Slashdot Mirror
Pros and Cons of Firefox Critically Evaluated?
A Dafa Disciple writes "Fred Langa of Information Week has written an article claiming to discuss the 'Pros and Cons of Firefox'. At first I was excited because I thought I was going to get to finally read an enlightening, in-depth article that critically examined the browser. I should have known better. Aside from the usual criticism of open source software, it contains a reference to a Symantec Internet Security Report which claims that more security vulnerabilities in the last six months of 2004 were found in Firefox than IE. I'll leave it to you to analyze Mr. Langa's opinion and scrutinize Symantec's study and reputation as a security software developer."
It's enlightening until it's critical. I see.
The two aren't mutually exclusive. You weren't looking for enlightenment, you were looking to see someone agree with you.
i'm amazed that i survived - an airbag saved my life.
i have begun to doubt symantec's expertise. i work in a college where virus outbreaks are pretty common. now i've seen a computer with the most up to date, newest version of norton/symantec anti-virus and it seems that it still does not find all the viruses. viruses and trojans that are relatively harmful to the system. i would take this story with a grain of salt...
please me, have no regrets.
if I could control it centally from MS active directory, that would be great..
other than that, I see not problems with it at all..
Do they have the source code for IE? Security by obscurity is no security.
And, at least Mozilla does something about it - three patches in what, two months? How many has IE had the last three years?
one question should be asked... who releases patches and security updates in a more timely manner? mozilla or microsoft? while firefox may have had more security flaws than IE, it gets patched almost immediately.
please me, have no regrets.
As far as I can see, open source security is a double edged sword.
On one side you've got a large base of coders checking the code for bugs, and submitting patches to fix them.
On the other hand you've got people looking through the source for bugs to exploit. However once these exploits become known its usually a small amount of time before someones submitted a patch to the problem.
Closed source doesn't tend to have either of these (as not many ppl have the source) and as such shouldn't have so many exploits discovered for it.
The open source method should however eventually produce more secure code.
Update Watch - Automatic software update notification
-Have to- install? I downloaded one additional theme for Firefox and apart from the occasional plugin such as Shockwave, I never have to do anything to enhance Firefox for daily use.
It's nice that you have everything worked out -- but this is like saying that Internet Explorer is as much of a hassle because of all those security updates you have to download. No thanks.
Green's Law of Debate: Anything is possible if you don't know what you're talking about.
Ugh... Less must mean more in the I.E. world. It's amazing how marketing can put a spin on Microsofts *horrible* track record when it comes to releasing patches in an expedient manner. The more and more Microsoft waits to release a fix, the more these guys make it look like a good thing.
Acording to their philosophy, Firefox isn't as secure as I.E. because Firefox has fixed more bugs? Give me a fscking break.
Why is this a "downside"?
Would you prefer a 50Mb download, with 45Mb of stuff you don't ever need or use, or a 4Mb download where you can optionally add bits you want
Not everybody wants "chrome" (or themes), Flash, etc etc.
Personally I love the lean approach, with the ability to add and tweak stuff that I want over the bloated, switch off all the crap you don't want approach...
Isn't finding more vulnerabilities a good thing? I mean as long as they're getting patched and all, the browser is becoming more secure with every bugfix.
I assume you haven't RTFA, but here's more or less the criticism that Firefox gets:
1) "Oh look! It has more vulnerabilities than IE!" (tho they fail to state how critical these are. And don't forget that Firefox 1.03 was just released, fixing these. How long it took IE to release theirs?)
and 2) "BWA! Firefox fails to render my favorite IE-only pages!" complains from users.
And that was on the last 1 1/2 pages. The others were just straw words (your usual columnist intro).
This columnist isn't enlightening, nor critical. He's just giving another misinformed opinion.
because MSFT won't call them bugs and denies they exist.
...
In related news: Zombie World Population skyrockets.
