Microsoft blames add-ons for its Internet Explorer security woes, according to InternetNews, yet in separate news from TechCrunch Mozilla's Firefox just hit its one billionth add-on and yet delivers better security, according to several studies.
Is Microsoft out of line?
Probably not. Microsoft is almost certainly right to pin some blame on add-on functionality to the browser as a security vulnerability. But given that add-ons are a fact of life now, what is Microsoft doing to protect its IE users against malware attacks?
Plenty, and in perhaps in the most important place: the update service. Both IE and Firefox include automatic update services, but researchers for the Honeypot Project discovered that Firefox's mechanism may actually be more effective:
We suspect that attacking Firefox is a more difficult task as it uses an automated and "immediate" update mechanism. Since Firefox is a standalone application that is not as integrated with the operating system as Internet Explorer, we suspect that users are more likely to have this update mechanism turned on. Firefox is truly a moving target. The success of an attack on a user of Internet Explorer 6 SP2 is likely to be higher than on a Firefox user, and therefore attackers target Internet Explorer 6 SP2.
The Honeypot research was done in 2007, however, on older versions of both IE and Firefox and, as Sean Michael Kerner writes in InternetNews, the game may have moved on, and neither Firefox nor IE may be fully ready to "play":… Read more