bit-tech.net

Go Back   bit-tech.net Forums > bit-tech.net > Article Discussion

Reply
 
Thread Tools
Old 16th Apr 2009, 12:42   #1
CardJoe
Freelance Journalist
bit-tech Staff
 
CardJoe's Avatar
 
Join Date: Apr 2007
Posts: 11,339
CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.
Secunia: Firefox most vulnerable browser

http://www.bit-tech.net/news/bits/20...able-browser/1

Security firm Secunia has named Firefox as the most vulnerable browser out there after totting up the number of vulnerability reports it published throughout 2008.

__________________
----------------

I was Bit-tech's Games Editor. Now I'm freelance. Find me at:

www.joemartinwords.com

@joethreepwood on Twitter
CardJoe is offline   Reply With Quote
Old 16th Apr 2009, 13:00   #2
Mentai
Hypermodder
 
Join Date: Nov 2007
Location: New Zealand
Posts: 758
Mentai has yet to learn the way of the Dremel
The fact that having the most security holes doesn't actually equal being the most vulnerable makes this whole thing very misleading. It's bad statistics when the variables give such subjective results. I'd be a bit pissed off with Secunia if I were Mozilla.
Mentai is offline   Reply With Quote
Old 16th Apr 2009, 13:12   #3
Bauul
Sir Bongaminge
 
Bauul's Avatar
 
Join Date: Apr 2007
Location: Godalming, near Guildford
Posts: 2,173
Bauul can run CrysisBauul can run CrysisBauul can run CrysisBauul can run CrysisBauul can run CrysisBauul can run CrysisBauul can run CrysisBauul can run CrysisBauul can run CrysisBauul can run CrysisBauul can run Crysis
So just because Firefox announced more vulnerabilities than anyone else, surely makes them more secure, as they're patching them, where as IE are ignoring them.

Stupid research. God I hate bad statistics.
__________________
Intel Core i5-2500K | 8Gb Corsair Vengeance DDR3 1,600 Mhz
Gigabyte Geforce 460 GTX OC 1Gb | 1Tb + 1.5Tb Samsung Spinpoint F3 | Asrock Z68 Extreme4
Ibanez RG 470 Japanese Edition | 1991 Japanese Lo-TRS Tremolo | V7 S1 Custom V8 HSH Pickups
Bauul is offline   Reply With Quote
Old 16th Apr 2009, 13:17   #4
V3ctor
Tech addict...
 
V3ctor's Avatar
 
Join Date: Dec 2008
Location: Figueira da Foz, Portugal
Posts: 569
V3ctor has yet to learn the way of the Dremel
Blasphemy!!
__________________
Intel Core i3 3220 / ASUS P8B75-M LX / 2x4Gb DDR3 Gskill Sniper 1866Mhz / MSI GTX 750Ti 2Gb GDDR5 / Viewsonic VX922 / Samsung 470 128Gb / Corsair CX600 / CM 690
Intel Core i7 2670QM 2.2~3.1Ghz / 10Gb DDR3 / nVidia GT550M 2Gb / Intel 330 180Gb
Intel Core i7 4770K@4.5Ghz / ASUS Sabertooth Z87 / 2x4Gb Gskill Trident X 2400Mhz / 2x ASUS Matrix Platinum 7970 3Gb / Samsung T260 / 2x Corsair Force GT 240Gb raid0/ Corsair HX-850W/ Silverstone FT02R-Wi
V3ctor is offline   Reply With Quote
Old 16th Apr 2009, 13:20   #5
azrael-
I'm special...
 
azrael-'s Avatar
 
Join Date: May 2008
Location: Aarhus, Denmark
Posts: 3,805
azrael- - it's over 9000!!!!!!!!1!1!1!!!azrael- - it's over 9000!!!!!!!!1!1!1!!!azrael- - it's over 9000!!!!!!!!1!1!1!!!azrael- - it's over 9000!!!!!!!!1!1!1!!!azrael- - it's over 9000!!!!!!!!1!1!1!!!azrael- - it's over 9000!!!!!!!!1!1!1!!!azrael- - it's over 9000!!!!!!!!1!1!1!!!azrael- - it's over 9000!!!!!!!!1!1!1!!!azrael- - it's over 9000!!!!!!!!1!1!1!!!azrael- - it's over 9000!!!!!!!!1!1!1!!!azrael- - it's over 9000!!!!!!!!1!1!1!!!
You must NEVER question Danish research quality. It's the world's best!

