While the Firefox browser has generally been considered a more secure alternative to Microsoft's Internet Explorer, its increased market share and corporate deployment have finally made it a worthwhile target for malware authors. Users are advised to start treating Firefox with the same level of security preparedness they used to reserve only for IE.
How Much is 'Free' Costing You?
Learn how DaveRamsey.com saw a 567% uplift in ROI with Omniture. This complimentary guide and webinar cover the most important factors in selecting an analytics solution. Download Now.
Hackers made Firefox the latest subject of attack last week, utilizing software that could capture extremely sensitive information, including credit card numbers and passwords.
On July 25, Symantec (Nasdaq: SYMC) Security Response detected Infostealer.Snifula, which downloads malicious Trojans onto a user's computer that can subsequently steal any information the user types into a form on the Web, according to Dave Cole, director of the Symantec Security Response group.
"That's the most robust, sophisticated, aggressive threat we've seen against Mozilla," Cole told LinuxInsider. Although only a "handful of people" were effected by this attack, it's an indication that hackers are starting to stretch beyond Microsoft's (Nasdaq: MSFT) Internet Explorer. A few months ago, hackers attacked Mozilla browsers with Javascript-based JS.Ffsniff, Cole said.
Firefox attempted to ease consumers' concerns.
"While this malware is trying to mask itself by corrupting a Firefox installation, it is no different from any other malware that a user might be tricked into installing from a spam email or malicious Web site," Mike Schroepfer, vice president of engineering for Mozilla, told LinuxInsider.
He encouraged consumers to be careful when installing software from unknown sources, especially files linked or attached to e-mails, and said the company will continue working closely with antivirus vendors.
"There was a great migration of people over to Firefox about two years ago, when people believed there were no vulnerabilities," Cole said. More attacks started taking place, however, especially during a roughly six-month period in 2005, when there were actually more attacks found on Firefox than on IE.
When Firefox first emerged, it was touted as being more secure than Microsoft's browser, but then the company needed to release more versions in response to security vulnerabilities, Amrit Williams, research director of information security and risk for Gartner (NYSE: IT), told LinuxInsider. When IE7 launches, much of the legacy code will be removed and organizations will need to have the right programs in place to patch any security holes.
"The major issue for an enterprise customer 
isn't a question of which is more secure, but it's a problem of compatibility," Williams said. "IE is so closely embedded into the Windows operating system that it's far easier for a hacker to take advantage of the integration."
Three factors attract hackers to various technologies: claims of increased security, increasing visibility and penetration in the market, and corporate adoption, Williams said. As Firefox begins to gain market share, it is likely to become more appealing to cyber-criminals.
"I wouldn't call this an epidemic, but we [have] started to see some threats emerge that target Mozilla," Cole said. "It's just like the rest of the software out there -- if you beat at it long enough, some of the vulnerabilities will fall out."
For now, the company might have time to bake security into its products. "Hackers are motivated primarily by monetary drivers, and when you're doing that you play with the numbers -- and the numbers are still very much in favor of IE," Cole said.
Still, Firefox needs to prepare for the unknown. "You can have a lot of foresight and do as much preparation as possible, but part of the measurement is how you respond when someone throws you a curveball," he said.
"No one should come away from this thinking we're under assault, but the same kind of due-diligence and Internet street smarts are necessary on Mozilla [as on IE]," Cole continued. "If you see an update, take it, it's probably there for a reason. Be safe. Don't go to the bad neighborhoods, and watch where you put your mouse."
Consumers need to stop being naive and realize they are not immune from attack. They must constantly upgrade and clean their systems, and keep their firewalls and antivirus software up to date. They should be conscious of the fact that when their machines are crawling along, suspicious behavior may be taking place behind the scenes.
"There's no such thing as absolute security anymore. There's an automation of crime. People are developing malware that's going to look for vulnerabilities," Carol Baroudi, partner at research and consulting firm Hurwitz & Associates, told LinuxInsider. "I'm not saying be abstinent on the Internet, but surf safely."
Print Version
E-Mail Article
Reprints
More by Alexandra DeFelice
Next Article in Security
|
Yahoo Teams With Symantec on Web Security July 25, 2006 
Yahoo and Symantec will join forces to provide a co-branded Web security service. The two firms plan to market the new service across Yahoo's network, including it within its mail service and inside other Web tools. The companies will also develop a co-branded toolbar that will have automatic links to more security resources, such as spyware.
|
Related Stories
|
Survey Finds Consumers Balk at Updating Malware Protection July 19, 2006 
"Overall, the research shows that many consumers have a false sense of security while online," ESET Chief Research Officer Andrew Lee said in a statement. "With the number of zero-day threats rapidly increasing, users need to be even more cautious and proactive in their own protection."
|
McAfee Cites Open Source for Malware July 18, 2006 
McAfee released the first edition of its security journal Sage Tuesday, and focused the issue on the open source approach malware authors are taking in creating code to target computer systems. However, McAfee Security Research and Communications Manager David Marcus told LinuxInsider, "We're not trying to connect malware with the open source community."
|
Firefox Claims Bigger Chunk of Browser Market July 12, 2006 
Firefox is gaining ground on Microsoft's Internet Explorer browser, with its overall global market share reaching 12.93 percent. In some parts of the world, such as Italy, Germany and Australia, Firefox's numbers are even more impressive.
|
Related News Alerts
More by Alexandra DeFelice
|
Can a Small Biz Make It Online? August 03, 2006 
It makes sense to invest in at least a basic analytics package and understand conversion rates, which pages are the most popular, and what products are the best-sellers, said Sucharita Mulpuru of Forrester Research. "Then companies can look to big competitors for where to expand to next, and which customer-friendly features it may make sense to integrate next."
|
Intel's Brad Bickford: Data Storage Is Third Leg of the Stool August 04, 2006 
"The pain the enterprise is facing in terms of the explosive amounts of digital data is not an enterprise-level-only issue. This has to go down to the SMB space and even the digital home space. We need to drive an agenda into our product development that will allow SMBs to effectively manage the group of data. This is almost out of the Intel playbook."
|
PC Manufacturers Making Mother Nature Smile August 02, 2006 
The apathy users once felt toward environmentally-safe PC equipment is becoming a thing of the past, and manufacturers like Apple, Dell, CTL and HP are meeting the demand for products which adhere to the green standards of the Electronic Products Environmental Assessment Tool database.
|
Get Business and Technology News Alerts
Most Popular | Spotlight Features | Exclusives
This Week on ECT News Network | Podcasts
Online Retail Transaction Performance Indices
Inside E-Commerce Times
|
Reader Services
|
Corporate
|
Headline Feeds
Talkback: 
