Slashdot Mirror
Pros and Cons of Firefox Critically Evaluated?
A Dafa Disciple writes "Fred Langa of Information Week has written an article claiming to discuss the 'Pros and Cons of Firefox'. At first I was excited because I thought I was going to get to finally read an enlightening, in-depth article that critically examined the browser. I should have known better. Aside from the usual criticism of open source software, it contains a reference to a Symantec Internet Security Report which claims that more security vulnerabilities in the last six months of 2004 were found in Firefox than IE. I'll leave it to you to analyze Mr. Langa's opinion and scrutinize Symantec's study and reputation as a security software developer."
Is all the plugins, extensions, chrome, files, and settings that have to be configured after you have the Firefox browser up and running. It would be really nifty to be able to bundle all the things that I do when I install firefox into one mega "extension bundle" or some such that I could install with one click.
It's enlightening until it's critical. I see.
The two aren't mutually exclusive. You weren't looking for enlightenment, you were looking to see someone agree with you.
i'm amazed that i survived - an airbag saved my life.
i have begun to doubt symantec's expertise. i work in a college where virus outbreaks are pretty common. now i've seen a computer with the most up to date, newest version of norton/symantec anti-virus and it seems that it still does not find all the viruses. viruses and trojans that are relatively harmful to the system. i would take this story with a grain of salt...
please me, have no regrets.
if I could control it centally from MS active directory, that would be great..
other than that, I see not problems with it at all..
At first I was excited because I thought I was going to get to finally read an enlightening, in-depth article that critically examined the browser.
And I thought my life was dull. You need help my friend. Now!
Do they have the source code for IE? Security by obscurity is no security.
And, at least Mozilla does something about it - three patches in what, two months? How many has IE had the last three years?
Those of us with Macs know that Firefox is really obnoxious on our platform. It makes a very halfhearted attempt at elegance, but fails miserably on almost all counts. Scrollbars don't disable in background windows, HTML controls are rendered in ugly beveled grays, the Preferences dialog is inexplicably a sheet, proxy settings aren't inherited from the System Preferences, text areas in forms aren't beneficiaries of Cocoa's text-editing magic, popup menus are rendered in the wrong font, and on, and on, and on.
If Firefox wants to be taken seriously as a native browser on the Mac, it has a long way to go to catch up to Safari in terms of aesthetics and usability.
--
perl -e '$??s:;s:s;;$?::s;;=]=>%-{<-|}<&|`{;;y; -/:-@[-`{-};`-{~" -;;s;;$_;see'
I just wish that you could type something into the address bar, press up and enter, and have it search Google, like you can with Mozilla. The tiny google search box on the top right is nowhere near big enough.
hmmm, symantec/ms dont like opensource? wow, I never would have seen that coming. This seems like another of those bait the readers and watch em attack back games
Step out of the box and enjoy life
one question should be asked... who releases patches and security updates in a more timely manner? mozilla or microsoft? while firefox may have had more security flaws than IE, it gets patched almost immediately.
please me, have no regrets.
As far as I can see, open source security is a double edged sword.
On one side you've got a large base of coders checking the code for bugs, and submitting patches to fix them.
On the other hand you've got people looking through the source for bugs to exploit. However once these exploits become known its usually a small amount of time before someones submitted a patch to the problem.
Closed source doesn't tend to have either of these (as not many ppl have the source) and as such shouldn't have so many exploits discovered for it.
The open source method should however eventually produce more secure code.
Update Watch - Automatic software update notification
At first I was excited because I thought I was going to get to finally read an enlightening, in-depth article that critically examined the browser. I should have known better.
Should be read as:
At first I was excited because I thought I was going to get to read an article about how Firefox is the best thing ever. It turns out it wasn't written by me and is therefore wrong.
Print version of the article fitting nicely onto one page.
Its a little odd that this article would be posted without a note that Firefox 1.0.3 has just been released: http://www.mozilla.org/products/firefox/releases/1 .0.3.html
Ugh... Less must mean more in the I.E. world. It's amazing how marketing can put a spin on Microsofts *horrible* track record when it comes to releasing patches in an expedient manner. The more and more Microsoft waits to release a fix, the more these guys make it look like a good thing.
Acording to their philosophy, Firefox isn't as secure as I.E. because Firefox has fixed more bugs? Give me a fscking break.
Please mod the parent down. He has put un-labled malicious Perl code in his sig. Evidently as a prank or due to some sort of simple-mindedness.
I used to run adaware with IE, I've run it once and a while since I switched to firefox and it'll occasionally find a cookie or two that doesn't bother me. With IE it'd find a couple hundred problems.
Security vulnerabilites my ass.
(yes I know spyware and security is different, but firefox sure is a lot less of a pain in the ass)
"You can't handle the truth! Son, we live in a world that has (fire) walls. And those walls have to be guarded by men with (antivirus software.) Who's gonna do it? You? ... I have a greater responsibility than you can possibly fathom. You weep for (FireFox) and you curse (Microsoft.) You have that luxury. You have the luxury of not knowing what I know: that (IE6.0 vulnerabilities,) while tragic, probably saved lives. And my existence, while grotesque and incomprehensible to you, saves lives...You don't want the truth. Because deep down, in places you don't talk about at parties, you want me on that wall. You need me on that (fire) wall."
ELOI, ELOI, LAMA SABACHTHANI!?
Maybe Firefox is a more stable, more secure browser than IE, but everything is gonna have its flaws. And the more people use it, the more it's gonna get targeted. This sounds kinda selfish, but I almost wish the geek crowd would have "hoarded" Firefox and kept it as their own. It's nice to give Microsoft the shaft, sure, but the more Firefox creeps into the mainstream, the more it's gonna inherently open itself up to exploits.
"I hate quotations. Tell me what you know." - Ralph Waldo Emerson
He lost it not far into article. it was about at this point. "Much of Windows' internal development in Windows 3.1 and 3.11 was to make Windows network-aware and largely self-configuring. The Windows developers mostly succeeded, and Windows became easy to network..." If this is true , why am I still helping people network there computers 10 years later?
No matter where you go , there you are.
Since the article concentrated on security, but didn't mention this:
If you leave autocomplete on, Firefox will save your credit card numbers in plaintext on your hard disk.
This bug has been known about for years. They won't fix it.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
Isn't finding more vulnerabilities a good thing? I mean as long as they're getting patched and all, the browser is becoming more secure with every bugfix.
Cons: It isn't explorer**
*potentially more secure
**some pages don't render right since some people only test with explorer
I Am My Own Worst Enemy
Let me put forward a little statistic of my own, gathered from what I've seen over the last few years as a network admin.
Number of computers compromised as a result of IE usage: 8 this year. Number of computers compromised as a result of Firefox usage: 0 (ever)
I would like to direct him to my masterpiece 'Hello_World.c'
However, then he starts blaming security holes in the browser on uneducated users. This is where i started to lose him. Understandably as more users switch there are going to be more users who do not understand what is happening. This is hardly the fault of the browser though, and should not be counted against it.
When comparing two programs that do the same thing on security merits, several things should be considered, including number of known security risks, severity of risks, rate of patching known risks, and then farther down that list user knowledge.
This does bring up an important point though, there is no patch process for Firefox(atleast the Mac version). So it's possible that security releases are not be disseminated to normal users. If this is true, then you can release all the security patches in the world and it won't do a damn bit of good. Perhaps an incremental auto-patch is in order?
I assume you haven't RTFA, but here's more or less the criticism that Firefox gets:
1) "Oh look! It has more vulnerabilities than IE!" (tho they fail to state how critical these are. And don't forget that Firefox 1.03 was just released, fixing these. How long it took IE to release theirs?)
and 2) "BWA! Firefox fails to render my favorite IE-only pages!" complains from users.
And that was on the last 1 1/2 pages. The others were just straw words (your usual columnist intro).
This columnist isn't enlightening, nor critical. He's just giving another misinformed opinion.
because MSFT won't call them bugs and denies they exist.
...
In related news: Zombie World Population skyrockets.
Seriously, metrics are not useful unless all the measurements are done to the same or comparable standards. An IE bug tends to be what I would describe as a collection of 80-100 mozilla bugs - and even then is usually reported a year late after they refuse to admit they fixed it but the release is different on the MSDN disks for a program that's already been "updated"
-- Tigger warning: This post may contain tiggers! --
it contains a reference to a Symantec Internet Security Report which claims that more security vulnerabilities in the last six months of 2004 were found in Firefox than IE.
It seems to me that the author is implying that this claim just has to be invalid, because come on, we all know that Firefox MUST be more secure than IE. I mean, how can you argue that it's not? It's open source! It's an irrefutable fact of life that it's more secure! Duh!
Sarcasm aside, there are valid complaints about Firefox, Mozilla, and other open source products, but submissions like these really drive home the attitudes you're likely to see here on Slashdot and other open source message boards. That is to say, criticism is rarely accepted. Those making the criticism are called corporate shills, biased, etc. Or better yet, the old "if you don't like it, fix it."
Firefox is still under active development. It's not surprising that occasionally a new bug, including ones that compromise security will be introduced. IE, on the other hand, has been unchanged, asside from bug fixes. All development work on IE was stopped until Firefox forced their hand. I don't think there have yet been any new releases of IE since Service Pack 2, which put 6.0.2900.2180 out in the world.
So, I wouldn't be surprised if more new security problems were located in Firefox in the recent past than in IE during the same time period. That doesn't imply that there are fewer problems in IE than in Firefox, just that fewer were found in a given time period.
Which means.... practically nothing. The relevant information would be total numbers of security problems over the total number of lines of code or some similar metric, if you want to discuss the quality of the code.
If you want to know which browser is the most secure, you should look at the total number of security bugs known to exist and the severity of those bugs.
For my money, Firefox is the only browser that I trust. I run IE only when I have no choice and when that happens I send an email to the manager of the site telling them why I won't visit again.
Microsoft abandoned good engineering practices in order to grab at market share. As a result, they crippled both their browser and their operating system.
-All that is gold does not glitter - Tolkien
www.ra
There will always be reviews out there you don't like. First, this is information week, the WSJ for the pointy haired bosses, I would expect nothing less than a shitty review, actually, I'm glad he gave it a shitty review.
Second, the guy looks like a total Asshat. Look at his picture for christs sakes Fred Langa
Top 10 Reasons To Procrastinate
10.
Damn, she's hot and smart too.
There are too many mod points: thirty +5 posts per story is a joke. I only moderate down!
So as slashdot's population increases and there are more people posting, it follows that there will be more +5 posts. Maybe for you ten +5 posts are sufficient, but when the population triples then you should expect thirty +5 posts.
I'm a Firefox user from about 2 years ago.
My old time versions seemed to be flawless and now, since there are more eyes on Firefox, it seems to be more buggy and insecure.
That's the problem. Firefox boom atracks even more eyes and that will be a bigger problem. Same as QMail or Postfix on Sendmail. They were more tasty 'cause there were less people looking over them.
Moment of terror is the beginning of life !!!
And the more people use it, the more it's gonna get targeted.
Just because more people drive cars than armoured vans, doesn't mean that cars are targeted more just because they're greater in number. In fact, the payload would be greater attacking armoured cars. In reality, some things are just designed with greater security in mind, from the offset.
How about naming the article title "Pro and Cons for the Pro" instead. It seemed to just go on and on about how bad Firefox is or how equal in unreliability it is.
I think the XEmacs approach would work out well. You download and install the base system, and then you either get the packages you want or install the sumo package with everything.
(S(SKK)(SKK))(S(SKK)(SKK))
We see a large number of nitpick vulerabilities for open source because everyone can look at the source code and try to break it every which way. OTOH, finding exploits in IE is done by testers and hackers.
Regarding dupes, visiting Secunia shows many vulnerabilies for linux distros, but you see the same ones over and over again for each distrobution.
So while I agree that no software is perfect, and Firefox does have problems that arise from time to time, as does any software, I'll still be using the fox for my net browsing.
As for those testimonies in the article from people who can't get Firefox or Thunderbird working properly, wow. I've switched people's grandparents with no computer literacy with no problem. All I can say is that their system must be jacked up.
Before everyone starts flaming me, I'll state that Firefox has become indispensable to me now. Mostly because the RSS bookmarks, tabbed browsing, and best of all, the extensions. Dictionary search, ad-block and the spell checker have all become indispensable to me now. However explorer remains the superior browser with regard to resources and stability. If I want a fast and simple stable browser, explorer is the way I go. While Firefox is loaded with useful options, I find it interesting that I stayed not because it was technically superior to ie, but provided better and actually useful features.
They haven't got our inside leg measurements yet.
Actually, I'd better check...
In my opinion of using the software as long as I have, I would never use IE again unless forced to. And that small amount of time I do use IE, I spend twice as much afterwards cleaning out the damn mess made by malware.
I think because of it's Open Source nature when Moz or some derivative gains market share and becomes the primary target of ad companies, it still won't make that much of an impact on the browser as a whole.
I am Bennett Haselton! I am Bennett Haselton!
All I want from the Windows version of Firefox is for cut/copy-and-paste to work reliably. Every so often, the copy function refuses to work in Firefox and its so utterly annoying that I end up using crappy IE most of the time now.
This issue has been in since the Phoenix builds. And yes, I submitted a bug report long ago, which looking now, seems to have disappeared.
When I need to copy-paste, its for important stuff.
Well Mr. Langa seems to have a web site. Here is the link ! And here you have a link to the article on his homepage (in case it gets /.ed on the front page).
Well taking a quick look at what he wrote i think it's the type of guy who actually enjoys starting flame wars so i wouldn't bother too much by him!
I would only like to tell him that I dissagree with him and he is a terrible writer cause he is using too much sarcasm in his writing. take for example this part from his essay:
The last time I mentioned a similar US-CERT finding, by the way, Linux partisans leapt up to tell me that US-CERT didn't know what it was doing. Linux *couldn't* have more security flaws than Windows! Everyone *knows* that Open Source software is so much better than anything from Microsoft--- right?
Also take from example this:
I wrote that article to try to help readers interested in FireFox in particular and Open Source in general to make an informed decision. There are many, many excellent, proven, objective benefits to switching to Open Source software--- but there's also a lot of misinformation, and some very, very *bad* reasons to switch.
I think that he is doing what he is preaching against: Misinformation
The article can be summed up to say that MS software doesn't have a higher number of bugs, just a higher install base. If Firefox had just as high of an install base then it would have an equal amount of bugs.
This is just not the case. You can't say that the bugs are purely based on the number of people taking a swing at it. It defends buggy software. Most of the "bugs" are render problems, mentioned at the end of the article. If designers used standards then things would render fine.
That's cuz these dorks have nothing better to do.
Thank you, Dafa Disciple, for providing a Wikipedia link for the mysterious term "open source". Yes, thanks to you, people reading Slashdot now know what that means. Not one of us had ever heard of this "open source" before, so the enlightenment is most appreciated.
You missed the point of the poster. He wasn't unhappy about the article being critical, but being very BIASED and critical. You know, it'd be like saying that Democrats/Liberals should listen to Bill O'Riley... as if he listens to the other side.
What I hate the worst is not those who are biased, but those who claim to be things like "Fair and Balanced" when it's clear they're not.
Take for example this nice strawman argument that Mr. Langa puts forth:
Which he then cuts down systematically, as if his misposed argument had any value:I can tell when people use Conversational Terrorism, and I know then that they're highly partial and unreasonable to argue with.Make sure everyone's vote counts: Verified Voting
Symantec has invented a new definition of FUD.
F*cked Up Data.
Small potatoes make the steak look bigger.
A lot of other security/AV companies get definitions out MUCH faster than Symantec. I remember occasionally using Sophos's and other AV sites to solve virus issues becuase we didn't have the info.
Don't take life so seriously. No one makes it out alive.
http://www.informationweek.com/shared/printableArt icle.jhtml?articleID=160900911
Yea OK say we accept that as fact. What % of the bugs found in Firefox were fixed as compared to the % of bugs found and fixed in IE
In most cases in the more recent issues, you'll see the list of IE's vulnerabilities is shorter than those for Firefox, Mozilla, and the other alternate browsers. Likewise, with the more recent bulletins, you'll also see the list of Windows' vulnerabilities is actually much shorter than that for the other operating systems, even though Windows is far more widely installed.
Where did he get this from??
Latest 10 vulnerabilities on front page are all Windows.
If you look at the bulletins like he does, you get a collection of vulnerabilities that have been patched.
US-Cert Vulnerability Notes is where he should be searching if he wants a proper comparison.
Firefox returns 11 results.
I didn't count how many results Internet Explorer returned, but even if you don't count pre-2004 vulnerabilities, the number is still twice as high as it is for Firefox.
Well no browser on this planet is free of bug and security holes, but at least i feel a bit safer when using firefox. One of the reasons i feel safer is that Firefox dont use ActivX components and i think that Mozilla/Firefox are faster to come with a fix if a security hole is discovered. Arrest me if i'm wrong...
Bits of News Giving you the latest bits.
"Informative" - anything with a URL in it!
Well then, here you go.
In a word... sucks. Where I work, there was a trojan/worm that we were tracking and Symantec Corporate Edition wasn't finding it. After talking to them, it turns out they already knew about the problem but weren't going to be releasing any definition updates for mass deployment for a week. Instead they sent us a link to the early updates that we could apply manually. This stuff should be automated! Total suck in my opinion. Of course, I'm not the Windows admin here thankfully. That's a job I don't think I'd really want.
-"...bad old ideas look confusingly fresh when they are packaged as technology" - Jaron Lanier (Digital Maoism on Edge.o
I already see people complaining about bias and how misinformed this person is yet on the first page alone the author praises Firefox and takes IE to task on languishing and having a boatload of security fixes.
Oh, I see. The author goes on to critisize Firefox. Now he is mis-informed since he states at CERT and Symantec you can count more vulnerabilities recently with Firefox than IE. I can go to those sites as well and count.
I believe he is right: firefox isn't a panecea. I use firefox and helped push it to be used at the company I work for. In the last six months it seems Firefox is being patched as much as IE.
Is it just me being tired of constantly reading about how perfect flawed software is. If it's flaw or flaws are being brought out consistently it's seemingly OK. There is always a "but" following why OSS is OK despite flaws. When a commercial product has a problem it's because they aren't OSS. What is the problem when the OSS darlings have issues?
Perhaps when the flaws being shown in Firefox calm down a bit a lot of the rhetoric will sound better.
I have been using FireFox for quite sometime and waiting for the next IE. One thing I really need is to be able to save a complete web as a single document. Like it or not, most of MS format are the standards(?). Either come up with a new format or support the MHT format. To be exclusive is not the way to go.
I have found Firefox to be more logical looking in its layout using CSS elements and have had to rework pages more often for IE than the other way around. The problem is that many websites don't bother to check the look of a page in anything other than IE. So how is this FireFox's fault? Langa just assumes IE is getting it right and that there is no ambiguity in the way some HTML elements are specified.
In theory there may be more bugs and possible security threats lying in wait in FireFox, but here it the thing, since switching to FireFox I have had FAR fewer virus problems. Now it could just be the smaller market thing, but so what - what I care about is how many real viruses I am exposed to. You could argue that should FireFox continue to grow in popularity, so will the attacks on it by virus writers, bring it back to parity with IE. That may be, but hasn't happened yet. BUT it could just be that the open software model means more work on the code and better more secure code when it gains an even wider audience. In fact this is the horse I would bet on.
Letter To Iran
I read the comment about Firefox not displaying the Yahoo logo and I couldn't believe it. Then, I popped over to Yahoo.com and sure enough, no logo.
A quick check of the source told me what was going on. I recognized the yimg URL as one that I had *BLOCKED* images from long ago. Yahoo serves tons of graphics ads all over the Internet and I just blocked them all using Firefox's native ability to block images from a particular URL.
It seems Yahoo serves their own graphics from the same server as their ads. Silly rabbit.
So, it isn't a rendering bug with Firefox, it is a feature! And a damned useful one at that.
feature + ignorance = bug? Sad.
-Charles
Learning HOW to think is more important than learning WHAT to think.
Aqua does not belong on the Web. Its controls were not designed for the Web, and they do not respond to styling. I've been using Macs since I was four, and Aqua's alright for what it is, but it's just not suited to the Web, and trying to shoehorn it onto pages is pretty much literally putting a round peg into a square hole.
Too funny. I read the first page of the article using Firefox. None of the subsequent page links work. IE works fine.
I guess I will miss it.
Keep the Classic Slashdot.
The article is the most biased fanboy crap I have seen on Slashdot in the last, well... today! And he has the nerve to whine about Langa and Symantec being biased!?!?
Moderate the parent up ^^^^
I believe that these lesser known programs such as Firefox, Opera, and OS's such as Linux and MacOS are secure due to their small marketshare.
While I'm sure these programs/OS's try their best to be scure, I think most of their security comes from their obscurity, not any technical advantage in security that they have.
As Firefox becomes more popular, I see more exploits for it being made. Whereas I used to never get popups, I do now.
Windows/IE is the most heavily affected due to their marketshare... most virus writers will want to target the software that is the most common.
