Firefox "Greater Security Risk" and OSX "False Sense of Security" - Symantec

Posted on Sep 19, 2005

MacCentral is reporting that Symantec's most recent Internet Security Threat Report says that Mac users are "increasingly becoming a target for the malicious activity, contrary to popular belief that the Mac OS is immune to traditional security concerns." In addition, it states that "over the past six months, nearly twice as many vulnerabilities surfaced in Mozilla browsers as in Explorer." This is also contrary to the popular belief that the Firefox browser is more secure than IE.

"Twenty-five vulnerabilities were disclosed for Mozilla browsers, including Firefox, in the first half of the year, compared with 13 for Explorer, Symantec said. Eighteen of the Mozilla flaws were classified as high severity, compared with eight high-severity Explorer flaws"

As a fan of Firefox, I found that surprising. It is not only counter to the common perceptions, but counter to Mozilla's own marketing in recent past.

As for the Mac OS, the article stated:

"The number of security bugs confirmed by Apple has remained about the same over the past two six-month reporting periods, with no widespread exploits, Symantec said. But an analysis of a rootkit called Mac OS X/Weapox - based on the AdoreBSD rootkit - indicates the situation might not last much longer."

Specifically, the growing popularity of the Mac OS is cited as a reason for the increased "scrutiny it receives from potential attackers." This has been an argument that Windows users have made regarding its security issues: that its position as the dominant operating system (i.e. its popularity) makes it a target. However, it is worth noting that they did not cite actual increased security risks, just the potential.

Comments

rob Thank goodness they don't stand to gain by spreading extreme conjecture - can anyone say Symantac Virus/Malware Scanner OSX version?

"Twenty-five vulnerabilities were disclosed for Mozilla browsers" - all vulnerabilites are not created equal. Look at the severity not the number - just like bugs.

"However, it is worth noting that they did not cite actual increased security risks, just the potential." - exactly. Which is why I think all these reports are FUD bull.

Posted By rob / Posted on 09/19/2005 at 10:38 PM

IsaacDM it sounds to me too like FUd... but...
i still wonder about that, symantec behind ???

I kinda think that symantec its a pont of view to count...
a highly trusted point of view

Its great that for OSX its just the potencial....
i actually installed the trial version of nortons antivirus for mac... just to know.... then became annoying.. and i couldnt uninstall!!!! i drop all the folder to the trash and then stills checking all of USB, DMG, at its own will... i had to search for files to delete in the library and elsewere... to completely uninstall!!! ( pain in the ass)
Norton AV for mac really Sucks....

BeWell

Posted By IsaacDM / Posted on 09/20/2005 at 8:45 AM

Brian Rinaldi With regard to the Firefox issue, a techWeb article gives more detail (http://news.yahoo.com/news?tmpl=story&u=/cmp/20050920/tc_cmp/170704674)

The important part to note is that they say the Mozilla issues are mitigated because, according to Symantec, "you're much more likely to have vulnerabilities fixed quickly with open-source software like Firefox, so the exposure time is much less."

Posted By Brian Rinaldi / Posted on 09/20/2005 at 11:37 AM

Write your comment



(it will not be displayed)





About

My name is Brian Rinaldi and I am the Web Community Manager for Flash Platform at Adobe. I am a regular blogger, speaker and author. I also founded RIA Unleashed conference in Boston. The views expressed on this site are my own & not those of my employer.