Can someone tell me why Fire Fox is more secure than IE?

[Nocturnal]

I am researching reasons why FF is more secure as far as being infected by spyware goes.

Is it due to FF not being compatible with Active X? Or is it that the code of the browser has less flaws than IE does therefore hackers do not have anything to exploit?

 

[BW86]

Is Firefox more secure than Internet Explorer?

Yes, Firefox and all other Mozilla-based products are more secure. Why? Here is a list of the most important reasons:

* It is not integrated with Windows, which helps prevent viruses and hackers from causing damage if they somehow manage to compromise Firefox.
* There is no support for VBScript and ActiveX, two technologies which are the reasons for many IE security holes.
* No spyware/adware software can automatically install in Firefox just by visiting a web site.
* Firefox doesn't use Microsoft's Java VM, which has a history of more flaws than other Java VMs.
* You have complete control over cookies.

Source



Some more articles:
Are You Safer With Firefox?
Firefox More Secure Than IE?
Security Debate Centers on Firefox And IE
Is Firefox more secure than IE?
Mozilla: We're more secure than Microsoft

I hope this helps

 

[MrChad]

If your focus is solely on spyware, then yes, lack of ActiveX support is the main advantage of Firefox over Internet Explorer. Most spyware that installs itself over the web relies on ActiveX to trick users into installing its software.

In terms of "flaws", I'm not aware of any spyware that exploits browser security holes, although there are plenty of viruses and worms that do just that. Internet Explorer has the (mis)fortune of having over 90 percent of the browser market, making it a prime target for malicious coders. In the end, no browser is truly secure, and the biggest reason behind most system compromises is that users browse the web under administrative accounts, giving malware full access to critical system resources.

 

[DaveSimmons]

^ BW86's material is partly true, but the real reason is the same one that keeps macs safe:

Criminals and vandals go after the biggest market. IE still has 80-90% of all browser users, so devising an exploit for it will gain to 10 to 30 times as many victims as devising an exploit for ff or safari.

If you want to smash some Windows or build up a zombie army, IE is the one to crack.

 

[jdport]

* No spyware/adware software can automatically install in Firefox just by visiting a web site.

This isn't entirely true :\
I thought the same thing until just the other day I was googling something, and I went to click on a link and accidentally clicked the wrong link. It took me to a page with a bunch of porn adds, etc and a window popped up asking if I wanted to run suchand such a thing and then automatically answered yes and began downloading all kinds of crap. My antivirus program popped up and blocked some stuff before I could even get the alt-F4 keys pressed to kill the browser. Thank god for AV programs. Sadly I use Firefox just to avoid this kind of thing, but I guess Firefox isn't immune to it either.

 

[JustAnAverageGuy]

If you want to be accurate in terms of security

Opera > FireFox > IE

 

[xtknight]

ActiveX installation drive-bys and being a smaller target. Not much else.

Originally posted by: JustAnAverageGuy
If you want to be accurate in terms of security

Opera > FireFox > IE

:thumbsup:

Opera even maintains ActiveX compatibility (but tightly controls installation) so you can use all your IE plug-ins. Yet it still manages to be the most secure according to Secunia.

 

[n0cmonkey]

IE is an example of why monocultures are dangerous. The same goes for Windows.

 

[n0cmonkey]

Originally posted by: JustAnAverageGuy
If you want to be accurate in terms of security

Opera > FireFox > IE

If you want to be more accurate:
Dillo 0.x > lynx 2.x > Safari 2.x >= Konqueror embedded > Konqueror 3.x >Firefox 1.x > Mozilla 1.7.x > IE 6

 

[xtknight]

Originally posted by: n0cmonkey
If you want to be more accurate:
Dillo 0.x > lynx 2.x > Safari 2.x >= Konqueror embedded > Konqueror 3.x >Firefox 1.x > Mozilla 1.7.x > IE 6

Where's Opera?

 

[n0cmonkey]

Originally posted by: xtknight

Originally posted by: n0cmonkey
If you want to be more accurate:
Dillo 0.x > lynx 2.x > Safari 2.x >= Konqueror embedded > Konqueror 3.x >Firefox 1.x > Mozilla 1.7.x > IE 6

Where's Opera?

doh! It was an oversight. Thanks.

Dillo 0.x > lynx 2.x > Safari 2.x >= Konqueror embedded > Konqueror 3.x >Firefox 1.x > Mozilla 1.7.x > Opera 7.x > IE 6

 

[Nothinman]

Criminals and vandals go after the biggest market. IE still has 80-90% of all browser users, so devising an exploit for it will gain to 10 to 30 times as many victims as devising an exploit for ff or safari.

Then how come IIS has so much worse of a track record compared to Apache when Apache has ~70% of the webserver market? If that logic held true it would make sense that the blackhats would be attacking Apache instead of IIS since it has 3.5x the marketshare. IIS only has ~20% and yet it's responsible for some of the biggest problems, hell I still get CodeRed propogation attempts in my Apache logs.

 

[JustAnAverageGuy]

Originally posted by: n0cmonkey

doh! It was an oversight. Thanks.

Dillo 0.x > lynx 2.x > Safari 2.x >= Konqueror embedded > Konqueror 3.x >Firefox 1.x > Mozilla 1.7.x > Opera 7.x > IE 6

You left out Opera 8

 

[n0cmonkey]

Originally posted by: JustAnAverageGuy

Originally posted by: n0cmonkey

doh! It was an oversight. Thanks.

