11.16.10 - Waltham, Mass. - Bit9, Inc. today unveiled its fourth annual report of the top applications with reported security vulnerabilities in 2010. Google Chrome placed first on the "Dirty Dozen" list, followed by Apple Safari and Microsoft Office. Apple and Adobe are the most represented companies with three applications each making this year's list. The "2010 Top Vulnerable Applications" report serves as a warning to enterprises about the risks of employees downloading unauthorized software and affirms the importance of staying current with software updates.

The report represents a "who's who" of venerable tech companies and the applications most popular with enterprises and consumers alike, and contradicts the perception that Apple software is the most secure. The "Dirty Dozen" list ranks applications by the number of reported "high severity" vulnerabilities that impacted end users during 2010, and includes the following:

Google Chrome (76 reported vulnerabilities)
Apple Safari (60)
Microsoft Office (57)
Adobe Reader and Acrobat (54)
Mozilla Firefox (51)
Sun Java Development Kit (36)
Adobe Shockwave Player (35)
Microsoft Internet Explorer (32)
RealNetworks RealPlayer (14)
Apple WebKit (9)
Adobe Flash Player (8)
Apple QuickTime (6) and Opera (6) - TIE


http://www.bit9.com/company/news-release-details.php?id=175

I honestly did not know that Chrome was so F****d up.
Maybe it is because of the audience it attracts and the increasing number of people using it.

Apparently, there is supposed to be one positive thing about Chrome. My brother uses it pretty much all the time. He does admire the Mozilla products but he does state the Chrome does load up much faster than Firefox. I think that I would tend to agree with him on this aspect. Considering how customizable firefox is, your aware that it's the extensions, the themes, and/or the personas that do slow down the loading up of firefox. This in addition to the memory leaks that firefox is known to have. I have done just about everything under the sun and it isn't unusual anylonger to see firefox on my machine use up to 160 mb or more of cpu.
I'm sure that I'm not the only one either. Even with the new betas coming out, firefox IMO, will have memory leak concerns for a long time still.
I'm also somewhat surprised to not see Opera in that list either. I mean, how secure is a .dat file for your passwords??
On the other hand, as far as I know, Opera also doesn't support those VB scripts wherein instead it supports Java and JavaScript as being the only languages supported by that browser. Correct me if I'm wrong here on that part, but I believe that it is correct. Again, correct me if I'm wrong.

The thing that doesn't surprise me so much is seeing IE up on that list considering that IE supports those vulnerable Active X controls.

Apparently, there is supposed to be one positive thing about Chrome. My brother uses it pretty much all the time. He dös admire the Mozilla products but he dös state the Chrome dös load up much faster than Firefox. I think that I would tend to agree with him on this aspect. Considering how customizable firefox is, your aware that it's the extensions, the themes, and/or the personas that do slow down the loading up of firefox.

i don't think start up times are very important. i mean it's not like you'd start the thing every 5 minutes.
for example i start it once after booting and close it before shutting down. maybe for some addon updates i gotta restart it but then it's cached already so it's like 3 times faster compared to the initial loading. and then let's say it takes 8 seconds to load compared to chrome at 5 or 4 for example. dösn't matter at least for me


This in addition to the memory leaks that firefox is known to have. I have done just about everything under the sun and it isn't unusual anylonger to see firefox on my machine use up to 160 mb or more of cpu.

today every mediocre box comes with some 4gb ram or so. even with firefox taking 300mb ... who cares :P

If I want to use Chrome, I stick with SRWare Iron Portable version. Chrome without all the Google in it, but just as good.

Internet Explorer is THE MOST Secure Web Browser… Who’d Have Thought That! (http://www.ghacks.net/2010/11/18/internet-explorer-is-the-most-secure-web-browser-whod-have-thought-that/) Haha.

i don't think start up times are very important. i mean it's not like you'd start the thing every 5 minutes.
for example i start it once after booting and close it before shutting down. maybe for some addon updates i gotta restart it but then it's cached already so it's like 3 times faster compared to the initial loading. and then let's say it takes 8 seconds to load compared to chrome at 5 or 4 for example. doesn't matter at least for me



today every mediocre box comes with some 4gb ram or so. even with firefox taking 300mb ... who cares :P


How about me, with just 1 Gb total RAM? :tongue:
Plus there is the CPU thing with it, and also when I load a youtube video my CPU goes sky high, almost 90%.With chrome I just get 60-70 %.
Anyway, chrome is becoming the next Firefox but faster as I am seeing.All the addons in firefox are being made for chrome too.Also, you can customize it how you want and it's simple interface is just what I need.

If I want to use Chrome, I stick with SRWare Iron Portable version. Chrome without all the Google in it, but just as good.

Internet Explorer is THE MOST Secure Web Browser… Who’d Have Thought That! (http://www.ghacks.net/2010/11/18/internet-explorer-is-the-most-secure-web-browser-whod-have-thought-that/) Haha.

