Mozilla Disputes Bit9's Claim That Firefox is "Most Vulnerable App"
December 18, 2008 8:43 AM
comment(s) - last by
Experts are taking issue to a recent study which warned users of potential risk of using Firefox
A recent security study from Bit9 argued that Mozilla's
Firefox was the most vulnerable application
and thus a major threat to businesses. One of the chief reasons it gave was the lack of a large-network patching system. For this reason, despite
recent security flaws
, it did not consider Microsoft's Internet Explorer software, as it assumed that such a patching system dramatically lowered vulnerability.
Bit9 went as far as to suggest that enterprises block their employees from having access to Firefox and delete it from work computers.
Some firms, including Mozilla, were quick to take issue with Bit9's alarming comments. Representatives from Mozilla's security branch, Human Shield contacted
with remarks on the topic. The company's Johnathan Nightingale states, "While we're always happy to see stories that focus on educating our users about security, there are some problems with Bit9's methodology that hinder its ability to draw any meaningful conclusions."
According to Mr. Nightingale, by raising the "risk" of companies which disclose critical vulnerabilities, Bit9's study punishes openness, a critical key to security. It rewards companies that keep their vulnerabilities secret, he argues.
He also criticizes Bit9's stance on patching, stating that the firm's claims fall short of reality. He states, "Bit9 seems to understand (the need for smarter metrics) in its focus on application support for updates, but again it fails to account for the real world experience. Firefox does not deliver WSUS updates, but our built-in update mechanism requires no user intervention, and we consistently see 90% adoption within six days of a new update being released."
He concludes, "The Firefox vulnerabilities Bit9 discusses are long-since fixed, with the majority of these fixes coming within days of it being announced. That is the real measure of application security: are known vulnerabilities fixed promptly, tested carefully, and deployed thoroughly? Bug counting is unfortunately common because it's easy, but it should not be a substitute for real security measurement."
Similar sentiments were also echoed by various readers on
as well as several sources in the security business. While the Bit9 study certainly takes a controversial and interesting position, according to many its claims are overly broad and flawed. Whether this is the case is largely a matter of opinion, but one thing's for sure -- whether you're on Firefox, Opera, Chrome, or Internet Explorer, security is largely in the
hands of the user
This article is over a month old, voting and posting comments is disabled
Where does the money come from?
12/18/2008 5:54:37 PM
Does Bit9 get funding or others perks from Microsoft in some way?
We could be looking at a smear article being presented as a legitimate, objective news article.
It has been documented over the last year or two or so that Microsoft attempted to scare manufacturers and distributors away from Linux. If I remember correctly, MS tried to use the courts to make it look like the plug could be pulled on that OS at any time leaving users in the dark because of patent infringements. Something along those lines anyway.
It's also hard to take some of the articles on Anandtech seriously when it comes to Intel. As anyone can see, Anandtech is heavily sponsored by Intel. The latest blog on about SAP and i7 seems to confirm this and Intel are in bed with each other.
When you see reports like this, think where the money is coming from for these reporters and their organizations. Something to consider, that's all.
"If you mod me down, I will become more insightful than you can possibly imagine." -- Slashdot
Critical Vulnerability In Internet Explorer Found, Patch on the Way
December 17, 2008, 12:50 PM
Firefox: Most Risky App to Businesses in New Study
December 12, 2008, 4:00 PM
Woman Succumbs to "Greed", Loses $400K USD to Nigerian Scammers
November 18, 2008, 8:31 AM
Google Street View and reCAPTCHA Get Smarter with New Algorithm
April 17, 2014, 9:02 AM
Mt. Gox CEO Refuses to Come to the U.S. in Financial Crimes Probe
April 16, 2014, 3:50 PM
Mark Zuckerberg: Facebook Home Reception Slower than Expected, Social Graph Will Pick Up
April 16, 2014, 2:00 PM
FBI's Facial Recognition Database to Have 52 Million Criminal, Non-Criminal Photos by 2015
April 15, 2014, 2:56 PM
Microsoft's Anti-Google "Scroogled" Campaign May Have Ended
April 15, 2014, 2:44 PM
FAA Requiring All Flights to Have GPS Tracking System by 2020
April 15, 2014, 1:25 PM
Most Popular Articles
Cities to Carpoolers: Sharing Your Car is Illegal, We Will Seize Your Cars
April 4, 2014, 9:17 PM
Taiwan's AOU Claims to Have World's Highest-Res. OLED Smartphone Display
April 11, 2014, 1:44 PM
iPad Exploiter is Freed by Federal Appeals Court
April 11, 2014, 7:40 PM
It's Very Likely Neanderthals and Humans Had Sex, Produced Offspring
April 10, 2014, 8:40 PM
A-10 Warthog May Live to Fight Another Day with Support from Lawmakers
April 14, 2014, 9:41 AM
Latest Blog Posts
Facebook Aims to Provide Internet to "Every Person in the World" with Drones, Satellites
Apr 1, 2014, 10:20 AM
Retail Mobile Sites Experience Outages in Light of Simplexity's Bankruptcy
Mar 14, 2014, 8:48 AM
Tesla vs. BMW: Who Has the Safer EV?
Feb 1, 2014, 2:56 PM
Justice Leaks Details of Next HTC One Two Flagship Phone
Dec 5, 2013, 4:04 PM
Global Cyber Espionage Concerns Reveal Growing Cyber Armies
Nov 29, 2013, 11:04 AM
More Blog Posts
Copyright 2014 DailyTech LLC. -
Terms, Conditions & Privacy Information