Browser wars: Security report provokes skepticism, caution
- By Michael Hardy
- Nov 17, 2009
All of us who proudly use the Firefox Web browser have gotten a small comeuppance, with news that Firefox is the least secure of the four major Web browsers (Google's relatively new Chrome was not one of those studied), according to at least one analysis.
The announcement from applications security firm Cenzic, which released the report, sparked a wave of reaction among technology bloggers and other writers.
Jerry Liao, writing for CNET Asia, said the study is good and bad news for Mozilla, the maker of Firefox.
"The good news is that increasingly more people are using Firefox, as the browser continues to eat up market share from IE, although IE is still the more widely used browser to date," Liao wrote. "The bad news is that as there are more Firefox users, hackers will now exploit whatever vulnerabilities the browser has – which is the same situation as IE before."
Meanwhile, Donna Buenaventura of Donna's SecurityFlash blog, noted that "counting vulnerabilities alone is a bit pointless."
How serious the flaws are and what versions of the product they affect are also important, she wrote. "Cenzic's one-paragraph treatment of browser security suggests the number of Safari bugs was mainly due to vulnerabilities reported in iPhone Safari, and not much else. In particular, Cenzic fails to mention that the seriousness of flaws and the availability of exploits has a big bearing on how comparatively safe a browser choice might turn out to be."
PC World interviewed Lars Ewe, Cenzic's chief technology officer, who readily admitted that the company's findings shouldn't be taken as a reason to give up Firefox. For one thing, the company didn't differentiate between security vulnerabilities that hackers actually exploited and those that the companies patched before anyone used them for an attack.
"At the end of the day, the number of vulnerabilities is only one measurement of a browser's security," said Ewe in the PC World report. "We're not trying to point a finger at any one browser. I would certainly not abandon Firefox because of this."
And at our own GCN Labs, Lab Director John Breeden II noted that the Cenzic study showed Opera, from a company in Norway, as having the fewest vulnerabilities. That's a fact that doesn't make a lot of difference to most people, he wrote, since "[O]nly about seven people in Sweden use the thing."
Technology journalist Michael Hardy is a former FCW editor.