Seriously, metrics are not useful unless all the measurements are done to the same or comparable standards. An IE bug tends to be what I would describe as a collection of 80-100 mozilla bugs - and even then is usually reported a year late after they refuse to admit they fixed it but the release is different on the MSDN disks for a program that's already been "updated"
-- Tigger warning: This post may contain tiggers! --
You mean the shopping basket that always tells me that most of the updates I want have to be downloaded and installed seperately? :)
This sig has been temporarily disconnected or is no longer in service
Firefox is still under active development. It's not surprising that occasionally a new bug, including ones that compromise security will be introduced. IE, on the other hand, has been unchanged, asside from bug fixes. All development work on IE was stopped until Firefox forced their hand. I don't think there have yet been any new releases of IE since Service Pack 2, which put 6.0.2900.2180 out in the world.
So, I wouldn't be surprised if more new security problems were located in Firefox in the recent past than in IE during the same time period. That doesn't imply that there are fewer problems in IE than in Firefox, just that fewer were found in a given time period.
Which means.... practically nothing. The relevant information would be total numbers of security problems over the total number of lines of code or some similar metric, if you want to discuss the quality of the code.
If you want to know which browser is the most secure, you should look at the total number of security bugs known to exist and the severity of those bugs.
For my money, Firefox is the only browser that I trust. I run IE only when I have no choice and when that happens I send an email to the manager of the site telling them why I won't visit again.
Microsoft abandoned good engineering practices in order to grab at market share. As a result, they crippled both their browser and their operating system.
-All that is gold does not glitter - Tolkien
www.ra
And the more people use it, the more it's gonna get targeted.
Just because more people drive cars than armoured vans, doesn't mean that cars are targeted more just because they're greater in number. In fact, the payload would be greater attacking armoured cars. In reality, some things are just designed with greater security in mind, from the offset.
In my opinion of using the software as long as I have, I would never use IE again unless forced to. And that small amount of time I do use IE, I spend twice as much afterwards cleaning out the damn mess made by malware.
I think because of it's Open Source nature when Moz or some derivative gains market share and becomes the primary target of ad companies, it still won't make that much of an impact on the browser as a whole.
I am Bennett Haselton! I am Bennett Haselton!
I'd prefer the 50 megger with all the plugins that my users would likely need as well as all the necessary performance tweaks, proxy settings, policy settings and anything else I can't think of right this minute.
Oh, I'd also like it in the for of an MSI so that I can roll it out to 1,000 systems at a time via script or GPO.
You see there are users out there besides home users and their requirements are a little different than your own.
Well Mr. Langa seems to have a web site. Here is the link ! And here you have a link to the article on his homepage (in case it gets /.ed on the front page).
Well taking a quick look at what he wrote i think it's the type of guy who actually enjoys starting flame wars so i wouldn't bother too much by him!
I would only like to tell him that I dissagree with him and he is a terrible writer cause he is using too much sarcasm in his writing. take for example this part from his essay:
The last time I mentioned a similar US-CERT finding, by the way, Linux partisans leapt up to tell me that US-CERT didn't know what it was doing. Linux *couldn't* have more security flaws than Windows! Everyone *knows* that Open Source software is so much better than anything from Microsoft--- right?
Also take from example this:
I wrote that article to try to help readers interested in FireFox in particular and Open Source in general to make an informed decision. There are many, many excellent, proven, objective benefits to switching to Open Source software--- but there's also a lot of misinformation, and some very, very *bad* reasons to switch.
I think that he is doing what he is preaching against: Misinformation
How does Fx know it's your CC number? Should Fx start refusing to store all 16-digit numeric entries? That would defeat the purpose of "auto-complete", wouldn't it?
If you're entering your CC number on a publically-shared computer, shouldn't you be manually clicking "clear" yourself? Or should the Fx developers be forced to protect you from your own carelessness?
However, Firefox is an excellent young browser, and one of its strengths is the minimal footprint. Perhaps such an enhancement would be a violation of the (successful) minimalist approach. Also, I don't think it is too much to ask of the user to to explore other aspects of a project on their own.
Just to point it out, most of the major plugins like flash, acrobat, java, quicktime, realplayer are all ones you have to download separately with IE as well . People the have IE, switch to Firefox and complain about the plugins not being there are forgetting that they had to do this in the past.