Dillo 0.x > lynx 2.x > Safari 2.x >= Konqueror embedded > Konqueror 3.x >Firefox 1.x > Mozilla 1.7.x > Opera 7.x > IE 6

You left out Opera 8

I didn't see any information about it on secunia.

 

[johnnqq]

my two bigges: cookies are always saved unless you reinstall windows with IE, ACTIVEX!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

 

[jbritt1234]

Originally posted by: Nothinman

Criminals and vandals go after the biggest market. IE still has 80-90% of all browser users, so devising an exploit for it will gain to 10 to 30 times as many victims as devising an exploit for ff or safari.

Then how come IIS has so much worse of a track record compared to Apache when Apache has ~70% of the webserver market? If that logic held true it would make sense that the blackhats would be attacking Apache instead of IIS since it has 3.5x the marketshare. IIS only has ~20% and yet it's responsible for some of the biggest problems, hell I still get CodeRed propogation attempts in my Apache logs.

Ease of "Hackability" plays a part for sure. IIS like other MS products is generally open to more attacks, so people are going to exploit that. But, in the grand scheme of things, I think that market share does play a part also.

I'm wondering if this new bug in FF 1.5 will be exploited. Doesn't really do anything harmful, just would be a minor pita.

 

[JustAnAverageGuy]

Originally posted by: n0cmonkey

Originally posted by: JustAnAverageGuy

Originally posted by: n0cmonkey

doh! It was an oversight. Thanks.

Dillo 0.x > lynx 2.x > Safari 2.x >= Konqueror embedded > Konqueror 3.x >Firefox 1.x > Mozilla 1.7.x > Opera 7.x > IE 6

You left out Opera 8

I didn't see any information about it on secunia.

Opera 8.x @ Secunia

 

[Azndude2190]

Well does it really matter?I use IE with the google toolbar...also I have ZA Firewall,Kaspersky Anti-Virus,and Microsoft AntiSpyware running in the background.

 

[BFG10K]

There is no support for VBScript and ActiveX, two technologies which are the reasons for many IE security holes.

So disable them in IE.

No spyware/adware software can automatically install in Firefox just by visiting a web site.

Neither can it on IE SP2.

Firefox doesn't use Microsoft's Java VM, which has a history of more flaws than other Java VMs.

So disable it in IE.

You have complete control over cookies.

Same as in IE.

 

[blurredvision]

Originally posted by: BFG10K

There is no support for VBScript and ActiveX, two technologies which are the reasons for many IE security holes.

So disable them in IE.

No spyware/adware software can automatically install in Firefox just by visiting a web site.

Neither can it on IE SP2.

Firefox doesn't use Microsoft's Java VM, which has a history of more flaws than other Java VMs.

So disable it in IE.

You have complete control over cookies.

Same as in IE.

Good post. Firefox is no more secure than IE, or vice-versa.

 

[Malak]

Originally posted by: n0cmonkey

Originally posted by: xtknight

Originally posted by: n0cmonkey
If you want to be more accurate:
Dillo 0.x > lynx 2.x > Safari 2.x >= Konqueror embedded > Konqueror 3.x >Firefox 1.x > Mozilla 1.7.x > IE 6

Where's Opera?

doh! It was an oversight. Thanks.

Dillo 0.x > lynx 2.x > Safari 2.x >= Konqueror embedded > Konqueror 3.x >Firefox 1.x > Mozilla 1.7.x > Opera 7.x > IE 6

N0c, Opera is way more secure than Firefox, not sure why you are putting it like that. Opera has very few security patches over the course of a year, FF has one right now that is unpatched. In fact, if you go through it's list of vulnerabilities, it has a couple that need to be fixed, and some that have been very severe. Opera has never had any vulnerabilities that bad. The problem with IE is that so many vulnerabilities are simply not patched, mostly due to how slow Microsoft is at patching their browser, or any product.

 

[Nothinman]

Good post. Firefox is no more secure than IE, or vice-versa.

So you can setup IE to prompt you for each cookie and then accept/decline the setting of the cookie and have IE remember the policy for the domain the cookie came from? That's not so much a security thing, but a lot of sites set cookies for no reason and I like having control over what's stored on my machine.

Opera is way more secure than Firefox,

Oh, so you've audited Opera's source code recently?

 

[Malak]

Originally posted by: Nothinman

Opera is way more secure than Firefox,

Oh, so you've audited Opera's source code recently?

I don't need to. Opera has been out 10 years, FF has been out 1 year. Already FF has worse vulnerabilities than Opera has had, and it has more patches. Security groups say it's more secure, Opera says they are more secure, I have had ZERO problems with it... what more does anyone need? You just want to argue the point, get off your OMGITSNOTOPENSOURCEWTFBBQ tangent and get with it.

 

[xtknight]

Originally posted by: n0cmonkey

Originally posted by: JustAnAverageGuy

Originally posted by: n0cmonkey

doh! It was an oversight. Thanks.

Dillo 0.x > lynx 2.x > Safari 2.x >= Konqueror embedded > Konqueror 3.x >Firefox 1.x > Mozilla 1.7.x > Opera 7.x > IE 6

You left out Opera 8

I didn't see any information about it on secunia.

http://www.google.com/search?hl=en&q=secunia+opera+8.x&btnG=Google+Search



LOL, oops, JustAnAverageGuy beat me to it.

 

[xtknight]

Originally posted by: BFG10K

No spyware/adware software can automatically install in Firefox just by visiting a web site.

Neither can it on IE SP2.

It potentially can in both programs if they have holes. Buffer overrun + shell code is a common combo.