Slashdot Mirror
Pros and Cons of Firefox Critically Evaluated?
A Dafa Disciple writes "Fred Langa of Information Week has written an article claiming to discuss the 'Pros and Cons of Firefox'. At first I was excited because I thought I was going to get to finally read an enlightening, in-depth article that critically examined the browser. I should have known better. Aside from the usual criticism of open source software, it contains a reference to a Symantec Internet Security Report which claims that more security vulnerabilities in the last six months of 2004 were found in Firefox than IE. I'll leave it to you to analyze Mr. Langa's opinion and scrutinize Symantec's study and reputation as a security software developer."
Is all the plugins, extensions, chrome, files, and settings that have to be configured after you have the Firefox browser up and running. It would be really nifty to be able to bundle all the things that I do when I install firefox into one mega "extension bundle" or some such that I could install with one click.
It's enlightening until it's critical. I see.
The two aren't mutually exclusive. You weren't looking for enlightenment, you were looking to see someone agree with you.
i'm amazed that i survived - an airbag saved my life.
i have begun to doubt symantec's expertise. i work in a college where virus outbreaks are pretty common. now i've seen a computer with the most up to date, newest version of norton/symantec anti-virus and it seems that it still does not find all the viruses. viruses and trojans that are relatively harmful to the system. i would take this story with a grain of salt...
please me, have no regrets.
if I could control it centally from MS active directory, that would be great..
other than that, I see not problems with it at all..
At first I was excited because I thought I was going to get to finally read an enlightening, in-depth article that critically examined the browser.
And I thought my life was dull. You need help my friend. Now!
Do they have the source code for IE? Security by obscurity is no security.
And, at least Mozilla does something about it - three patches in what, two months? How many has IE had the last three years?
one question should be asked... who releases patches and security updates in a more timely manner? mozilla or microsoft? while firefox may have had more security flaws than IE, it gets patched almost immediately.
please me, have no regrets.
Print version of the article fitting nicely onto one page.
Its a little odd that this article would be posted without a note that Firefox 1.0.3 has just been released: http://www.mozilla.org/products/firefox/releases/1 .0.3.html
Ugh... Less must mean more in the I.E. world. It's amazing how marketing can put a spin on Microsofts *horrible* track record when it comes to releasing patches in an expedient manner. The more and more Microsoft waits to release a fix, the more these guys make it look like a good thing.
Acording to their philosophy, Firefox isn't as secure as I.E. because Firefox has fixed more bugs? Give me a fscking break.
Please mod the parent down. He has put un-labled malicious Perl code in his sig. Evidently as a prank or due to some sort of simple-mindedness.
I used to run adaware with IE, I've run it once and a while since I switched to firefox and it'll occasionally find a cookie or two that doesn't bother me. With IE it'd find a couple hundred problems.
Security vulnerabilites my ass.
(yes I know spyware and security is different, but firefox sure is a lot less of a pain in the ass)
"You can't handle the truth! Son, we live in a world that has (fire) walls. And those walls have to be guarded by men with (antivirus software.) Who's gonna do it? You? ... I have a greater responsibility than you can possibly fathom. You weep for (FireFox) and you curse (Microsoft.) You have that luxury. You have the luxury of not knowing what I know: that (IE6.0 vulnerabilities,) while tragic, probably saved lives. And my existence, while grotesque and incomprehensible to you, saves lives...You don't want the truth. Because deep down, in places you don't talk about at parties, you want me on that wall. You need me on that (fire) wall."
ELOI, ELOI, LAMA SABACHTHANI!?
Maybe Firefox is a more stable, more secure browser than IE, but everything is gonna have its flaws. And the more people use it, the more it's gonna get targeted. This sounds kinda selfish, but I almost wish the geek crowd would have "hoarded" Firefox and kept it as their own. It's nice to give Microsoft the shaft, sure, but the more Firefox creeps into the mainstream, the more it's gonna inherently open itself up to exploits.
"I hate quotations. Tell me what you know." - Ralph Waldo Emerson
Since the article concentrated on security, but didn't mention this:
If you leave autocomplete on, Firefox will save your credit card numbers in plaintext on your hard disk.
This bug has been known about for years. They won't fix it.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
Isn't finding more vulnerabilities a good thing? I mean as long as they're getting patched and all, the browser is becoming more secure with every bugfix.
