What is more secure – Internet Explorer or Firefox?
I recently had an interesting question from a Twitter follower of the question "What would you say is the safest, Firefox or IE? . It is not a question that has not been asked before, but in light of the events of the last days of an issue much deeper than it seems on the surface.
I work with (and play with, for that matter), many people who are fans of alternative operating systems, whose natural response to any question that includes a choice between Microsoft and anything else is not always to choose Microsoft. We need to explore further is based on merit and not branded.
Microsoft Internet Explorer has been the king of the browsers on the Internet for 10 or more years. Despite its market dominance has been declining slightly in recent years, still has an advantage.
Microsoft also has had a rocky start in regard to safety IE, but worked hard to improve and made much progress. A benefit IE brings to the table of corporate IT is the ability to centrally manage through policy objects group, and the center of update via Windows Update and WSUS.
Patch Tuesday is popular and can be considered one of the benefits of predictable updates processes and programming can be designed around a. The flip side is that sometimes have to wait a month or more for a solution (like the current IE exploit being targeted as noted by SophosLabs).
ActiveX has also been a big concern for the manager and controls are required on a site business work, however, allows users to install and update third party ActiveX controls give the ability to run malicious code on users' computers.
Microsoft's latest story is the introduction of Internet Explorer 8. While IE8 is more docile than any previous version, still crawls behind Firefox, Chrome and Safari. Internet Explorer 8 makes major improvements to the safe design and awareness of interoperability.
Mozilla Firefox instead has a different set of issues to deal with. It is more difficult to centrally manage the IE, and has no predictable pattern version upgrade.
By default Mozilla Firefox to consult with updates, but requires the user to accept the update. It must have sufficient privileges to apply the update, and can not be behind a SSL proxy that can interfere with your signing certificate.
Firefox is open source means that defects are often discovered by the public and developers, and patches are quick on the heels of new vulnerabilities.
openness also means that Firefox has a security suite available as NoScript extensions that are able to protect against JavaScript attacks and click kidnapping and other techniques to exploit browsers.
Recently Firefox has faced new challenges from Google, Microsoft and others in the security field of the browser, and Mozilla's team looks ready for the challenge of maintaining security compliance Firefox.
Search the Database National Vulnerability Firefox bugs from medium or high score January 2009 reported the results in 56 individuals (some of which have more than one fault).
Microsoft has reported 34 for the same period, same statistical note that many have multiple problems in individual counseling.
The most interesting part that seems to divide the software giant Supply commercial open source Firefox is conducted to decide the method used to inform the public.
The vulnerability of Firefox in its JIT compiler was discovered by a Firefox developer and the result of a mistake that was made public last Thursday (July 10, 2009). The Firefox community has debated whether it was appropriate for error to make public which led to its operation, the following Monday.
In addition, the Register has published an article suggesting Microsoft knew the most recent IE flaw more than a year before making a disclosure and patch the error.
There is no clear answer to which browser is safer, the only conclusion to a security expert can reach is that surfing the web is always a potentially hazardous activity. Hopefully this gives you more information data to help you make an informed decision.
About the Author
This article was written by Chester Wisniewski of Sophos and is reproduced here with their full permission. Sophos provides full data protection services including: security software, encryption software, antivirus, and malware.
How to: Fix Google Chrome – Resolving Proxy
