Firefox users urged to get more secure version
11th October 2004 (The Star)
By RASLAN SHARIF

PETALING JAYA: Internet users starved of a strong Open Source alternative to Microsoft's Internet Explorer web browser have flocked to Mozilla Foundation's Firefox.

But for those still using earlier Firefox versions, there's a more important reason to upgrade to the new Preview Release.

Previous Firefox versions contain several critical vulnerabilities, ranging from moderate to high risk, which could allow a hacker to execute malicious code on user PCs, the US-based Computer Emergency Readiness Team (CERT) has warned.

CERT recently listed six vulnerabilities affecting Mozilla software, namely the Mozilla suite, Firefox web browser, and Thunderbird e-mail client.

The vulnerabilities comprise issues concerning buffer, integer and heap overflows, and cross-domain scripting policies violations, it said.

All of the vulnerabilities have been fixed in the latest releases of the affected software, including Firefox, according to Mozilla.

Both CERT and Mozilla have strongly urged users of earlier Firefox versions to upgrade to the Preview Release.

Firefox Preview Release has been a huge hit since it was launched on Sept 20, chalking up a million downloads in the first 100 hours.

It has received favourable reviews, and download numbers have been boosted by a Spread Firefox campaign. As of last Friday, nearly 3.8 million copies of the Preview Release have been downloaded.

The campaign's "Spread the word" initiative currently has 20,000 registered participants, who promote the browser on their websites with Firefox buttons and ad banners.

Mozilla also has teams of volunteers involved in various other marketing efforts.

The final release of the browser is scheduled to be out before the end of the year.

Increasing interest

Firefox's rising popularity comes amid increasing interest in Open Source Software, which has strong security features and is widely perceived to be much more secure than some proprietary software.

Users are tired of having to defend their PCs against a tide of malicious code, invasive spyware and unsolicited messages, and this is also contributing towards demand for software that makes basic computing much less of a hassle than it is today.

"Anything that could potentially relieve user headache would at least be given a try," said an industry observer.

However, security vulnerabilities in Open Source Software such as Firefox, although not nearly as many as those found in Internet Explorer, show that there is no universal panacea against computing abuse.

As it stands, viruses, spam and spyware continue to afflict Internet users the world over, including Malaysia.

Spam or junk e-mail remains the top concern in the country, with thousands of incidences having been reported to the National ICT Security and Emergency Response Centre (Niser) since the beginning of the year, far higher than any other form of Internet abuse.

E-mail also continues to be a significant delivery channel for malicious code, with one in 15 e-mail messages circulating in September carrying potentially destructive payloads, according to antivirus company Sophos Antivirus.

Malicious code making their rounds have also shown to be relatively long-lived, despite updates and patches in response to these threats being released much faster than before.

"It's disheartening that the same old viruses are continuing to cause trouble," said Charles Cousins, Sophos Asia managing director. "Keeping your defences up to prevent infections is the only way we will see the back of these nasties."