Those surfing the Web with Microsoft Internet Explorer in 2004 spent far more time with security holes than did those surfing with Mozilla's Firefox, according to a new report by Web consulting company ScanIT.
Pointing to figures drawn from the company's free online Browser Security Checker, used by a reported 195,000 Netizens to check for vulnerabilities last year, ScanIT said Firefox users had the shortest exposure periods between discovery of a security flaw and a patch for the flaw, compared to IE users who had full protection in just one week during the year, between October 12-19.
"This means fully-patched IE was known to be unsafe for an incredible 98 per cent of 2004," said ScanIT chief executive David Michaux, announcing the company findings. "And for 200 days in 2004 – that’s some 54 per cent of the time - there was a worm or virus exploiting one of those un-patched vulnerabilities."
These results stood in spite of a sharp rise in vulnerabilities in Mozilla-based Web browsers between July and December 2004, compared to January and June, which suggests that Mozilla Foundation is far quicker to respond to vulnerability discoveries than Microsoft. ScanIT said there were only 56 days in 2004 during which there were known vulnerabilities in Firefox without a patch to fix them.
Opera users had 65 days without patches when vulnerabilities were found, the company said.
One reason why Mozilla users get more security satisfaction, according to ScanIT, might be that Mozilla takes a stronger attitude toward fixing problems than Microsoft, which sometimes has an image of being more annoyed than accommodating when flaws are found in their products.
"Security researchers seem to be more inclined to report Firefox vulnerabilities to the Mozilla development team than IE flaws to Microsoft because of a better general attitude towards them," said ScanIT senior security engineer Alla Bezroutchko. " Mozilla’s Bug Bounty Program, which pays users $500 for reporting critical security bugs, is also a major incentive," he added.
