Even with increased popularity, the Firefox Web browser won't face as many security problems as Internet Explorer, according to the president of the Mozilla Foundation.
"There is nothing that will be perfect," said Mitchell Baker, president and chief lizard wrangler of the Mozilla Foundation, during a panel discussion at PC Forum in Scottsdale Arizona. (PC Forum is owned by CNET Networks, publisher of ZDNet UK.)
Still, Firefox, developed by the Mozilla Foundation, won't harbour nearly as many security flaws as those that have Microsoft's Internet Explorer, and increasing popularity won't change that, Mitchell predicted.
Some critics challenge that assumption. Symantec CEO John Thompson and other security executives have claimed that open source programs will become more vulnerable as they pick up more users, because more hackers will become attracted to it.
Last month, Mozilla issued a major security update to fix several flaws, including one that would allow domain spoofing.
"There is this idea that market share alone will make you have more vulnerabilities," Baker said. "It is not relational at all."
Part of Firefox' better security profile comes from how it is developed, compared with Internet Explorer, she said. "Not being in the operating system is a phenomenal advantage for us," Baker said.
Another benefit, Baker said, comes from the fact that Firefox does not support Active X plug-ins. For years, some consumers and analysts have lambasted Firefox because it couldn't run Active X.
"It turns out it [not running Active X] is only less convenient until you get hacked," she said. "Then it [Active X] becomes a disadvantage."
Mozilla is part of an industry effort to create an Active X alternative that would let plug-in applications such as Macromedia Flash run within the Web browser without the security risks associated with Active X. Others involved in that effort include browser makers Opera Software and Apple, and plug-in makers Sun, Macromedia and Adobe.
In general, classic code flaws tend to be fairly easy to fix once they are found, she said. More difficult problems to guard against are the ones that exploit human behaviour, like phishing.
"In some of these cases, the solution is very difficult to determine," she said. "There are some circumstances where the speed won't be as fast."
On another note, Baker added that the open source movement still faces some growing pains. Large commercial customers are often not completely comfortable with open source licensing, particularly because they are familiar with traditional licensing models.
She also said that new forms of public licences are inevitable, as are conflicts and inconsistencies between different public licences.
"If someone comes up with something, they have the right to determine the terms under which they give it away," she said.
CNET News.com's Paul Festa contributed to this report.
Talkback
Firefox is inherently more secure than many other browsers (i.e. Internet Explorer). From the way security affecting choices are presented to the user to fundamental design features Mozilla and Firefox promote a far more secure enviroment than Internet Explorer.
Couple this with the fact that there are thousands of volunteers who are willing to post sescurity flaw fixes straight to the internet (and don't have to wait for marketing driven periodic patch releases), it is obvious that Firefox will continue to be - although not immune - certainly far better able to handle, security hurdles.
Just look at the statistics for computers infected with Adware. In the UK more than half broadband Internet Explorer users are infected with Adware (many probably due to inadvertly installing Adware from websites), wheras far, far fewer Firefox users are.
Here's a perfect example of misdirected journalism. The title suggests that the claimed security of Firefox as made by them is not in fact true. The text however says Firefox insecurity claims rubbished. There is a difference and ZDnet knows it but chose not to be accurate.
We certainly weren't aiming to misdirect anyone with this headline -- I'm sorry that's how you interpreted it.
Thanks for the feedback.
GW
I do find more tracking cookies when useing Firefox then I recieve from IE.
based on the number of tracking cookies I would thing that eather Firefor is working with these spamers or there are some major holes in the system.
That's because of the amount of sites you visit. You can set Firefox to ask you whether you want to accept the cookies until they expire, for the session only, or to block them entirely.
Holy misleading headline Batman! Looks like it says the exact opposite of what it means!
FIREFOX NOW HAS MORE FLAWS THAN ANY OTHER BROWSER. THE HEADLINE IS CORRECT.
"According to the report, Firefox contained 25 confirmed vulnerabilities that were disclosed for the Mozilla browsers during the first half of 2005, "the most of any browser studied..."
"In the latest incident, a 16-year-old security researcher ... found three vulnerabilities in the Firefox browser that together could be exploited to run arbitrary code. The incident is the latest black eye for the open-source software project's security image. While vulnerability researchers frequently flogged Microsoft for the number of security holes found in its Internet Explorer browser, Now flaw finders are pinpointing more security holes in Firefox..."
That is NOW.
This was THEN:
"Even with increased popularity, the Firefox Web browser won't face as many security problems as Internet Explorer, according to the president of the Mozilla Foundation."
Hmm. The irony.