But, by writing off all of Internet Explorer's problems to the "installed base" scale factor is extremely dangerous to his readers.
The problem being, since MSIE is embedded into the OS, a flaw in MSIE can be exploited from any program which uses an HTML viewer, not only the "iexplore.exe" application itself. Firefox, even when it's your default browser, still pops up in full "visiting the Web" paranoia.
Another problem, of course, relates to MSIE's very strange handling of text/plain and application/octet-stream data types. (It will actually reject the Content-type: header from the server and make up a new one based on filename suffix and/or file content... imagine sending a text/plain file from a CGI URL that has ".doc" in it and it turning into a Word file. Note that the ".doc" is in the URL, not in the downloaded file name....) I've got a CGI I just can't make with MSIE properly because it rejects my server's claim that file "foo.log" with "inline" presentation is type "text/plain" and it can display it--it insists on saving to disk... only to find out that Notepad is the right application. To work around it, I'd have to change the extra path information fed to the CGI... and I can't do that--it means something, of course.
But that problem ("feature", if you read the MS knowledgebase) is one way how people are tricked into downloading seemingly "safe" content that turns dangerous.
Plus, he makes no assessment of the security problems. He doesn't mention ANY, from ANY browser, not even as illustration--he just leaves it to the reader to plow through pages of cryptic reports from Synamtec and CERT.
And he's got no analysis of the "trouble reports" he provides for Firefox. Missing images? 99 times out of 100, that's because the Web page has backslashes in the IMG URLs--which are not part of the hierarchical URI syntax. (They work only in MSIE on Windows. MSIE for Macintosh will not process them the same way.)
Plus... how do we really know what security problems are fixed in MSIE? On my XP box at home, and the W2K boxes I have to use at work, the Windows Updates just say things like, "A security problem could allow an attacker access to your computer." How am I to know what that security problem is, what part of the system it affects? I don't even know if it is function I use, or even have enabled--the update information is just too terse--at that's after clicking, "Show Details".
(My main systems are Linux and Mac, so there may be a way to get more information from Windows Update, but it isn't as obvious... unlike Mac OS X Software Update, where it lists the major components right there, and links that take you to the Apple web site for more information.)
Easy.
1. Dont do autocomplete (or make this a default off option) on ssl forms.
2. Credit card #'s are 16 digits with known prefixes. Detecting them isnt a difficult problem. Same with social security numbers.
Or at least it sure looks like one. I almost lost my lunch when I followed it.
-"...bad old ideas look confusingly fresh when they are packaged as technology" - Jaron Lanier (Digital Maoism on Edge.o
My mistakes were 1. I thought Slashdot was some sort of community of trust. 2. I thought sigs were for witty sayings.
So, getting your point across while still being part of the Slashdot community would involve a sig with obfuscated Perl code that printed:
You dumb ass, this could could have just run rm -rf!
Being an asshat Script-kiddie would involve a sig with obfucated Perl code that actually runs rm -rf.
Firefox crashes more often than Konqueror on Linux, and that says a lot. Also, when konqueror crashes, it does so slowly, usually to memory or cpu overruns. That can be caught and prevented by closing some tabs. When Firefox crashes, all of it's windows disappear without even a puff of smoke. I just can't trust it anymore when doing important form submission.
Compare IE and Firefox security with Safari:
http://secunia.com/product/1543/
- Open source engine
- Less vulnerabilities discovered
- ZERO Unpatched Vulnerabilities
From the Article: IE6, for example, came out in 2001; an eternity ago, in computing terms. Except for a boatload of security updates and patches, it's still basically the same browser it was then. So how Firefox 1.0 can be compared with IE then? Firefox gains new fetures constantly. Let's say that one product has 1,000 customers, and a terrible reputation for reliability. The other has only 50 customers, but a great reputation. Why the difference in reputation? The small product has only 2 or 3 customers with problems, but the large product has fully 50 customers with problems. This is a faulty logic. Let's assume that product A has 1000 customers, and product B has 50. If each of those 50 will experience problems with the product B, than it will have bad reputation. If 100 of that thousand will experience problems, than A will still be considered mediocre.
I only need to clean crap off PCs when people are using IE. Maintenance is ZERO when people use FF.
I've never understood the argument that the more people that user firefox (or linux for that matter), then hackers will begin to target those users, too. Isn't the point of OSS that ANYBODY can see the source code? If a vulnerability is found, why would anyone think it will stay there?!? It will be reviewed and fixed by any number of people in a timely manner. I think that's the core of what makes firefox and the like "more secure". What am I missing here?
Fortunately version 8.0 of Opera is coming soon (like tomorrow)
Get yours today!
seriously- Firefox is too much of a pain in the ass. There are a few cool extensions that I wish Opera had, but I hate managing all those extension s and finding the diamond in the rough. At first glance- I see 21 choices for tabbed browsing extensions. Which one do I want? Should I try them all? With descriptions like "Adds tab dragging with drop place indicator," I sure as hell can't find out from the text what is going to happen (that's from miniT extension--also no idea what that's supposed to mean). The biggest problem with the cool extension manager is extension overload and poorly named/described extensions. Joe Bag-of-donuts programmer is not a marketing guy or usability engineer- his extension is built with only the features he wants to use and how he wants to use them. You get 21 different implementations of the same thing. Sucks really.
While many of oyu disagree with this guy - I actually agree with him! :D Firefox hasn't shown that many security flaws in the past because it had fewer (95%?) using it then IE and those people using it were (mostly) more advanced then the typical IE/AOL user. So we will (i have said this before many times) see more flaws in firefox. We will see more flaws in Linux and other open software...why? Because it is not a divine gift from god made into a perfect form... it is a piece of software created by people (no more smarter or dumber then those who work for MS, and probably some people who work for MS helped out too) so it will have its share of problems...the more people that use it, the more problems will come to light.
/.'ers ---- security through obscurity. FireFox was relatively unknown (obscure) so had few known security holes - as it is becoming more wellknown and attacked - it will have more security holes revealed.
As said before by many other
So for you nay-sayers who think the article writer is wrong - he is not - just because you do not like what he has to say does not invalidate the message.
I mod down so you can mod up. Your welcome.
But if I install Firefox and don't use IE on ANY PC, even an OUTDATED version of Firefox, my computer stays immaculate and free of malware/adware/trojans/spyware.
If I use IE6 from the beginning, fully patched... my computer still gets a boatload of garbage attached to it.
So tell me again Mr. Langa, how is it that IE is superior, in any way? Is it superior technologically? No, you say as much yourself -- no innovation since 2001. Is it more secure? Well, with all the updates that have come out for IE, I am still not secure from spyware and malware. Does Microsoft like to patch as early and often as Mozilla? Nope -- Mozilla has set a monthly timetable to release updates and does it even earlier if the security necessitates it.
The arguement Mr. Langa presents is profoundly stupid -- and this is coming from a Microsoft advocate. More entertaining is the fact, that he refers to US-CERT listings of vulnerabilities for browsers, yet fails to mention that they do NOT recommend IE -- but rather Firefox. Go figure.
I have no problem saying that IE is an impressive browser -- especially considering that it's going on 5 years old. However, that impressiveness doesn't last, especially in the world of computing. Firefox is the next generation browser, and they have focused resources in keeping it up to date, and well built. Microsoft ABANDONED its IE team entirely -- it goes to show you the indulgence they had in pursuing the product. The NUMBER of problems Firefox has had is greater, sure... they have more dedicated testers, a more competent userbase, and discover more flaws than IE, and list them as such. Some may be very, very minor, but they are LISTED, nonetheless. Microsoft has time and time again, taken note of IE's 'small' vulnerabilities and passed them over because it doesn't necessitate the cost of fixing them versus the potential return for anything.
So yea, Firefox has more bugs. They also fix more bugs. Firefox works faster, has more features, and takes up less resources. It will NOT give me spyware, popups, and virii. IE does all of that and worse.
So tell me again Mr. Langa, does having the ABILITY to get more problems overshadow actually GETTING more problems? Microsoft is like Valve -- great products, with no updates. Which makes them damn near unusable. It's software like Office that I love, which even if there are security problems -- they still freaking work. Which is less than I can say for IE.
The price is always right if someone else is paying.
all right... i don't think the person posting this article took his time and read through the site, or else he wouldn't expect a balanced review.
this site is not exactly reasonable and balanced in its opinions. look at the "achilles heel of linux" article, in which he describes that he cannot get one particular sound card working on linux...
as long as there are people who expect OSS/Free Software solutions to work as well as the solutions provided by a certain company that forces almost all hardware vendors into compliance, there will be arguments like the ones presented on this site.
nothing to see here... move along
He makes the argument that people who think Firefox is better believe so because of the smaller installed user base. IEusers = stupid, FFusers = smart. Therefore, of course Firefox comes off better. If Firefox had as many stupid users as IE, it would be considered as bad as IE.
I call bullshit. His own argument doesn't make sense, because then he argues that IE might have the same percentage of problems as Firefox. He's begging the question of whether the percentage of problem users is the same with each browser. What do you want to bet that someone is going to quote this article saying that "5% of Firefox users have problems! That's the same percentage of IE users that have problems!" Those are made-up numbers. He's using them as an example. He hasn't proven that they're equivalent
He also digresses, severely, into "Linux isn't really more secure." Well, actually, it is. To my mind, the worst vulnerability out there is one that allows an attacker to remotely execute arbitrary code without user intervention and without personal intervention by the attacker, either. Getting someone to type in a password is a cross-platform vulnerability. Spending a few hours individually targetting that Linux server with old updates happens (just ask me about my friend's goddam mail server). Reading email in an email client with IE-HTML-rendering -- a proven way to do this -- is pretty specific to IE.
After all, it's Windows that has spawned the Sargasso Sea of worms, viruses, Trojans, etc. etc. etc. ad infitum ad nauseum. There is a self-sustaining ecosystem of malicious code that infects and reinfects Windows. UNIX doesn't have that. Of course, UNIX is such a newcomer to the Internet that it hasn't had time to develop that ecosystem -- sorry, what did you say? I'm sure UNIX must be brand new, that's why there are so few automatic exploits, right?
Third, he thinks the raw numbers for vulnerabilities mean anything. They mean nothing, especially when you compare the different philosophies of Microsoft vs. most Linux distributions. Microsoft = admit a problem only if we have to, and then only before it's patched, and if you don't give us 6 months to patch it you're an irresponsible extortionist creep. Linux = full disclosure of every nitpicky bug anyone can think up, like the one where someone with physical access to your box can open the case and copy the hard drive! Claiming that CERT is a wonderful impartial catalogue of vulnerabilities -- when they roll over for vendors, and without mentioning their recommendation to avoid IE -- is disingenuous at best.
