Firefox Lead Engineer On Origins, Security, And More

← Back to Stories (view on slashdot.org)

Firefox Lead Engineer On Origins, Security, And More

Posted by timothy on Thursday October 14, 2004 @04:53PM from the go-put-firefox-on-someone's-computer dept.

An anonymous reader writes "ZDNet has an interesting interview with Ben Goodger, the lead engineer for Firefox. When asked to comment on critics' claim that Firefox has a better security reputation than IE because it doesn't have enough market share to attract trouble, Goodger responded with a one-two punch. "Firefox is better designed in a number of ways -- we have no "mode" that allows untrusted content to be executed automatically, for example -- no "safe zone. Another reason -- market share does not predict security. Apache has more market share than has Microsoft IIS, which has more holes than Apache." On Longhorn, he believes it will be a tough sell for Microsoft because of backward compatibility issues."

12 of 57 comments (clear)

Min score:

Reason:

Sort:

firefox vs. Nortons by zardoz342 · 2004-10-14 17:01 · Score: 5, Interesting

I just had a customer tell me he deleted Firefox because the latest version of Nortons told him it was a security risk, so he's back to IE, and blamed ME for compromising his system
1. Re:firefox vs. Nortons by Gherald · 2004-10-14 17:07 · Score: 4, Informative
  
  I just had a customer tell me he deleted Firefox because the latest version of Nortons told him it was a security risk, so he's back to IE, and blamed ME for compromising his system
  
  It was probably "Norton Internet Security," aka firewall. Firefox was "trying to access the internet" so Norton prompted the user to authorize this. It's perfectly normal Windows firewall behavior (cf. SP2 firewall, ZoneAlarm, etc).
  
  Nothing to be concerned about.. have you tried explaining this to your customer?
  
  --
  The unofficial /. digest
2. Re:firefox vs. Nortons by EnronHaliburton2004 · 2004-10-14 18:04 · Score: 5, Funny
  
  >Nothing to be concerned about.. have you tried
  >explaining this to your customer?
  
  Something about "Pack the computer into the box and ship it back. You're obviously too stupid to use a computer."
  
  --
  94% of Repubs and 21% of Dems voted to renew the Patriot Act
3. Re:firefox vs. Nortons by tod_miller · 2004-10-14 19:50 · Score: 4, Insightful
  
  So it is fine for Spyware/Dialers to be taken of softwares 'threat' lists, but legitimate software?
  
  I cannot believe not more fuss was kicked up to stop Sophos (or whoever) removing the dialer software of thier list.
  
  It is thier software, they advertise it as preconfigured to thier judgement. If all cisco routers suddenly came preconfd to block mp3 packets, then we would all sooon find isp's telling cisco to remove this feature, or shop else where.
  
  I am guessing people wont mind dialers being blocked and that it is a service.
  
  Dumb client probably completely missread it, or saw a zonealarm request for access or something.
  
  User, pfftsk.
  
  --
  #hostfile 0.0.0.0 primidi.com 0.0.0.0 www.primidi.com 0.0.0.0 radio.weblogs.com
It's simple by Stevyn · 2004-10-14 17:04 · Score: 4, Insightful

The Mozilla Firefox team was able to look at all the wrongdoings of Microsoft and avoid them from the ground up. Firefox is a great app and I use it everyday. I cringe when I have to use IE at school.

Microsoft could always ditch IE and use firefox code to develop their "new and secure" browser, but they've been pissing OSS for too long to take that route.

The browser wars are starting back up again. IE hasn't changed in years because it hasn't had to. Now everyone is screaming to use firefox over IE. This hurts Microsoft because they need to keep the image that they're the best of everything.

I hope firefox kills them in the browser wars. They have a better product. It was designed with usability and security in mind.
1. Re:It's simple by prostoalex · 2004-10-14 17:41 · Score: 4, Insightful
  
  The Mozilla Firefox team was able to look at all the wrongdoings of Microsoft
  
  Let's set the record straight - Microsoft won the browser wars over the Netscape, because it delivered a better product with IE 4 and IE 5. Netscape Communicator 4 was bulky, glitchy, slow to load and slow to respond with ugly widgets. Netscape 6 was the same nightmare with different skin and off-the-scratch source code. IE at that point was faster, easier to use, and had native Windows widgets with faster response times.
  
  IE 6 is function-less, incapable of being customized (internal popup blocker did not come till SP 2) and is a security nightmare. Firefox just delivers a better product at the time.
  
  Microsoft was not always a loser in this game.
2. Re:It's simple by Anonymous Coward · 2004-10-14 18:04 · Score: 4, Interesting
  
  Microsoft never WANTED to develop a browser. They were FORCED to by MS execs who thought Netscape had enough potential to cause money loss. Once they made a feature-rich browser (although insecure, no one argues that it doesn't do enough), they put Netscape into the red. Now they drag their heels everytime someone finds a security issue in Explorer. It served its purpose and they aren't interested in continuing its development.
3. Re:It's simple by dimator · 2004-10-14 21:11 · Score: 4, Insightful
  
  Let's set the record straight - Microsoft won the browser wars over the Netscape, because it delivered a better product with IE 4 and IE 5.
  
  Let's set the record a little straighter - are you sure bundling the browser had nothing to do with its popularity?
  
  --
  python -c "x='python -c %sx=%s; print x%%(chr(34),repr(x),chr(34))%s'; print x%(chr(34),repr(x),chr(34))"
Firefox market share is up to 18% on technology by prostoalex · 2004-10-14 17:36 · Score: 4, Informative

Both W3Schools.com and CNET News.com report that Firefox users make up 18% of their audience. Techie-oriented sites, I know, so doesn't speak much for mainstream, but Google was a techie-oriented engine at some point as well.
Re:Correction by stormcoder · 2004-10-14 19:04 · Score: 5, Informative

Boy I wish I had mod points. Clueless people going on about things they don't know anything about.

ActiveX is native code, essentially, specially modified DLL's that run unsandboxed with the same permissions as the parent process. This opens up all kinds of fun things you can do to someones system. On top of this interesting feature there are IE zones, which give different default execution permissions. For instance, the Internet zone causes a prompt to be shown when an unsafe ActiveX control is trying to execute. Unfortunately it is relatively easy to trick IE into thinking an ActiveX control is coming from a trusted zone, which doesn't prompt before executing an unsafe ActiveX control. And another problem is that many ActiveX controls are marked safe, but are in actuallity, unsafe.

So how is the above similar to XPI? You always get a prompt from XPI files. Even if an XPI is signed you get a prompt. What's similar?

--
Sorry my bullshit sensor overloaded.
Right, but Parent is still right by brunes69 · 2004-10-14 23:08 · Score: 3, Insightful

Bundling did play a factor yes. And bundling is what has kept them in the lead for so long.

But the parent is totally right in saying that Netscape 4 - 4.5 sucked donkey balls. It was slow, bloated, and incredibly hard to develop HTML for because of its goofy layers system. Even if MS had never bundled anything, I am quite convinced that Internet Explorer 4 (and later 5) would have gotten the majority market.

After that it becomes more grey. If IE had never been bundled, IE6 vs. Netscape 6-7-Mozilla is much more difficult to call.
The most important thing he said... by EvilJohn · 2004-10-15 01:31 · Score: 3, Interesting

...and why Firefox will succeed:

"I use the tools that let me get stuff done quickly -- no brand affiliation or idolatry."

--

Less Talk, More Beer.