Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home > News > Microsoft > Security

December 16th, 2008, 14:31 GMT · By

Firefox 2.x and 3.x the Most Vulnerable Software on Windows in 2008

SHARE:

Adjust text size:


Security
Enlarge picture
Firefox 2.0 (and later) and Firefox 3.0 (and later) have been the most vulnerable pieces of software for the Windows platform in 2008, according to Bit9. In “The Dirty Dozen” - 2008’s Most Popular Applications with Critical Security Vulnerabilities whitepaper, Bit9 gives the first place to Mozilla's open source browser, which comes with an inherent aura of security, especially when compared with Microsoft's proprietary Internet Explorer. In fact, Microsoft software products would have entirely missed the Dirty Dozen, if it hadn't been for the company's instant messaging client.

“Year after year, we see a growing number of applications within the enterprise creating security vulnerabilities that are easily prevented through better visibility across endpoints, and a more centralized patch-management process,” Harry Sverdlove, chief technology officer, Bit9, revealed.

“2008 has been no exception. This year, along with the widely reported huge increase in malware, the number of well-known applications causing security problems for companies has also increased. Our annual ranking now covers 12 applications, up from 10 last year.”

2008’s Popular Applications with Critical Vulnerabilities
Enlarge picture
Adobe Flash and Acrobat occupy the second position in the Dirty Dozen vulnerability ranking, followed by the EMC VMware Player, Workstation and additional solutions, and by the Sun Java Runtime Environment (JRE). Stopping one position short of the little honorable top three is Apple with QuickTime, Safari, and iTunes. Even though the Cupertino-based hardware company continues to applaud the high level of security of its software, QuickTime, Safari, and iTunes are among the most vulnerable products running on Windows.

The list continues with Symantec's Norton products, versions 2006 through 2008, despite the fact that Symantec is a leading security company worldwide. At the same time, Trend Micro with OfficeScan has ended up on the seventh position of the Dirty Dozen, followed by Citrix Products, Aurigma Image Uploader, and Lycos FileUploader. The list is wrapped up by three popular instant messaging clients. Bit9 places Skype 3.6.0.248 on the tenth position, Yahoo! Assistant 3.6 on the eleventh place, and Microsoft Windows Live (MSN) Messenger 4.7 and 5.1 on the last one.

TELL US WHAT YOU THINK:

4,262 hits · 3 comments · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:


IE8 Beta 2 Exploits Hosted on Adult Content Websites
Download Vista SP1 – IE8 Application Compatibility Update
New Microsoft Security Tools Available as Free Downloads
Critical 0Day Vulnerability in IE8 Beta 2 and IE7 on Vista SP1 and XP SP3
Download Google Chrome Final (Out of Beta in 100 Days)

READER COMMENTS:


Comment #1 by: eamonn on 17 Dec 2008, 12:51 UTC reply to this comment

My main work is removing virus and trojan infections for my customers computers.
I can say for certain that most infections come from IE users.
A combination of a reasonable, up to date antivirus program and Firefox produces the least amount of infections. If Firefox is more vulnerable than IE it must be the case that rogue developers just aren't bothering to write exploits for it.


Comment #2 by: AverageJoe on 17 Dec 2008, 19:02 UTC reply to this comment

Rofl... as we can see from this week's IE flaw.. the problems in IE could be unlimited.

We can find and patch faster in Firefox - as it's open source.

IE is totally unknown.. see how long this cerrent exploit has been workable in IE?

My true concern is that IE has massive security vulnerabilities that aren't even known to MS... and we can't see them to fix.. but attackers can stumble across them...

...the other problem is the true effect of a 'critical' problem - how is this defined here? Every IE critical IE exploit allows a remote attacker to compromise the entire system as it is tied into the kernel so deeply.

And really, for developers of software running on a proprietary OS to find vulnerabilities when they can't see the underlying code to develop for it! Lol.. you'd think MS themselves would be able to write code that didn't have such dangerous exploits - with the amount of customers money spend on development etc?

Finally, a more scientific consideration might have considered the rate of development of the browsers - the fact that the changes embodied in FF 2.x in it's lifetime - added functionality - vastly outweigh IE in, eg. 6...

..so, let MS tell us how many lines of code were in their work on any version and we can compare bug-to-code lines - that would be fair...

..hey we can look... oh yeah, we can't see remember, IE is proprietary :/

Lol.. simple: get Linux... problem solved! No viruses, no deliverable payload! :))))

The above poster is 100% correct, I've done the same job, replacing IE use with FF removes 90% of problems.... so....

...I think you'll find out that exploits aren't exploited on FF at the same rate as IE - as they're identified and patched faster due to it's open-source nature.

This leaves you with a more secure product in the same time of development. . Case closed methinks :)

Marius, **please** do some more investigation into software (browser) development *before* posting and gives us a really interesting piece of investigative journalism!

Yours respectfully,

Joe :)


Comment #3 by: MiaM on 02 Jan 2009, 06:09 UTC reply to this comment

Notice that the puiblisher of this list, Bit9, has a commercial interest in selling software that control what applications end-users may install on corporate computers, and therefore they have an interest in making people believe that their products is more necessary than they in fact may be.

Copyright © 2001-2012 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use