Ask the Expert

Trojans, viruses and targeted browsers

I've read an article saying new flaws have been found within Firefox:

"Hackers have been able to exploit a critical flaw in Mozilla's Firefox browser. The Infostealer.Snifula programme installsTrojans that are then loaded at browser startup. The virus uses XPCOMS to install the Trojans."

Is it still safer than Internet Explorer or Opera? What can I do to protect myself?

    Requires Free Membership to View

The idea that Firefox is more secure than IE or Opera feels to me like somewhat of a fallacy. The origin of the message came from a CERT pronouncement that, due to the large number of IE flaws and Microsoft's not-always-sterling efforts to publicize and fix these flaws, recommended using another browser. The suggestion made was that Firefox was a more appropriate choice.

At the time of this announcement, and from my understanding based on some recent comparisons, that there have been fewer flaws discovered (emphasis on discovered rather than existing) in Firefox. This doesn't mean Firefox is more secure.

If you examine market share of the browser space, then IE still firmly remains the major player with approximately 80-90% of the market, depending on whose figures you believe. In comparison, Firefox has about 10-15% of the market share. If I am an attacker and designing a trojan or attempting to discover a flaw in a browser then, in order to maximize the effectiveness of that attack, I am logically going to target the application based on:

  • Ease of exploitation
  • Prevalence of the application
  • Highest return on investment

Therefore, most attackers seek out flaws and target attacks on IE browsers. If Firefox's market share grows then attackers will start to pay more attention to it and, I suspect, some more flaws may be discovered and exploited. This is a very simplistic overview but it highlights that making assumptions about the security of a particular application can be dangerous.

So what can you do to protect yourself? Well first, update. Make sure to the best of your ability that you and your organization use an up-to-date version of your selected browser. Chose a good anti-virus product and look at anti-spam and personal firewall products, like ZoneAlarm. Consider a regular scan of your environment/host for spyware/malware using one of a number of tools available on the market.

Here's the apparently simple and common sense stuff which is, sadly most often responsible for causing a breach: don't trust emails, downloads or applications where you are not sure of the sender or the content. When in doubt, err on the side of caution. Someone can always re-send you an email but it's a lot harder to get back stolen money or recover from an identity theft.

This was first published in August 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: