Security and Mozilla browsers
Browser software allows people to access the vast amounts of data and computer programs on the World Wide Web. At the same time, browsers need to facilitate interaction between that web content and the user's computer. Therefore browsers need to implement security mechanisms so that malicious web content does not have access to the user's computer.
The importance of good computer security is demonstrated by the series of recent security exploits (known as "download.ject "or "scob"), in which vulnerabilities in Internet Explorer were used to allow malicious computer programs to be secretly installed and executed on machines running Internet Explorer.
Browser software must include both good security design and good security practices to maximize the amount of protection available. No piece of browser software can provide 100% protection, just as no set of locks and keys for our homes can be 100% effective. But browser design and implementation can make an enormous difference in the level of protection available to users. In addition, management practices in the way software problems are addressed can also dramatically affect the level of protection consumers enjoy.
There is No "Magic Bullet"
Effective computer security involves building many levels of defense. This includes:
- Product design (the "security architecture")
- Good product implementation (the presence or absence of bugs)
- Mechanisms for identifying potential problems (finding potential problems before they have been used to harm consumers)
- Quick turnaround when problems have been verified (fixing potential problems before they have been used to harm consumers)
- Timely creation and distribution of updated software
Switching to Mozilla -- Mozilla Security Architecture
Recent security failings in Internet Explorer have caused experts (Including the United States Department of Homeland Security's Computer Emergency Readiness Team) to recommend that consumers stop using Internet Explorer and switch to other browsers. Mozilla Firefox and other Mozilla browsers use a fundamentally different security architecture than does Internet Explorer. As a result, Mozilla browsers are not affected by a range of security problems that compromise Internet Explorer. For more detail on exploits leading to the suggestion to switch see: http://www.kb.cert.org/vuls/id/713878 and http://secunia.com/advisories/12048/.
The Mozilla design approach is to provide multiple layers of defense so that if one protection mechanism performs imperfectly, another protection mechanism (or two or three) will act as a safety net, thus strengthening the system's ability to defeat attacks.
Security benefits of Mozilla browsers include:
- Firefox and other Mozilla browsers do not allow a website to download onto, install onto, or execute code on a user's computer without the user's agreement.
Firefox and Mozilla browsers do not designate content as "local." An architecture that includes the concept of "local" content and then gives such content upgraded security permissions and allows it greater access to the user's machines, means that content which is mistakenly treated as local has vastly more potential to do damage. Indeed we saw this type of problem in the recent Internet Explorer vulnerabilities, in which malicious content was secretly sent to users machines, managed to falsely identify itself as "local" content to Internet Explorer, was then granted enhanced access to machines running Internet Explorer, and used that access to install a program which logged keystrokes, including credit card numbers. Mozilla users were not affected. A more detailed description can be found at: http://www.kb.cert.org/vuls/id/713878.
It should be noted that these security policies can result in some loss of convenience to the user. We all make these trade-offs in many areas of life. For example, needing a key to open the front door of our homes means we all have to get keys, find them in the morning and make sure not to lose them during the day, which is far less convenient than leaving the door unlocked. Most of us choose to trade the inconvenience of locks on our front door for the greater security this provides. For users who want increased security, Mozilla browsers are a great choice.
Internet Explorer uses a technology known as ActiveX. ActiveX, particularly in combination with the "local" concept described above, has been very fertile ground for those designing security exploits. Here's how Slate summarized the problem with Active X (see http://slate.msn.com/id/2103152 for the complete article):
The problem is that hackers continue to find and exploit security holes in Explorer. Many of them take advantage of Explorer's ActiveX system, which lets Web sites download and install software onto visitors' computers, sometimes without users' knowledge. ActiveX was meant to make it easy to add the latest interactive multimedia and other features to sites, but instead it's become a tool for sneaking spyware onto unsuspecting PCs.
- Mozilla browsers maintain a separation between the application and the operating system. IE browsing functionality is becoming increasingly integrated into Windows; a security problem in browsing functionality may therefore affect services which are shared with, or relied on by, other parts of the operating system. This makes a multi-layered defensive strategy complex to design and implement effectively. The convergence of Internet Explorer and the Windows operating system has provided fertile ground for malicious programmers.
Switching to Mozilla -- Managing the Project for Consumer Security
As noted above, it's virtually impossible to provide a web browser that is absolutely secure against all possible attacks. Effective security also requires focused attention to early identification and effective resolution of potential problems. Complacency or a "business as usual" attitude regarding security issues does not serve the consumer well.
Finding potential security holes is tricky and requires people with expertise and focus. The Mozilla project has developed a community of people who are passionate about computer security and put the protection of consumers and their data above business and revenue considerations. We value this community highly and actively encourage their involvement. We are now providing a "bounty" to those who find and report potentially serious security flaws, to encourage security experts to help improve Mozilla products. This community promotes the identification of potential problems before exploits are developed and before consumers suffer.
Once a security hole has been identified and verified, it is often possible to develop a fix for Mozilla products very quickly. It's a bit counter-intuitive, but fixing the problem in Mozilla browsers is often easier than finding it in the first place. Developing fixes may be more complex for browsers which are deeply integrated into, and thus share services with, the operating system because fixing the problem could affect aspects of the operation system that rely on the browser. After a fix is created it needs to be tested. Then the new version of the software needs to be distributed to the public, and the public encouraged to upgrade to the new software.
These activities can be very inconvenient to the software developer. They are time-consuming and disruptive. They require software vendors to place user protection above business convenience and predetermined release cycles.
The Mozilla project has shown strength in this regard. For example, we recently completed the entire process in just under 36 hours in order to make sure that we had a fix ready and updated products available as soon as the exploit became known to the public. We proactively informed our users of the problem and provided a choice of mechanisms to encourage users to upgrade immediately.
We take these actions because we do not believe that a "business as usual" attitude about security is appropriate. We have also created a system of checks and balances to guard against complacency.
The set of experts who care about security are not all employees of the Mozilla Foundation. They participate in the open source Mozilla project because they care passionately about security, and because they want a browser that meets their security standards. These participants aren't very concerned about the inconvenience or difficulties involved in releasing improved software. This group represents the voice of the consumer very effectively, and helps ensure that the Mozilla project continues to make protection for our users a high priority.
Browsers Matter. A Lot.
Recent security exploits affecting Internet Explorer make it clear how critical good security practices are to protecting consumers.
Are the Mozilla products perfect? No.
Are we passionate about security? Yes.
Do Mozilla users avoid a range of security problems that affect IE users? Yes, see the links above for examples.
Want to Switch?
Get Mozilla Firefox -- our newest browser, in final beta stages and already enjoyed by millions of people; or
Get the Mozilla Application Suite -- our mature product line, includes browsing and email.
For helpful hints on switching from Internet Explorer to Mozilla Firefox, see the information at: http://www.mozilla.org/products/firefox/switch.html.