We can hardly keep a straight face while reading the latest report from application security vendor Cenzic
We don’t normally like to belittle the weaknesses and mistakes of our competitors. The competition, after all, is made up of dozens of browsers that strive to be better and most often succeed by being different, creating a diversity of technology that pays off for everyone, software developers and software users alike.
But there are times when you have to rub it in if only to make a valid but ignored point. Which is, friends, why I’m just mentioning—not making a big point of it…not passing judgment– that Firefox has just recently been shown to be responsible for nearly half of all browser vulnerabilities.
Cenzic, which creates intrusion detection for Web sites, said in a written report that vulnerabilities in Web browsers were concentrated among Internet Explorer, Mozilla Firefox, Opera, and Safari. In the first half of 2009, browser vulnerabilities accounted for about 8 percent of all Web vulnerabilities.
Mozilla Firefox had the greatest share of the vulnerabilities at 44 percent. The Safari browser had more vulnerabilities—35 percent–than in Cenzic’s previous report because iPhone Safari’s flaws were also included. Internet Explorer came in third at 15 percent, and Opera trailed with six percent of total browser vulnerabilities.
Cenzic has some theories as to why Firefox took the lead in vulnerabilities, which are bits of the software’s code or structure that can be manipulated by hackers to gain control of a system.
“It’s a combination of different things,” Lars Ewe, chief technology officer of Cenzic, told InternetNews.com. “They’ve gotten more traction as a browser, which is good for them, and the more you get used the more exposure you have. As well a fair amount of the vulnerabilities have come by way of plug-ins.”
One key area that Ewe said was responsible for a number of reported Firefox vulnerabilities is with how the browser handles plug-ins.
“They can’t control security aspects of all the plug-ins and the vulnerabilities are a side effect of that,” Ewe said.
Now the reason I’m so ungraciously spreading the word about Firefox’s weaknesse is that I’m sick and tired and tired and sick of reading online comments and reviews that toss Maxthon aside with only a comment that, “Of course, since Maxthon is just riding on Internet Explorer, it shares the same security weaknesses as IE.”
First, that’s so not true for two reasons. One is that Maxthon in not “just riding” on top of Internet Explorer. Maxthon uses the same rendering engine that IE uses to display Web pages correctly. The rendering engine, Trident, accounts for only about 20 percent of the code in Maxthon. The other 80 percent is made up of technology and code that is exclusive to Maxthon and that far exceeds anything done in Internet Explorer—or Firefox. Among that 80-percent is security code created by Maxthon’s developers and which has replaced quite completely the security technology of Microsoft’s browser.
The results are that Maxthon’s susceptibility to hacking is far smaller than that of the “Big 4” browsers. And that’s why when it comes to Firefox, I must, in the immortal words of Monty Python, say, “You empty-headed animal-food-trough wiper! I fart in your general direction!”
Tags: Firefox, Monty Python, Security, Vulnerabilities
Maxthon is used by less than 0.10% in the world that does not have a lot of Vulnerabilities. Good for Opera is used by more than 2% in the world and only 6% of bugs and Vulnerabilities.
And Good for IE only 15% =P
It mostly is all in the user of the brower!
ANY BROWSER CAN BE SECURE (If the user sets it up right)
Thanks for that post. Very useful for me.
Is it just me or do all writers and publications in Asia have a very immature attitude when going about every day business? Just a thought.
This article may have a point but it’s choice of words makes me feel like I’m reading the writings of an 10 year old and turns me off from using the Maxthon browser.