Chris Borowski, who is contributing to The Seattle Times’ D.C. coverage as part of Northwestern University’s Medill News Service, went to a Symantec news conference this morning on the company’s most recent Internet Security Threat Report. Here’s Chris’ report:
WASHINGTON — Firefox may not be as safe as many users had hoped, according to a report released by Symantec and discussed at a news conference here today.
In the first half of 2006, Firefox and its Mozilla siblings had the highest number of possible vulnerabilities, or potentially exploitable holes in its software, with 47, the report said. That’s almost three times the number reported in the second half of last year. Symantec mostly blamed the rise on Firefox’s growing popularity.
The number of vulnerabilities in Microsoft’s Internet Explorer, used by more than four of five Internet users, rose 52 percent to 38.
Apple lovers also have reason to worry. There were 12 holes reported in the Safari browser.
But vulnerabilities do not necessarily lead to security breaches and are usually fixed with patches. Here’s where Mozilla stands out. Mozilla’s window of exposure — or the time between the announcement of the vulnerability and a vendor-supplied patch (minus number of days before an appearance of an exploit) — was just one day. Microsoft lagged behind with nine days, still a great improvement over the 25 days it took to patch holes in the second half of 2005.
There is another bright spot for Microsoft in Symantec’s report. Among operating system vendors, it had the shortest patch development time with 13 days, tying Red Hat. Sun trailed far behind with a whopping 89 days, according to Symantec.
For the full report, click here.