Forcing people to move versions by closing support for vunerabilities isn't exactly security minded... There are often reasons why people or companies don't want to move to a newer version.
Which is why the upgrade path to fix major vulnerabilities in Firefox is typically along minor releases where the only change is the fix or there are no major changes (say 3.0.4 and 3.0.5, nothing
that significant has changed between them) and patches usually go into previous versions as well.
You could also apply this to your suggestion that users should move to Vista for the protection offered by Protected Mode, which costs a hell of a lot more than, say, upgrading to Firefox 3 from 2, or having to upgrade to at least Windows XP to get IE7. At some point, the vendor has to draw a line.
As for analysis, I've already offered some, what are you offering in return?
You made the assertion that IE was more secure than Firefox or Opera was more secure than both, it's up to you to demonstrate that and you haven't yet.
I already stated your "analysis" was substantially flawed - you can dig out the old posts where we essentially agreed on that if you want, but in short:
- Unless you have access to Opera's, Apple's and MS's internal bug tracker, you don't know how many vulnerabilities they've found internally, or how many have been reported to them but not publically disclosed - this is why you can't compare numbers of vulnerabilities reported - you don't know how many there are.
- Counting vulnerabilies doesn't take account of time-to-fix, or severity
- Some vulnerabilities are reported more than once, or one report covers multiple issues
If you want numbers for upgrades (which was the metric I suggested made Firefox more secure),
here is some:
The researchers also concluded that as a group, Mozilla Firefox users were the most likely to be using the latest, most secure and stable version of the browser: 83.3 percent of Firefox users were found to have the latest version installed at any given time. That's notably more than Web surfers using the latest versions of Safari (65.3 percent), and Opera (56.1 percent).
Only 47.6 percent of Microsoft Internet Explorer users browsed with the latest, most secure version (IE7), although for the purposes of this study the researchers automatically lumped all IE6 users into the "insecure users" camp.
I'd say it's perfectly fair, given that the nature of open source means that all vunerabilities are out there in the public to start with due to the nature of an open codebase...
Did you even read that before you posted it? It explains why reports for Firefox would be higher than Opera or IE, and essentially implies the former's more secure...
The truth is that all web browsers have vunerabilities and exploits that are possible, you can close most of them by either disabling functionality (eg noscript or turning scripting off in the options), or by being aware of potential security issues.
no one's denied that here. You need to balance whether switching browser, using things like NoScript or using the workaround from TechNet I linked to is worth it. I expect most corporate users get enough value from GPO etc that the workaround's the best option for them.
Some browsers (IE and Google Chrome) offer additional security through the use of protected mode, others like firefox do not offer similar protection (and the fact that protected mode/UAC mitigate the IE issue raised here proves their value, because code from IE cannot gain greater privileges than permitted by protected mode, which means very little can be done).
Not if protected mode is broken - Chrome's had vulnerabilities that could get outside the sandbox, and this one appears to do the same with IE.
Jumping on every reported IE vunerabilitiy, which tend to make much bigger headlines than vunerabilities with the minority browsers, as a means to encourage people to jump ship to firefox isn't actually helping the web become more secure, or the user be safer.
Quite. The BBC's reporting of this issue and a lot of tech news is bad, but at least they're not suggesting buying a Mac this time round.
