Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Can I Trust Firefox?

Posted by timothy on from the how-could-anyone-trust-ie? dept.

TheRealSlimShady writes "Peter Torr (who?) from Microsoft invites a certain flamewar with his essay 'How can I trust Firefox?' He raises some interesting security related points about the download and installation of Firefox, some of which should probably be addressed. The focus is on code signing, which Microsoft is hot on. Of course, the obvious question is 'Do I trust Firefox less than IE?'"

6 of 1,464 comments (clear)

  1. BORING... by Spy+der+Mann · · Score: 0, Flamebait

    Microsoft: Firefox Sucks!
    Slashdot: Microsoft suxX0rs!!!!!111ONE
    Microsoft suxX0rs!!!!!111ONE
    Microsoft suxX0rs!!!!!111ONE
    Microsoft suxX0rs!!!!!111ONE
    Microsoft suxX0rs!!!!!111ONE

    Come on guys, any pro-Microsoft people around so we can really have fun? I promise I won't bite O:)

  2. nevermind browsing by chef_raekwon · · Score: 0, Flamebait

    take a look at the uptime of this silly server...
    Netcraft

    sheesh. can't even get a nice plump uptime like most linux boxen....

    --
    We're like rats, in some experiment! -- George Costanza
  3. Firefox sucks, often freezs. by vensub · · Score: 0, Flamebait

    EOM

  4. Re:This guy is right. Listen to him. by MrLint · · Score: 0, Flamebait

    well having done tech support for over a decade now, i can tell you users dont even bother to read error dialogs. So frankly your dear mother likely wont read anything about a non signed binary anyway.

    Would you mother evenhave the where-with-all to download setup and use a browser regardless of what it is?

  5. Re:Yeah, right. by SillyNickName4me · · Score: 0, Flamebait

    > Unless there's a very specific piece of software you need that you know won't work in SP2 there's no reason to avoid it.

    How about running Windows in a corporate environment where I am simply not allowed to install it untill it is approved?

    How about requiring Windows 2000 for specific software? (Lotus Approach does not run very well on any version of XP, regardless of sp2)

    There are many more reasons why people cannot use SP2 then the one you mention, and honestly, your argument looks like one from a person with yero experience in using computers in corporate environments, not to say it looks utterly ignorant.

  6. Good thing this is an unbiased writeup by g0bshiTe · · Score: 0, Flamebait
    It dutifully tells me the extension isn't signed (good), but makes the default choice Install Now (bad). This is the opposite of what Internet Explorer decided to default to when it detected unsigned code (ref: above). Now tell me again, which is the more secure browser?

    What he neglected to mention was that even though IE has ActvieX scripting prompting him Ma and Pa internet would have disabled the annoying little shit notification window by now, or that Javascript would have installed WebRebates and all sorts of shady crap.
    IE because I know it will warn me about unsigned programs.

    Since when does digital signing == security? Yeah, that spoofed website your on has you downloading FATFUCK and you think it's ok because it is using the previous signature from MSN Instant Messenger. So life is ok because "hey it is digitally signed, so it must be good".
    OK. But now what if there's a security bug found in Flash and I want to disable it? With Internet Explorer, I can simply set the Internet Zone to "High" security mode (to block all ActiveX controls), or I could go to the Tools -> Manage Add-Ons dialog if I just wanted to disable Flash until an update was available.

    Or let a cross-site-scripting bug in all versions of IE, totally ream my pc anally while adding it to the hoards of zombie spam networks. Why not? Conformity is cool right?
    Mozilla has had its share of security vulnerabilities in the past (just as IE has), and -- despite what the open source folk might say -- Mozilla keeps their security bugs hidden from the public (just like Microsoft does) in order to protect their customers from coming under attack by malicious users. Note that this is not a bad thing;

    The one true statement in the whole article. Although, if I can readily download the full source to Mozilla I can look at the code myself, and check for bugs, or even add something to it should I choose. Scuse me Mr. Gates, um please sir may I have the source to IE?

    I think the major point here that the authour neglected to point out that regardless what your using common sense should be exercised. Don't trust a browser to handle your security. Just because a little box says "It's ok". It isn't use your own judgement. If you aren't sure then ask someone you know who knows. I don't trust IE for crap, at teh paranoid security setting you cant go 15 seconds without having to click a window or click OK. If I wanted to click pretty windows all day, Slashdots Widgets would be my first choice. I have donated to Mozilla and used the browser for 4 years now. I have to say that I only use IE when I absolutely have to. I trust Mozilla as much as you should trust any webrowser, but I trust my judgement first.
    --
    I am Bennett Haselton! I am Bennett Haselton!