Wired News has an article about the rising popularity of Firefox, brought on by IE’s recent security problems (which were patched today – visit Windows Update). But, to some extent, I have to take issue with this statement:
But some security experts believe that Mozilla’s biggest security benefit is that the browser is not in wide use yet.
“It is not so much a question that one browser is inherently safer than another, but the fact that so many people use Explorer,” said Carole Theriault, security consultant at Sophos, a security software vendor.
This argument holds some water but there’s one big example where this perhaps isn’t the case. The Guardian yesterday published what share of the market the various web server platforms had, with Apache taking 71% of the market. Microsoft’s IIS was in second place, yet, as far as I know, there have been more exploits targeted at IIS than Apache despite it only having a fraction of the share that Apache enjoys. Now it’s fair to say Apache has had its fair share of vunerabilites and there have been some worms that have exploited these, but not nearly as many as IIS. John Gruber has often used the same argument when talking about the Mac platform – while there have been flaws and a few proof of concept viruses, the platform still has a 3-4% share of the OS market and yet has had no major malware problems yet. And this is despite OS X having some of the most arrogant, stuck-up users that I’ve ever seen 😉 .
While the ‘security by obscurity’ argument does hold some weight, I don’t think it is the only reason why hackers do not target Mozilla et al. If anything, they’re more likely targets as their open source nature makes it easier to find exploits, yet there’s still no known malware that exploits flaws in Mozilla products’ code to do harm.