computerwoche.de

Archiv

Symantec report sparks safe-browser debate

20.09.2005
In its latest Internet Security Threat Report, released Monday, security vendor Symantec Corp. noted that in the first six months of 2005, the open-source Firefox Web browser had more confirmed vulnerabilities than Microsoft Corp.'s Internet Explorer browser. So does that mean that the Mozilla-based browser is less secure than proponents have said and that Internet Explorer is more secure than believed?

Not exactly, according to security experts.

Symantec reported that during the first half of 2005, 25 vendor-confirmed vulnerabilities were disclosed for Mozilla browsers, including 18 that were classified as highly severe. During the same six-month period, 13 vendor-confirmed vulnerabilities were disclosed for Internet Explorer, eight of which were considered highly severe.

But that's not the whole story, said Vincent Weafer, senior director of Symantec's Security Response Team. Even though more confirmed vulnerabilities were reported for Mozilla browsers, he said, the widespread use of Internet Explorer means that whatever vulnerabilities affect it have the potential to affect a much larger user base.

"No technology by itself is safer," Weafer said. "It really is about securing it all to the max. None of them are immune to attack."

Internet Explorer has been a target of hackers for many years as the most widely used Web browser worldwide, he said, meaning it has been attacked so many times that the easiest-to-target flaws have already been uncovered. That makes it harder for hackers to find and take advantage of vulnerabilities.