By the way, that was sarcasm...
azrael- is offline   Reply With Quote
Old 16th Apr 2009, 13:40   #6
V3ctor
Tech addict...
 
V3ctor's Avatar
 
Join Date: Dec 2008
Location: Figueira da Foz, Portugal
Posts: 569
V3ctor has yet to learn the way of the Dremel
Quote:
Originally Posted by azrael-
You must NEVER question Danish research quality. It's the world's best!

By the way, that was sarcasm...
Yes it was... I love FF, if it wasn't for it, we would still be in the internet with IE6,2 or something. They really rocked the place. I just think that they should come back to a "light" FF... It's becoming heavier at every update...
__________________
Intel Core i3 3220 / ASUS P8B75-M LX / 2x4Gb DDR3 Gskill Sniper 1866Mhz / MSI GTX 750Ti 2Gb GDDR5 / Viewsonic VX922 / Samsung 470 128Gb / Corsair CX600 / CM 690
Intel Core i7 2670QM 2.2~3.1Ghz / 10Gb DDR3 / nVidia GT550M 2Gb / Intel 330 180Gb
Intel Core i7 4770K@4.5Ghz / ASUS Sabertooth Z87 / 2x4Gb Gskill Trident X 2400Mhz / 2x ASUS Matrix Platinum 7970 3Gb / Samsung T260 / 2x Corsair Force GT 240Gb raid0/ Corsair HX-850W/ Silverstone FT02R-Wi
V3ctor is offline   Reply With Quote
Old 16th Apr 2009, 13:41   #7
hitman012
Super Moderator
Moderator
 
Join Date: May 2005
Location: London, UK
Posts: 4,877
hitman012 has yet to learn the way of the Dremelhitman012 has yet to learn the way of the Dremelhitman012 has yet to learn the way of the Dremel
Quote:
Originally Posted by CardJoe View Post
Security firm Secunia has named Firefox as the most vulnerable browser out there after totting up the number of vulnerability reports it published throughout 2008.
They did nothing of the sort. If you actually read the report, they simply give the number of vulnerabilities, along with some other statistics, for each browser. No conclusions are drawn - in fact, they note that the statistics necessarily include only those vulnerabilities publicly disclosed.
__________________
"Nothing is more practical than a good theory"
- Kurt Lewin
hitman012 is offline   Reply With Quote
Old 16th Apr 2009, 14:22   #8
yakyb
i hate the person above me
 
yakyb's Avatar
 
Join Date: Oct 2006
Posts: 2,056
yakyb can run Crysisyakyb can run Crysisyakyb can run Crysisyakyb can run Crysisyakyb can run Crysisyakyb can run Crysisyakyb can run Crysisyakyb can run Crysisyakyb can run Crysisyakyb can run Crysisyakyb can run Crysis
yay for opera
__________________
Mumblings of a prospective indie Game Developer Blog
My Games Website
yakyb is offline   Reply With Quote
Old 16th Apr 2009, 14:25   #9
cjoyce1980
Supermodder
 
Join Date: Jul 2007
Posts: 404
cjoyce1980 has yet to learn the way of the Dremel
Quote:
Originally Posted by hitman012
Quote:
Originally Posted by CardJoe View Post
Security firm Secunia has named Firefox as the most vulnerable browser out there after totting up the number of vulnerability reports it published throughout 2008.
They did nothing of the sort. If you actually read the report, they simply give the number of vulnerabilities, along with some other statistics, for each browser. No conclusions are drawn - in fact, they note that the statistics necessarily include only those vulnerabilities publicly disclosed.
which is what research and reporting is..... try doing a degree or a PhD, thats all you will spend 3+ years doing as well as drink till your kidneys hurt
cjoyce1980 is offline   Reply With Quote
Old 16th Apr 2009, 14:43   #10
alpaca
llama eats dremel
 