Create the site specific Firefox + Extensions environment and roll a MSI package yourself. 2000 Server and possibly Professional come with the tools to do this, chances are they are in 2003 as well. Do you really expect Mozilla to create a site specific MSI for you?
"I use a Mac because I'm just better than you are."
I have found Firefox to be more logical looking in its layout using CSS elements and have had to rework pages more often for IE than the other way around. The problem is that many websites don't bother to check the look of a page in anything other than IE. So how is this FireFox's fault? Langa just assumes IE is getting it right and that there is no ambiguity in the way some HTML elements are specified.
In theory there may be more bugs and possible security threats lying in wait in FireFox, but here it the thing, since switching to FireFox I have had FAR fewer virus problems. Now it could just be the smaller market thing, but so what - what I care about is how many real viruses I am exposed to. You could argue that should FireFox continue to grow in popularity, so will the attacks on it by virus writers, bring it back to parity with IE. That may be, but hasn't happened yet. BUT it could just be that the open software model means more work on the code and better more secure code when it gains an even wider audience. In fact this is the horse I would bet on.
Letter To Iran
So you'll prove them wrong, and punish those that are simply curious to boot, by deleting their personal files? You sir, are an asshole.
"The problem with internet quotations is that many are not genuine" -Abraham Lincoln
"Or should the Fx developers be forced to protect you from your own carelessness?"
Yes. I should not have to know a damn thing about computers in order to protect my information.
Granny buys something online and sees that auto complete can save her time next time. She won't stop to think about how it works if she even stops to read anything at all before clicking "yes" to the "would you like to use auto complete" dialog.
All auto complete information should be encrypted. No excuses.
http://brandonbloom.name
I believe that these lesser known programs such as Firefox, Opera, and OS's such as Linux and MacOS are secure due to their small marketshare.
While I'm sure these programs/OS's try their best to be scure, I think most of their security comes from their obscurity, not any technical advantage in security that they have.
As Firefox becomes more popular, I see more exploits for it being made. Whereas I used to never get popups, I do now.
Windows/IE is the most heavily affected due to their marketshare... most virus writers will want to target the software that is the most common.
But, by writing off all of Internet Explorer's problems to the "installed base" scale factor is extremely dangerous to his readers.
The problem being, since MSIE is embedded into the OS, a flaw in MSIE can be exploited from any program which uses an HTML viewer, not only the "iexplore.exe" application itself. Firefox, even when it's your default browser, still pops up in full "visiting the Web" paranoia.
Another problem, of course, relates to MSIE's very strange handling of text/plain and application/octet-stream data types. (It will actually reject the Content-type: header from the server and make up a new one based on filename suffix and/or file content... imagine sending a text/plain file from a CGI URL that has ".doc" in it and it turning into a Word file. Note that the ".doc" is in the URL, not in the downloaded file name....) I've got a CGI I just can't make with MSIE properly because it rejects my server's claim that file "foo.log" with "inline" presentation is type "text/plain" and it can display it--it insists on saving to disk... only to find out that Notepad is the right application. To work around it, I'd have to change the extra path information fed to the CGI... and I can't do that--it means something, of course.
But that problem ("feature", if you read the MS knowledgebase) is one way how people are tricked into downloading seemingly "safe" content that turns dangerous.
Plus, he makes no assessment of the security problems. He doesn't mention ANY, from ANY browser, not even as illustration--he just leaves it to the reader to plow through pages of cryptic reports from Synamtec and CERT.
And he's got no analysis of the "trouble reports" he provides for Firefox. Missing images? 99 times out of 100, that's because the Web page has backslashes in the IMG URLs--which are not part of the hierarchical URI syntax. (They work only in MSIE on Windows. MSIE for Macintosh will not process them the same way.)
Plus... how do we really know what security problems are fixed in MSIE? On my XP box at home, and the W2K boxes I have to use at work, the Windows Updates just say things like, "A security problem could allow an attacker access to your computer." How am I to know what that security problem is, what part of the system it affects? I don't even know if it is function I use, or even have enabled--the update information is just too terse--at that's after clicking, "Show Details".