Cons: It isn't explorer**
*potentially more secure
**some pages don't render right since some people only test with explorer
I Am My Own Worst Enemy
Let me put forward a little statistic of my own, gathered from what I've seen over the last few years as a network admin.
Number of computers compromised as a result of IE usage: 8 this year. Number of computers compromised as a result of Firefox usage: 0 (ever)
I assume you haven't RTFA, but here's more or less the criticism that Firefox gets:
1) "Oh look! It has more vulnerabilities than IE!" (tho they fail to state how critical these are. And don't forget that Firefox 1.03 was just released, fixing these. How long it took IE to release theirs?)
and 2) "BWA! Firefox fails to render my favorite IE-only pages!" complains from users.
And that was on the last 1 1/2 pages. The others were just straw words (your usual columnist intro).
This columnist isn't enlightening, nor critical. He's just giving another misinformed opinion.
because MSFT won't call them bugs and denies they exist.
...
In related news: Zombie World Population skyrockets.
Seriously, metrics are not useful unless all the measurements are done to the same or comparable standards. An IE bug tends to be what I would describe as a collection of 80-100 mozilla bugs - and even then is usually reported a year late after they refuse to admit they fixed it but the release is different on the MSDN disks for a program that's already been "updated"
-- Tigger warning: This post may contain tiggers! --
Firefox is still under active development. It's not surprising that occasionally a new bug, including ones that compromise security will be introduced. IE, on the other hand, has been unchanged, asside from bug fixes. All development work on IE was stopped until Firefox forced their hand. I don't think there have yet been any new releases of IE since Service Pack 2, which put 6.0.2900.2180 out in the world.
So, I wouldn't be surprised if more new security problems were located in Firefox in the recent past than in IE during the same time period. That doesn't imply that there are fewer problems in IE than in Firefox, just that fewer were found in a given time period.
Which means.... practically nothing. The relevant information would be total numbers of security problems over the total number of lines of code or some similar metric, if you want to discuss the quality of the code.
If you want to know which browser is the most secure, you should look at the total number of security bugs known to exist and the severity of those bugs.
For my money, Firefox is the only browser that I trust. I run IE only when I have no choice and when that happens I send an email to the manager of the site telling them why I won't visit again.
Microsoft abandoned good engineering practices in order to grab at market share. As a result, they crippled both their browser and their operating system.
-All that is gold does not glitter - Tolkien
www.ra
There will always be reviews out there you don't like. First, this is information week, the WSJ for the pointy haired bosses, I would expect nothing less than a shitty review, actually, I'm glad he gave it a shitty review.
Second, the guy looks like a total Asshat. Look at his picture for christs sakes Fred Langa
Top 10 Reasons To Procrastinate
10.
And the more people use it, the more it's gonna get targeted.
Just because more people drive cars than armoured vans, doesn't mean that cars are targeted more just because they're greater in number. In fact, the payload would be greater attacking armoured cars. In reality, some things are just designed with greater security in mind, from the offset.
We see a large number of nitpick vulerabilities for open source because everyone can look at the source code and try to break it every which way. OTOH, finding exploits in IE is done by testers and hackers.
Regarding dupes, visiting Secunia shows many vulnerabilies for linux distros, but you see the same ones over and over again for each distrobution.
So while I agree that no software is perfect, and Firefox does have problems that arise from time to time, as does any software, I'll still be using the fox for my net browsing.
As for those testimonies in the article from people who can't get Firefox or Thunderbird working properly, wow. I've switched people's grandparents with no computer literacy with no problem. All I can say is that their system must be jacked up.
Before everyone starts flaming me, I'll state that Firefox has become indispensable to me now. Mostly because the RSS bookmarks, tabbed browsing, and best of all, the extensions. Dictionary search, ad-block and the spell checker have all become indispensable to me now. However explorer remains the superior browser with regard to resources and stability. If I want a fast and simple stable browser, explorer is the way I go. While Firefox is loaded with useful options, I find it interesting that I stayed not because it was technically superior to ie, but provided better and actually useful features.
They haven't got our inside leg measurements yet.
Actually, I'd better check...
In my opinion of using the software as long as I have, I would never use IE again unless forced to. And that small amount of time I do use IE, I spend twice as much afterwards cleaning out the damn mess made by malware.
I think because of it's Open Source nature when Moz or some derivative gains market share and becomes the primary target of ad companies, it still won't make that much of an impact on the browser as a whole.
I am Bennett Haselton! I am Bennett Haselton!
