Mozilla: We're more secure than Microsoft

Firefox has fewer holes than IE and it will stay that way, says its chief promoter.

Michael Kanellos Staff Writer, CNET News.com
Michael Kanellos is editor at large at CNET News.com, where he covers hardware, research and development, start-ups and the tech industry overseas.
Michael Kanellos
SCOTTSDALE, Ariz.--Even with increased popularity, the Firefox Web browser won't face as many security problems as Internet Explorer, according to the president of the Mozilla Foundation.

"There is nothing that will be perfect," said Mitchell Baker, president and "="" rel="follow" target="_self">chief lizard wrangler of the Mozilla Foundation, during a panel discussion at PC Forum here. (PC Forum is owned by CNET Networks, publisher of News.com.)

Still, Firefox, developed by the Mozilla Foundation, won't harbor nearly as many security flaws as those that have Microsoft's Internet Explorer, and increasing popularity won't change that, Mitchell predicted.

Some critics challenge that assumption. Symantec CEO John Thompson and other security executives have claimed that open-source programs will become more vulnerable as they pick up more users, because more hackers will become attracted to it.

Last month, Mozilla issued a major security update to fix several flaws, including one that would allow domain spoofing.

"There is this idea that market share alone will make you have more vulnerabilities," Baker said. "It is not relational at all."

Part of Firefox's better security profile comes from how it is developed, compared with Internet Explorer, she said. "Not being in the operating system is a phenomenal advantage for us," Baker said.

Another benefit, Baker said, comes from the fact that Firefox does not support Active X plug-ins. For years, some consumers and analysts have dinged Firefox because it couldn't run Active X.

"It turns out it is only less convenient until you get hacked," she said. "Then it becomes a disadvantage."

Mozilla is part of an industry effort to create an Active X alternative that would let plug-in applications such as Macromedia Flash run within the Web browser without the security risks associated with Active X. Others involved in that effort include browser makers Opera Software and Apple Computer, and plug-in makers Sun Microsystems, Macromedia and Adobe Systems.

In general, classic code flaws tend to be fairly easy to fix once they are found, she said. More difficult problems to guard against are the ones that exploit human behavior, like phishing.

"In some of these cases, the solution is very difficult to determine," she said. "There are some circumstances where the speed won't be as fast."

On another note, Baker added that the open-source movement still faces some growing pains. Large commercial customers are often not completely comfortable with open-source licensing, particularly because they are familiar with traditional licensing models.

She also said that new forms of public licenses are inevitable, as are conflicts and inconsistencies between different public licenses.

"If someone comes up with something, they have the right to determine the terms under which they give it away," she said.

CNET News.com reporter Paul Festa contributed to this report.