Microsoft says Internet Explorer more secure than Firefox
Jeff Jones, Security Strategy Director at Microsoft's Trustworthy Computing Group, is fond of comparing his company's products with others. Following his recent report putting Windows Vista ahead of Linux and Mac OS X for security, he has now placed Internet Explorer ahead of the open source Firefox browser in a long-term comparative study. Here too the result is no great surprise - according to his analysis, fewer security vulnerabilities needed fixing in Internet Explorer than in the competition.
[bild1] Jones explains in his report Browser Vulnerability Analysis (PDF), that Mozilla has fixed 199 security vulnerabilities since November 2004, when Firefox first appeared, of which 75 were critical, 100 medium and 24 of low importance. Over the same period, a total of 87 security vulnerabilities were fixed in Internet Explorer, of which 54 were critical, 28 medium and 5 of low importance.
And our Microsoft security expert doesn't stop at raw numbers. He notes that security updates are currently only being released for version 2.0 of Firefox. If Mozilla's policy of providing support for earlier versions for just six months following the release of a successor version were to be applied by Microsoft, support for Internet Explorer 6 would have been stopped in May 2007. This has not, however, happened. Likewise, Windows 2000 users who don't want to budge from their Internet Explorer 5.01 SP4 can still rely on support.
Jones cites as an example Red Hat Enterprise Linux Desktop 5, which was supplied in March 2007 together with Firefox. Mozilla stopped supporting this version shortly thereafter. This leaves two options - one can, like Red Hat, port patches for Firefox 2 back to the previous version, or, like Novell, one can urge users to switch to the latest version. Private users have more flexibility in this regard, whereas business users often use browsers modified for their particular purposes and approach a switch with a more long-term perspective.
Jones gives credit to his company, but also to Mozilla, for placing a high degree of emphasis on security matters. Both browsers have been affected by ever fewer security vulnerabilities over time. Mozilla has also appointed its own security specialist, Window Snyder. However, in his opinion, it is clear that the oft-cited view that Firefox is more secure is not tenable. He believes this can be marked down as one of the fruits of the Trustworthy Computing strategy announced by Bill Gates' in early 2002.
Browser share on heise online
| User agent | November 2007 |
October 2007 |
November 2006 |
|---|---|---|---|
| Firefox 2.0 | 48.0 % | 47.7 % |
25.8 % |
| Internet Explorer 6.0x | 14.7 % | 15.1 % |
23.6 % |
| Internet Explorer 7.0x | 11.6 % | 11.1 % |
4.3 % |
| Opera 9.x | 8.2 % | 8.3 % |
6.7 % |
| Gecko (Mozilla/Netscape 6 etc.) | 3.7 % | 3.9 % |
4.9 % |
| Apple Safari | 4.3 % | 3.9 % |
2.7 % |
| Firefox 1.5 | 1.9 % | 2.1 % |
20.6 % |
| KDE Konqueror | 1.9 % | 2.0 % |
2.1 % |
| Firefox 1.0 | 0.6 % | 0.7 % |
3.2 % |
Browser producers on heise online
| Producer | November 2007 |
October 2007 |
November 2006 |
|---|---|---|---|
| Mozilla, etc. (Gecko engine) | 55.7 % | 55.8 % |
54.0 % |
| Microsoft | 26.9 % | 26.9 % |
28.7 % |
| Opera | 8.5 % | 8.6 % |
7.7 % |
| Apple | 4.3 % | 3.9 % |
2.7 % |
| KDE | 1.9 % | 2.0 % |
2.1 % |
| Netscape prior to 6.x | 0.2 % | 0.2 % |
0.2 % |
| Various mobile browsers | 1.0 % | 0.9 % | 0.9 % |
(mba)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