Boy, do you have that backwards.
The reason why everything looks the same on a Mac is that developers use the system frameworks to draw their on-screen controls. If a program has a control that looks wrong, as Firefox does, that's because the program actually is wrong. If it were using the correct frameworks to draw its controls, the controls would look right.
This is a case where the fact that it looks wrong is a sign that it really is wrong.
Now, as for Safari, it's not perfect. But then again, neither is Firefox. Our internal guys assure us that Safari is just as compatible as Firefox with well-formed Web pages, and degrades gracefully with badly-formed pages. And unlike Firefox, Safari is an actual Mac application, with support for Bonjour and Spotlight and (most importantly) the Keychain built right in.
Firefox isn't a Mac application. It's a third-party application that was ported badly to the Mac.
And this was accomplished with no access to the Windows
Well Mr. Langa seems to have a web site. Here is the link ! And here you have a link to the article on his homepage (in case it gets /.ed on the front page).
Well taking a quick look at what he wrote i think it's the type of guy who actually enjoys starting flame wars so i wouldn't bother too much by him!
I would only like to tell him that I dissagree with him and he is a terrible writer cause he is using too much sarcasm in his writing. take for example this part from his essay:
The last time I mentioned a similar US-CERT finding, by the way, Linux partisans leapt up to tell me that US-CERT didn't know what it was doing. Linux *couldn't* have more security flaws than Windows! Everyone *knows* that Open Source software is so much better than anything from Microsoft--- right?
Also take from example this:
I wrote that article to try to help readers interested in FireFox in particular and Open Source in general to make an informed decision. There are many, many excellent, proven, objective benefits to switching to Open Source software--- but there's also a lot of misinformation, and some very, very *bad* reasons to switch.
I think that he is doing what he is preaching against: Misinformation
You missed the point of the poster. He wasn't unhappy about the article being critical, but being very BIASED and critical. You know, it'd be like saying that Democrats/Liberals should listen to Bill O'Riley... as if he listens to the other side.
What I hate the worst is not those who are biased, but those who claim to be things like "Fair and Balanced" when it's clear they're not.
Take for example this nice strawman argument that Mr. Langa puts forth:
Which he then cuts down systematically, as if his misposed argument had any value:I can tell when people use Conversational Terrorism, and I know then that they're highly partial and unreasonable to argue with.Make sure everyone's vote counts: Verified Voting
A lot of other security/AV companies get definitions out MUCH faster than Symantec. I remember occasionally using Sophos's and other AV sites to solve virus issues becuase we didn't have the info.
Don't take life so seriously. No one makes it out alive.
Prefix your search in the address bar with "google".
i.e. to search google for foo bar try: google foo bar
Firefox actually comes with a few more of these quick searches set up and it's easy to create your own (they are a special bookmark).
http://www.informationweek.com/shared/printableArt icle.jhtml?articleID=160900911
In most cases in the more recent issues, you'll see the list of IE's vulnerabilities is shorter than those for Firefox, Mozilla, and the other alternate browsers. Likewise, with the more recent bulletins, you'll also see the list of Windows' vulnerabilities is actually much shorter than that for the other operating systems, even though Windows is far more widely installed.
Where did he get this from??
Latest 10 vulnerabilities on front page are all Windows.
If you look at the bulletins like he does, you get a collection of vulnerabilities that have been patched.
US-Cert Vulnerability Notes is where he should be searching if he wants a proper comparison.
Firefox returns 11 results.
I didn't count how many results Internet Explorer returned, but even if you don't count pre-2004 vulnerabilities, the number is still twice as high as it is for Firefox.
In a word... sucks. Where I work, there was a trojan/worm that we were tracking and Symantec Corporate Edition wasn't finding it. After talking to them, it turns out they already knew about the problem but weren't going to be releasing any definition updates for mass deployment for a week. Instead they sent us a link to the early updates that we could apply manually. This stuff should be automated! Total suck in my opinion. Of course, I'm not the Windows admin here thankfully. That's a job I don't think I'd really want.
-"...bad old ideas look confusingly fresh when they are packaged as technology" - Jaron Lanier (Digital Maoism on Edge.o
I have found Firefox to be more logical looking in its layout using CSS elements and have had to rework pages more often for IE than the other way around. The problem is that many websites don't bother to check the look of a page in anything other than IE. So how is this FireFox's fault? Langa just assumes IE is getting it right and that there is no ambiguity in the way some HTML elements are specified.
