exploit security holes saw no reason to target them. With the recent growth (and related attention) of Firefox, however, some now expect spyware makers to start targeting that browser as well. The question, really, is how well Firefox/Mozilla will be able to fend off these attacks compared to IE. That might show how secure Firefox really is in comparison to IE.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    nonuser, 1 Mar 2005 @ 11:51am

    half correct

    Windows XP (many users log in as administrators, all windowing code runs in kernel mode, scriptable media applications are considered non-removable parts of the OS) and IE (think ActiveX) really are architecturally less secure, but it's also true they are the main targets. I expect to see more successful attacks on both Linux and FireFox... and the open source community will start sounding more like MS when they say that responsible users need to download the patches as soon as they become available.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 1 Mar 2005 @ 12:32pm

      Re: half correct

      The notable difference is that, so far, the turnaround time for security bug-fixes in large open-source projects is far less than the turnaround time for MS to release security fixes. I'm talking 24 hours vs 6 months as a kind of comparison.

      I think that open-source projects are only marginally more secure than closed-source projects by their open nature, and comparing actual security in general isn't possible on that scale; it's a project-by-project thing, because it depends on the number and calibre of people involved vs the project complexity.

      Open source projects should have better peer-reviewed fixes that come out in a more timely fashion, and that's the only difference. I think such a difference is a really important one, and that, while OSS stuff can't always be vastly more secure inherently, that the turnaround time makes a very big difference.

      reply to this | link to this | view in chronology ]

      • identicon
        Ralph, 2 Mar 2005 @ 11:06am

        Re: half correct

        ActiveX Controls not being able to execute is the primary reason for Firefox being able to be more secure. Don't need 'em don't want 'em. Also ads can be eliminated with plugins increasing safety and useability.

        reply to this | link to this | view in chronology ]

  • identicon
    opo, 1 Mar 2005 @ 11:57am

    spyware is not security

    you are confusing the issue of spyware and security. IE has many security problems that are completely unrelated to spyware. The alternate browser crowd is more secure because they do not have these same gaping holes.

    Spyware can be avoided by using an antispyware program, security holes in the browsers can only be handled by fixing the security holes.

    reply to this | link to this | view in chronology ]

    • icon
      Mike (profile), 1 Mar 2005 @ 12:06pm

      Re: spyware is not security

      Not really. While you're right that they're two different things, the reason spyware gets in is often because of security holes. So, the amount of spyware getting through is basically a proxy for the security of the browser itself.

      reply to this | link to this | view in chronology ]

  • identicon
    Tim, 1 Mar 2005 @ 12:04pm

    Jumping the gun

    I've seen this a few times, now: in earlier days, open-source was just plain `more secure'. Then it was `more secure because updates come out faster'. These were days before Firefox, nae even Mozilla, was a glint in a web-surfer's eye. Since then, open-source has had to deal with scalability: the packages we know and love are now *huge*, beyond many a solitary programmer's wit to debug, let alone tweak to integrate with anything else.

    So we'll have to see how the Firefox team copes with pushing out an increasing number of fixes, and whether the Internet population actually bothers applying them in a timely enough fashion.

    In fact, I'm going to go out on a limb and predict that a return to modularity is going to be required in the near future. The javascript engine *should* be farmed-out to shared libraries for the purpose. So should the UI. Let Firefox be a *minimal* refactored core with lots and lots of semi-optional libraries, preferably that can all be updated from the core itself. The plugin architecture is right, but it's too high-level for the bugs remaining to be discovered.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Follow Techdirt
Advertisment

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.