Firefox Exploit Level

Sep 19

Firefox Exploit Level

Is the Firefox honeymoon over?: Apparently, the number of viruses and exploits coming out for Firefox is more than for IE lately.

As you can see, the facade that Firefox is the cure to the Internet Explorer security blues is quickly fading. It just goes to prove that any popular software worth hacking that has security vulnerabilities will eventually have to deal with live working exploits. Firefox mostly managed to stay under the radar from hackers before April of 2005. Since that time, new exploits are being released almost on a monthly basis.

You know what this proves? Virus targetting is based on market share. The more share you have, the bigger target you become. And yes, this means that the only thing protecting Macs is their own unpopularity. Get some market share, and virus writers will come for you too.

by Deane September 19, 2005 7:55 AM

tags:

Firefox

Comments

by Joseph Scott, September 19, 2005 9:14 AM

Market share is hardly the only thing that determines the security of a product. If market share was the driving factor then the software with the most market share would always be the least secure?

Firefox needs and deserves more scrutiny to make it better, just like any other software product.

by Deane, September 19, 2005 9:16 AM

If market share was the driving factor then the software with the most market share would always be the least secure?

Let me show you a product I use called "Windows."

by Joe, September 19, 2005 2:24 PM

Let me show you a product I use called "Windows."

On the other hand, here's another product I use called "Apache". 70% of the world's sites run it, but it has fewer exploits than the runner-up.

by Deane, September 19, 2005 2:27 PM

Hey Joe, you're really messing with my Mac-slam here. Back off with the logic.

by Joe, September 19, 2005 2:45 PM

Sorry to cloud your argument with needless "facts".

by Ryan Barry, September 19, 2005 4:59 PM

So true, I just wrote about this exact thing...

I love the "my mac is more secure than windows" crowd, its funny because its true, but only true because exploir writers couldnt care less about macs.

Point being all software has bugs and security issues, aka "exploits". If you get something out of finding these exploits you would hack on IE first, or Windows iteself.

"And yes, this means that the only thing protecting Macs is their own unpopularity"

Good line...

by Ian Argent, September 19, 2005 5:40 PM

Apache is much less vulnerable to social engineering attacks than an OS is...

by Dave, September 19, 2005 8:52 PM

...this means that the only thing protecting Macs is their own unpopularity. Get some market share, and virus writers will come for you too.

Security by obscurity, or unpopularity, is still security. But still, in spite of the "unpopularity" of the Mac (imagine that; shipping 1.1 million Macs in the last quarter qualifies as unpopular) I still say that if it were as easy to get at the Mac OS with viruses and worms as it is with Windows you would still see SOMETHING. Yet here we are; the Mac OS has been around in just a handful of variations since 1986 and there is nary a single virus around that affects a Mac.

... but only true because exploir (sic) writers couldnt care less about macs.

Oh please; think of the notoriety to be gained by some hacker who finally figured out how to stick it to those smug, snobbish Mac users and send them all screaming in fear to McAfee and Symantec. (why, I would bet that the head honchos at McAfee and Symantec would just love for that to happen!)

Sorry to cloud your argument with needless “facts”.

Nothing about puppies or old ladies yet. That's a plus. ;o)

by Joe, September 20, 2005 7:32 AM

Security by obscurity, or unpopularity, is still security.

No, NO, NO, NO, NO! Never let security people hear you say that. Security by obscurity is false security, which in many ways is worse than no security. If I have a system that I'm relying on obscurity to protect, and the cracking public at large hasn't figured out how to crack it, then I feel safe. But if one cracker does figure it out, and decides to keep the knowledge for himself and use it for ill, then I'm even worse off, because I'm telling everyone things are secure, there are no known exploits, and everyone trusts it. Meanwhile, someone's exploiting that trust. If everyone knew it was insecure, they would be more cautious.

(Sorry, but that's a pet peeve of mine.)

I still say that if it were as easy to get at the Mac OS with viruses and worms as it is with Windows you would still see SOMETHING.

I'd say you're right here, Dave. Apple did a very smart thing when they built OS X by using BSD as their core. BSD has a strong reputation for security, and Apple has been pretty intelligent about the default settings. OSX probably falls in to a certain degree with my point about Apache above (even popular systems can be secure), but unlike a web server, an operating system is very broad and has a lot of moving parts. Something will probably emerge in some form eventually.

I would guess that the first Mac exploits we see will involve a certain degree of social engineering - some sort of trojan that tricks you into spreading the virus. With the placement of the Mac as a great computer for novice users, there's probably a growing pool of untapped gullibility that someone will eventually exploit.

