Brandon Paddock's Blog

Mozilla's Nitot missed the point.

A report came out today from Symantec (by way of CNET) that says Mozilla browsers are more vulnerable than IE.  I'm not here to say they're right or wrong (I think the web browser is the most obvious attack surface for internet-based attackers, and no popular web browser will ever be 100% secure). 

However, ZDNet just published a response from Mozilla's Tristan Nitot in which Nitot completely missed the point of the article. 

Symantec used data from the first half of 2005 to demonstrate that because of its gaining popularity, Mozilla is being attacked more frequently and more ferociously than in the past.  Nitot responded by claiming the following:

 In the period 2003 to 2005 Secunia have issued 22 security advisories regarding Firefox 1.x, and rate it as "less critical". In the same period Microsoft Internet Explorer 6.x had 85 Secunia advisories, and is rated as "highly critical".

What he neglects to mention, is that Firefox 1.0 was released in the Fall of 2004, meaning that in reality, Firefox had fewer advisories in 1 year, than Internet Explorer had in all of '03, '04, and '05.  Hardly a fair comparison.

But an even bigger concern is that Firefox didn't gain its current relative popularity until 2005.  So he's claiming that Firefox is better because it used to have fewer vulnerabilities.  By Nitot's logic, it was very secure when a few people used it, and UBER secure when it didn't exist yet. 

I wonder how long before he tells Firefox users to stop using it, so that it can be secure again.

posted @ Tuesday, September 20, 2005 4:49 PM