为提升您的使用体验,本站正在维护,部分功能暂时无法使用。如果本站文章无法解决您的问题,您想要向社区提问的话,请到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 提问,我们的支持社区将会很快回复您的疑问。

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

Is Firefox really less secure than Internet Explorer?

more options

I need help settling a professional debate that I am having at work regarding browser security. A colleague of mine is making the case that open source is less secure than closed source software. He says that Firefox is a good example of this and says that Internet Explorer is more stable, reliable and secure.

Although articles and opinions can be found supporting either side, he says that high quality/unbiased sources often credit IE as being better and uses these two as examples:

I thought, rather than looking up my own information, why not go to this support forum and get some feedback from a different point of view.

I need help settling a professional debate that I am having at work regarding browser security. A colleague of mine is making the case that open source is less secure than closed source software. He says that Firefox is a good example of this and says that Internet Explorer is more stable, reliable and secure. Although articles and opinions can be found supporting either side, he says that high quality/unbiased sources often credit IE as being better and uses these two as examples: *https://www.nsslabs.com/reports/browser-security-comparative-analysis-socially-engineered-malware *http://www.accuvant.com/capability/accuvant-labs/security-research/browser-security-comparison-quantitative-approach I thought, rather than looking up my own information, why not go to this support forum and get some feedback from a different point of view.

由cor-el于修改

所有回复 (5)

more options

It depends on your definition of Secure. Firefox on average will fix reported vulnerabilities much faster than IE (often in 24 hours or less) while IE takes weeks or months to fix reported vulnerabilities. Once a security vulnerability is reported it's important to fix it ASAP, as bad guys will being using it until it's fixed.

Open Source is also more secure as anyone can see the source and fix holes. Also, there is less change of a privacy issue in Open source. In IE, you have to trust they aren't doing anything to invade your privacy, in Firefox, you can prove it by reading the source.

more options

Thanks for your feedback. Can you point to any quality research done that confirms what you say?

For what it's worth, I've always been in agreement with what you say regarding open source but I'm trying to keep an open mind about this topic and basing any new opinions on supporting documentation.

more options
more options

Thanks for the link. That article reminded me that PGP is one of the best examples of secure software that is open source.

more options

When you review the NSS report, you see that Microsoft has an excellent reputation filter that blocks dangerous downloads. Google's isn't quite as good, but you can see that by comparison, the SafeBrowsing service Google licenses to Mozilla is much less potent than the one it uses in Chrome. Regardless of browser, users should supplement built-in reputation filters with regularly updated security software.

But that has nothing to do with open source vs. closed source development methodology. It simply reflects the allocation of resources toward one particular feature: compiling a really thorough database of malicious URLs.

The second paper, which evaluated Firefox 5, is a bit out of date now. This part is particularly quaint, as users upset about constant releases can confirm:

"As seen in Figure 9, Firefox has no pre-set pattern that determines release updates. In some instances, Mozilla has released updates in quick succession, within only a few days. Other times, up to three months passed without an update release."

The paper's negative assessment of Firefox 5 compared with Chrome in the sandboxing tests results from different designs. Again, there is nothing about open source vs. closed source development that dictates a product's design.

The bottom line is that each comparison needs to be made on its own merits; there is no reason to think that any given closed source software will invariably be more secure than any given open source software.