(My main systems are Linux and Mac, so there may be a way to get more information from Windows Update, but it isn't as obvious... unlike Mac OS X Software Update, where it lists the major components right there, and links that take you to the Apple web site for more information.)
My mistakes were 1. I thought Slashdot was some sort of community of trust. 2. I thought sigs were for witty sayings.
So, getting your point across while still being part of the Slashdot community would involve a sig with obfuscated Perl code that printed:
You dumb ass, this could could have just run rm -rf!
Being an asshat Script-kiddie would involve a sig with obfucated Perl code that actually runs rm -rf.
From the Article: IE6, for example, came out in 2001; an eternity ago, in computing terms. Except for a boatload of security updates and patches, it's still basically the same browser it was then. So how Firefox 1.0 can be compared with IE then? Firefox gains new fetures constantly. Let's say that one product has 1,000 customers, and a terrible reputation for reliability. The other has only 50 customers, but a great reputation. Why the difference in reputation? The small product has only 2 or 3 customers with problems, but the large product has fully 50 customers with problems. This is a faulty logic. Let's assume that product A has 1000 customers, and product B has 50. If each of those 50 will experience problems with the product B, than it will have bad reputation. If 100 of that thousand will experience problems, than A will still be considered mediocre.
I can see and appreciate why you'd want all the tools necessary to make that easier.
As others have already pointed out too, I like the "shopping basket" style of download too, something they should seriously consider implementing...
When I was an ISP we used to roll out customised IE using the IEAK, wondering if there's anything like that for Mozilla/Firefox that would do the job for you.
Failing that, there are a number of tools for mass rollout deployments such as you suggest (which you're probably already considerably more aware of than me if you're working in a 1,000 user environment) so I'm not sure I see what the problem is, aren't you already using such tools?
But if I install Firefox and don't use IE on ANY PC, even an OUTDATED version of Firefox, my computer stays immaculate and free of malware/adware/trojans/spyware.
If I use IE6 from the beginning, fully patched... my computer still gets a boatload of garbage attached to it.
So tell me again Mr. Langa, how is it that IE is superior, in any way? Is it superior technologically? No, you say as much yourself -- no innovation since 2001. Is it more secure? Well, with all the updates that have come out for IE, I am still not secure from spyware and malware. Does Microsoft like to patch as early and often as Mozilla? Nope -- Mozilla has set a monthly timetable to release updates and does it even earlier if the security necessitates it.
The arguement Mr. Langa presents is profoundly stupid -- and this is coming from a Microsoft advocate. More entertaining is the fact, that he refers to US-CERT listings of vulnerabilities for browsers, yet fails to mention that they do NOT recommend IE -- but rather Firefox. Go figure.
I have no problem saying that IE is an impressive browser -- especially considering that it's going on 5 years old. However, that impressiveness doesn't last, especially in the world of computing. Firefox is the next generation browser, and they have focused resources in keeping it up to date, and well built. Microsoft ABANDONED its IE team entirely -- it goes to show you the indulgence they had in pursuing the product. The NUMBER of problems Firefox has had is greater, sure... they have more dedicated testers, a more competent userbase, and discover more flaws than IE, and list them as such. Some may be very, very minor, but they are LISTED, nonetheless. Microsoft has time and time again, taken note of IE's 'small' vulnerabilities and passed them over because it doesn't necessitate the cost of fixing them versus the potential return for anything.
So yea, Firefox has more bugs. They also fix more bugs. Firefox works faster, has more features, and takes up less resources. It will NOT give me spyware, popups, and virii. IE does all of that and worse.
So tell me again Mr. Langa, does having the ABILITY to get more problems overshadow actually GETTING more problems? Microsoft is like Valve -- great products, with no updates. Which makes them damn near unusable. It's software like Office that I love, which even if there are security problems -- they still freaking work. Which is less than I can say for IE.
The price is always right if someone else is paying.
Download size is not an issue. My problem (I use Firefox exclusively) is that I am reluctant to upgrade, because I know some of the extensions I use won't be available for the new version. Indeed this is what caused me to move from Mozilla to Firefox about a year ago - I was fed up with having to use an old build because a few extensions I needed weren't being upgraded to match new releases. Now I'm still using FF 0.9, same reason.
Release notes for the latest 1.03 still insist you need to remove the previous version first and the installer diaables all extensions. I pass. IMO a 1.x codebase should be mature and stable enough to be installed over an existing earlier version.
"Only the small secrets need to be protected. The big ones are kept secret by public incredulity." - Marshall McLuhan
If you're so afraid it of its security vulnerabilities you can always uninstall FireFox. Can you do that with IE?
The article reads better if you consider it a response to the question "Will Firefox save me from the evils of the Internet?".
The author pretty much buries IE and M$ on security, and then proceeds to remind us not to be to fast jumping to Firefox, as it isn't perfect either. It is fairly new as software goes and we will have to wait and see now that it has enough of an installed base to attract the cyber villians.
If anything the author implied that you should walk, not run to Firefox and remember to apply your bug repellent.
BTW. I use Firefox almost exclusively, and have watched as websites have slowly gotten around the pop-up blocker, and how 1.01 came out to block the multi-language DNS hack, which IE isn't vulnerable too because it is so old.
-matthew
"THERE IS NO JUSTICE, THERE IS ONLY ME." -Death
Have each user account associated with an encryption key. That key is used to encrypt all auto-complete information. That way, auto-complete still works and doesn't need to know about credit card numbers (or about any other important type of data), but doesn't expose the information to unauthorized individuals.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Having read the article, and also followed the author's advice to read the security bulletins, I found that the article is mostly bullshit, which stumbles upon lucid points occasionally, though I think this is mostly by accident. /. all day, have a desire to defend Firefox, and don't have a job.
I didn't bother to do a count of items in the bulletins, as this is an utterly worthless metric. Nor do I agree that percentage of complaints is a worthwhile way to judge two competing products.
Just to dispel that idea. Consider for a moment that in his example of 1000 users of A vs. 50 users of B, a 2 person anomoly would be a 0.2% shift in the numbers for A and a 4% shift in the numbers for B. That margin of error for product B is so large as to make the whole study worthless.
On the other hand, of the items in the bulletins, Firefox did have some serious flaw, e.g. the kind that end in "would allow a malicious user to execute arbitrary code." So, the author is right that Firefox is not some panacea for security, he just fails to explain the real reason why.
Now, is Firefox more secure overall? I haven't the slightest clue. I really don't have the time and or will to go through the bulletins, aggregate all of the flaws for each browser, assign a numerical value to each severity, and then come up with a score. I offer this idea to any of those who surf
The author also brings up the old argument of, its not currently a target, so its more secure because of obscurity. I think this argument was valid, right up until Firefox hit 1.0. Before that, it was an obscure little browser which didn't get much attention. However, once it hit 1.0 it got a lot of press; and, the way I see it, this would have given a huge incentive for the black hats to start hitting Firefox, for the right to say that they had one of the first working exploits for this new browser. So, I think this argument falls apart.
So, without a real study to backup and/or revoke the idea that Firefox is more secure than IE, the only thing I have to go on is antecdotal evidence. Right now I support about 100 computers. And, because of the way we do business, each user has administrative access to their own box (fun on a bun!). Now, because of this, I have a mix of IE users and Firefox users. For the most part, the computers which I am cleaning up spyware/adware on all of the time tend to be the IE user's computers. While I do have to do an occasional cleanup of a Firefox computer, the problems tend to come from other third party apps bundled with spyware, as opposed to the IE, browsed to the wrong page and got infected spyware.
Does this mean Firefox is more secure? No, one factor, which I can't really rule out, is that the people who use Firefox also tend to be the more knowledgable computer users; so, they may simply be better at avoiding infection. As a counter example, our network engineer runs IE, and doesn't have a problem with spyware/adware, so maybe its just the person at the keyboard making the difference. But, still the preponderence of the evidence would suggest that the Firefox machines tend to be less infected, so there is some correlation, if not outright causation.
One other thing, which helps keep me on Firefox, have you ever tried to re-install IE6 SP2? Fucking pain in the ass. Some spyware/adware will attach itself to the IE DLL's, and is near impossible to get rid of. Also, I have had more than one machine where the removal of the spyware/adware has broken the IE scripting engine. This is also ignoring that crapware that damages winsock as it gets removed. Thank <insert diety here> for the automated winsock repair tool.
MS has made re-installing IE harder and harder as they have released updates. In IE5 I could do an add/remove programs on it, and get a reinstall out of it. In IE6 SP1, I could futz with the registry and get it to allow a re-install. Now that seems to be broken, as the MS recommended registry change to allow a reinstall seems to be broken. Th
Necessity is the mother of invention.
Laziness is the father.
especially compared to SPYWARE.
I used to spend a lot of time fixing friends computers because of viruses. Now, I spend it in cleaning up spyware. Spyware that was installed compliments of Internet Explorer, and has forced their machine to a GRINDING HALT.
Yet, I am still waiting for the first person that I have to spend 4 hours cleaning up spyware after they've switched to Mozilla/Firefox/Thunderbird.
Until I have confidence in IE to block popups, and stop installing apps w/out question (and I won't even to into FEATURES, like tabbed browsing, in-page document search, etc.), I'll stick to Firefox, thanks.
-- You can't idiot-proof anything, because they're always coming out with better idiots.
Because then you'll constantly get the "An additional plugin is required to view all the content on this page" popup/window/alert everytime you go to a site that uses flash.
So if you can live with that, dont install flashblock.
"...more security vulnerabilities in the last six months of 2004 were found in Firefox than IE..."
WHO THE FUCK CARES?!?!? All these dumbass writers need to learn that all bugs are NOT created equal. There is a BIG ASS DIFFERENCE between "small flaw that could theoretically be exploited but the good guys found it first and fixed it in two days anyway" and "gaping hole in the default configuration with thousands of exploits in the wild for months on end." I mean, fucking A, how awesome is it to run Windows Update and see a warning like this? "Identified security issues in Internet Explorer could allow an attacker to compromise a Windows-based system... This affects all computers with Internet Explorer installed ( even if you don't run Internet Explorer as your Web browser ). [emphasis added]"
Which would you rather live in: a city with a hundred arsonists or a thousand litterbugs?
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
First the "IE-only" page problems, is a problem for website operators, not Mozilla (get a UserAgent editor plugin, and fake IE if you wish, or better yet, send them an e-mail every day that you visit and can't access something).
:)
However, the article does make good arguements... that is, if the article was written 5 years from now. Firefox is not a mature browser. 4 years after release, IE 6 still has bugs, no new verson yet. Firefox has only been 1.0 for less than a year. There is certainly a break in period after software of this type reaches critical mass before every bug is vetted.
What the author fails to understand is that by it being open source, more bugs can be found, faster, and fixed, faster. I would certainly HOPE that there are more bugs in Firefox found on a month to month basis. Internet Explorer keeps chugging alone, spitting out new vulnerabilities like breadcrumbs. Firefox on the other hand is now very public, and getting a large influx of bug reports and fixes. However, after Firefox has killed 99.9% of its bugs, Internet Explorer will keep popping out exploits like an assymbly line because limitting the source code means that:
A) A small number of coders can actually look for exploits. Everyone else is basically left to hope that the next IE hacker publishes their exploit. And, once found, you sit back and wait for MS to fix it, instead of coding the fix yourself, or at least submitting fix code, or just even pointing out the area of code that is the problem. With IE, it's not as though you can e-mail them and say, "I found exploit X... It's occurring around line 7934 of file Y."
B) Firefox can truly change focus on a dime, just like with the IDN issue a few months ago. It doesn't take a manager of a manager of a manager to hold 50 meetings, talk with investors, talk with worldwide vendors, talk with politicians, and then make a decision at Mozilla. And, if you don't like Mozilla's decisions, it's open source, and you can always go "fork" yourself.
Is Firefox more secure? No. It's not supposed to be right now. Does it have more features? Yes. Is it easier to use? For me, yes. WILL it be more secure than IE once the initial round of exploits have been found? Damn skippy! And THAT is why Firefox is more secure, and why Lynx is still used today. Open Source projects, especially ones that have a great single goal in mind, like just browsing (leaving all the fluff to 3rd parties) eventually turns out something rock hard solid and stable.
It's just the "new" or "continually growing" ones that will have many of the same pitfalls of closed source. The only difference, is that even with those pitfalls, open source still has all of its other benefits.
Good article on statistics. Wrong conclusion and timing. Just another example of some writer trying to make themselves heard over the masses by trying to sail against the current. Unfortunately, his dingy is too small for this trip.
Cleaning the net one sed at a time! s/sex/sermons/; s/hot/holy/; s/goats/thebible/; www.holysermonswiththebible.com
How about the huge fucking memory leak in Firefox? On my Linux box, Firefox is a huge memory whore, and will completely overtake the system within about 2 days if I have significant number of pages open. We're talking about 1.2 gigs of memory (including my entire swap) just for Firefox. I found a potential remedy online, but its more of a hack than anything.
Is this problem being addressed? If they can't fix such a gigantic memory leak how could I expect them to fix more obscure security issues?
That, my friend... that right there is why I switched to Python. I've written some fairly large systems in Perl and am not a Camel-fearing newbie, but TMTOWTDI (There's An Infinite Number Of Ways To Maliciously Expand Human-Illegible Code) kills kittens, causes bad breath, and can give you athlete's foot.
Dewey, what part of this looks like authorities should be involved?
That security issues in IE are actually fixed!
There are countless issues in IE that have never been fixed, thus a single 6-month period when more vulerabilities were discovered in Mozilla is mostly irrelevent. What counts is how many vulnerabilities exist at any point in time.
OK, I know it's not quite that simple: more problems means more downloads, means more users won't actually have the latest version, but still, the article's premise is flawed because of unpatched bugs in IE.
The real "Libtards" are the Libertarians!
You are correct to an extent, however one of the main things worth pointing out from those pages is how IE still has several vulnerabilities that allow system access where as Firefox currently has no known vulnerabilities that are that severe. IE has has had vulnerabilities like that for quite for quite some time and for some reason one or two keep going unpatched month after month. All software will have bugs, so responsiveness is what matters and responsiveness is something that IE lacks.
Regards,
Steve
Now I'm still using FF 0.9, same reason. [...] I pass. IMO a 1.x codebase should be mature and stable enough to be installed over an existing earlier version.
I think you're missing the point of an 0.x series. It's for early adopters who don't mind things not being quite perfect. If you want a solid product, you should probably wait until 1.0, which is their way of telling you that they think they have a solid product.
the fundamental ignorance in Mr. Langa's analysis is that:
a) as mentioned before he does not account for the pertinance or danger involved in said bug reports
b) he does not factor in the fact that microsoft may have simply not disclosed literally thousands of vulnerabilities because they have closed source...
c) firefox is totally free, and despite is at least as good if not better in practiacally all ways as IE.
all of these add up to 2 things,
1-firefox provides the best price/performance value to the user.
2-The security comparison is (as stated before) "apples to oranges".
He is right about one thing though. All software is inherently imperfect, and subject to bugs. That is an irrefutable(sp?) fact. Just because it's non-microshaft doesnt mean its perfect and bug-free, it just means there's a LOT more technically-apt eyes looking for those bugs, or theoretically free to do so by the nature of open source.
Interesting sidenote: I hear this word "strawman" a lot lately from people (generally of a liberal ilk) who seem to be offended by the very conservative practice of "calling a spade a spade". This is the first time I've heard it applied to a non-political argument...
sometimes, i wonder if i'm the only conservative on teh intarweb. ah well, back to mah hogs and warmongerin'....