Slashdot Mirror


How Can I Trust Firefox?

TheRealSlimShady writes "Peter Torr (who?) from Microsoft invites a certain flamewar with his essay 'How can I trust Firefox?' He raises some interesting security related points about the download and installation of Firefox, some of which should probably be addressed. The focus is on code signing, which Microsoft is hot on. Of course, the obvious question is 'Do I trust Firefox less than IE?'"

12 of 1,464 comments (clear)

  1. whoa wait! by Korgrath · · Score: 5, Funny

    it's against the rules when Microsoft starts flaming back!

    --
    Theory of flight?! I'll teach you the theory of fist!!
  2. "Numeric IP address" ? by theefer · · Score: 4, Funny

    I download the software again (this time coming from -- I kid you not! -- a numeric IP address [...]

    As opposed to what? A graphical IP address? A string IP address? A musical IP address?

    I hope this kind of remark does not reflect the technical skills (or lack thereof) of the author, although the content of the lame flamish post seems to lead us to the same conclusion.

    --
    theefer
  3. Re:This guy is right. Listen to him. by k4_pacific · · Score: 5, Funny
    from "firefox.org" (only!)

    Of course, with IE's spoofing vulnerabilties, you may not really be at firefox.org.

    --
    Unknown host pong.
  4. Re:Yeah, right. by noidentity · · Score: 5, Funny

    What scares me are those freaking awful dialog boxes that IE allows. The ones that say "You MUST click okay to use this site!" or "Do you want to set CrappyAds.ru to be your homepage?".

    And even if I press no, I *still* get spyware. Why? IE Sucks.


    Hey, I have a solution! Firefox can present a dialog box on the first installation that asks, "Do you want to run with better security than Microsoft Internet Explorer?" with only one button labeled "Yes".

  5. Re:Yeah, right. by cratermoon · · Score: 4, Funny

    Time for another name change. Just call it "teh intarwebs".

  6. Re:Yeah, right. by Xerp · · Score: 5, Funny

    Here. Let me start my own flamewar.

    "I wanted to download Microsoft's Internet Explorer, so using Firefox I popped across to Google and searched for:

    'Microsoft Internet Explorer'

    The 3rd link told me:

    Internet Explorer Home
    https://www.microsoft.com/windows/ie/default .htm

    Ok. I'll go there!

    Up pops the message:

    'Unable to verify www.microsoft.com as a trusted site'

    Ok. I'll examine this certificate. Lets see who it is signed by... ah. Microsoft. Fine. As I'm testing this off a Knoppix-style CD and USB memory stick I'll accept this self-signed certificate. Seems all a bit snakeoil to me.

    Once I do accept this this I immediately get redirected to another page - something ending with "mspx". Thats not where I clicked! I guess I have to trust it for now though and just carry on.

    Over on the left is a "downloads" link, so I go there. I'm presented with a downloads page, where I have to go to another page of languages. I don't see my native Israeli, so I opt for "English". I'm taken to another downloads page (yes, I'm getting board of downloads pages already too). From here I am told that I must go to the 'downloads centre'. Great. Another downloads page. Here I get to select my language again. Um. Still no Israeli, so I go for English again. But Wait! There - no kidding - are only versions for Microsoft Operating Systems!"

    I close my browser and grin.

  7. Re:I agree ... by geoffspear · · Score: 5, Funny
    Yes, you did miss something.

    He's claiming, in public, that his company's monopoly browser is presenting warnings that should cause users of that browser (the default on the monopoly operating system) to believe that installing Firefox (which is recommended, remember, by the Dept. of Homeland Security's CERT as being more secure) is inherently insecure and dangerous.

    That sounds like at least an antitrust violation, and probably fraud on top of it. Maybe a PATRIOT Act violation, as well.

    --
    Don't blame me; I'm never given mod points.
  8. Re:Yeah, right. by tomhudson · · Score: 5, Funny
    How do you send someone an email telling them they're running a spambot when their isp filters out anything that has the word spam in it?

    Hey, dude, you're running a SP4Mbot?
    Hey, dude, you're running a 5PAMbot?
    Hey, dude, you're running a 5P4Mb0t?
    Hey, dude, you're running a 5P4M8ot?
    Hey, moron, you're running a S-P-A-M-B-O-T?
    Hey, quit sending us offers for PEN15 ENL4RGEMENT V14GR4?
    He never sees the messages. Even a phone call won't work - he'll just get c0nfu5ed and up5et that he's p0ned.
  9. Re:Yeah, right. by DissidentHere · · Score: 4, Funny

    While you are 100% correct there is a simple work around. Often when I install Firefox or Mozilla for someone I rename the desktop shortcut "The Internet" or "The Web" (people who don't know what Firefox is tend to use shortcuts a lot).

    On top of that is some education on IE's faults, the scum of the net, and to note that the Firefox icon is much cooler than a dumb, swooshy "E"

    This approach has worked pretty well for me so far.

    In one extreme case I did rename the Firefox icon 'Internet Explorer' for an exceedingly uncooperative user. Once it was called 'Internet Explorer' she didn't care anymore. I'm sure some poor SOB in tech support has a hell of a time with her though.

    --
    "None of us are as dumb as all of us." - meeting mantra
  10. Re:Yeah, right. by Kiryat+Malachi · · Score: 4, Funny

    I don't see my native Israeli, so I opt for "English". I'm taken to another downloads page (yes, I'm getting board of downloads pages already too). From here I am told that I must go to the 'downloads centre'. Great. Another downloads page. Here I get to select my language again. Um. Still no Israeli, so I go for English again. But Wait! There - no kidding - are only versions for Microsoft Operating Systems!"

    If you were actually a native Israeli, you'd know the language is called Hebrew, or, in the actual language, ivrit (ayin-vet-resh-yud).

    (If you're a native Israeli who just can't speak English, I apologize, but all evidence from your post shows you can, in fact, speak English.)

    --

    ---
    Mod me down, you fucking twits. Go ahead. I dare you.
    (I read with sigs off.)
  11. Re:Yeah, right. by maciejkt · · Score: 5, Funny

    Specifically, this is the hostperm.1 file in your profile directory.

    Am I the only one to read this as hotsperm?

  12. Re:Yeah, right. by jfengel · · Score: 4, Funny

    On an offtopic note, when is Slashdot going to allow hebrew in comments?

    Right after they fix the HTML to work properly in the Firefox browser we're all praising in this thread.