Slashdot Mirror
Pros and Cons of Firefox Critically Evaluated?
A Dafa Disciple writes "Fred Langa of Information Week has written an article claiming to discuss the 'Pros and Cons of Firefox'. At first I was excited because I thought I was going to get to finally read an enlightening, in-depth article that critically examined the browser. I should have known better. Aside from the usual criticism of open source software, it contains a reference to a Symantec Internet Security Report which claims that more security vulnerabilities in the last six months of 2004 were found in Firefox than IE. I'll leave it to you to analyze Mr. Langa's opinion and scrutinize Symantec's study and reputation as a security software developer."
Print version of the article fitting nicely onto one page.
Its a little odd that this article would be posted without a note that Firefox 1.0.3 has just been released: http://www.mozilla.org/products/firefox/releases/1 .0.3.html
Please mod the parent down. He has put un-labled malicious Perl code in his sig. Evidently as a prank or due to some sort of simple-mindedness.
I used to run adaware with IE, I've run it once and a while since I switched to firefox and it'll occasionally find a cookie or two that doesn't bother me. With IE it'd find a couple hundred problems.
Security vulnerabilites my ass.
(yes I know spyware and security is different, but firefox sure is a lot less of a pain in the ass)
They have that.
Its called mozilla.
Firefox is mozilla with most of the extra stuff besides the browser cut out.
There will always be reviews out there you don't like. First, this is information week, the WSJ for the pointy haired bosses, I would expect nothing less than a shitty review, actually, I'm glad he gave it a shitty review.
Second, the guy looks like a total Asshat. Look at his picture for christs sakes Fred Langa
Top 10 Reasons To Procrastinate
10.
A couple of plugins you may want to consider is adblock and flashblock. The combination seems to work very well to prevent pesky popup problems.
Quidquid latine dictum sit, altum sonatur.
My shop had a computer with a variant of Klez on it that an up to date copy of Norton's missed. Considering the age of Klez, any virus scanner should find it and prevent it without an issue. Norton was on the machine and running at time of infection, too.
Only time I saw it miss something that major completely, but it killed the little hope I had left for the product.
rm -rf
I used to work for Symantec's tech support (used to--now Mike in India handles it) and the official line that we gave customers when they get a virus that Norton didn't detect was "Wait for the new definition file...it comes out next Wednesday." And when Norton wouldn't get rid of a virus, the line was "Norton Antivirus is a detection tool, not a removal tool." Which is total BS. If you read their website, the advertising for Norton AntiVirus says "Removes Viruses". That always troubled me, and I'm actually glad to be working elsewhere now.
I personally run Grisoft's AVG for free, and Zone Alarm, and not only have I never had a virus/worm, they run a zillion times faster than Norton AntiVirus and Personal Firewall.
Symantec makes bloatware that doesn't work well. Avoid it like the plague.
Don't take life so seriously. No one makes it out alive.
Boy, do you have that backwards.
The reason why everything looks the same on a Mac is that developers use the system frameworks to draw their on-screen controls. If a program has a control that looks wrong, as Firefox does, that's because the program actually is wrong. If it were using the correct frameworks to draw its controls, the controls would look right.
This is a case where the fact that it looks wrong is a sign that it really is wrong.
Now, as for Safari, it's not perfect. But then again, neither is Firefox. Our internal guys assure us that Safari is just as compatible as Firefox with well-formed Web pages, and degrades gracefully with badly-formed pages. And unlike Firefox, Safari is an actual Mac application, with support for Bonjour and Spotlight and (most importantly) the Keychain built right in.
Firefox isn't a Mac application. It's a third-party application that was ported badly to the Mac.
This says it all. Not only has Firefox had 1/7 the vulnerabilities of IE, but those that it did have were patched quicker and were of less severity in most cases.
Regards,
Steve
Prefix your search in the address bar with "google".
i.e. to search google for foo bar try: google foo bar
Firefox actually comes with a few more of these quick searches set up and it's easy to create your own (they are a special bookmark).
http://www.informationweek.com/shared/printableArt icle.jhtml?articleID=160900911
In most cases in the more recent issues, you'll see the list of IE's vulnerabilities is shorter than those for Firefox, Mozilla, and the other alternate browsers. Likewise, with the more recent bulletins, you'll also see the list of Windows' vulnerabilities is actually much shorter than that for the other operating systems, even though Windows is far more widely installed.
Where did he get this from??
Latest 10 vulnerabilities on front page are all Windows.
If you look at the bulletins like he does, you get a collection of vulnerabilities that have been patched.
US-Cert Vulnerability Notes is where he should be searching if he wants a proper comparison.
Firefox returns 11 results.
I didn't count how many results Internet Explorer returned, but even if you don't count pre-2004 vulnerabilities, the number is still twice as high as it is for Firefox.
