Slashdot Mirror

← Back to Stories (view on slashdot.org)

Firefox Lead Engineer On Origins, Security, And More

Posted by timothy on from the go-put-firefox-on-someone's-computer dept.

An anonymous reader writes "ZDNet has an interesting interview with Ben Goodger, the lead engineer for Firefox. When asked to comment on critics' claim that Firefox has a better security reputation than IE because it doesn't have enough market share to attract trouble, Goodger responded with a one-two punch. "Firefox is better designed in a number of ways -- we have no "mode" that allows untrusted content to be executed automatically, for example -- no "safe zone. Another reason -- market share does not predict security. Apache has more market share than has Microsoft IIS, which has more holes than Apache." On Longhorn, he believes it will be a tough sell for Microsoft because of backward compatibility issues."

4 of 57 comments (clear)

  1. Re:firefox vs. Nortons by Gherald · · Score: 4, Informative

    I just had a customer tell me he deleted Firefox because the latest version of Nortons told him it was a security risk, so he's back to IE, and blamed ME for compromising his system

    It was probably "Norton Internet Security," aka firewall. Firefox was "trying to access the internet" so Norton prompted the user to authorize this. It's perfectly normal Windows firewall behavior (cf. SP2 firewall, ZoneAlarm, etc).

    Nothing to be concerned about.. have you tried explaining this to your customer?

    --
    The unofficial /. digest
  2. Firefox market share is up to 18% on technology by prostoalex · · Score: 4, Informative

    Both W3Schools.com and CNET News.com report that Firefox users make up 18% of their audience. Techie-oriented sites, I know, so doesn't speak much for mainstream, but Google was a techie-oriented engine at some point as well.

  3. Re:Correction by stormcoder · · Score: 5, Informative

    Boy I wish I had mod points. Clueless people going on about things they don't know anything about.

    ActiveX is native code, essentially, specially modified DLL's that run unsandboxed with the same permissions as the parent process. This opens up all kinds of fun things you can do to someones system. On top of this interesting feature there are IE zones, which give different default execution permissions. For instance, the Internet zone causes a prompt to be shown when an unsafe ActiveX control is trying to execute. Unfortunately it is relatively easy to trick IE into thinking an ActiveX control is coming from a trusted zone, which doesn't prompt before executing an unsafe ActiveX control. And another problem is that many ActiveX controls are marked safe, but are in actuallity, unsafe.

    So how is the above similar to XPI? You always get a prompt from XPI files. Even if an XPI is signed you get a prompt. What's similar?

    --
    Sorry my bullshit sensor overloaded.
  4. Re:Right, but Parent is still right by richie2000 · · Score: 2, Informative
    Even if MS had never bundled anything, I am quite convinced that Internet Explorer 4 (and later 5) would have gotten the majority market.

    MSIE was free back then. Netscape Navigator wasn't, it cost (IIRC) around $25 or so. It wasn't just the bundling, it was the 800 lbs gorilla doing the funky billion dollar dance all over the puny competitor. Just another business day in Redmond.

    --
    Money for nothing, pix for free