After flap, Symantec adjusts browser bug count
Depending on how you count flaws, either IE or Firefox could be considered less secure
IDG News Service - A report issued today by Symantec Corp. seeks to satisfy users of both Mozilla Corp.'s Firefox browser and Microsoft Corp.'s Internet Explorer.
In its latest Internet Security Threat Report, covering the last six months of 2005, the company now features two different ways of counting browser bugs: one that finds that Internet Explorer has the most vulnerabilities, and a second that reveals Firefox as the bug leader.
Firefox had the highest number of "vendor-confirmed" vulnerabilities, with 13 bugs reported during the six months covered by the report, compared with Internet Explorer's 12, said Dave Cole, a director of Symantec Security Response.
However, the latest report also includes a count of bugs found by security researchers that have not been confirmed by Microsoft or the Mozilla Foundation, which owns Mozilla Corp. By that count, Internet Explorer had the most security issues: 24, compared with Firefox's 17.
Symantec decided to begin counting the unconfirmed bugs "partially in response" to feedback from the Mozilla team after publishing its previous report in September 2005. That report counted only confirmed bugs, with 18 for Firefox and 13 for Internet Explorer.
"We said, 'OK, for the next report we'll look at them both,'" Cole said. "It's something we might have looked at anyway."
The report caused a stir among Firefox fans, who have long considered their browser to be more secure than Internet Explorer.
At the time the Mozilla Foundation criticized Symantec's methodology, saying that counting only the number of confirmed flaws skewed the results in Microsoft's favor, because the software vendor tends to group several vulnerabilities together, whereas Mozilla announces each one individually.
Cole would not say which browser Symantec considers to be the more secure. "The reality is, if there's enough motivation there, people are going to find some way to get in," he said. "The concept of the impervious technology is really a mistaken one."
Mozilla and Microsoft representatives were unavailable to comment.
Symantec also found that denial-of-service and phishing attacks continued to rise during the last six months of 2005. DOS attacks were up 51% from the first half of the year, Cole said. On average, there were 1,400 such attacks each day.
Symantec also tracked a "dramatic growth in phishing" and blocked 1.5 billion phishing messages during the period, up 44% from the first half of the year.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
- Is Your Big Data Solution Production-Ready? Read "Is Your Big Data Solution Production-Ready?" now, and discover best practices and actionable steps to implementing a production-ready big data solution.
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Malware and Vulnerabilities White Papers | Webcasts