alpaca's Avatar
 
Join Date: Jan 2009
Location: Brussels, Belgium
Posts: 1,131
alpaca is a hoopy frood who really knows where their towel is.alpaca is a hoopy frood who really knows where their towel is.alpaca is a hoopy frood who really knows where their towel is.alpaca is a hoopy frood who really knows where their towel is.alpaca is a hoopy frood who really knows where their towel is.alpaca is a hoopy frood who really knows where their towel is.alpaca is a hoopy frood who really knows where their towel is.alpaca is a hoopy frood who really knows where their towel is.alpaca is a hoopy frood who really knows where their towel is.alpaca is a hoopy frood who really knows where their towel is.alpaca is a hoopy frood who really knows where their towel is.
at least firefox is a honest browser. i like that.
__________________
my English may not be as good as I think it is...
alpaca is offline   Reply With Quote
Old 16th Apr 2009, 15:00   #11
bowman
Supermodder
 
Join Date: Apr 2008
Posts: 352
bowman has yet to learn the way of the Dremelbowman has yet to learn the way of the Dremelbowman has yet to learn the way of the Dremelbowman has yet to learn the way of the Dremel
Open source, and higher disclosures.

Comparing the disclosed security vulnerabilities from open source projects to proprietary projects is completely ridiculous.
bowman is offline   Reply With Quote
Old 16th Apr 2009, 15:03   #12
azrael-
I'm special...
 
azrael-'s Avatar
 
Join Date: May 2008
Location: Aarhus, Denmark
Posts: 3,805
azrael- - it's over 9000!!!!!!!!1!1!1!!!azrael- - it's over 9000!!!!!!!!1!1!1!!!azrael- - it's over 9000!!!!!!!!1!1!1!!!azrael- - it's over 9000!!!!!!!!1!1!1!!!azrael- - it's over 9000!!!!!!!!1!1!1!!!azrael- - it's over 9000!!!!!!!!1!1!1!!!azrael- - it's over 9000!!!!!!!!1!1!1!!!azrael- - it's over 9000!!!!!!!!1!1!1!!!azrael- - it's over 9000!!!!!!!!1!1!1!!!azrael- - it's over 9000!!!!!!!!1!1!1!!!azrael- - it's over 9000!!!!!!!!1!1!1!!!
Quote:
Originally Posted by alpaca View Post
at least firefox is a honest browser. i like that.
Is it bearded too?
azrael- is offline   Reply With Quote
Old 16th Apr 2009, 15:09   #13
airchie
Mod Master
 
airchie's Avatar
 
Join Date: Mar 2005
Location: London
Posts: 2,136
airchie has yet to learn the way of the Dremel
I think the number of machines compromised through FF compared to IE would give a much more accurate account of which browser is safest.

I agree though that FF is getting more and more bloated which allows more and more avenues for attack and exploits to be found.
__________________
Laptop:C2D P8600 2.4GHz, 4GB, 9800GTS, 120GB SSD, 15" 1680x1050, Vista64
Projects: 1.2TB Fileserver housed in a cardboard box!|Retro HTPC for my GF.

Quote:
Originally Posted by astralwandrer
Being a legitimate customer of the games industry is increasingly like being in a relationship with an abusive spouse.
airchie is offline   Reply With Quote
Old 16th Apr 2009, 16:45   #14
fargo
Multimodder
 
fargo's Avatar
 
Join Date: Feb 2006
Location: new york,usa
Posts: 178
fargo has yet to learn the way of the Dremel
I think the number of machines compromised through FF compared to IE would give a much more accurate account of which browser is safest.

I think this sentence gets to the meat of the issue.....right on airchie
fargo is offline   Reply With Quote
Old 16th Apr 2009, 17:32   #15
Cobalt
Supermodder
 
Cobalt's Avatar
 
Join Date: Feb 2006
Location: Surrey, UK
Posts: 309
Cobalt has yet to learn the way of the Dremel
Didn't a similar report come out a while ago? Conclusion is basically that proprietary products are made by companies which have a vested interest in not revealing how many vulnerabilities they have.
Cobalt is offline   Reply With Quote
Old 16th Apr 2009, 17:43   #16
naokaji
whatever
 
naokaji's Avatar
 
Join Date: Dec 2006
Location: Belfast
Posts: 1,879
naokaji has yet to learn the way of the Dremel
ActiveX gets a from me.


