Um...yeah...

Story: Just how flawed is Firefox?Total Replies: 9
Author Content
techiem2

Nov 10, 2009
9:39 PM EDT
Quoting: What the report does not do, however, is make any distinction between the bugs found. So zero-day problems, which because of the nature of them not being patched while being exploited in the wild makes them hugely dangerous, were treated as just as another flaw along with relatively minor bugs.


Yeah...which makes the 44% number absolutely meaningless. A bug that say, corrupts the display of a page for 1/1.5M people is a little different than a bug that say, lets the attacker installer whatever they feel like to your computer as an administrator.

I also have to take issue with:

Quoting: Of the 'big four' browsers, Opera performed best with just 6% of the flaws coming from the direction of what used to be the only alternative browser in town.


When was Opera the only alternative browser? There have been many choices in browsers long before IE was written, and many choices since IE was written and before Opera was written. The author seems to have forgotten about a minor player in the browser world called Netscape....(not to mention Cello, Mosaic, etc, etc, etc,......).

d0nk3y

Nov 10, 2009
10:00 PM EDT
Yeah - the whole report is very brief and lacking in any detail to support the 44% figure.

Criticality, time-to-patch etc are much more useful metrics. I'm still waiting for the news item which says the report was funded by Microsoft... should be any day now.
tuxchick

Nov 10, 2009
10:20 PM EDT
I don't even read IT Wire any more. Flamebait and little substance.
moopst

Nov 11, 2009
2:05 AM EDT
Quoting:Not just a tad more, but if you are using the number of reported browser vulnerabilities as a metric...


If I were using the number of reported browser vulns I'd be missing the majority of IE bugs which are parched without disclosure.
cabreh

Nov 11, 2009
3:18 AM EDT
Dumb question. I know. But in any case.

Why are there never any reports about how many people actually suffered an exploit and what browser/software package they were using?

Sander_Marechal

Nov 11, 2009
4:33 AM EDT
@Cabreh: That would be very hard to check. I guess even harder than measuring Linux market share. Also, the report would be flawed because the techologically apt people will pick up alternative software such as Firefox and Linux much more than the regular Joe. And technologically apt people suffer less from exploits because they know what they are doing. They don't click popups or attachments. They patch regularly. They know how to use their computer safely.

So in that report, Linux, Firefox, etcetera would come out too positive. It looks better for us yes, b ut it's just as flawed as this report is.
techiem2

Nov 11, 2009
9:39 AM EDT
About the only time we hear any kind of numerical estimates of exploit sufferers is when the latest big worm flies through the net and causes noticeable disruptions for companies. Of course, those reports generally conveniently forget to mention the attack vector (which of course is usually IE or IIS).
rijelkentaurus

Nov 11, 2009
11:41 AM EDT
How many of the Firefox flaws are really Windows-specific and don't affect Linux or Mac?
phsolide

Nov 11, 2009
12:15 PM EDT
Where's the "Market Share" argument when it helps OSS?

Doesn't this indicate that the Bad Guys(tm) have discovered that FireFox users are valuable as victims?

I mean, that's what we hear as explanation of huge numbers of MSFT flaws, isn't it?

For several years, I've believed the "Market Share Argument" is a form of special pleading (http://en.wikipedia.org/wiki/Special_pleading) that has gotten traction amongst MSFT fanpeople and MVPs.
Steven_Rosenber

Nov 12, 2009
1:25 PM EDT
Of late, Firefox has been very good about detecting phishing scams -- It's not like you can't see them a mile away, but it's nice to know that FF is able to tell you that the given Web page wants to rob you blind.

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!