The real question for these security vulnerabilities is: do they matter? You can tell by identifying the following: Are they remote? How much user intervention is needed? What can happen if the vulnerability is exploited? DoS is sad but not, frankly, that big a deal. Arbitrary code execution is bad. Priviledge escalation is bad. Sniffing passwords is bad. Does the attacker need to sit there and think about your computer or can he just turn loose an automatic exploit? It might even be that IE is better than FireFox on that at the moment -- I doubt it, but it's possible. However, Langa doesn't examine the real question. It's easier to count beans than to identify them, or know how to make use of them.
His argument seems to be that since Firefox isn't perfectly secure, it's as insecure as Internet Explorer. This is a fallacy. I can't remember which one. The stupid one, I guess.
Ok, now I feel better.
Poster bias: I loathe and despise Microsoft. I think Symantic is a parasite. I like Open Software but "free as in beer" means nothing to me because I also loathe and despise beer. I think Firefox is fine on Windows but it is lousy on Macintosh. My personal favorite browser is Safari.
What I say does not represent the views of my employers, my friends, my cats, or myself.
. . . since Microsoft doesn't bother to patch IE, there's no reason to go looking for new holes.
If Microsoft got to keep its monopoly, web designers would keep using MS-only features making it harder and harder for Firefox to do well. Its true that things aren't going to be quite as nice with Firefox... eg. people are begining to figure out how to sneak past the popup blocker. However, more and more sites are also begining to take Firefox compatibility seriously, now that its in the spotlight. I've noticed a couple of sites I use had annoying glitches with Firefox that they didn't fix for a long time... I even e-mailed them a patch to their CSS that would fix it. However, when Firefox got all the press attention after 1.0 the bugs were suddenly fixed within a few days.
So its a tradeoff, I guess. We're going to have an arms race on our hand when it comes to popup blockers and such, but a lot more sites will fall in line.
Im a Security Architect for a large bank in the US. The author is trying to obviously trying to sway the true numbers of vulnerabilities because he neglects two things. 1. Microsoft rolls up vulnerabilities, often remediating more than one item per patch. 2. The US-Cert list also contains Linux hardware, VPN's, and Cisco IOS vulnerabilities in the Linux category as well. Not exactly apples to apples. If Im managing risk to my environment, a shorter time to patch is definitely a plus, and one Tuesday every month isnt good enough. I have to mitigate that risk with other systems when I run Windows (additional HIDS/IPS, proxies,tripwire,etc.)
As more and more time goes on, and i get more and more involved with computer security, malicious software removal, et al, the less and less i'm taking Symantec seriously.
It's one thing to be a paranoiaware company that preys on ppl's insecurities and naivety.
It's yet ANOTHER thing to produce some of the biggest pieces of malware around.
Thirdly, there is a small but otherwise yet undefeated collection of evidence that Symantec themselves are a contributor of some of the more "harmless" internet worms.
All in a day's marketing, hey folks?
do() || do_not();
BZZZT!
/.) can understand it. Lets not confuse access with comprehension.
/. Is one of the places where every one pretends to be an uber hacker, and few admit that while they could program a flash web page, they couldn't understand the source to Firefox to save their little lives.
Wrong!!!
Anybody can get access to the source.
Not very many people (especially on
Unfortunately,
Exactly. Not that vulnerabily counts aren't important, but you have to dig for more information. The article said there were 13 reported for IE and 21 for Firefox in the same time period. OK. How many of those have been fixed in IE and in Firefox? What was the breakdown on severity? What platforms were affected?
If the author didn't want to go into all this detail to give a more accurate picture, he shouldn't have just thrown out those numbers. I won't go as far as to say they are meaningless, but they don't paint an accurate picture.
My beliefs do not require that you agree with them.
A fully patched Internet Explorer were known to be unsafe for 98 percent of the time during 2004, while Firefox -- were "unsafe" only 15 percent of last year according to ScanIT:
S 2004&page=3/
http://bcheck.scanit.be/bcheck/page.php?name=STAT
Fred Langa, a former Chief Editor of Byte and Windows Magazine, has been covering computers since the days when 640K was more RAM than anyone could possibly need.
Wow, a chief editor for two Windows magazines. Go figure where the bias would lie.
I guess if I wrote for Linux Weekly, and published an article why Windows sucked ass, everybody should take me with great consideration because I would inherently be unbiased.
Bah.
The price is always right if someone else is paying.
If you're so afraid it of its security vulnerabilities you can always uninstall FireFox. Can you do that with IE?
i copied my profile folder from my old windows computer to this linux box. saved me hours.
You suck at teh internet.
t icle.jhtml?articleID=160900911
Here's the same link again, except that it's pointing to the correct place...
http://www.informationweek.com/shared/printableAr
It is like asking a child welfare activist, "Is enough being done to protect our children?" What kind of answer would you expect?
The author seems to misunderstand the two models of disclosure. MS doesn't want anybody to know that the software has holes in it. Theoretically, that gives them time to fix it before someone devious exploits it. Unfortunately, MS has had a track record of just sitting on a bug. Many security firms and individuals have had to publicly announce or threaten to announce a bug, before MS would even acknowledge it existed. In this way, MS looks good in terms of numbers of holes and response time. Don't announce the bugs, but when they do, announce a patch immediately. It doesn't matter that the bug may have existed for years before they fixed it.
The open source model relies on people to report bugs. The bugs and fixes are more numerous and may have longer response times this way.
Some things missing from this shallow analysis of Firefox and IE vulnerabilities are severity and likelihood of the bug. Firefox may have many more bugs than IE, but how do they affect the machine? How many allow a hacker to completely hijack your computer? How many of them simply cause browser crashes?
Also what is the likelihood that an exploit exists "in the wild". Some bugs might take an uber-geek whereas some are relatively simple.
From my experience, it seems that IE bugs are very critical and many allow for computer hijacking. Also many of them are easily exploitable.
. . .these users were "friendly" to their operating system of choice, and were not inclined to mount attacks against their fellow users. Instead, when these users found an exploitable hole in part of the operating system, they reported it and helped to correct it. In fact, this was an example of the open-source movement at its finest.
I also have to disagree with this contention. While many hackers are altruistic, that doesn't mean everybody. Hackers like Kevin Mitnick caused problems.
Well, there's spam egg sausage and spam, that's not got much spam in it.
Once you see Adblock, you'll just have to install it ;) That extension alone makes Firefox worthwhile.
The article reads better if you consider it a response to the question "Will Firefox save me from the evils of the Internet?".
The author pretty much buries IE and M$ on security, and then proceeds to remind us not to be to fast jumping to Firefox, as it isn't perfect either. It is fairly new as software goes and we will have to wait and see now that it has enough of an installed base to attract the cyber villians.
If anything the author implied that you should walk, not run to Firefox and remember to apply your bug repellent.
BTW. I use Firefox almost exclusively, and have watched as websites have slowly gotten around the pop-up blocker, and how 1.01 came out to block the multi-language DNS hack, which IE isn't vulnerable too because it is so old.
Agreed. The metric I'd use is the number of bugs traversed per lines of code traversed. (That way, you don't count "dead" code in either direction and you have a count that is relatively neutral to the style of programming.)
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
avg antivirus is better.
they have a nice free version that takes a LOT less resources to use. the last norton i installed took like 40% of my comp's speed just to hide in the backround and miss viruses.
free vs paying for junk.
norton wants ie, that's cool, i want free firefox and free avg (and free sygate for firewall ain't 1/2 bad)
This is typical Apache vs IIS FUD, from the article:
"All software is imperfect, and as more and more users come to employ any given piece of software, more flaws will come to light. At the same time, as more people come to use a given piece of software, that group will become an increasingly interesting target to miscreants, who will actively seek out the exploitable flaws.
Both these trends mean that we'll be hearing of more and more security problems in non-IE browsers and non-Microsoft operating systems in the future. "
Excuse me, Apache is more secure than IIS and it has a 68.43% to 20.86% market share in Feb 2005 according to Netcraft.
As far as I can see
An interesting choice of words - one that aptly demonstrates the difference between closed and open source. The appropriate answer is that you should consider opening your eyes, so that you can see more.
You are assuming that you need the source code if you want to find bugs to exploit, which is a false assumption. No source is necessary.
My best understanding is that Mr. Langa is not technically qualified to judge security vulnerabilities. Any judgement of security vulnerabilities depends on an intimate knowledge of the difficulty of exploiting the vulnerabilities, and the chance that the exploit will seriously compromise a system. I've never seen any indication that Mr. Langa has programming ability.
Microsoft Internet Explorer is the buggiest widely used software I've ever known. In one two-year period, there were 57 serious vulnerabilities in the most recent versions of IE. The link above lists 117 vulnerabilities of all kinds at present.
Langa's free LangaList and the paid version with 20% more content, LangaList Plus can sometimes be useful if you must administer Windows computers.
The $11 per year paid edition is supposed to be free of advertising, but it is perhaps 25% advertising. The paid edition advertises the LangaList extensively, Langa's favorite charities, and his sense of humor. In the most recent edition of the paid version, 4 of the 13 articles are his personal advertising, and not related to Windows computer issues.
Often links in the LangaList lead to articles in magazines for which Mr. Langa is a paid writer. So, part of his advertising is for publications for which he writes.
The LangaList is often somewhat lacking in considered content. Sometimes he just links to Google searches.
The content of the LangaList is partly written by readers. Typically, the letters to Fred that are quoted begin something like this: "Fred, you are my hero. All other newsletters are terrible, yours is wonderful. I have been a paid subscriber for years." So, typically, the first sentence of the letters written by readers is advertising, also.
The result is that Mr. Langa makes his paid subscribers wade through a lot of material not relevant to Windows.
People who are knowledgeable about computers usually have no idea how complicated it is to do marketing, and their lack of knowledge shows in every attempt. Mr. Langa is embarrassingly lacking in marketing insight.
Mr. Langa has a history of finding fault with Linux. Perhaps this is another novice marketing attempt. Perhaps he does not want to lose subscribers because they converted to Linux. I've never seen any indication that he is qualified to judge the quality of operating systems.
The LangaList often passes on recommendations from readers about free software apparently without sufficient testing. As far as I'm aware, there have been no problems with this, but how would someone discover this if Mr. Langa did not write about it? It seems possible that the LangaList could spread problem software to its readers.
formhistory.dat is encrypted.
Research shows that 67% of those who use the term "research shows", are just making shit up.
My Linux box is frequently targetted, but it's all Windows exploits so it doesn't matter.Ah, so there is no such thing as "security" then.
Just "marketshare".
No matter how many software experts put in how much effort, the end result will spontaniously generate "flaws" as more people use it.