In a word... sucks. Where I work, there was a trojan/worm that we were tracking and Symantec Corporate Edition wasn't finding it. After talking to them, it turns out they already knew about the problem but weren't going to be releasing any definition updates for mass deployment for a week. Instead they sent us a link to the early updates that we could apply manually. This stuff should be automated! Total suck in my opinion. Of course, I'm not the Windows admin here thankfully. That's a job I don't think I'd really want.
-"...bad old ideas look confusingly fresh when they are packaged as technology" - Jaron Lanier (Digital Maoism on Edge.o
Easy fix to this in win 2k and xp.
Install Firefox. Install all of your plugins, themes, decorations, bangles, tools.
Copy the Mozilla folder from your home folder application data. Application data is a hidden folder. a little digging will find it though.
On new machine install firefox.
Copy folder to the same place on new machine.
Presto. Nothing lost.
Can be used to create a custom look for your firefox across the network if you'd like. Force a backup of the folder for each user and their prefs all stay after a crash. Put the files on a USB key and carry your firefox with you. Thunderbird too.
Works for me.
Microsoft doesn't practice security by obscurity, they don't practice security at all.
Microsoft is still deeply locked into a corporate LAN mindset where all hosts are trusted, no one does anything shifty, and all users are business users. Meanwhile, they rule the civilian end-user market and the civies aren't remotely trustworthy, have too much free time on their hands, etc. The Internet is not a twenty seat LAN in Bismarck.
On top of this, you have Microsoft's usual bad coding practices, lack of thorough testing inhouse, and this has gone on for years and only compounded itself over and over again. An entire operating system is designed and coded with development tools which are themselves far from bulletproof which were coded on the prior OS iteration which itself was far from bulletproof having been coded on the prior development tool which itself was...
It's like standing between two opposed mirrors, except they're funhouse mirrors and you're sitting there trying to grind them accurate with a handful of abrasive,a sponge, and bucket of water and your boss keeps tossing them out and replacing them with new ones that are only slightly closer to true. "Leave it to the buyer to find the distortions!"
They practice obfuscation, but it has nothing to do with security. They're practicing obscurity in development. Sort of like erasing pieces of your blueprints at random as you think you've built that section correctly.
If my grammar and spelling are off, I am [distracted/tired/careless] (take your pick)
I read the comment about Firefox not displaying the Yahoo logo and I couldn't believe it. Then, I popped over to Yahoo.com and sure enough, no logo.
A quick check of the source told me what was going on. I recognized the yimg URL as one that I had *BLOCKED* images from long ago. Yahoo serves tons of graphics ads all over the Internet and I just blocked them all using Firefox's native ability to block images from a particular URL.
It seems Yahoo serves their own graphics from the same server as their ads. Silly rabbit.
So, it isn't a rendering bug with Firefox, it is a feature! And a damned useful one at that.
feature + ignorance = bug? Sad.
-Charles
Learning HOW to think is more important than learning WHAT to think.
Firefox's "install" consists of one directory. Copied to many machines. The configuration consists of one file stored in a user's profile. The distribution of both is easily automated without requiring the use of an MSI.
Plugins, BTW, are also in that folder in the user's profile. You know, the one that's stored on a central server in your large network? Just set up firefox once on a test machine, and copy the firefox profile folder to each user's windows profile, then distribute the program files however you prefer to do that kind of thing.
This can't be the first program with a non-MSI install method that an admin of a large network has encountered...
Compare IE and Firefox security with Safari:
http://secunia.com/product/1543/
- Open source engine
- Less vulnerabilities discovered
- ZERO Unpatched Vulnerabilities
I've never understood the argument that the more people that user firefox (or linux for that matter), then hackers will begin to target those users, too. Isn't the point of OSS that ANYBODY can see the source code? If a vulnerability is found, why would anyone think it will stay there?!? It will be reviewed and fixed by any number of people in a timely manner. I think that's the core of what makes firefox and the like "more secure". What am I missing here?
I might mention that Kevin Gerich's widget set makes Firefox's HTML controls look much more presentable on Mac, in my opinion. It's not quite the same as having native Aqua widgets, but it's a start. Granted they aren't bundled with the application by default, nor do they solve any of the other OS integration issues you mentioned.
That having been said, I agree with the assessment that Firefox for Mac has a lot of catch-up to do to match Safari in terms of aesthetics. It's one of the biggest cons of choosing Firefox on the Mac platform. Safari, as Apple's own in-house effort, gets a level of fit-and-finish with the rest of the OS that third-party developers can have a tough time matching.
On the other hand, the biggest pro for Firefox on Mac (in my opinion) is the expandability. Safari doesn't have Adblock, BugMeNot, or any of my other favorite extensions. Even Camino doesn't support them. So in my case, I choose expandability over aesthetics and use Firefox as my default browser on Mac.
Ideally though, it would be possible to have both. Maybe in time and with further Firefox development.
-Frank
Exactly. Not that vulnerabily counts aren't important, but you have to dig for more information. The article said there were 13 reported for IE and 21 for Firefox in the same time period. OK. How many of those have been fixed in IE and in Firefox? What was the breakdown on severity? What platforms were affected?