In theory there may be more bugs and possible security threats lying in wait in FireFox, but here it the thing, since switching to FireFox I have had FAR fewer virus problems. Now it could just be the smaller market thing, but so what - what I care about is how many real viruses I am exposed to. You could argue that should FireFox continue to grow in popularity, so will the attacks on it by virus writers, bring it back to parity with IE. That may be, but hasn't happened yet. BUT it could just be that the open software model means more work on the code and better more secure code when it gains an even wider audience. In fact this is the horse I would bet on.
Letter To Iran
I read the comment about Firefox not displaying the Yahoo logo and I couldn't believe it. Then, I popped over to Yahoo.com and sure enough, no logo.
A quick check of the source told me what was going on. I recognized the yimg URL as one that I had *BLOCKED* images from long ago. Yahoo serves tons of graphics ads all over the Internet and I just blocked them all using Firefox's native ability to block images from a particular URL.
It seems Yahoo serves their own graphics from the same server as their ads. Silly rabbit.
So, it isn't a rendering bug with Firefox, it is a feature! And a damned useful one at that.
feature + ignorance = bug? Sad.
-Charles
Learning HOW to think is more important than learning WHAT to think.
Too funny. I read the first page of the article using Firefox. None of the subsequent page links work. IE works fine.
I guess I will miss it.
Keep the Classic Slashdot.
But, by writing off all of Internet Explorer's problems to the "installed base" scale factor is extremely dangerous to his readers.
The problem being, since MSIE is embedded into the OS, a flaw in MSIE can be exploited from any program which uses an HTML viewer, not only the "iexplore.exe" application itself. Firefox, even when it's your default browser, still pops up in full "visiting the Web" paranoia.
Another problem, of course, relates to MSIE's very strange handling of text/plain and application/octet-stream data types. (It will actually reject the Content-type: header from the server and make up a new one based on filename suffix and/or file content... imagine sending a text/plain file from a CGI URL that has ".doc" in it and it turning into a Word file. Note that the ".doc" is in the URL, not in the downloaded file name....) I've got a CGI I just can't make with MSIE properly because it rejects my server's claim that file "foo.log" with "inline" presentation is type "text/plain" and it can display it--it insists on saving to disk... only to find out that Notepad is the right application. To work around it, I'd have to change the extra path information fed to the CGI... and I can't do that--it means something, of course.
But that problem ("feature", if you read the MS knowledgebase) is one way how people are tricked into downloading seemingly "safe" content that turns dangerous.
Plus, he makes no assessment of the security problems. He doesn't mention ANY, from ANY browser, not even as illustration--he just leaves it to the reader to plow through pages of cryptic reports from Synamtec and CERT.
And he's got no analysis of the "trouble reports" he provides for Firefox. Missing images? 99 times out of 100, that's because the Web page has backslashes in the IMG URLs--which are not part of the hierarchical URI syntax. (They work only in MSIE on Windows. MSIE for Macintosh will not process them the same way.)
Plus... how do we really know what security problems are fixed in MSIE? On my XP box at home, and the W2K boxes I have to use at work, the Windows Updates just say things like, "A security problem could allow an attacker access to your computer." How am I to know what that security problem is, what part of the system it affects? I don't even know if it is function I use, or even have enabled--the update information is just too terse--at that's after clicking, "Show Details".
(My main systems are Linux and Mac, so there may be a way to get more information from Windows Update, but it isn't as obvious... unlike Mac OS X Software Update, where it lists the major components right there, and links that take you to the Apple web site for more information.)
Easy.
1. Dont do autocomplete (or make this a default off option) on ssl forms.
2. Credit card #'s are 16 digits with known prefixes. Detecting them isnt a difficult problem. Same with social security numbers.
My mistakes were 1. I thought Slashdot was some sort of community of trust. 2. I thought sigs were for witty sayings.
So, getting your point across while still being part of the Slashdot community would involve a sig with obfuscated Perl code that printed:
You dumb ass, this could could have just run rm -rf!
Being an asshat Script-kiddie would involve a sig with obfucated Perl code that actually runs rm -rf.