I take this opportunity to recommend you use the normal Chrome.
Tests has shown that the "google" in Chrome is simply suggesting results from the address bar, which would happen either way when you search.
But more importantly, SrWare Iron is always a version or more behind official Chrome. And since Chrome is open source, a lot of people can read its code and extract vulnerabilities. So using an outdated version, like Iron, will put you at risk of those vulnerabilities much much longer. Imagine how it would feel being left exposed to a vulnerability where people can steal your facebook or email password from two weeks longer than the rest of the world? Yes, that's right.

If I want to use Chrome, I stick with SRWare Iron Portable version. Chrome without all the Google in it, but just as good.

Internet Explorer is THE MOST Secure Web Browser… Who’d Have Thought That! (http://www.ghacks.net/2010/11/18/internet-explorer-is-the-most-secure-web-browser-whod-have-thought-that/) Haha.


It will be interesting to see how IE9 stacks up against the other browsers in 12 months time.

Me too.

I've heard stories about IE coming out against FF and others in the browser wars. FF may have been pretty decent against IE during the first couple of years or so. But now that the browser wars have started in full swing since last year or so ago, I think we can count on there being a big swing in opinion polls and verdicts by different testing companies to see who comes out on top. Mind you, some of those testing companies could also very well be affiliates of some kind by the browser that they might be affiliated with.

I'm also somewhat surprised to not see Opera in that list either. I mean, how secure is a .dat file for your passwords??

Not much, though you can set a "master password" that makes extracting the data out of .dat file pretty difficult unless you know or crack it.


Plus there is the CPU thing with it, and also when I load a youtube video my CPU goes sky high, almost 90%.With chrome I just get 60-70 %.

If you don't want CPU usage spikes, download the video and open it in your favorite player. Flash is much less efficient than that and a fast codec.

FF may have been pretty decent against IE during the first couple of years or so. But now that the browser wars have started in full swing since last year or so ago, I think we can count on there being a big swing in opinion polls and verdicts by different testing companies to see who comes out on top. Mind you, some of those testing companies could also very well be affiliates of some kind by the browser that they might be affiliated with.

I remember I tried FF back in 2003,when it was hosted in some deep url in the mozilla project site. It was very resource intensive. Somehow, Google supported FF and it became the #1 browser, even when Opera was a much better option at the time.
Nevertheless, the browser wars is not as real as yiou would like to think: Google doesn't care about Chrome, they are barely marketing it, FF is struggling to maintain its 2nd place, while Microsoft just keeps on releasing features when they are no longer news.

The report represents a "who's who" of venerable tech companies

venerable?! for what, releasing software products full of bugs & vulnerabilities, just so the users can constantly be annoyed with an endless stream of patches & bug-fixes, most of which should have been dealt with long time ago, during the pre-release testing cycles :rolleyes:


THE SOFTWARE CONSPIRACY
Why Software Companies Put Out Faulty Products, How They Can Hurt You, And What You Can Do About It

a 1999 book about the software industry from Mark Minasi


And as the century ends, journalist and computer expert Mark Minasi exposes the conspiracy of greed, complacency and arrogance that lies behind the shoddy standards that we've come to accept as "business as usual" in the software industry.

What other industry ships their products untested, as one in seven software firms admit they do? What other industry ships a major product with thousands of known defects? Could any other industry could have failed to anticipate that the year 2000 would arrive? Who else would be allow to waste the sixty five million U.S. work hours that American workers spent on hold at software support lines in 1996?

"If McDonalds were run like a software company, one out of every hundred Big Macs would give you food poisoning ... and the response would be "we're sorry, here's a coupon for two more..." -- The Software Conspiracy

But faulty software hasn't only killed time, it has killed people, hundreds of them. And yet the software industry thrives.


Like everything else, software has defects (the software industry has trained us to call them by the more innocuous "bug"), but the number of defects in software as compared to that found in other off-the-shelf consumer products is stunning. It's not unusual for a piece of software to have hundreds or thousands of defects. Can you imagine buying a car, a toaster, a newspaper or even a cheeseburger with that many defects?

But wait, it gets worse. Those aren't defects that just crop up as people start using that software. No, it's a fact that on average software vendors know about 90 percent of the bugs in that software before they even release it to the public.

Sadly, software companies are perfectly capable of writing low-defect software. But they don’t because they believe that you, the consumer, don't really care about software reliability. They believe that the only thing that motivates you to buy new software is features – bells and whistles by the truckload.


Chapter 3 explodes the myth that software firms want you to believe-the myth that "it’s impossible to write software without bugs."
Chapter 4 takes you into the world of software and the law, an area that’s become frightening recently with some proposed changes to U.S. laws-changes that would forever establish that it’s perfectly okay for software firms to sell you completely useless software and leave you no recourse whatsoever. Worse yet, those same software firms can show up at your door unannounced with a federal marshal and close down your business while ransacking your computers looking for software you didn’t pay for.
Chapter 7 puts the rest of the book in perspective by offering a view of the possible futures-both good and bad-that could arrive if something does or doesn’t happen to change the quality of commercial software.


http://www.softwareconspiracy.com/

the book is available as free download from the author's site:

http://www.softwareconspiracy.com/swconspbook.pdf

As far as i'm concerned, firefox's best~~ but it's starting time is really....slow.