Firefox security claims rubbished
Published: 23 Mar 2005 12:00 GMT
Even with increased popularity, the Firefox Web browser won't face as many security problems as Internet Explorer, according to the president of the Mozilla Foundation.
"There is nothing that will be perfect," said Mitchell Baker, president and chief lizard wrangler of the Mozilla Foundation, during a panel discussion at PC Forum in Scottsdale Arizona. (PC Forum is owned by CNET Networks, publisher of ZDNet UK.)
Still, Firefox, developed by the Mozilla Foundation, won't harbour nearly as many security flaws as those that have Microsoft's Internet Explorer, and increasing popularity won't change that, Mitchell predicted.
Some critics challenge that assumption. Symantec CEO John Thompson and other security executives have claimed that open source programs will become more vulnerable as they pick up more users, because more hackers will become attracted to it.
Last month, Mozilla issued a major security update to fix several flaws, including one that would allow domain spoofing.
"There is this idea that market share alone will make you have more vulnerabilities," Baker said. "It is not relational at all."
Part of Firefox' better security profile comes from how it is developed, compared with Internet Explorer, she said. "Not being in the operating system is a phenomenal advantage for us," Baker said.
Another benefit, Baker said, comes from the fact that Firefox does not support Active X plug-ins. For years, some consumers and analysts have lambasted Firefox because it couldn't run Active X.
"It turns out it [not running Active X] is only less convenient until you get hacked," she said. "Then it [Active X] becomes a disadvantage."
Mozilla is part of an industry effort to create an Active X alternative that would let plug-in applications such as Macromedia Flash run within the Web browser without the security risks associated with Active X. Others involved in that effort include browser makers Opera Software and Apple, and plug-in makers Sun, Macromedia and Adobe.
In general, classic code flaws tend to be fairly easy to fix once they are found, she said. More difficult problems to guard against are the ones that exploit human behaviour, like phishing.
"In some of these cases, the solution is very difficult to determine," she said. "There are some circumstances where the speed won't be as fast."
On another note, Baker added that the open source movement still faces some growing pains. Large commercial customers are often not completely comfortable with open source licensing, particularly because they are familiar with traditional licensing models.
She also said that new forms of public licences are inevitable, as are conflicts and inconsistencies between different public licences.
"If someone comes up with something, they have the right to determine the terms under which they give it away," she said.
CNET News.com's Paul Festa contributed to this report.
Did you find this article useful?
82 out of 186 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
Full Talkback thread
7 comments
-
Firefox is inherently more secure than many other... Marc Thompson -
Here's a perfect example of misdirected journalism... trm1945
-
We certainly weren't aiming to misdirect anyo... Graeme Wearden -
I do find more tracking cookies when useing Firefo... Jim
-
That's because of the amount of sites you vis... Anonymous
-
Holy misleading headline Batman! Looks like it say... Anonymous
-
FIREFOX NOW HAS MORE FLAWS THAN ANY OTHER BROWSER.... Onyx Wunsch
