Ron Schenone

Firefox Is Still The Safest Browser According To Study

Posted by on Jul 7, 2008 | 4 Comments

No sooner did I do an article about Internet Explorer I spot this study which was completed over an 18th month period, establishing Firefox as the most secure. But what is interesting is the reason why Firefox is most secure. It is because users are more inclined to update the browser with the latest fixes and patches. In fact, Firefox will auto fix itself. The articles states the problem as:

Profit motivated cyber-criminals have rapidly adopted Web browser exploitation as a key vector for malware installation. Due to the methodology of exploiting Web browser vulnerabilities and the unpredictable browsing patterns of typical users, for widespread infection of vulnerable hosts the criminals must seed a mix of popular and high-traffic websites, or incentivize users through email spam, with URLs directing potential victims to Web servers hosting their malicious content. The former method is commonly known as drive-by download, where drive-by refers to the fact that Web browsers must initially navigate to a malicious page and download refers to the covertly downloaded and executed malware – typically trojans. As popularity of this attack vector has blossomed, there have been frequent reports of hundreds of thousands of Web sites succumbing to mass-defacement [1, 4, 5, 6, 7, 8] – where the defacement often consists of an embedded iframe. These iframes typically inlcude content from servers hosting malicious JavaScript code designed to exploit vulnerabilities accessible through the user’s Web browser and subsequently to initiate a drive-by malware download. These mass-defacements cause once-benign sites to turn against their visitors. Even pages owned by institutions like the United Nations (un.org), the UK government (.gov.uk) and many others have succumbed to such attacks. In 2007, Google uncovered more than three million malicious Web addresses (URLs) that initiate drive-by downloads [9]. 

According to the study, which is quite lengthy and very in depth, Microsoft seems to have trouble fixing their browser. This leaves IE users at risk. Strange. One would expect IE to also have a built in fix and patch ability. Maybe this is the price they paid for having IE incorporated with Windows.

What do you think?

Comments welcome.

Source.

  • William

    Firefox has never been the safect browser. Study versus Secunia. Secunia reports that FIrefox has a few major security holes (one so big that not even Mozilla will leak). Now let’s look at Opera: all known security holes are patched. yeah, Firefox is really more secure all right.

  • http://tomis.weblog.ro Tomis

    Firefox’s security is more full of holes than swiss cheese. Any person in their right state of mind doing a study will notice right away that not only Opera hasn’t any unpatched vulnerabilites, any security issue is promptly patched, whereas IE and Firefox still have (to this day) security holes that microsoft and mozzila don’t give a damn about.

  • Serguei

    I suggest to use Firefox with NoScript addon, it will be much better combination. (I am not fun of Firefox (just use it) or marketing team fellow, just suggesting to check if active protection could help you). Unfortunately Opera, IE, Safari did not include active protection in their suite).

    I prefer to be in control on what is filtered and what is not.

    (BTW, for IE, you could do this customization manually, putting sites into specific zones…). This is fine but really tedious to go through menu stages for each site…

    I am using Opera as well, but cannot see it as a safe browser just because there are less vulnerabilities discovered. I prefer to have active protection (like sites firewall, rather then Anti-Virus type of protection). Difference is simple, similar to medicine… There is preventive medicine and healing one (doctor will help when you are seek)… So, if something new (like virus or attack based on new vulnerability) coming to your computer, only active protection will help.

  • Anonymous

    Noscript + ABP. ABP set to block iframes. Noscript blocks XSS + no iframes = no vulnerabilites exploited.