Browser wars: Security report provokes skepticism, caution

All of us who proudly use the Firefox Web browser have gotten a small comeuppance, with news that Firefox is the least secure of the four major Web browsers (Google's relatively new Chrome was not one of those studied), according to at least one analysis.

The announcement from applications security firm Cenzic, which released the report, sparked a wave of reaction among technology bloggers and other writers.

Jerry Liao, writing for CNET Asia, said the study is good and bad news for Mozilla, the maker of Firefox.

"The good news is that increasingly more people are using Firefox, as the browser continues to eat up market share from IE, although IE is still the more widely used browser to date," Liao wrote. "The bad news is that as there are more Firefox users, hackers will now exploit whatever vulnerabilities the browser has – which is the same situation as IE before."

Meanwhile, Donna Buenaventura of Donna's SecurityFlash blog, noted that "counting vulnerabilities alone is a bit pointless."

How serious the flaws are and what versions of the product they affect are also important, she wrote. "Cenzic's one-paragraph treatment of browser security suggests the number of Safari bugs was mainly due to vulnerabilities reported in iPhone Safari, and not much else. In particular, Cenzic fails to mention that the seriousness of flaws and the availability of exploits has a big bearing on how comparatively safe a browser choice might turn out to be."

PC World interviewed Lars Ewe, Cenzic's chief technology officer, who readily admitted that the company's findings shouldn't be taken as a reason to give up Firefox. For one thing, the company didn't differentiate between security vulnerabilities that hackers actually exploited and those that the companies patched before anyone used them for an attack.

"At the end of the day, the number of vulnerabilities is only one measurement of a browser's security," said Ewe in the PC World report. "We're not trying to point a finger at any one browser. I would certainly not abandon Firefox because of this."

And at our own GCN Labs, Lab Director John Breeden II noted that the Cenzic study showed Opera, from a company in Norway, as having the fewest vulnerabilities. That's a fact that doesn't make a lot of difference to most people, he wrote, since "[O]nly about seven people in Sweden use the thing."

About the Author

Technology journalist Michael Hardy is a former FCW editor.

inside gcn

  • artificial intelligence (ktsdesign/Shutterstock.com)

    Machine learning with limited data

Reader Comments

Wed, Nov 18, 2009

I'm with "Paul" - it didn't read like a credible security report, it read like marketing.

Wed, Nov 18, 2009 Washington, DC

Why didn't they study Google Chrome? I know a lot of people that use it.

Wed, Nov 18, 2009 Washington, DC

Detailed comparison on browser security, approaches, and technology with analysis. http://www.techzoom.net/publications/silent-updates/

Wed, Nov 18, 2009 Paul New York

So, when all is said and done, the point of the Cenzic' study.......A sales pitch, come on.........

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group