Compare IE and Firefox security with Safari:
http://secunia.com/product/1543/
- Open source engine
- Less vulnerabilities discovered
- ZERO Unpatched Vulnerabilities
From the Article: IE6, for example, came out in 2001; an eternity ago, in computing terms. Except for a boatload of security updates and patches, it's still basically the same browser it was then. So how Firefox 1.0 can be compared with IE then? Firefox gains new fetures constantly. Let's say that one product has 1,000 customers, and a terrible reputation for reliability. The other has only 50 customers, but a great reputation. Why the difference in reputation? The small product has only 2 or 3 customers with problems, but the large product has fully 50 customers with problems. This is a faulty logic. Let's assume that product A has 1000 customers, and product B has 50. If each of those 50 will experience problems with the product B, than it will have bad reputation. If 100 of that thousand will experience problems, than A will still be considered mediocre.
I've never understood the argument that the more people that user firefox (or linux for that matter), then hackers will begin to target those users, too. Isn't the point of OSS that ANYBODY can see the source code? If a vulnerability is found, why would anyone think it will stay there?!? It will be reviewed and fixed by any number of people in a timely manner. I think that's the core of what makes firefox and the like "more secure". What am I missing here?
But if I install Firefox and don't use IE on ANY PC, even an OUTDATED version of Firefox, my computer stays immaculate and free of malware/adware/trojans/spyware.
If I use IE6 from the beginning, fully patched... my computer still gets a boatload of garbage attached to it.
So tell me again Mr. Langa, how is it that IE is superior, in any way? Is it superior technologically? No, you say as much yourself -- no innovation since 2001. Is it more secure? Well, with all the updates that have come out for IE, I am still not secure from spyware and malware. Does Microsoft like to patch as early and often as Mozilla? Nope -- Mozilla has set a monthly timetable to release updates and does it even earlier if the security necessitates it.
The arguement Mr. Langa presents is profoundly stupid -- and this is coming from a Microsoft advocate. More entertaining is the fact, that he refers to US-CERT listings of vulnerabilities for browsers, yet fails to mention that they do NOT recommend IE -- but rather Firefox. Go figure.
I have no problem saying that IE is an impressive browser -- especially considering that it's going on 5 years old. However, that impressiveness doesn't last, especially in the world of computing. Firefox is the next generation browser, and they have focused resources in keeping it up to date, and well built. Microsoft ABANDONED its IE team entirely -- it goes to show you the indulgence they had in pursuing the product. The NUMBER of problems Firefox has had is greater, sure... they have more dedicated testers, a more competent userbase, and discover more flaws than IE, and list them as such. Some may be very, very minor, but they are LISTED, nonetheless. Microsoft has time and time again, taken note of IE's 'small' vulnerabilities and passed them over because it doesn't necessitate the cost of fixing them versus the potential return for anything.
So yea, Firefox has more bugs. They also fix more bugs. Firefox works faster, has more features, and takes up less resources. It will NOT give me spyware, popups, and virii. IE does all of that and worse.
So tell me again Mr. Langa, does having the ABILITY to get more problems overshadow actually GETTING more problems? Microsoft is like Valve -- great products, with no updates. Which makes them damn near unusable. It's software like Office that I love, which even if there are security problems -- they still freaking work. Which is less than I can say for IE.
The price is always right if someone else is paying.
I might mention that Kevin Gerich's widget set makes Firefox's HTML controls look much more presentable on Mac, in my opinion. It's not quite the same as having native Aqua widgets, but it's a start. Granted they aren't bundled with the application by default, nor do they solve any of the other OS integration issues you mentioned.
That having been said, I agree with the assessment that Firefox for Mac has a lot of catch-up to do to match Safari in terms of aesthetics. It's one of the biggest cons of choosing Firefox on the Mac platform. Safari, as Apple's own in-house effort, gets a level of fit-and-finish with the rest of the OS that third-party developers can have a tough time matching.
On the other hand, the biggest pro for Firefox on Mac (in my opinion) is the expandability. Safari doesn't have Adblock, BugMeNot, or any of my other favorite extensions. Even Camino doesn't support them. So in my case, I choose expandability over aesthetics and use Firefox as my default browser on Mac.
Ideally though, it would be possible to have both. Maybe in time and with further Firefox development.
-Frank
Exactly. Not that vulnerabily counts aren't important, but you have to dig for more information. The article said there were 13 reported for IE and 21 for Firefox in the same time period. OK. How many of those have been fixed in IE and in Firefox? What was the breakdown on severity? What platforms were affected?
If the author didn't want to go into all this detail to give a more accurate picture, he shouldn't have just thrown out those numbers. I won't go as far as to say they are meaningless, but they don't paint an accurate picture.
