Firefox Exploit Level

By Deane Barker on September 19, 2005

Is the Firefox honeymoon over?: Apparently, the number of viruses and exploits coming out for Firefox is more than for IE lately.

As you can see, the facade that Firefox is the cure to the Internet Explorer security blues is quickly fading. It just goes to prove that any popular software worth hacking that has security vulnerabilities will eventually have to deal with live working exploits. Firefox mostly managed to stay under the radar from hackers before April of 2005. Since that time, new exploits are being released almost on a monthly basis.

You know what this proves? Virus targetting is based on market share. The more share you have, the bigger target you become. And yes, this means that the only thing protecting Macs is their own unpopularity. Get some market share, and virus writers will come for you too.

Gadgetopia

Comments

  1. Market share is hardly the only thing that determines the security of a product. If market share was the driving factor then the software with the most market share would always be the least secure?

    Firefox needs and deserves more scrutiny to make it better, just like any other software product.

  2. If market share was the driving factor then the software with the most market share would always be the least secure?

    Let me show you a product I use called “Windows.”

  3. So true, I just wrote about this exact thing…

    I love the “my mac is more secure than windows” crowd, its funny because its true, but only true because exploir writers couldnt care less about macs.

    Point being all software has bugs and security issues, aka “exploits”. If you get something out of finding these exploits you would hack on IE first, or Windows iteself.

    “And yes, this means that the only thing protecting Macs is their own unpopularity”

    Good line…

  4. …this means that the only thing protecting Macs is their own unpopularity. Get some market share, and virus writers will come for you too.

    Security by obscurity, or unpopularity, is still security. But still, in spite of the “unpopularity” of the Mac (imagine that; shipping 1.1 million Macs in the last quarter qualifies as unpopular) I still say that if it were as easy to get at the Mac OS with viruses and worms as it is with Windows you would still see SOMETHING. Yet here we are; the Mac OS has been around in just a handful of variations since 1986 and there is nary a single virus around that affects a Mac.

    … but only true because exploir (sic) writers couldnt care less about macs.

    Oh please; think of the notoriety to be gained by some hacker who finally figured out how to stick it to those smug, snobbish Mac users and send them all screaming in fear to McAfee and Symantec. (why, I would bet that the head honchos at McAfee and Symantec would just love for that to happen!)

    Sorry to cloud your argument with needless “facts”.

    Nothing about puppies or old ladies yet. That’s a plus. ;o)

  5. Security by obscurity, or unpopularity, is still security.

    No, NO, NO, NO, NO! Never let security people hear you say that. Security by obscurity is false security, which in many ways is worse than no security. If I have a system that I’m relying on obscurity to protect, and the cracking public at large hasn’t figured out how to crack it, then I feel safe. But if one cracker does figure it out, and decides to keep the knowledge for himself and use it for ill, then I’m even worse off, because I’m telling everyone things are secure, there are no known exploits, and everyone trusts it. Meanwhile, someone’s exploiting that trust. If everyone knew it was insecure, they would be more cautious.

    (Sorry, but that’s a pet peeve of mine.)

    I still say that if it were as easy to get at the Mac OS with viruses and worms as it is with Windows you would still see SOMETHING.

    I’d say you’re right here, Dave. Apple did a very smart thing when they built OS X by using BSD as their core. BSD has a strong reputation for security, and Apple has been pretty intelligent about the default settings. OSX probably falls in to a certain degree with my point about Apache above (even popular systems can be secure), but unlike a web server, an operating system is very broad and has a lot of moving parts. Something will probably emerge in some form eventually.

    I would guess that the first Mac exploits we see will involve a certain degree of social engineering – some sort of trojan that tricks you into spreading the virus. With the placement of the Mac as a great computer for novice users, there’s probably a growing pool of untapped gullibility that someone will eventually exploit.

    Nothing about puppies or old ladies yet. That’s a plus. ;o)

    Steve Jobs’ habit of picking up old ladies and using them to bludgeon puppies has little relevance in this conversation, so I didn’t see the need to bring it up. ;-)

  6. Actually, the numbers only represent vulnerabilities acknowledged by the vendor. Microsoft, at the time of publishing, has more vulnerabilities that they haven’t acknowledged yet.

  7. Those numbers reinforce my point about market share, since the top four are the three most common platforms: Windows, Mac, Red Hat, and Solaris.

    Surprised, however, that Mac is that much more secure than Red Hat.

Comments are closed. If you have something you really want to say, email editors@gadgetopia.com and we‘ll get it added for you.