Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: How to stop data leakage."

Download it now to read this article plus other related content.

Moreover, Firefox is under the close scrutiny of the open-source community, which is likely to uncover lots of issues early and, adherents argue, offer fixes as well. On the other hand, Microsoft defenders will argue that as a commercial software supplier, Redmond is obligated to address vulnerabilities quickly. It's typical of the open source/closed source debate, which we won't presume to resolve here.

Adoption of alternative browsers is also fueled by attackers' preference for exploiting IE's vulnerabilities because of the huge install base, especially among businesses. Of course, the other side of that coin is that, as Firefox becomes more popular, it's a more attractive target.

Naturally, there's no way to know what the future holds. Microsoft claims it invested heavily in quality control and security testing, and promises that IE 7.0 will be more secure than past browsers.

Netscape and Firefox share common base code, so most Netscape vulnerabilities will impact Firefox, while vulnerabilities in new Firefox code won't affect Netscape. Firefox 1.5 still shows its common roots with Netscape, particularly configuration options, parsing and cryptography code. This is in part because it is a product of open-source community development.

And none of these browsers offers iron-clad protection against sloppily written applications that leave them vulnerable to exploitation by attacks such as stack overflows and heap corruption.

    Requires Free Membership to View

Let's just acknowledge a few solid truths: All browsers have had major vulnerabilities and will continue to have new vulnerabilities; in the end all browsers will be confined by your network bandwidth and will be relatively similar in their download capabilities. None of them will protect you against the next malicious code threat yet to be discovered and released. The very best you can do is protect against all known threats, trust only those few sites that you indeed trust, and restrict all others.

IE 7.0, at least for the near term, presents a solution that will help secure the desktop's browsing environment better than the competition. The real question will come down to who's spent the time needed in security testing, and how many major vulnerabilities will be found in 2006.

This was first published in January 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: