In a recent interview on Wired, Microsoft security chief Stephen Toulouse was trying to make a point that all web browsers suffer from vulnerabilities, not just Internet Explorer, unfortunately his explanation reveals that he uses Mozilla Firefox himself. Here is the quote in question:
Security is really an industry-wide problem. Just this morning I had to install an update to Firefox to block a flaw that would’ve allowed an attacker to run a program on my system. We’re working around the clock to make Internet Explorer safer, and we’re making changes with our Windows XP Service Pack 2 to make browsing a lot more secure.
So, the boss of Microsoft Security uses Firefox, that is almost as telling a statement as the United States government recommending people change away from Internet Explorer.
It is certainly true that all browsers have security flaws, no argument there. The problem is that the number of flaws found in Internet Explorer by far outweighs all the other browsers, possibly put together. Internet Explorer 6 has had roughly 160 flaws found since it’s release. (That’s just IE6, not counting previous versions.)
None of the other browses come anywhere close to that, not by a long shot.
Give Firefox, a browser used by at least one “Microsoft security professional” and suggested by the US Computer Emergency Readiness Team, a try. Not only will it make your net sessions more secure, but it’s actually a better browser to use as well. What’s to lose?
As for the story above, Mr Toulouse has responded here and this is what he had to say about the quote in question:
What I stated in regards to Firefox is that as a security professional I keep abreast of a variety of products on test machines and that just that morning I had to install an update on the machine running Firefox, which was true. That got distilled down to just the last part, that I had to update Firefox to apply a critical security fix.
Which doesn’t really deny the story since Mr Toulouse has no reason I can think of to be “keeping abreast” of Firefox (as a “security professional”) unless it’s to work out ways to make it look bad comparatively, or to look for ideas with regards to improving IE. Or just possibly he likes Firefox as much as we do. 🙂