My beliefs do not require that you agree with them.
Fred Langa, a former Chief Editor of Byte and Windows Magazine, has been covering computers since the days when 640K was more RAM than anyone could possibly need.
Wow, a chief editor for two Windows magazines. Go figure where the bias would lie.
I guess if I wrote for Linux Weekly, and published an article why Windows sucked ass, everybody should take me with great consideration because I would inherently be unbiased.
Bah.
The price is always right if someone else is paying.
If you're so afraid it of its security vulnerabilities you can always uninstall FireFox. Can you do that with IE?
You suck at teh internet.
t icle.jhtml?articleID=160900911
Here's the same link again, except that it's pointing to the correct place...
http://www.informationweek.com/shared/printableAr
The article reads better if you consider it a response to the question "Will Firefox save me from the evils of the Internet?".
The author pretty much buries IE and M$ on security, and then proceeds to remind us not to be to fast jumping to Firefox, as it isn't perfect either. It is fairly new as software goes and we will have to wait and see now that it has enough of an installed base to attract the cyber villians.
If anything the author implied that you should walk, not run to Firefox and remember to apply your bug repellent.
BTW. I use Firefox almost exclusively, and have watched as websites have slowly gotten around the pop-up blocker, and how 1.01 came out to block the multi-language DNS hack, which IE isn't vulnerable too because it is so old.
formhistory.dat is encrypted.
Research shows that 67% of those who use the term "research shows", are just making shit up.
My Linux box is frequently targetted, but it's all Windows exploits so it doesn't matter.Ah, so there is no such thing as "security" then.
Just "marketshare".
No matter how many software experts put in how much effort, the end result will spontaniously generate "flaws" as more people use it.
By that "logic", there is no difference between a browser ("A") written by a team of experts who focused on security
Flaws do NOT appear just because more people use the software.
Code is not magic.
-matthew
"THERE IS NO JUSTICE, THERE IS ONLY ME." -Death
Have each user account associated with an encryption key. That key is used to encrypt all auto-complete information. That way, auto-complete still works and doesn't need to know about credit card numbers (or about any other important type of data), but doesn't expose the information to unauthorized individuals.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Having read the article, and also followed the author's advice to read the security bulletins, I found that the article is mostly bullshit, which stumbles upon lucid points occasionally, though I think this is mostly by accident. /. all day, have a desire to defend Firefox, and don't have a job.
I didn't bother to do a count of items in the bulletins, as this is an utterly worthless metric. Nor do I agree that percentage of complaints is a worthwhile way to judge two competing products.
Just to dispel that idea. Consider for a moment that in his example of 1000 users of A vs. 50 users of B, a 2 person anomoly would be a 0.2% shift in the numbers for A and a 4% shift in the numbers for B. That margin of error for product B is so large as to make the whole study worthless.
On the other hand, of the items in the bulletins, Firefox did have some serious flaw, e.g. the kind that end in "would allow a malicious user to execute arbitrary code." So, the author is right that Firefox is not some panacea for security, he just fails to explain the real reason why.
Now, is Firefox more secure overall? I haven't the slightest clue. I really don't have the time and or will to go through the bulletins, aggregate all of the flaws for each browser, assign a numerical value to each severity, and then come up with a score. I offer this idea to any of those who surf
The author also brings up the old argument of, its not currently a target, so its more secure because of obscurity. I think this argument was valid, right up until Firefox hit 1.0. Before that, it was an obscure little browser which didn't get much attention. However, once it hit 1.0 it got a lot of press; and, the way I see it, this would have given a huge incentive for the black hats to start hitting Firefox, for the right to say that they had one of the first working exploits for this new browser. So, I think this argument falls apart.
So, without a real study to backup and/or revoke the idea that Firefox is more secure than IE, the only thing I have to go on is antecdotal evidence. Right now I support about 100 computers. And, because of the way we do business, each user has administrative access to their own box (fun on a bun!). Now, because of this, I have a mix of IE users and Firefox users. For the most part, the computers which I am cleaning up spyware/adware on all of the time tend to be the IE user's computers. While I do have to do an occasional cleanup of a Firefox computer, the problems tend to come from other third party apps bundled with spyware, as opposed to the IE, browsed to the wrong page and got infected spyware.