If the author didn't want to go into all this detail to give a more accurate picture, he shouldn't have just thrown out those numbers. I won't go as far as to say they are meaningless, but they don't paint an accurate picture.
My beliefs do not require that you agree with them.
This is a great idea, it's what I use, but you missed a detail. As of Firefox 1.0 all the paths to extensions, themes, etc. that are recorded in the chrome.rdf file are all full paths (c:\docs & settings\$user_name\app_data\firefox\profile\$prof ilename\????.slt\$filename). This is all well and good if the user name is the same on both machines, but if the user names are different the paths won't be correct, no go. BUT with a little bit of mucking around in your profile's chrome.rdf you can set everything up to be relative to you're profile. To get relative paths working, open up chrome.rdf in your text editor of choice and replace instances of "c:\docs & settings\$user_name\app_data\firefox\profile\$prof ilename\????.slt\$filename" with "chrome://$filename". And now you've got a firefox profile that will run anywhere.
A Free Market requires informed intelligent consumers, such people are rare, we're in trouble.
You suck at teh internet.
t icle.jhtml?articleID=160900911
Here's the same link again, except that it's pointing to the correct place...
http://www.informationweek.com/shared/printableAr
formhistory.dat is encrypted.
Research shows that 67% of those who use the term "research shows", are just making shit up.
My Linux box is frequently targetted, but it's all Windows exploits so it doesn't matter.Ah, so there is no such thing as "security" then.
Just "marketshare".
No matter how many software experts put in how much effort, the end result will spontaniously generate "flaws" as more people use it.
By that "logic", there is no difference between a browser ("A") written by a team of experts who focused on security
Flaws do NOT appear just because more people use the software.
Code is not magic.
"security by obscurity provides a fairly good amount of security assuming you can keep your code secure"
That's not quite right. It assumes that you can keep it secure (as you say), and it assumes that the workings of the program will not be suceptable to black-box reverse engineering.
IE appears to have hidden the code pretty well. But it has proven very suceptable to reverse engineering.
-- "I never gave these stories much credence." - HAL 9000
If only there was a directory on Windows machines of the form
:)
C:\Documents and Settings\All Users\Desktop
I assume ListZilla does the same thing? Perhaps better?
Could you please give me a link to the IE 6 .msi package Microsoft has produced?
.msi packages pretty quickly.
Guess what, there isn't one. If you contact MS support, they can send you an very crappy MSI wrapper for the IE 6 setup executable. Other than that, you can make your own or find one somebody who has repackaged it. If you do a quick search, you can find Firefox
I found deploying Firefox to a couple thousand machines as easy as deploying IE 6 to the same number of Windows 2000 machines. The IEAK didn't do anything I needed that I couldn't do with FireFox by tweaking few plain text files.
IE does have configuration setting available through group policy, but you can add custom adm files. See:
http://sourceforge.net/projects/firefoxadm
I was working on my own adm templates so I haven't tried these yet, but if you take a look, there are probably more out there.
Installing Flash is point-and-click. Yes, I just tried it. I'm even on Linux, and it's still point and click.
It's a little puzzle piece that says "Click here to download plugin". After that, everything's automated. You just have to click next a few times and agree to a (Macromedia) license. You don't even have to restart the browser.
If you have any suggestions on how it could be improved, please report them to bugzilla.mozilla.org, or even just post here in reply to me or email me, and I'll do it for you (assuming I agree they'd improve it).
This introduces huge licensing problems. If mozilla.org were to bundle Flash, for example, they would first have to get Macromedia's approval, and even then it would cause other problems, e.g. including it in Debian, which would most likely reject it because of the non-free license.
It also puts a lot more stress on the developers and release-candidate testers, as they have to do double the work.
That's very unfortunate :-(
You should fix your applications. You'll need to eventually, anyway, Firefox is just a good incentive to.
Most people consider the lack of ActiveX a good thing, as it strengthens security considerably.
Most people would take the opposite position here: Firefox has a much better user interface than other browsers and especially Internet Explorer. If you have any specific issues, again, either report them to bugzilla.mozilla.org or send them to me and I'll pass them along to there.
Though most people I've talked to think the support you can get in those forums is better and faster than what you get from most corporate support centers, I can understand why you might need this in a school or company. I believe there are one or perhaps even several third-party companies starting up to provide equivelant support, but I can't be certain off the top of my head. If this is a strong issue, you may want to look into it.
This I know is a real issue, because I've used it myself in school ;-) I'd point out, though, that there are plenty of other ways that students can hide what they're doing, and I've watched friends play games for hours without the teacher knowing it, even in Internet Explorer.
That's unfortunate. I'm sorry the people that found you weren't as helpful.
There are 11 types of people in the world: those who can count in binary, and those who can't.
This hasn't been true since before 1.0. Now there's a bar at the top of the screen, similar to the one for popups. Much less intrusive.
There are 11 types of people in the world: those who can count in binary, and those who can't.