Anyway, I think the better way to measure browser safety would be measuring something like how many % of the vulnerabilities are patched within a set period of time.
__________________
920 D0, EX58-UD5, 6GB OCZ 1333 @ 1600 7-6-6, 4870x2, 128 GB Samsung PB22-J SSD and 2 old 500GB WD's, Seasonic M12 700W, Cosmos S

Quote:
Opportunity is like delivery by DHL, it does not come to you, you have to track it down and chase it
naokaji is offline   Reply With Quote
Old 16th Apr 2009, 18:01   #17
dicobalt
Multimodder
 
dicobalt's Avatar
 
Join Date: Mar 2009
Location: Miami Florida
Posts: 166
dicobalt has yet to learn the way of the Dremel
I would have to agree with these findings. If you ever actually bother to look at the fixes though you will notice almost all security problems are due to javascript in one way or another. That's why I use noscript + adblockplus. That combo makes almost all javascript vulnerabilities just bounce off you like a raindrop on glass. I wont stop using firefox. BTW I have seen plenty of firefox browsers with spyware toolbars. Myway is one of them, the search results skew to things that will give you more malware also. Too bad large OEM's package that **** on new computers, I can smell a lawsuit.
dicobalt is offline   Reply With Quote
Old 16th Apr 2009, 18:28   #18
airchie
Mod Master
 
airchie's Avatar
 
Join Date: Mar 2005
Location: London
Posts: 2,136
airchie has yet to learn the way of the Dremel
NoScript+FF=Win tbh

Its unfortunate that so much of the nice features we rely on in turn rely on scripting.
Still, its better than activeX...
__________________
Laptop:C2D P8600 2.4GHz, 4GB, 9800GTS, 120GB SSD, 15" 1680x1050, Vista64
Projects: 1.2TB Fileserver housed in a cardboard box!|Retro HTPC for my GF.

Quote:
Originally Posted by astralwandrer
Being a legitimate customer of the games industry is increasingly like being in a relationship with an abusive spouse.
airchie is offline   Reply With Quote
Old 16th Apr 2009, 18:55   #19
azrael-
I'm special...
 
azrael-'s Avatar
 
Join Date: May 2008
Location: Aarhus, Denmark
Posts: 3,805
azrael- - it's over 9000!!!!!!!!1!1!1!!!azrael- - it's over 9000!!!!!!!!1!1!1!!!azrael- - it's over 9000!!!!!!!!1!1!1!!!azrael- - it's over 9000!!!!!!!!1!1!1!!!azrael- - it's over 9000!!!!!!!!1!1!1!!!azrael- - it's over 9000!!!!!!!!1!1!1!!!azrael- - it's over 9000!!!!!!!!1!1!1!!!azrael- - it's over 9000!!!!!!!!1!1!1!!!azrael- - it's over 9000!!!!!!!!1!1!1!!!azrael- - it's over 9000!!!!!!!!1!1!1!!!azrael- - it's over 9000!!!!!!!!1!1!1!!!
Well, almost all "Web 2.0" content relies on AJAX. Take a wild guess what AJAX actually is...
azrael- is offline   Reply With Quote
Old 16th Apr 2009, 20:47   #20
dicobalt
Multimodder
 
dicobalt's Avatar
 
Join Date: Mar 2009
Location: Miami Florida
Posts: 166
dicobalt has yet to learn the way of the Dremel
Quote:
Originally Posted by azrael- View Post
Well, almost all "Web 2.0" content relies on AJAX. Take a wild guess what AJAX actually is...
Indeed it does, but the thing is that scripting really doesn't need to be accessing the domain xycb9865.zxcvb.1vnfv.cn in order to work. That is where noscript comes in. Blocking all sites that are not specifically allowed hence making the virus code unable to do anything useful. While the allowed code on the allowed domain runs just fine. I use all the popular javascripty sites and have zero problems.
dicobalt is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 03:16.
Powered by: vBulletin Version 3
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.