Internet Explorer's poor reputation for security is undeserved, with Mozilla Firefox actually the most vulnerable internet browser in common usage.
That's according to research by network security solutions provider Sourcefire, which examined vulnerability data from the past 25 years.
In the Common Vulnerability Scoring System (CVSS) framework, factors including the location of the vulnerability, what it affects and whether confidential data is at risk are combined to give a CVSS score: Low (0-4), Medium (4-7) High (7-9) or Critical (10). Mozilla Firefox came out of the research as the browser with the highest number of "critical" vulnerabilities, and second in terms of both "high" and total vulnerabilities.
"One of the conclusions that we saw was Internet Explorer's bad reputation might not be completely deserved because Firefox actually has a lot more vulnerabilities than [Microsoft] Internet Explorer," Dr Yves Younan, senior research engineer in Sourcefire's Vulnerability Research Team and author of the report told Computing.
"Firefox is the one with the most critical vulnerabilities: 174 over the period we looked at. Then we found that actually the top three products are Mozilla products, so SeaMonkey and Thunderbird are numbers two and three. Because they share code bases, the same vulnerabilities will be in all these products from Mozilla," said Younan.
Of Firefox's main competitors in the browser market, Google Chrome was found to have the second highest number of critical vulnerabilities (95), followed by Internet Explorer then Safari.
Younan also told Computing that Abode's Flash Player may also be undeservedly getting the blame for poor security.
"Another interesting thing we saw is although Flash Player has a bad reputation for security, it's actually only number five in the critical vulnerabilities list," he said.
Sourcefire also tested mobile operating systems and discovered Apple iOS for iPhone has more vulnerabilities overall than its three main rivals combined.
"iPhone had a total of 210 vulnerabilities, followed by Android with 24, Windows 14 and BlackBerry with 11. So even though Android has a larger market share, it actually has fewer vulnerabilities than iPhone," said Younan, adding that Google Android is subject to more malware "due to its open system and fragmented OS."
According to Sourcefire, the way to prevent vulnerabilities in software on all systems and products is to improve the quality of the code they're built upon.
"The best approach is better programming: better quality control that adheres to programming standards. Making sure that programmers don't use vulnerable functions," said Younan.
Does Google know too much about you?
The trend towards non-desktop-based devices is enabling more flexible working practices and behaviours
Date: 29 May 2013
THIS EVENT HAS BEEN POSTPONED DUE TO ILLNESS. Business intelligence is enjoying an upsurge of interest. In an era in which businesses and organisations...
Date: 11 Jun 2013
The enterprise mobility summit will examine how organisations can manage the increasing array of endpoints which are enabling mobile computing in business....