By that "logic", there is no difference between a browser ("A") written by a team of experts who focused on security
Flaws do NOT appear just because more people use the software.
Code is not magic.
-matthew
"THERE IS NO JUSTICE, THERE IS ONLY ME." -Death
Have each user account associated with an encryption key. That key is used to encrypt all auto-complete information. That way, auto-complete still works and doesn't need to know about credit card numbers (or about any other important type of data), but doesn't expose the information to unauthorized individuals.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Everytime I read about him it is the front page of Slashdot.
Why is it a media troll is getting all this attention when he should be relegated to obscurity with the crap he publishes. Please Please do not submit anymore of his stories so hopefully he will go away.
Having read the article, and also followed the author's advice to read the security bulletins, I found that the article is mostly bullshit, which stumbles upon lucid points occasionally, though I think this is mostly by accident. /. all day, have a desire to defend Firefox, and don't have a job.
I didn't bother to do a count of items in the bulletins, as this is an utterly worthless metric. Nor do I agree that percentage of complaints is a worthwhile way to judge two competing products.
Just to dispel that idea. Consider for a moment that in his example of 1000 users of A vs. 50 users of B, a 2 person anomoly would be a 0.2% shift in the numbers for A and a 4% shift in the numbers for B. That margin of error for product B is so large as to make the whole study worthless.
On the other hand, of the items in the bulletins, Firefox did have some serious flaw, e.g. the kind that end in "would allow a malicious user to execute arbitrary code." So, the author is right that Firefox is not some panacea for security, he just fails to explain the real reason why.
Now, is Firefox more secure overall? I haven't the slightest clue. I really don't have the time and or will to go through the bulletins, aggregate all of the flaws for each browser, assign a numerical value to each severity, and then come up with a score. I offer this idea to any of those who surf
The author also brings up the old argument of, its not currently a target, so its more secure because of obscurity. I think this argument was valid, right up until Firefox hit 1.0. Before that, it was an obscure little browser which didn't get much attention. However, once it hit 1.0 it got a lot of press; and, the way I see it, this would have given a huge incentive for the black hats to start hitting Firefox, for the right to say that they had one of the first working exploits for this new browser. So, I think this argument falls apart.
So, without a real study to backup and/or revoke the idea that Firefox is more secure than IE, the only thing I have to go on is antecdotal evidence. Right now I support about 100 computers. And, because of the way we do business, each user has administrative access to their own box (fun on a bun!). Now, because of this, I have a mix of IE users and Firefox users. For the most part, the computers which I am cleaning up spyware/adware on all of the time tend to be the IE user's computers. While I do have to do an occasional cleanup of a Firefox computer, the problems tend to come from other third party apps bundled with spyware, as opposed to the IE, browsed to the wrong page and got infected spyware.
Does this mean Firefox is more secure? No, one factor, which I can't really rule out, is that the people who use Firefox also tend to be the more knowledgable computer users; so, they may simply be better at avoiding infection. As a counter example, our network engineer runs IE, and doesn't have a problem with spyware/adware, so maybe its just the person at the keyboard making the difference. But, still the preponderence of the evidence would suggest that the Firefox machines tend to be less infected, so there is some correlation, if not outright causation.
One other thing, which helps keep me on Firefox, have you ever tried to re-install IE6 SP2? Fucking pain in the ass. Some spyware/adware will attach itself to the IE DLL's, and is near impossible to get rid of. Also, I have had more than one machine where the removal of the spyware/adware has broken the IE scripting engine. This is also ignoring that crapware that damages winsock as it gets removed. Thank <insert diety here> for the automated winsock repair tool.
MS has made re-installing IE harder and harder as they have released updates. In IE5 I could do an add/remove programs on it, and get a reinstall out of it. In IE6 SP1, I could futz with the registry and get it to allow a re-install. Now that seems to be broken, as the MS recommended registry change to allow a reinstall seems to be broken. Th
Necessity is the mother of invention.
Laziness is the father.
Firefox has, apart from skins, a consistent UI across platforms.
Having to learn another UI is one reason people say they keep with IE.
"It should be no surprise that alternate browsers--or alternate operating systems, for that matter--contain flaws."
This is right after the line that says, "Six vulnerabilities were reported in Opera and none in Safari." So it basically says, "The default OS X browser didn't have flaws, but anything that isn't M$ or IE has flaws." I just don't follow this train of thought.
I also noticed that if you add an 'i' to fred, you get "fired". I hope his bosses notice the connection.
What about my UML generated source? hmmmm All Software indeed.
All Journalist write crap. Depends on your definition of crap is or Journalist is or is is.
For the purpose of this discussion TFA=CRAP;
My favorite part of the article. Statistics show them to be insecure.
Did you use statistics to see the resulst of these insecurities? 52 Zombie PCs != 52 Pop-ups
Then using other peoples Paid for Numbers he goes on to "prove" his point.
OSGGFG - Open Source Gamers Guide to Free Games
I've got to say that in my dealings with old Freddie, I've found him to be an egocentric idiot. Any opinions outside his are trash, and the holders trash as well.
Which is well, considering I consider him a hack of a writer.
especially compared to SPYWARE.
I used to spend a lot of time fixing friends computers because of viruses. Now, I spend it in cleaning up spyware. Spyware that was installed compliments of Internet Explorer, and has forced their machine to a GRINDING HALT.
Yet, I am still waiting for the first person that I have to spend 4 hours cleaning up spyware after they've switched to Mozilla/Firefox/Thunderbird.
Until I have confidence in IE to block popups, and stop installing apps w/out question (and I won't even to into FEATURES, like tabbed browsing, in-page document search, etc.), I'll stick to Firefox, thanks.
-- You can't idiot-proof anything, because they're always coming out with better idiots.
It takes forever to launch. IE just pops right open. Am I teh only one? Never really had a problem with IE in the first place. Yes, I use tha intrawebs all day long, many windows open, etc. Normal use of McAfee, AdSubtract and Spybot. Feh. - KBZ
I just lost about 2GB of data because of your sig. What the hell is wrong with you?
Just wanted to point out for similar tactic used again Linux when comparing it with Windows.
First, it claims that yeah, Linux (Firefox) is good, open, etc. etc. and then comes contra attack - BUT what it claims isn't so. And begins - yeah, security reports are much more, there is no big (bad) company behind product, there are some unsuported thingies, etc.
I don't have time to write it in proper english, but all what I wanted to say that I getting tired from that Microsoft can't stand competition and use their PR machine to milk oposition. Healthy criticism is always welcome, but somehow I still have to see that. Usually such articles is targeted to those users who are in doubt - to prevent their migration.
It would work for some time, but in the end, Microsoft PR will end in big trouble.
user@ubuntubox:~$ stfu This server is going down for shutdown NOW!
It also doesn't matter whether Firefox has more security problems than IE. That's not the true test of which browser is more secure.
Software that complicated is ALWAYS going to have bugs and vulnerabilities. It's the nature of the beast.
The more reliably secure product is the one which responds to vulnerabilities quickly, both in terms of patches to the development trunk as well as to the user base.
So for all the people that pat themselves on the back because for some period IE had fewer security related bugs than Firefox, whoopdedoo. Firefox still patched them faster.
Besides, no matter what you say about Firefox vs IE, Fx doesn't do ActiveX, while IE still has that tremendous gaping hole wide open (can you say "bend over" ?)
You have a statement from a software company that makes money off of other people's insecurity.
And when I say that, it is 2-sided:
Fear on the customers side,
and Lack of security within the product
With commercial software this situation works very well for your sales. But enter open source....
Open Source: There are no secrets. From open code to a very liberal publication and release policy on breaches. What's more is the software isusually patched within hours of of pubication (at worst). The user derives MORE value from automatic updates than they ever would from buying a virus scanner.
OpenSource then becomes a pancea of trust. You are not bound by relesae cycles, everything is out in the open. You just don't need a virus scanner on Linux unless you're a file server looking for PC viruses.
If Linux takes, off, it is the end of McAffe. Expect this FUD.
Slashdot's rate-of-post filter: Preventing you from posting too many great ideas at once.
We consider IE's problem with "autodownloaders, backdoor spyware" and such, but Microsoft considers these 'bugs' as features.
If you design an application to autodownload, autoconfigure and autorun... no matter how annoying it is to everyone, it's a feature, not a bug. So, by the facts, according to Microsoft, these arn't security holes. Right?
-Oy Vey
"security by obscurity provides a fairly good amount of security assuming you can keep your code secure"
That's not quite right. It assumes that you can keep it secure (as you say), and it assumes that the workings of the program will not be suceptable to black-box reverse engineering.
IE appears to have hidden the code pretty well. But it has proven very suceptable to reverse engineering.
"...more security vulnerabilities in the last six months of 2004 were found in Firefox than IE..."
WHO THE FUCK CARES?!?!? All these dumbass writers need to learn that all bugs are NOT created equal. There is a BIG ASS DIFFERENCE between "small flaw that could theoretically be exploited but the good guys found it first and fixed it in two days anyway" and "gaping hole in the default configuration with thousands of exploits in the wild for months on end." I mean, fucking A, how awesome is it to run Windows Update and see a warning like this? "Identified security issues in Internet Explorer could allow an attacker to compromise a Windows-based system... This affects all computers with Internet Explorer installed ( even if you don't run Internet Explorer as your Web browser ). [emphasis added]"
Which would you rather live in: a city with a hundred arsonists or a thousand litterbugs?
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
http://www.googlefight.com/index.php?lang=en_GB&wo rd1=firefox+has+security+holes&word2=internet+expl orer+has+security+holes o rd1=%22firefox+is+better+than%22+%22internet+explo rer%22&word2=%22internet+explorer+is+better+than%2 2+firefox
http://www.googlefight.com/index.php?lang=en_GB&w
these say it all...
The reason internet explorer is mentioned 66,100,000 more times than firefox is because Internet explorer appears in 66 million times more security reports than firefox appears in.
this article was so much not about firefox, it made my eyes hurt.
/. comment once :)
Really people. It's just a rant. And an uneducated one. You might see it pop up as a
How much of this is attributable to Apple? I figure the Konqueror team has more to do with the security of Safari than Apple...and isn't this more because there isn't a browser for Win32 that uses KHTML as its engine???
If there was a Win32 browser that used KHTML, I'ld figure the number of vulnerabilities would go up signifigantly...
First the "IE-only" page problems, is a problem for website operators, not Mozilla (get a UserAgent editor plugin, and fake IE if you wish, or better yet, send them an e-mail every day that you visit and can't access something).
:)
However, the article does make good arguements... that is, if the article was written 5 years from now. Firefox is not a mature browser. 4 years after release, IE 6 still has bugs, no new verson yet. Firefox has only been 1.0 for less than a year. There is certainly a break in period after software of this type reaches critical mass before every bug is vetted.
What the author fails to understand is that by it being open source, more bugs can be found, faster, and fixed, faster. I would certainly HOPE that there are more bugs in Firefox found on a month to month basis. Internet Explorer keeps chugging alone, spitting out new vulnerabilities like breadcrumbs. Firefox on the other hand is now very public, and getting a large influx of bug reports and fixes. However, after Firefox has killed 99.9% of its bugs, Internet Explorer will keep popping out exploits like an assymbly line because limitting the source code means that:
A) A small number of coders can actually look for exploits. Everyone else is basically left to hope that the next IE hacker publishes their exploit. And, once found, you sit back and wait for MS to fix it, instead of coding the fix yourself, or at least submitting fix code, or just even pointing out the area of code that is the problem. With IE, it's not as though you can e-mail them and say, "I found exploit X... It's occurring around line 7934 of file Y."
B) Firefox can truly change focus on a dime, just like with the IDN issue a few months ago. It doesn't take a manager of a manager of a manager to hold 50 meetings, talk with investors, talk with worldwide vendors, talk with politicians, and then make a decision at Mozilla. And, if you don't like Mozilla's decisions, it's open source, and you can always go "fork" yourself.
Is Firefox more secure? No. It's not supposed to be right now. Does it have more features? Yes. Is it easier to use? For me, yes. WILL it be more secure than IE once the initial round of exploits have been found? Damn skippy! And THAT is why Firefox is more secure, and why Lynx is still used today. Open Source projects, especially ones that have a great single goal in mind, like just browsing (leaving all the fluff to 3rd parties) eventually turns out something rock hard solid and stable.
It's just the "new" or "continually growing" ones that will have many of the same pitfalls of closed source. The only difference, is that even with those pitfalls, open source still has all of its other benefits.
Good article on statistics. Wrong conclusion and timing. Just another example of some writer trying to make themselves heard over the masses by trying to sail against the current. Unfortunately, his dingy is too small for this trip.
Cleaning the net one sed at a time! s/sex/sermons/; s/hot/holy/; s/goats/thebible/; www.holysermonswiththebible.com
Side question: why are you here?
Anyhow, Some bugs are "Does not render this page like IE", when it's IE at fault. Others are "Can crash when running on an Alpha". More are "This UI element is spelled incorrectly" or "Please change order of head panel". Some are "real" bugs.
IE Comes out with a lot less info about what bugs are there, but the ones they let us know about are ALL bad and more are worse than the worst Firefox bug.
I don't know any reputable websites that try push adware,malware, backdoors on users. Please prove your point by posting a url to a site that tries to do a drive by installation. I've asked for this many times in past, and yet no one has produced it. I've used ie for 5 years and yet to get hit by a drive installation.
Have you ever been to a turkish prison?
-- "I never gave these stories much credence." - HAL 9000
Half of the downloads are bad? Sounds like user-error to me. There is no way THAT many downloads are wrong. He probably doesn't have the plugins to play them, and he's too freakin' lazy to click the "Click here to install plugin" link where the plugin should be. Is he misusing the term "download" to include those actions performed while streaming a movie to a plugin, such as quicktime? As for the download SIZE he was talking about, perhaps since when he clickd the "CLICK HERE TO VIEW MOVIE" link, it doesn't work, so he tries right-clicking and "SAVE TO DISK". This, in effect, would save a html page rather than a movie, if the link is directly accessing the media file. The file size WOULD be off since he downloaded a 2KB html page. If you try dragging that to WMP, I'm pretty sure you're NOT going to be seeing what you expect.
I really like howsome journalists can be very selective in choosing the reader reviews that they receive.
Unfortunately, Safari isn't available to most users while Firefox is.
And I don't know whether Apple contributes their code back to KHTML or not, but I've used Konquerer recently and the rendering engine still comes up short against the high standards compliance of Firefox. That's not to say it mishandles standards, but it supports fewer standards than Firefox.
The global economy is a great thing until you feel it locally.
Win2k/XP will swap anything out that's minimized. It's a really broken example of memory management. In a real OS, the system paging executive has no idea about what's "maximized," but rather uses something intelligent like page aging.
This is why you don't have any problems on Linux, but do in Windows.
How about the huge fucking memory leak in Firefox? On my Linux box, Firefox is a huge memory whore, and will completely overtake the system within about 2 days if I have significant number of pages open. We're talking about 1.2 gigs of memory (including my entire swap) just for Firefox. I found a potential remedy online, but its more of a hack than anything.
Is this problem being addressed? If they can't fix such a gigantic memory leak how could I expect them to fix more obscure security issues?
Wow you can actually compare a product that has not even been out for a year, and IE6 which has been over for over 3 years, and say one is more secure than the other, man do you need to take some logic classes. I would never claim as either browser is more secure, because right now FF might be secure, but tommorow morning it might not because of a zero day exploit. I seriously do switch between browsers based on the existing open exploits....
-- "I never gave these stories much credence." - HAL 9000
..article, but I still think Firefox kicks the crap out of IE, LOL.
I've always felt that an OS or browser are just parts of a toolbox; however, I can see how easy it is to become attached emotionally to software so that you can become subjective.
People complain incessently about how unstable Windows OSes are, when I've had Win2k boxes that were up FOR YEARS without a crash, and I've had Mandrake and Slack installs that crash periodically.
Then again, people complain incessently about the difficulty in installing Linux on modern hardware and I've had easier times configuring SATA under Mandrake and Slack than WS2003.
Water is wet, women have secrets, Operating Systems have problems...
Loading...
I beg to differ: The most popular automobiles are frequently the most stolen. For example, here in the States the Toyota Camry, a best-selling sedan, is one of the most commonly stolen cars. The reason? It's ubiquity provides a market for used parts. Similarly, a 10 meter brick wall is more likely to be vandalized than a 2 cm brick wall. Why? Because the bad guy will gain more attention by hitting the big targets.
And after all, crackers are looking for attention.
> of Information Week
followed by:
> I was excited because I thought I was going to get to finally read an enlightening, in-depth article
- Open source engine
- Less vulnerabilities discovered
- ZERO Unpatched Vulnerabilities
You forgot one point:
- Dozens of users world wide
Please, we are talking about browsers with market share here. Apple products are like those silly rumors in high school "I have a friend, who has a friend, who has a Mac, I hear it does magic."
Pfft. Ship it with a real mouse, then maybe.
Multiple vulnerabilities that could allow an attacker to install malicious code or steal personal data have been discovered in the Mozilla Suite and the Firefox open-source browser. Details of the nine flaws were published on Mozilla's security Web site over the weekend.
oh boy
Every time I do a new install of Windows, to download Firefox of course.
I guess I should switch back to IE right away.
On the question of timing, one other issue should be noted: the Symmantic report is for bugs in the second half of 2004. Version 1.0 of Mozilla was released on 1 Nov 2004, as reported on Wikipedia. http://en.wikipedia.org/wiki/Mozilla_Firefox Surely the Firefox developers can be excused for having flaws in beta software. Finding bugs in beta testing means that the software devlopment process is working. Symmantic is just reporting numbers, so I don't see that they are trying to mislead. But it seems to me that any one taking these numbers as evidence the Firefox is buggier than IE is rather cynical or blined by partisanship.
Think global, act loco
Did you read the "actual letters" listed in the article? They are rediculous examples! Here is basically how they all go: Dear Fred, I bought a car a month ago but now it doesn't start. I've been driving it every day to work but for some reason it died on the freeway and won't start." Hey idiot, you didn't put gas in it!!! Same thing, these people who are qouted in this article should not be within 10feet of a computer.
aren't IE's fault though.... they are bug in the integration of IE into Windows and in Windows itself. and I remember the advice I saw here on this very /. - "If you're surfing the Internet using IE and logged in as Admin, the security problem is not the software."
Power to the Penguin!
I currently work for Symantec, in one of the recent acquisitions. Man, what a disappointment. It's getting to be an embarassment to work here. I'm glad we still have Mcafee, because NAV is an innefective system-hogging smurf-interface complete POS that required a wipe-and-reinstall to remove. Symantec firewall? Not as effective as the free ZoneAlarm version. I could go on, but I won't even GIVE this sh!t away to my friends and relatives. Symantec will probably f@ck up the Veritas reputation just like they have with Norton. Oh yeah, and then there's the useless Win-like virus products for OSX, which just doesn't have the same vuln vectors. (*shakes head, posts resume to dice...*)
Foo.
Don't kid yourself and think the Mozilla team doesn't have "classified" bugs. For instance, there was a bug fixed some months ago whereby "shell://" URIs on Windows would allow execution of arbitrary programs. Turns out the Mozilla developers had known about this for years and classified the bug report. Once the exploit was in the wild, they de-classified it and fixed it promptly.
I think you should ask the Mozilla team why they classify bugs in the first place. To me, it seems incredibly dishonest, especially in the cases (like the one above) that "reaffirm" the open source "bug fixes in two minutes" myth. The reality of that particular situation was not that the bug was fixed immediately, but that it took years to do anything about it.
Certainly gives you something to think about...
IE Comes out with a lot less info about what bugs are there, but the ones they let us know about are ALL bad and more are worse than the worst Firefox bug.
You don't consider chrome spoofing to be that big of a problem?
If you want to know which browser is the most secure, you should look at the total number of security bugs known to exist and the severity of those bugs.
No, you also have to look at the number of people trying to exploit them.
By your argument, a locked house is more secure than an unlocked one. But a locked house in a bad neigborhood of New York is more likely to be broken into than an unlocked house in the wilds of Alaska, right? So you can't judge the security of a house by looking at the locks - you have to look at the neighbors as well.
No matter how long ago, or how thoroughly, or from however many different sources they hear about the problem, Microsoft has managed to completely discourage any disclosure that fits their definition of 'premature' disclosure.
Open source, or free software projects tend to accumulate published bug reports, not because there are more bugs, but rather because they encourage the feedback.
Some of the points in the article are worth thinking about. But, citing published studies of numbers of disclosed vulnerabilites makes me less likely to care about the validity of the article, because there appears to have been little critical analysis of sources prior to citing them.
That security issues in IE are actually fixed!
There are countless issues in IE that have never been fixed, thus a single 6-month period when more vulerabilities were discovered in Mozilla is mostly irrelevent. What counts is how many vulnerabilities exist at any point in time.
OK, I know it's not quite that simple: more problems means more downloads, means more users won't actually have the latest version, but still, the article's premise is flawed because of unpatched bugs in IE.
The real "Libtards" are the Libertarians!
Fred Langa does this from time to time. He writes an anti-(insert product) article that is generally baseless, all in order to whip up some activity for CMP, and media attention for himself.
Fred's last whine-a-thon was over not being able to get sound working on a Linux distro. He damned Linux for being behind Windows 95 in technology, in essence.
Fred publishes the free "Langalist", an essentially nubie mailing list where downloads, technologies and facts that everybody knew yesterday, are re-born as new discoveries today. He also has a "Plus" mailing list, pay-per-view with more content. Interestingly, some of his pay-list funds go to sponsor starving impoverished kids overseas. The same ones that US jobs are being outsourced to.
Fred Langa is essentially useless.
Go ahead and -1 Flamebait this truth.
A "trouble rate" doesn't apply to software in the same way as to hardware. A trouble rate of 5% for Acme light bulbs could mean that due to manufacturing variations a few bad apples will burn out too soon. But copies of software are identical -- if one person has trouble, everybody has trouble. The trouble rate is either 0% or 100%.
What could a fractional trouble rate mean for software? Maybe it's what fraction of the offered features actually function correctly. But that measurement doesn't depend on the number of people with copies of the software. Or, for browsers, it could be what fraction of web pages render correctly. But the test pages should be standards compliant, not "Optimized for IE". And that definition is pretty useless for gauging security.
The author either fails to understand that computers are deterministic or is willfully misinforming with this analogy.
AlpineR
I had this problem also, but with Excite. But I don't have the problem any more. I use the AdBlock plugin instead of the built in ad blocking. The plug-in allows blocking by URL instead of just by server. Much better.
You have to grant that IE 6's security flaws never reach seem to reach beyond the Windows platform.
Exactly. But think of the other side of that. 13 security flaws for IE - they all affected Windows. 21 security flaws for Firefox. Let's say, just as an example, that 3 of those were Linux only, and 1 was Mac only. That means that Windows users were only affected by 17 of them. So 13 vs. 17 doesn't seem that far off.
Of course, these are just example numbers, and the original article didn't address it at all.
My beliefs do not require that you agree with them.
Any piece of software has bugs thats life. The only thing I found irritating about the article is he seems to go out of his way to make mozilla and linux seem more unstable or insecure without giving all the facts. The very sight he refernced only listed possible issues not actual ones. But hey he's a microsoft lover so you can't expect anything real valuable to come from him
WTF?
as soon as I saw Fred Langa's name. He has a well earned rep of providing inaccurate information to bolster Microsoft products and trash OSS. That is my tactful way of saying he is incompetent, biased, or a shill. Perhaps he is a mix of the three: an incombiashill.
Years ago, Fred added the announced vulnerabilities of multiple distributions to demonstrate Linux had more security problems than Windows, not allowing for the fact that there would be duplicates from multiple distros including the same code. Either Fred does not know what he is talking about, or he is being misleading. One is bad, and the other is worse. Either way, what is the value of his "analysis"?
It is the same way with the constant stream of nonsense spewing forth from Redmond. Whether they are confused or deceiptful, it does not matter. Their information is still junk.
How can some of you be getting so upset over this? Who cares what browser you use. There is nothing wrong with what that article said and it pretty true. Maybe we're not looking at the same list of vulnerabilities, but some for Mozilla/Firefox have been pretty bad.
The number of vulnerabilities found in something has a good correlation to the number of people that use it. More people are using Firefox and more vulnerabilities are being discovered for it. It's still a long distance away from being the #1 used browser. Notice that everything that sits on top tends have lots of vulnerabilities? I always fail to see why people don't pick this up. It's amazing how many bugs and vulnerabilities are found in these things that aren't even at the top of the food chain.
By the way, if you really need to argue with people about why your browser is better --> You might wanna try going outside and making friends.
after several full 1.0.1/1.0.2 to 1.0.3 installs.
:)
Could be I was just born lucky, of course
I wouldn't mind though if the installer were to, say, check FF has been closed before installing!
It's funny how Fox News has now colored people's expectations that unbiased means you are going to agree with everything they have to say.
See:
Musa, J.D., A. Iannino and K. Okumoto, Software Reliability: Measurement, Prediction, Application, Professional Edition: Software Engineering Series, McGraw-Hill, New York, NY., 1990.
Mea navis aericumbens anguillis abundat
Can you refer to the posted bug so we can vote on it? I could search myself but if you care that much I assume you have the number to hand.
that in Firefox the security holes are found and will be fixed soon, and that in IE, you don't know how many security holes haven't been found, you can't be sure if they are gonna be found one day, and even if an update will be released.
If you want visitors to not block your ads you have to come up with a way to cripple the site if the ads are not displayed. Unfortunatly ad blocks are client side and can't always be detected by the server.
Ads indirectly cover costs (large sites get paid because they can claim X amount of people see the ads per month, not per click or per sale) and images are a very big bandwidth hog. So if a visitor doesn't want to look at ads then Yahoo saves some money by not showing images either. And as a possible bonus the web-site looks so terrible that the user stops blocking their ads just so the images load.
I havn't needed to implement it on my site yet but checking whether or not Javascript is enabled on the client side is quite trivial.
Server Side Javascript Check
Once the server knows if Javascript is disabled on the client side the possibilities are pretty endless. Most ads (like AdSense) rely on Javscript so knowing javascript is enabled is important.
Work Safe Porn
Is this guy trying to say Windows 98? I don't remember a product called "Windows 95 Microsoft Internet Explorer"
Actually IE6 has now been out for 4 years. And a person should hope that a 4 year old product that is used by millions of people everday should have the bugs worked out if it by now.
Now as far as how to compare them check out this article. It compares security on a very sound premise: If you keep up-to-date with updates how long are you vulnerable. The answer: IE: 51 weeks during 2004, Firefox: 8 Weeks during 2004.
Lets rephrase that; using firefox I was safe from known exploits 10 months last year. If I was an idiot and used IE, I was only safe from known exploits 1 lousy week during the whole year.
Which are you going to choose? Get FireFox!
Looking for a job?
Want your resume written professionally?
DON'T USE TUNAREZ!!!
Does Mozilla really download with:
-Flash
-Enigmail
-Bugmenot
-JVM
included? If so, then yes, that is a bundled distribution. But I think Mozilla is just an intermediate form, including a full gamut only of the Mozilla-produced components.
Some sort of a slipstreaming mechanism for administrators to smoothe site-specific tweaking procedures would indeed be a good idea. Or perhaps it is already out there.
Parent:
And all of the sudden its a bad article.. There is no amount of proof anyone could show you people to make you believe Firefox wasnt better than IE. It could be blatantly in your face and you would still call it a bias false paper. Get over it.
I quit reading their articles and asked them to quit sending any subscriptions, mainly because of crap like this article. Whenever someone references an article such as this here on slashdot someone, should copy it and mirror it somewhere else. All they are trying to do is get ./ed so they can tell advertisers how many 1000's of people come and read their stuff.
Oh, yeah that copyright thing, fu**'em.
When your start yelling fire in a crowded theatre and there isn't a fire, well as far as I'm concerned you lose certain rights.
This article has nothing to do with evaluation! I read it, there is nothing that the author himself could show he did to actually evaluate or compare the browsers. He didn't talk about installing the software and comparatively trying various things in it. The author did not provide any actual data or facts but he did a lot of hand-waving and did print a lot of sentences designed to sound as if they mean something.
Where are the facts? Where is the comparative analysis data? Where are the statistics from sites, from users from anything at all?
Critical evaluation my ass, it is just another FUD story.
You can't handle the truth.
hmm, Symantec... the poeple who brought us Norton. I just spent all day removing Norton2003 from 4 customers Winblowz PCs, after InCD incompatibilities and autoupdate trojan hijacking. Personally I'd reinstall, well, makes me money.
The Symantec name has been blown from my view in these last few days.
A blog I run for the wealth
"At first I was excited because I thought I was going to get to finally read an enlightening, in-depth article that critically examined the browser. I should have known better. Aside from the usual criticism of open source software, it contains a reference to a Symantec Internet Security Report which claims that more security vulnerabilities in the last six months of 2004 were found in Firefox than IE."
Traslation: his opinion didn't coincide with my preconceived notion that firefox is more secure than ie, so both he and Symantec must be wrong. Of course, this article came out today about firefox
Vote for Pedro
My only complaint is that sometimes FF crashes when it encounters some web pages it doesn't like. It's not all that rare either.
.xpi files all at once and have a dialoug come up asking for permission for all of them... that would be nice.
I'll be loading up a bunch of tabs from my RSS Reader and *BAM* FF crashes and I have to start over. Some pages I can *NEVER* read because FF crashes every single time I try to load them. And we're not talking about sites like lunixsucks.org, we're talking news sites and such...
And ya, after upgrading you have to reinstall all the extensions you want 1 at a time. That's a pain in the ass as I use a lot of extensions. A mass installer would be cool. Even if you could drag and drop a bunch of
Oh, I guess that's two complaints...
Firefox wouldn't let you get to that article?
That would be the new FUD Filter extension, now bundled with FF 1.0.3.
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
Funny to hear from someone else that Norton is packed with vulnerabilities too. We had to uninstall two entire corporate installations because of repeated intrusions with the software in place. We had to install software from a different company to correct the issues. They have both been clean ever since. We now recommend that all of our customers DO NOT use NOrton antiviral products because of this.
Personally, I wouldn't believe anything Symantec says anymore.
I sent langa a letter and refered him to this site to see how people were shooting holes in his article. I'm including my orginal letter to him his reply and my reply back. I have removed his e-mail address. But here is his web page where you can contact him if you like. www.langa.com
h re shold=-1&mode=thread&commentsort=1&op=Change
Langa Letter: The Pros And Cons Of Firefox - InformationWeek Inbox
Me
to Fred Langa
Just so you know that you have no real clue what you are talking about. Here are a few hundred others that agree with me.
http://it.slashdot.org/comments.pl?sid=146498&t
Fred Langa
to me
>Just so you know that you have no real clue what you are talking about.
Gosh, you found me out. I've been faking it for 25 years in computer
publishing, and the truth is finally out! I've been making it all up!
Microsoft really *is* evil! Microsoft professional programmers are all a
bunch or morons; Open Source programmers are flawless gods! Good for you;
you've outed me!
Sigh.
My core assertion is in the last paragraph:
"It's great that there are open-source alternatives to try, and it's smart
to proactively explore all your options. But go in with your eyes open: All
software has flaws. There are no panaceas!"
If you see that as a slam on FireFox, or a defense of Microsoft, well, have
a nice day.
