After flap, Symantec adjusts browser bug count
Depending on how you count flaws, either IE or Firefox could be considered less secure
IDG News Service - A report issued today by Symantec Corp. seeks to satisfy users of both Mozilla Corp.'s Firefox browser and Microsoft Corp.'s Internet Explorer.
In its latest Internet Security Threat Report, covering the last six months of 2005, the company now features two different ways of counting browser bugs: one that finds that Internet Explorer has the most vulnerabilities, and a second that reveals Firefox as the bug leader.
Firefox had the highest number of "vendor-confirmed" vulnerabilities, with 13 bugs reported during the six months covered by the report, compared with Internet Explorer's 12, said Dave Cole, a director of Symantec Security Response.
However, the latest report also includes a count of bugs found by security researchers that have not been confirmed by Microsoft or the Mozilla Foundation, which owns Mozilla Corp. By that count, Internet Explorer had the most security issues: 24, compared with Firefox's 17.
Symantec decided to begin counting the unconfirmed bugs "partially in response" to feedback from the Mozilla team after publishing its previous report in September 2005. That report counted only confirmed bugs, with 18 for Firefox and 13 for Internet Explorer.
"We said, 'OK, for the next report we'll look at them both,'" Cole said. "It's something we might have looked at anyway."
The report caused a stir among Firefox fans, who have long considered their browser to be more secure than Internet Explorer.
At the time the Mozilla Foundation criticized Symantec's methodology, saying that counting only the number of confirmed flaws skewed the results in Microsoft's favor, because the software vendor tends to group several vulnerabilities together, whereas Mozilla announces each one individually.
Cole would not say which browser Symantec considers to be the more secure. "The reality is, if there's enough motivation there, people are going to find some way to get in," he said. "The concept of the impervious technology is really a mistaken one."
Mozilla and Microsoft representatives were unavailable to comment.
Symantec also found that denial-of-service and phishing attacks continued to rise during the last six months of 2005. DOS attacks were up 51% from the first half of the year, Cole said. On average, there were 1,400 such attacks each day.
Symantec also tracked a "dramatic growth in phishing" and blocked 1.5 billion phishing messages during the period, up 44% from the first half of the year.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Why Are Customers Really Deploying an NGFW? It seems every IT Security expert is talking about the NGFW, but what are people really doing? This webcast covers 5 real-world customer... All Malware and Vulnerabilities White Papers | Webcasts