Does this mean Firefox is more secure? No, one factor, which I can't really rule out, is that the people who use Firefox also tend to be the more knowledgable computer users; so, they may simply be better at avoiding infection. As a counter example, our network engineer runs IE, and doesn't have a problem with spyware/adware, so maybe its just the person at the keyboard making the difference. But, still the preponderence of the evidence would suggest that the Firefox machines tend to be less infected, so there is some correlation, if not outright causation.
One other thing, which helps keep me on Firefox, have you ever tried to re-install IE6 SP2? Fucking pain in the ass. Some spyware/adware will attach itself to the IE DLL's, and is near impossible to get rid of. Also, I have had more than one machine where the removal of the spyware/adware has broken the IE scripting engine. This is also ignoring that crapware that damages winsock as it gets removed. Thank <insert diety here> for the automated winsock repair tool.
MS has made re-installing IE harder and harder as they have released updates. In IE5 I could do an add/remove programs on it, and get a reinstall out of it. In IE6 SP1, I could futz with the registry and get it to allow a re-install. Now that seems to be broken, as the MS recommended registry change to allow a reinstall seems to be broken. Th
Necessity is the mother of invention.
Laziness is the father.
"It should be no surprise that alternate browsers--or alternate operating systems, for that matter--contain flaws."
This is right after the line that says, "Six vulnerabilities were reported in Opera and none in Safari." So it basically says, "The default OS X browser didn't have flaws, but anything that isn't M$ or IE has flaws." I just don't follow this train of thought.
I also noticed that if you add an 'i' to fred, you get "fired". I hope his bosses notice the connection.
especially compared to SPYWARE.
I used to spend a lot of time fixing friends computers because of viruses. Now, I spend it in cleaning up spyware. Spyware that was installed compliments of Internet Explorer, and has forced their machine to a GRINDING HALT.
Yet, I am still waiting for the first person that I have to spend 4 hours cleaning up spyware after they've switched to Mozilla/Firefox/Thunderbird.
Until I have confidence in IE to block popups, and stop installing apps w/out question (and I won't even to into FEATURES, like tabbed browsing, in-page document search, etc.), I'll stick to Firefox, thanks.
-- You can't idiot-proof anything, because they're always coming out with better idiots.
"...more security vulnerabilities in the last six months of 2004 were found in Firefox than IE..."
WHO THE FUCK CARES?!?!? All these dumbass writers need to learn that all bugs are NOT created equal. There is a BIG ASS DIFFERENCE between "small flaw that could theoretically be exploited but the good guys found it first and fixed it in two days anyway" and "gaping hole in the default configuration with thousands of exploits in the wild for months on end." I mean, fucking A, how awesome is it to run Windows Update and see a warning like this? "Identified security issues in Internet Explorer could allow an attacker to compromise a Windows-based system... This affects all computers with Internet Explorer installed ( even if you don't run Internet Explorer as your Web browser ). [emphasis added]"
Which would you rather live in: a city with a hundred arsonists or a thousand litterbugs?
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
First the "IE-only" page problems, is a problem for website operators, not Mozilla (get a UserAgent editor plugin, and fake IE if you wish, or better yet, send them an e-mail every day that you visit and can't access something).
:)
However, the article does make good arguements... that is, if the article was written 5 years from now. Firefox is not a mature browser. 4 years after release, IE 6 still has bugs, no new verson yet. Firefox has only been 1.0 for less than a year. There is certainly a break in period after software of this type reaches critical mass before every bug is vetted.
What the author fails to understand is that by it being open source, more bugs can be found, faster, and fixed, faster. I would certainly HOPE that there are more bugs in Firefox found on a month to month basis. Internet Explorer keeps chugging alone, spitting out new vulnerabilities like breadcrumbs. Firefox on the other hand is now very public, and getting a large influx of bug reports and fixes. However, after Firefox has killed 99.9% of its bugs, Internet Explorer will keep popping out exploits like an assymbly line because limitting the source code means that:
A) A small number of coders can actually look for exploits. Everyone else is basically left to hope that the next IE hacker publishes their exploit. And, once found, you sit back and wait for MS to fix it, instead of coding the fix yourself, or at least submitting fix code, or just even pointing out the area of code that is the problem. With IE, it's not as though you can e-mail them and say, "I found exploit X... It's occurring around line 7934 of file Y."
