Firefox Lead Engineer On Origins, Security, And More

An anonymous reader writes "ZDNet has an interesting interview with Ben Goodger, the lead engineer for Firefox. When asked to comment on critics' claim that Firefox has a better security reputation than IE because it doesn't have enough market share to attract trouble, Goodger responded with a one-two punch. "Firefox is better designed in a number of ways -- we have no "mode" that allows untrusted content to be executed automatically, for example -- no "safe zone. Another reason -- market share does not predict security. Apache has more market share than has Microsoft IIS, which has more holes than Apache." On Longhorn, he believes it will be a tough sell for Microsoft because of backward compatibility issues."

firefox vs. Nortons

[zardoz342]

I just had a customer tell me he deleted Firefox because the latest version of Nortons told him it was a security risk, so he's back to IE, and blamed ME for compromising his system

Re:firefox vs. Nortons

[Gherald]

I just had a customer tell me he deleted Firefox because the latest version of Nortons told him it was a security risk, so he's back to IE, and blamed ME for compromising his system

It was probably "Norton Internet Security," aka firewall. Firefox was "trying to access the internet" so Norton prompted the user to authorize this. It's perfectly normal Windows firewall behavior (cf. SP2 firewall, ZoneAlarm, etc).

Nothing to be concerned about.. have you tried explaining this to your customer?

Re:firefox vs. Nortons

[EnronHaliburton2004]

>Nothing to be concerned about.. have you tried
>explaining this to your customer?

Something about "Pack the computer into the box and ship it back. You're obviously too stupid to use a computer."

Re:firefox vs. Nortons

[tod_miller]

So it is fine for Spyware/Dialers to be taken of softwares 'threat' lists, but legitimate software?

I cannot believe not more fuss was kicked up to stop Sophos (or whoever) removing the dialer software of thier list.

It is thier software, they advertise it as preconfigured to thier judgement. If all cisco routers suddenly came preconfd to block mp3 packets, then we would all sooon find isp's telling cisco to remove this feature, or shop else where.

I am guessing people wont mind dialers being blocked and that it is a service.

Dumb client probably completely missread it, or saw a zonealarm request for access or something.

User, pfftsk.

It's simple

[Stevyn]

The Mozilla Firefox team was able to look at all the wrongdoings of Microsoft and avoid them from the ground up. Firefox is a great app and I use it everyday. I cringe when I have to use IE at school.

Microsoft could always ditch IE and use firefox code to develop their "new and secure" browser, but they've been pissing OSS for too long to take that route.

The browser wars are starting back up again. IE hasn't changed in years because it hasn't had to. Now everyone is screaming to use firefox over IE. This hurts Microsoft because they need to keep the image that they're the best of everything.

I hope firefox kills them in the browser wars. They have a better product. It was designed with usability and security in mind.

Re:It's simple

[prostoalex]

The Mozilla Firefox team was able to look at all the wrongdoings of Microsoft

Let's set the record straight - Microsoft won the browser wars over the Netscape, because it delivered a better product with IE 4 and IE 5. Netscape Communicator 4 was bulky, glitchy, slow to load and slow to respond with ugly widgets. Netscape 6 was the same nightmare with different skin and off-the-scratch source code. IE at that point was faster, easier to use, and had native Windows widgets with faster response times.

IE 6 is function-less, incapable of being customized (internal popup blocker did not come till SP 2) and is a security nightmare. Firefox just delivers a better product at the time.

Microsoft was not always a loser in this game.

Re:It's simple

Microsoft never WANTED to develop a browser. They were FORCED to by MS execs who thought Netscape had enough potential to cause money loss. Once they made a feature-rich browser (although insecure, no one argues that it doesn't do enough), they put Netscape into the red. Now they drag their heels everytime someone finds a security issue in Explorer. It served its purpose and they aren't interested in continuing its development.

Re:It's simple

[dimator]

Let's set the record straight - Microsoft won the browser wars over the Netscape, because it delivered a better product with IE 4 and IE 5.

Let's set the record a little straighter - are you sure bundling the browser had nothing to do with its popularity?

Firefox market share is up to 18% on technology

[prostoalex]

Both W3Schools.com and CNET News.com report that Firefox users make up 18% of their audience. Techie-oriented sites, I know, so doesn't speak much for mainstream, but Google was a techie-oriented engine at some point as well.

Re:Correction

[stormcoder]

Boy I wish I had mod points. Clueless people going on about things they don't know anything about.

ActiveX is native code, essentially, specially modified DLL's that run unsandboxed with the same permissions as the parent process. This opens up all kinds of fun things you can do to someones system. On top of this interesting feature there are IE zones, which give different default execution permissions. For instance, the Internet zone causes a prompt to be shown when an unsafe ActiveX control is trying to execute. Unfortunately it is relatively easy to trick IE into thinking an ActiveX control is coming from a trusted zone, which doesn't prompt before executing an unsafe ActiveX control. And another problem is that many ActiveX controls are marked safe, but are in actuallity, unsafe.

So how is the above similar to XPI? You always get a prompt from XPI files. Even if an XPI is signed you get a prompt. What's similar?