After flap, Symantec adjusts browser bug count
Depending on how you count flaws, either IE or Firefox could be considered less secure
IDG News Service - A report issued today by Symantec Corp. seeks to satisfy users of both Mozilla Corp.'s Firefox browser and Microsoft Corp.'s Internet Explorer.
In its latest Internet Security Threat Report, covering the last six months of 2005, the company now features two different ways of counting browser bugs: one that finds that Internet Explorer has the most vulnerabilities, and a second that reveals Firefox as the bug leader.
Firefox had the highest number of "vendor-confirmed" vulnerabilities, with 13 bugs reported during the six months covered by the report, compared with Internet Explorer's 12, said Dave Cole, a director of Symantec Security Response.
However, the latest report also includes a count of bugs found by security researchers that have not been confirmed by Microsoft or the Mozilla Foundation, which owns Mozilla Corp. By that count, Internet Explorer had the most security issues: 24, compared with Firefox's 17.
Symantec decided to begin counting the unconfirmed bugs "partially in response" to feedback from the Mozilla team after publishing its previous report in September 2005. That report counted only confirmed bugs, with 18 for Firefox and 13 for Internet Explorer.
"We said, 'OK, for the next report we'll look at them both,'" Cole said. "It's something we might have looked at anyway."
The report caused a stir among Firefox fans, who have long considered their browser to be more secure than Internet Explorer.
At the time the Mozilla Foundation criticized Symantec's methodology, saying that counting only the number of confirmed flaws skewed the results in Microsoft's favor, because the software vendor tends to group several vulnerabilities together, whereas Mozilla announces each one individually.
Cole would not say which browser Symantec considers to be the more secure. "The reality is, if there's enough motivation there, people are going to find some way to get in," he said. "The concept of the impervious technology is really a mistaken one."
Mozilla and Microsoft representatives were unavailable to comment.
Symantec also found that denial-of-service and phishing attacks continued to rise during the last six months of 2005. DOS attacks were up 51% from the first half of the year, Cole said. On average, there were 1,400 such attacks each day.
Symantec also tracked a "dramatic growth in phishing" and blocked 1.5 billion phishing messages during the period, up 44% from the first half of the year.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Why You Need a Next-Generation Firewall This white paper explores the reasons for implementing next-generation (NG) firewalls and lays out a path to success for overburdened IT organizations.
- Infographic: Converged Infrastructure Benefits This Infographic quantifies the savings organizations are realizing from increased deployment speed, higher availability, and lower annual costs.
- CIOs Deliver Productivity Breakthroughs with Intelligent Digital Signage Retailers have long recognized the influence that digital signage provides over a shopper's point-of-purchase decision making process.
Enhance Your Virtualization Infrastructure With IBM and Vmware
Date: Wednesday, May 14, 2014, 1:00 PM EDT
Virtualization technology is now expanding beyond the server compute elements to encompass networking and storage...
Transforming Finance, Procurement and Supply Chain Effectiveness with Cross-Functional Analytics
Date: May 6th, 2014
Time: 1 PM EDT
Attend this Webcast to find out how Oracle's packaged analytic applications enable line-of-business managers to examine all...
All Malware and Vulnerabilities White Papers |