B) Firefox can truly change focus on a dime, just like with the IDN issue a few months ago. It doesn't take a manager of a manager of a manager to hold 50 meetings, talk with investors, talk with worldwide vendors, talk with politicians, and then make a decision at Mozilla. And, if you don't like Mozilla's decisions, it's open source, and you can always go "fork" yourself.
Is Firefox more secure? No. It's not supposed to be right now. Does it have more features? Yes. Is it easier to use? For me, yes. WILL it be more secure than IE once the initial round of exploits have been found? Damn skippy! And THAT is why Firefox is more secure, and why Lynx is still used today. Open Source projects, especially ones that have a great single goal in mind, like just browsing (leaving all the fluff to 3rd parties) eventually turns out something rock hard solid and stable.
It's just the "new" or "continually growing" ones that will have many of the same pitfalls of closed source. The only difference, is that even with those pitfalls, open source still has all of its other benefits.
Good article on statistics. Wrong conclusion and timing. Just another example of some writer trying to make themselves heard over the masses by trying to sail against the current. Unfortunately, his dingy is too small for this trip.
Cleaning the net one sed at a time! s/sex/sermons/; s/hot/holy/; s/goats/thebible/; www.holysermonswiththebible.com
How about the huge fucking memory leak in Firefox? On my Linux box, Firefox is a huge memory whore, and will completely overtake the system within about 2 days if I have significant number of pages open. We're talking about 1.2 gigs of memory (including my entire swap) just for Firefox. I found a potential remedy online, but its more of a hack than anything.
Is this problem being addressed? If they can't fix such a gigantic memory leak how could I expect them to fix more obscure security issues?
-- "I never gave these stories much credence." - HAL 9000
Tying to the OS doesn't affect IE's security at all, especially on a system where most users run as administrator.
The problem is that IE is allowed to run binaries loaded from the web without any sort of control over what those binaries are allowed to do. All a malicious web site needs to do is convince IE that it should be allowed to run that binary.
Firefox has no such "feature". Even Firefox's extensions are just XUL and are very limited in how they can work.
The only problem with tying the browser to the OS is that if some malicious code breaks the browser, the OS' user interface gets broken as well, but I have yet to see that happen to any great degree.
The global economy is a great thing until you feel it locally.
That security issues in IE are actually fixed!
There are countless issues in IE that have never been fixed, thus a single 6-month period when more vulerabilities were discovered in Mozilla is mostly irrelevent. What counts is how many vulnerabilities exist at any point in time.
OK, I know it's not quite that simple: more problems means more downloads, means more users won't actually have the latest version, but still, the article's premise is flawed because of unpatched bugs in IE.
The real "Libtards" are the Libertarians!
You are correct to an extent, however one of the main things worth pointing out from those pages is how IE still has several vulnerabilities that allow system access where as Firefox currently has no known vulnerabilities that are that severe. IE has has had vulnerabilities like that for quite for quite some time and for some reason one or two keep going unpatched month after month. All software will have bugs, so responsiveness is what matters and responsiveness is something that IE lacks.
Regards,
Steve
If you want visitors to not block your ads you have to come up with a way to cripple the site if the ads are not displayed. Unfortunatly ad blocks are client side and can't always be detected by the server.
Ads indirectly cover costs (large sites get paid because they can claim X amount of people see the ads per month, not per click or per sale) and images are a very big bandwidth hog. So if a visitor doesn't want to look at ads then Yahoo saves some money by not showing images either. And as a possible bonus the web-site looks so terrible that the user stops blocking their ads just so the images load.
I havn't needed to implement it on my site yet but checking whether or not Javascript is enabled on the client side is quite trivial.
Server Side Javascript Check
Once the server knows if Javascript is disabled on the client side the possibilities are pretty endless. Most ads (like AdSense) rely on Javscript so knowing javascript is enabled is important.
Work Safe Porn
Actually IE6 has now been out for 4 years. And a person should hope that a 4 year old product that is used by millions of people everday should have the bugs worked out if it by now.
Now as far as how to compare them check out this article. It compares security on a very sound premise: If you keep up-to-date with updates how long are you vulnerable. The answer: IE: 51 weeks during 2004, Firefox: 8 Weeks during 2004.
Lets rephrase that; using firefox I was safe from known exploits 10 months last year. If I was an idiot and used IE, I was only safe from known exploits 1 lousy week during the whole year.
Which are you going to choose? Get FireFox!
Looking for a job?
Want your resume written professionally?
DON'T USE TUNAREZ!!!
Parent: