Pros and Cons of Firefox Critically Evaluated?
A Dafa Disciple writes "Fred Langa of Information Week has written an article claiming to discuss the 'Pros and Cons of Firefox'. At first I was excited because I thought I was going to get to finally read an enlightening, in-depth article that critically examined the browser. I should have known better. Aside from the usual criticism of open source software, it contains a reference to a Symantec Internet Security Report which claims that more security vulnerabilities in the last six months of 2004 were found in Firefox than IE. I'll leave it to you to analyze Mr. Langa's opinion and scrutinize Symantec's study and reputation as a security software developer."
Is all the plugins, extensions, chrome, files, and settings that have to be configured after you have the Firefox browser up and running. It would be really nifty to be able to bundle all the things that I do when I install firefox into one mega "extension bundle" or some such that I could install with one click.
http://www.frontmotion.com/Firefox/
Have you tried this by chance?
I haven't personally, but I keep hearing good things about it.
Karma: Chameleon (mostly due to the fact that you come and go).
Maybe Firefox is a more stable, more secure browser than IE, but everything is gonna have its flaws. And the more people use it, the more it's gonna get targeted. This sounds kinda selfish, but I almost wish the geek crowd would have "hoarded" Firefox and kept it as their own. It's nice to give Microsoft the shaft, sure, but the more Firefox creeps into the mainstream, the more it's gonna inherently open itself up to exploits.
"I hate quotations. Tell me what you know." - Ralph Waldo Emerson
Since the article concentrated on security, but didn't mention this:
If you leave autocomplete on, Firefox will save your credit card numbers in plaintext on your hard disk.
This bug has been known about for years. They won't fix it.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
Let me put forward a little statistic of my own, gathered from what I've seen over the last few years as a network admin.
Number of computers compromised as a result of IE usage: 8 this year. Number of computers compromised as a result of Firefox usage: 0 (ever)
We see a large number of nitpick vulerabilities for open source because everyone can look at the source code and try to break it every which way. OTOH, finding exploits in IE is done by testers and hackers.
Regarding dupes, visiting Secunia shows many vulnerabilies for linux distros, but you see the same ones over and over again for each distrobution.
So while I agree that no software is perfect, and Firefox does have problems that arise from time to time, as does any software, I'll still be using the fox for my net browsing.
As for those testimonies in the article from people who can't get Firefox or Thunderbird working properly, wow. I've switched people's grandparents with no computer literacy with no problem. All I can say is that their system must be jacked up.
Before everyone starts flaming me, I'll state that Firefox has become indispensable to me now. Mostly because the RSS bookmarks, tabbed browsing, and best of all, the extensions. Dictionary search, ad-block and the spell checker have all become indispensable to me now. However explorer remains the superior browser with regard to resources and stability. If I want a fast and simple stable browser, explorer is the way I go. While Firefox is loaded with useful options, I find it interesting that I stayed not because it was technically superior to ie, but provided better and actually useful features.
You missed the point of the poster. He wasn't unhappy about the article being critical, but being very BIASED and critical. You know, it'd be like saying that Democrats/Liberals should listen to Bill O'Riley... as if he listens to the other side.
What I hate the worst is not those who are biased, but those who claim to be things like "Fair and Balanced" when it's clear they're not.
Take for example this nice strawman argument that Mr. Langa puts forth:
Which he then cuts down systematically, as if his misposed argument had any value:I can tell when people use Conversational Terrorism, and I know then that they're highly partial and unreasonable to argue with.Make sure everyone's vote counts: Verified Voting
A lot of other security/AV companies get definitions out MUCH faster than Symantec. I remember occasionally using Sophos's and other AV sites to solve virus issues becuase we didn't have the info.
Don't take life so seriously. No one makes it out alive.
Security by obscurity is no security.
No, security by obscurity provides a fairly good amount of security assuming you can keep your code secure. The benefit of open source is that you [hopefully] write better code and/or have better testing that eliminates that major security problems before it goes into production. There's been a bunch of escalation of priviledge flaws discovered in Linux in the past few months that use obscure race conditions and the like. Those would have been extremely unlikely to have been found without the source code. Read the detailed changelogs of the kernel updates - there's tons of little security flaws fixed all the time.
It's a tossup - Open source finds and fixes the little tiny bugs but you have to stay on top of the patches.
i used to favor symantec over mcafee, royally...
now i've seen reason to doubt their products. the main one i've seen come up many times is a trojan. i don't know the name off-hand. and it's with even the latest versions and definitions. you can update it today and i will almost guarantee it won't find it.
also, my other issue with their home product is that by default, it's set to try to clean the infected file. today's viruses can't be cleaned because the file is the virus. so if it can't clean it, it takes no action. that's the most absurd setting i've ever seen. they should have it set to try to clean adn then quarantine if unsuccessful. i dread looking at computers that have norton installed, you know they're infected the minute they come in.
please me, have no regrets.
Just to point out though, for the most part when any site that reads the http_user_agent header and rejects me, I just change my user agent using the user agent switcher extension, and most of those sites look quite fine.
;)
Even www.quicktaxweb.ca rejected my firefox on Linux install, but accepted firefox on Windows. Just change the user agent to appear like FF on Win and it was almost perfect.
What pisses me off most about FF is that there still appears to be a memory leak if you leave it running for a while. I frequently leave my PC on overnight, and when I get it in the morning it takes a ltime for FF to maximize in XP. Both work and home PC's show the same symptoms. That doesn't occur on my Linux boxen though.
And no, I didn't RTFA
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Easy.
1. Dont do autocomplete (or make this a default off option) on ssl forms.
2. Credit card #'s are 16 digits with known prefixes. Detecting them isnt a difficult problem. Same with social security numbers.
Fred Langa, a former Chief Editor of Byte and Windows Magazine, has been covering computers since the days when 640K was more RAM than anyone could possibly need.
Wow, a chief editor for two Windows magazines. Go figure where the bias would lie.
I guess if I wrote for Linux Weekly, and published an article why Windows sucked ass, everybody should take me with great consideration because I would inherently be unbiased.
Bah.
The price is always right if someone else is paying.
"It should be no surprise that alternate browsers--or alternate operating systems, for that matter--contain flaws."
This is right after the line that says, "Six vulnerabilities were reported in Opera and none in Safari." So it basically says, "The default OS X browser didn't have flaws, but anything that isn't M$ or IE has flaws." I just don't follow this train of thought.
I also noticed that if you add an 'i' to fred, you get "fired". I hope his bosses notice the connection.
If you want visitors to not block your ads you have to come up with a way to cripple the site if the ads are not displayed. Unfortunatly ad blocks are client side and can't always be detected by the server.
Ads indirectly cover costs (large sites get paid because they can claim X amount of people see the ads per month, not per click or per sale) and images are a very big bandwidth hog. So if a visitor doesn't want to look at ads then Yahoo saves some money by not showing images either. And as a possible bonus the web-site looks so terrible that the user stops blocking their ads just so the images load.
I havn't needed to implement it on my site yet but checking whether or not Javascript is enabled on the client side is quite trivial.
Server Side Javascript Check
Once the server knows if Javascript is disabled on the client side the possibilities are pretty endless. Most ads (like AdSense) rely on Javscript so knowing javascript is enabled is important.
Work Safe Porn
Actually IE6 has now been out for 4 years. And a person should hope that a 4 year old product that is used by millions of people everday should have the bugs worked out if it by now.
Now as far as how to compare them check out this article. It compares security on a very sound premise: If you keep up-to-date with updates how long are you vulnerable. The answer: IE: 51 weeks during 2004, Firefox: 8 Weeks during 2004.
Lets rephrase that; using firefox I was safe from known exploits 10 months last year. If I was an idiot and used IE, I was only safe from known exploits 1 lousy week during the whole year.
Which are you going to choose? Get FireFox!
Looking for a job?
Want your resume written professionally?
DON'T USE TUNAREZ!!!
the difference in usage is the Gecko engine that is loaded by Firefox.
The IE engine is loaded as a system resource, hence doesn't take time to swap in and out (the kernel can keep it from being paged out). This also keeps the memory from being reported in Task Manager.
Right now, I have the same 3 pages open in FF and IE, and FF is reporting 76MB, and IE is reporting 44MB. I have quite a bit more of browsing history in this FF session, which could account for some of the difference. I also don't have ANY plugins installed for IE, as I never actually use it.
I'm guessing that the special items in FF cause higher memory usage. Try turning off smooth scrolling (they may use a large off-screen buffer to render more page than needed)... and other non-essentials if you don't want all of the memory used.