Nothing about puppies or old ladies yet. That’s a plus. ;o)

Steve Jobs' habit of picking up old ladies and using them to bludgeon puppies has little relevance in this conversation, so I didn't see the need to bring it up. ;-)

by Scott, September 21, 2005 12:38 PM

Actually, the numbers only represent vulnerabilities acknowledged by the vendor. Microsoft, at the time of publishing, has more vulnerabilities that they haven't acknowledged yet.

by Caliginos, September 22, 2005 10:08 AM

Here's a comparison list of known vulnerabilities for various operating systems:

http://www.livejournal.com/users/caliginos/3233.html

You might note that Mac OS X has 298 known vulnerabilities, so it's not completely secure, although with Wndows weighing in at 776 known vulnerabilities, it's still way more secure.

by Deane, September 22, 2005 12:00 PM

Those numbers reinforce my point about market share, since the top four are the three most common platforms: Windows, Mac, Red Hat, and Solaris.

Surprised, however, that Mac is that much more secure than Red Hat.

Add Comment

Want to advertise on this site? Contact FM.

The 12-Year-Old Spy by HIU, 1 hour, 48 minutes ago
Do You Want to Save Your Changes? by Ron, 4 hours, 35 minutes ago
Cancel Google by gloriastarks, 8 hours, 7 minutes ago
Benefits of Plain English URLs by Robert, 10 hours, 39 minutes ago
"Cuil Sucks," says Captain Obvious by Tomas, 13 hours, 23 minutes ago
Sergey Explains Chrome by Peter, 22 hours, 33 minutes ago
How many supertankers does it take to supply the U.S. with oil for a single day? by Tony Australia, 1 day, 4 hours ago
Commodore 64 Story on CNN by Joe, 1 day, 18 hours ago
Introducing Alkaline Hydrolysis by Joe, 1 day, 19 hours ago
Using Ice as Air Conditioning by Joe, 1 day, 19 hours ago
Show 5 more »

Boutique Job Boards by Deane in 2006
School of the Future by Deane in 2006
Google's Way-Back Machine by Dave in 2006
Airstream SkyDeck by Dave in 2005
Google to Collect Them All? by Joe in 2005
Gallina: Blogging Via Gmail by Deane in 2004
Gmail Invite Thanks by Deane in 2004
Athens 2004 Hyperlinking Policy by Deane in 2004
Centering Elements via CSS by Deane in 2004
Comment Goal Reached by Deane in 2004
Taipei 101 Elevators by Deane in 2004
Google Artist Interview by Deane in 2004
Meanwhile, back on Mars by Rob in 2004
The Floppy is Dead by Rob in 2004
How to Write Firefox Extensions by Deane in 2004
Great Big Stuff by Joe in 2004
Is That a Phone In Your Pocket... by Joe in 2004
Free CliffsNotes by Deane in 2004
Further Political Pontification by Joe in 2004
Surviving the Political Season by Joe in 2004
NetFlix and Tivo Partnership by Deane in 2004
Textbooks Hit The Torrents by Joe in 2004
Google URL Searches by Deane in 2004
Password Generating Bookmarklet by Deane in 2004
MT Background Processing Limitations by Deane in 2004
Google Mirror by Chris in 2003
Happy Birthday Google by Chris in 2003
"Crypto" by Steven Levy by Deane in 2002
Show 23 more »

Web Hosting Web hosting, dedicated servers and Web design services

Laser Toner Cartridges UK laser toner, toner cartridges, hp toner, lexmark toner, samsung toner, canon, toner, epson toner, oki toner, kyocera toner, xerox toner, remanufactured toner, compatible toner

Direct TV Deals Free 4 room direct tv deals. no equipment to buy. free fast professional direct tv installation. this is the best direct tv deal available anywhere.

SEO Article Learn from the experts with our SEO article.

rope light Shopping with birddog distributing, inc., gives you access to the lowest prices, the best customer service and the quickest delivery times possible.

Laptop AC Adapter We offer genuine factory direct replacement AC adapters.

Direct TV Best satellite TV deals.

Direct TV Deals Direct TV programming deals are varied and include packages containing from 50 channels up to over 250 channels.

8mm film to DVD Retain family memories with the only frame by frame digital restoration service in the United States for your 8mm film to DVD today

Rubber Stamp Shop for custom self-inking stamps, hand stamps, address stamps, label stamps, check endorsement stamps, check deposit stamps, date stamps, pre inks, pocket stamps, ink and much more!

Gadgetopia