Mozilla Disputes Bit9's Claim That Firefox is "Most Vulnerable App"
December 18, 2008 8:43 AM
comment(s) - last by
Experts are taking issue to a recent study which warned users of potential risk of using Firefox
A recent security study from Bit9 argued that Mozilla's
Firefox was the most vulnerable application
and thus a major threat to businesses. One of the chief reasons it gave was the lack of a large-network patching system. For this reason, despite
recent security flaws
, it did not consider Microsoft's Internet Explorer software, as it assumed that such a patching system dramatically lowered vulnerability.
Bit9 went as far as to suggest that enterprises block their employees from having access to Firefox and delete it from work computers.
Some firms, including Mozilla, were quick to take issue with Bit9's alarming comments. Representatives from Mozilla's security branch, Human Shield contacted
with remarks on the topic. The company's Johnathan Nightingale states, "While we're always happy to see stories that focus on educating our users about security, there are some problems with Bit9's methodology that hinder its ability to draw any meaningful conclusions."
According to Mr. Nightingale, by raising the "risk" of companies which disclose critical vulnerabilities, Bit9's study punishes openness, a critical key to security. It rewards companies that keep their vulnerabilities secret, he argues.
He also criticizes Bit9's stance on patching, stating that the firm's claims fall short of reality. He states, "Bit9 seems to understand (the need for smarter metrics) in its focus on application support for updates, but again it fails to account for the real world experience. Firefox does not deliver WSUS updates, but our built-in update mechanism requires no user intervention, and we consistently see 90% adoption within six days of a new update being released."
He concludes, "The Firefox vulnerabilities Bit9 discusses are long-since fixed, with the majority of these fixes coming within days of it being announced. That is the real measure of application security: are known vulnerabilities fixed promptly, tested carefully, and deployed thoroughly? Bug counting is unfortunately common because it's easy, but it should not be a substitute for real security measurement."
Similar sentiments were also echoed by various readers on
as well as several sources in the security business. While the Bit9 study certainly takes a controversial and interesting position, according to many its claims are overly broad and flawed. Whether this is the case is largely a matter of opinion, but one thing's for sure -- whether you're on Firefox, Opera, Chrome, or Internet Explorer, security is largely in the
hands of the user
This article is over a month old, voting and posting comments is disabled
RE: Yeah, as the IE exploit raged wild for a few days ...
12/18/2008 6:12:32 PM
It should only require Admin if it was installed someplace the user does not have rights to, like say Program Files. We've had users who install FF themselves despite being 'limited' users, simply by changing the install point to their My Docs folder (XP SP2). I'm not certain, but I assume this would mean that updates function this way as well?
"We basically took a look at this situation and said, this is bullshit." -- Newegg Chief Legal Officer Lee Cheng's take on patent troll Soverain
Critical Vulnerability In Internet Explorer Found, Patch on the Way
December 17, 2008, 12:50 PM
Firefox: Most Risky App to Businesses in New Study
December 12, 2008, 4:00 PM
Woman Succumbs to "Greed", Loses $400K USD to Nigerian Scammers
November 18, 2008, 8:31 AM
Chris Poole Retires From Role as 4Chan After a Decade of Success, Struggles
January 23, 2015, 1:45 PM
Study Shows People are Dumb as Ever With Passwords, Still Using "123456"
January 20, 2015, 3:19 PM
Site for "Glitter as a Service" Mail Pranks, ShipYourEnemiesGlitter, Launches
January 13, 2015, 2:22 PM
OS X Yosemite Compromises Security by Retrieving Embedded Email Images
January 13, 2015, 11:30 AM
ISIS JIhadi From NZ Accidentally Shares Location on Twitter, Outs Cohorts in Selfie
January 3, 2015, 11:35 PM
Amazon's Kindle Fire HDX 8.9 Drops to $299 (30 Percent Off) for a Day
December 22, 2014, 10:57 AM
Most Popular Articles
Microsoft Shows Off Latest Windows 10 Build, Preps it for Next Week Release
January 21, 2015, 2:57 PM
Under the Hood: How DirectX 11.3 and 12 Will Supercharge Windows 10 Gaming
January 23, 2015, 12:34 PM
IDC: 2014 Sales Show PC Isn't Dead, But Desktop May be Dying
January 19, 2015, 1:50 PM
Police are Using New Handheld Radar Sensors to Peer Into Houses w/out Warrant
January 20, 2015, 1:35 PM
Report: HTC One M9 (2015) is Tied to Under Armour-Powered HTC Smartwatch
January 19, 2015, 11:10 AM
Latest Blog Posts
Sceptre Airs 27", 120 Hz. 1080p Monitor/HDTV w/ 5 ms Response Time for $220
Dec 3, 2014, 10:32 PM
Costco Gives Employees Thanksgiving Off; Wal-Mart Leads "Black Thursday" Charge
Oct 29, 2014, 9:57 PM
"Bear Selfies" Fad Could Turn Deadly, Warn Nevada Wildlife Officials
Oct 28, 2014, 12:00 PM
The Surface Mini That Was Never Released Gets "Hands On" Treatment
Sep 26, 2014, 8:22 AM
ISIS Imposes Ban on Teaching Evolution in Iraq
Sep 17, 2014, 5:22 PM
More Blog Posts
Copyright 2015 DailyTech LLC. -
Terms, Conditions & Privacy Information