Office applications Toolkit

Firefox security claims rubbished

Tags:
IE,
Security,
Internet Explorer,
Microsoft

Michael Kanellos CNET News.com

Published: 23 Mar 2005 12:00 GMT

Even with increased popularity, the Firefox Web browser won't face as many security problems as Internet Explorer, according to the president of the Mozilla Foundation.

"There is nothing that will be perfect," said Mitchell Baker, president and chief lizard wrangler of the Mozilla Foundation, during a panel discussion at PC Forum in Scottsdale Arizona. (PC Forum is owned by CNET Networks, publisher of ZDNet UK.)

Still, Firefox, developed by the Mozilla Foundation, won't harbour nearly as many security flaws as those that have Microsoft's Internet Explorer, and increasing popularity won't change that, Mitchell predicted.

Some critics challenge that assumption. Symantec CEO John Thompson and other security executives have claimed that open source programs will become more vulnerable as they pick up more users, because more hackers will become attracted to it.

Last month, Mozilla issued a major security update to fix several flaws, including one that would allow domain spoofing.

"There is this idea that market share alone will make you have more vulnerabilities," Baker said. "It is not relational at all."

Part of Firefox' better security profile comes from how it is developed, compared with Internet Explorer, she said. "Not being in the operating system is a phenomenal advantage for us," Baker said.

Another benefit, Baker said, comes from the fact that Firefox does not support Active X plug-ins. For years, some consumers and analysts have lambasted Firefox because it couldn't run Active X.

"It turns out it [not running Active X] is only less convenient until you get hacked," she said. "Then it [Active X] becomes a disadvantage."

Mozilla is part of an industry effort to create an Active X alternative that would let plug-in applications such as Macromedia Flash run within the Web browser without the security risks associated with Active X. Others involved in that effort include browser makers Opera Software and Apple, and plug-in makers Sun, Macromedia and Adobe.

In general, classic code flaws tend to be fairly easy to fix once they are found, she said. More difficult problems to guard against are the ones that exploit human behaviour, like phishing.

"In some of these cases, the solution is very difficult to determine," she said. "There are some circumstances where the speed won't be as fast."

On another note, Baker added that the open source movement still faces some growing pains. Large commercial customers are often not completely comfortable with open source licensing, particularly because they are familiar with traditional licensing models.

She also said that new forms of public licences are inevitable, as are conflicts and inconsistencies between different public licences.

"If someone comes up with something, they have the right to determine the terms under which they give it away," she said.

CNET News.com's Paul Festa contributed to this report.