Is Firefox More Secure?

Category: Browsers , Security

Is Firefox more secure than Internet Explorer? Perhaps, for now, but they seem to be "catching up" in terms of the numbers of critical flaws discovered. And if you're running Windows Vista, the Firefox security problem gets worse...

Firefox Security Hole on Vista

firefox security The recent ANI (animated cursor) exploit that has been talked about so much in security and tech forums was first believed to affect only Internet Explorer V7. Firefox fans wagged their fingers at IE users once again and chided them for not switching to the "more secure" Firefox. But it turns out that Firefox is also vulnerable to this very serious exploit on Windows Vista systems. And even worse, the bug is potentially MORE destructive on Firefox than with IE7.

That's because Firefox does not support Protected Mode in Windows Vista -- a feature that can prevent malware from modifying or deleting your data. It may be a small consolation, but Protected Mode limits rogue programs to a read-only mode of access to your hard drive. Without Protected Mode, viruses, spyware and other nasties can do much more damage when they gain access to your system. Protected Mode is crucial to security, but Mozilla (the developers of Firefox) won't even say if or when they will add support for it.

George Ou, in his Real World IT column says "I have asked Mozilla PR and its developers many times if and when it intends to support Protected Mode, and I have yet to receive an answer. This is unfortunate because Firefox alone in recent months has had more exploits than Windows XP and Vista combined and is in serious need of mitigation measures, not to mention better code auditing... If Mozilla ever wants Firefox to be taken seriously, it's going to need to do better auditing of its code and implement security measures that are available in the operating system."

And this isn't just about the ANI flaw. As recently as March 6th, a batch of Firefox security fixes rated Highly Critical was released. The batch addressed multiple vulnerabilities which, according to the Secunia security advisory, "can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and spoofing attacks, gain knowledge of sensitive information, and potentially compromise a user's system."

I don't say any of this to diss Firefox. On the contrary, I use it every day and prefer it over IE7. But that's because of it's flexibility, not because I think it's more secure. Do you have comments or questions about Firefox security? Post your thoughts below...

Send this article to a friend.

Jump to the Comments section.

Buy Bob a Snickers.

 

Check out other articles in this category:

Posted by Bob Rankin on April 5, 2007 05:16 PM

Need More Help? Try the AskBobRankin Updates Newsletter. It's Free!
Prev Article:
Hiding Profile Items
Send this article to a friend
The Top Twenty
Next Article:
Carpal Tunnel Syndrome

Link to this article from your site or blog. Just copy and paste from this box:

Related Keywords: Browsers   Firefox   security   Vista   ANI   exploit  

Most recent comments on "Is Firefox More Secure?"

Posted by:
Geoff
17 Apr 2007

It sounds to me like the security flaw is in Vista, not the browser. So I would assume that the same thing could be accomplished in Opera, Netscape, etc. But since the problem can be handled in IE7, I wouldn't expect it to have a high priority at MS.

Personally, I use both Firefox (primarily) & IE7, but on an XP system. Like you, my choice is based on performance, not security. And one of the first bits of advice I ever received was to use a limited user account for your day-to-day tasks, limiting the damage that can be done anyway.

Posted by:
Will
17 Apr 2007

Given this, I have to say that vista is not the product microsoft intended it to be. I could continue about why I switched back to Win XP, but this is not the place to do so.

Posted by:
John
17 Apr 2007

If your operating system has a vulnerability, Firefox won't protect you from it. But at least it isn't interwoven into the OS the way IE is. So that alone makes it much more secure than IE.

EDITOR'S NOTE: Perhaps but that does make the problem of Firefox's lack of support for Protected Mode go away...

Posted by:
Ian
18 Apr 2007

If one can avoid buying Vista, avoid buying Vista. XP is stable and relatively secure, and MS isn't abandoning it until 2008. By then, perhaps SP1 will be out for Vista and it might be better than it is now. As it stands, I won't be buying Vista any time soon. I have a MacBook and love it. For my Windoze needs, I have Parallels running WinXP. Oh yes, I use FF, not IE.


Posted by:
Richard Dengrove
21 Apr 2007

I hear Firefox has always been more vulnerable than IE, but fewer people use it and it isn't the big kid on the block. Thus, it is a less tempting target for hackers. Also, I hear the Mac is even more vulnerable, but for the same reason rarely gets attacked.


Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! And please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are previewed, and may be edited before posting.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Ask Bob Rankin Home Page
RSS   Add to My Yahoo!   Subscribe in NewsGator Online   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Advertise on This Site!
Copyright © 2005 - Bob Rankin - All Rights Reserved