============
Fred Langa
me
to Fred Langa
I didn't believe the article was completely biased and I don't believe Microsoft to be evil, not completely anyway I run both IE and Firefox cause neither are fool proof as you stated. I also don't believe open source is perfect I have spent many agonizing nights in my office trying to get Mandrake running properly after a crash for no apparent reason. My problem was your analogies and using sites that state possible security breaches not actual issues. You know as well as I that the average reader well simply look at the listing and not the fine print. I don't want to repeat everything said in the posts which is why I sent you the link. Look at just the last ten to fifteen and some vary valid holes are shot in your reasoning.
Well there it is for your enjoyment.
WTF?
The biggest downside is that firefox crashes, a lot, and just about every time I visit a site with java.
Worse still, this crash-prone browser takes all it's windows with it (unlike IE) and does not remember what you had opened (unlike opera).
Hmmm... It must have read something like this:
This doesn't mean anything: 100,000 vulnerabilities discovered across all open source software in the past decade compared to only 99,999 vulnerabilities discovered in IE in the past nanosecond is still a pretty good track record for open source software.Also, keep in mind that Symantec's business model includes spinning FUD about hackers, viruses, malware, spyware, popups, and email attachments, so anything they say about any software is going to be with such a spin.
I remember asking co-worker why the (something) MS couldn't design a Service Pack that would update the software distribution point (Windows\Options\Cabs). His counter question was: Why aren't service packs bootable CDs? Wouldn't that make sense? Patching the OS while the OS isn't running? Now, as to using IE to update IE, my question is Who decided that it would be a neet idea for my browser to have the ability to modify "an integral part of the operating system, your honor"?
Look at opera. It has all those things, and its still smaller (both in download size and memory usage) and faster that firefox. The problem with firefox's bloat isn't what's included, its that it is a giant mess of some of the worst code ever written. Including a usable tab implimentation and mouse gestures isn't going to make any significant impact on firefox's size, and neither will stripping out useful functionality to make it a less useful program for no reason. Re-writing it from scratch properly is the only way to fix it.
Symantec said that Firefox has had more security holes than IE in the last six months. But who has more security holes on average?
I love Firefox even though I know it has some bugs and some security issues. Nevertheless, despite 'Fox's flaws, it is still easier for me to maintain it on my my Mom, Dad's and Neighbors PCs than IE and, for that reason, I have insured that 'Fox is the only browser to which they have access (at least easy access). Accordingly, my "bitchy, naggy clientele" have agreed with me and are more than happy to "let me have it my way" (as the Burger King might say).
However, even though "Fox is my "Go-to", I won't - not even for a second - proclaim it "God" and that nothing is wrong with it - there is a lot wrong with it. Nevertheless, I am heartened that 'Fox developers are addressing it's shortcommings at an extremely quick pace, so...there is hope.
On a side note, if my experience is what being a Network Adin might be like, then I suggest you Fokers find different jobs. I mean, it would suck having to deal with idiots like these all day.
Anyways, as the release of IE 7 - or whatever - nears, I'm looking forward to that, too. I figure maybe - just maybe - MS will finally get it right and produce a browser worth using.
We'll see.
Shouldn't there be a menu in firefox that does a lot of the work for users, and presents a list of all the available pluggins, and a brief synopsis of what they do ? It seems that something like a web browser should be intelligent enough to find pluggins and install them all without making the user navigate the web. Lemme guess, there is the pluggin tracker pluggin that does this....
But the easiest way of fixing up IE is to go to set program access and defaults and disable access to IE completely.
I used to have IE enabled so if a site didn't work with firefox (far more common in the pre 1.0 versions) I had a backup plan but that has not happened in the last 6 months now.
"Those who cast the votes decide nothing. Those who count the votes decide everything" -- Josef Stalin
Does anyone else have this problem?
Check this out:
Go to packages.debian.org (in FF or Moz)
Hit Page Down twice.
Lockup! (It does this on other sites too, particularly Google. But it's harder to reproduce.)
I'm at FF 1.03 + Mozilla 1.8a5 and this bug has been present for as long as I have been using them (way before they reached 1.0).
It's obvious to me that this must be an extremely obscure bug or it would've been fixed ages ago.
So it must be because I'm on Debian stable, an SMP machine, or both.
is a big pile of shit due to the crappy UML or whatever making it slow and heavy. It's just a PILE OF SHIT
1) Any article even one saying don't use FireFox it's less secure than IE improves awareness of FireFox.
2) My simple response to any of this garbage is:
It's free.
Download it and see for yourself.
It was a joke. Limited platform availability is hardly an argument in favor of security.
I guess I used to be pretty pro-IE for a while, mostly because of compatibility reasons with the majority of the user base I deal with. Firefox just wasn't loading all pages the same/properly, so I generally didn't try to support it. Dealing with multiple browsers like that was just a headache. I always kept my system up to date, and trusted Microsoft enough to release patches for the worst of what popped up. I didn't go to shady sites or anything, and used Thunderbird for email, so I wasn't really worried about bad stuff. And I used Avant for my IE browsing, mind you, so I already had tabbed browsing and all that (even some things Firefox does not have). I just didn't need or want Firefox.
Well it really isn't a bad browser overall, and it's nice to have an alternative, so I decided the only way I'm gonna be able to make everything work properly across browsers is to just suck it up and force myself to use it full-time and adapt to the actual standards, even if I did think some of Microsoft's DHTML additions and such gave IE a leg up over Firefox. A few of them really should be official standards, and it required me to rewrite a lot of code to adapt appropriately (sometimes losing some functionality). But I managed to get everything to comply and at least work in Firefox, since I knew some of my users were starting to use it.
I admit that I like the customization I can do with the interface, which just isn't possible with IE or Avant. I've modified several things, but just haven't been able to find a good chrome reference yet to really get into it, though.
But my qualm with Firefox overall is just the fact that they seem to focus primarily on how many platforms it can run on. If they want to take more of the market share, they need to have a seperate team or something to focus primary on a Windows edition. Try to customize it for speed and memory use, and add in some Windows-specific features, like keeping it loaded in the system tray. I don't like waiting for my browser to load. I know there's an extension to do that now, but it's more of a hack, and just doesn't work the way I'd like it to. That icon should be permanent in the tray, opening new browsers when you double click it, not disappearing from the tray as soon as you do click it.
They also need to take advantage of MDI, like how Avant handles its tabs, instead of forcing you to always fill up the browser window. I've gotten used to it, but I kind of liked being able to cascade or tile tabs in Avant to compare things in pages.
I generally only want ONE browser window open, and for things to only open in tabs inside of that. This is possible in Firefox with some tweaking, but I came across problems when trying to run a single window along with using the system tray extension. Links will try to open in the tray copy sometimes, and not in the one I already have open. So I had to go back to using multiple windows for opening urls externally, cluttering up my task bar.
Avant would also let me just close the window, always having an icon in the tray, and when I brought it back up, all my sites were still loaded. I've heard about an extension that can do something similar for Firefox, but again, it's more of a hack, and requires entirely reloading the browser (and the sites), not keeping it active, from what I understand.
So as I said, I'd like to see some more Windows-specific additions. Being multi-platform is nice and all, but it's just not the best way to becoming popular. With IE7 looming in the distance, Firefox may just lose some of its users if they don't throw in some better features for the Windows users (who I'm sure makes up a majority of the Firefox users).
What you said is correct. There may be more bugs in Firefox than IE. But, what's the rating of the vulnerability? IE's vulnerabilities(reported) are more dangerous than Firefox. Symantec never said anything about this in the report. I myself checked some of the bug id's and found the same.
My thoughts have been placed on my newsletter site for subscribers, friends, clients and relatives forfolks to read over: www.jim-fran.com/fcsnl/. I have been using Firefox since it was Phoenix as my main broswer. I have not had any real problems wtih Firefox. "Frirefox is a better browser..." my article, is announced today on my newsletter site and contains some information that I hope will be useful to Windows susers in regard to the differences bwtween a patched and unpatched system overall. I applaud Mozilla.org for their great handling of updates to Firefox 1.0.3. www.jim-fran.com/fcsnl/ See announcements on the main page which provides a link to the actual article.
Here is a brilliant review of the browser in one of the premier infosec mags.
that you think the article is incorrect because it didn't 'tow the open source line' suggesting that all open source is simply more secure.
I've been saying most of what is in this article for years - and deep down any of you that are _real_ coders know it as well: We really have no idea how secure open source is - it's been too small of an install user base to be attacked. This is a fact- but admitting it means admitting how trivial it was...until now.
Take off your anti-M$ glasses for a second (I don't like them either..but it DOES NOT MATTER) and think about it - for that matter, re-read the article. EVERYTHING he says is correct. You people are making it WORSE by simply dismissing him since he obvouisly hates open source.
Well you need to learn to read then - he being pretty objective about it and he brings up VERY valid points. I've always maintained that this idea that people are looking through open source code to find the flaws to fix it is a joke. If you're doing that, you probably aren't a coder. Why? Because we are too busy with our OWN projects to be walking someone else's million lines of code. The idea is just silly..except to people that don't code. I mean, be serious - joe blow coder (and you know what I'm talking about - any really good coder knows that 80% of the coders out there suck) couldn't FIND a flaw in a rename utility much less an operating system or browser.
Add all this up...the article is pretty damn acurate. And you are doing the community AND open source a disservice by pretending otherwise. You may scoff at M$, but they have the cash and will to pay for some of the best coders out there - and they have done so. Sure, alot of their software sucks. So does yours and mine - to assume that because it's microsoft it sucks is just ignorant - same as assuming that because it's open source, it MUST be more secure. That's ignorant AND silly.
Ok fire away. I dont' know why I waste my time on this - I normally don't bother to read your comments but I thought I'd amuse myself after reading the POSTERS inane comments.
FF launches slowly the first time, but it also opens new windows slowly every time, such as when clicking a link in an e-mail or IM. Gets old fast.
I really don't like to plug any company, but you asked and I will give as honest an answer as possible (as far as reasons are concerned).
We have installed AVG antivirus in both cases, the network editions. Part of that decision was cost. AVG is substantially cheaper that the Symantec, CA, and other major names, by nearly half. The other part of the recomendation comes from our experience with the product. We installed it on our own network, after our own troubles with Symantec's products. That was 2-3 years ago now. We have not had a single un-caught infection since that time.
The network edition is very functional and configurable. I would however judge their documentation as somewhere between lacking and confusing. It can take a respectable amount of time to get your installation set up to function exactly as you expect it to. Perhaps that is partially so many configurable options. There is a US reseller at Impact-Technologies.com if you want to read the fluff or documentation.
There's already a few ways to do this for the linux distros.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
If someone will pay for a Firefox tatoo I will get one. Email me.