Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google-Funded Study Knocks Firefox Security

Posted by Soulskill on from the time-to-argue-again dept.

Sparrowvsrevolution writes "Researchers at the security firm Accuvant released a study Friday that gauges the security features of the top three web browsers. Accuvant admits the study was funded by Google, and naturally, Chrome came out on top. More surprising is that Internet Explorer was rated nearly as secure as Chrome, while Firefox is described as lacking many modern security safeguards. Though the study seems to have been performed objectively, it won't help Google's fraying partnership with Mozilla." The full research document is available here (PDF), and it goes into much greater detail than the Forbes article. Accuvant also published the tools and data they used in the study, which should help to evaluate their objectivity.

49 of 225 comments (clear)

  1. Chrome and IE are the most secure browsers by InsightIn140Bytes · · Score: 4, Informative

    More surprising is that Internet Explorer was rated nearly as secure as Chrome, while Firefox is described as lacking many modern security safeguards.

    How is this surprising? Apart from some ignorant cases on Slashdot who believe Microsoft is the devil and should die, it's not a new fact that IE has been a really secure browser for a long time. Both IE and Chrome offer sandboxing, JIT hardening and ways to make vulnerable plug-ins less easy to exploit and gain access to system. Firefox offers none of these.

    Currently, it's not even often that you find a vulnerability directly in the browser. Most of the attacks target either plug-ins like Flash or PDF reader, and if someone does find an exploit in the browser, the extra security layer makes it much harder to exploit. Yes, you can use something like NoScript in Firefox (and other browsers), but majority of people don't. In fact even I don't because frankly, it's pain in the ass to use. This is the reason why extra security layers provide so much better overall security.

    Anyone who still says that IE is insecure browser just doesn't know what he is talking about. On top of that, this study doesn't really bring anything new to table (but it is really well done with comprehensive disassemblies and exploit testing), it just confirms what has been known for a long time now - both Chrome and IE are really secure browsers, followed by Opera. The one that is lagging behind is Firefox. I don't know what happened to them, but they seem to copy the aspects of Chrome that no one actually cares about (UI and version number scheme) while completely forgetting what Chrome and IE do underneath and what actually counts - sandboxing, JIT hardening, auto-updating browser and plug-ins and separating different tabs to different processes.

    1. Re:Chrome and IE are the most secure browsers by bunratty · · Score: 3, Informative

      I think the folks at SecurityFocus disagree. Although IE 9 is more secure than previous releases, IE still has plenty of vulnerabilities

      --
      What a fool believes, he sees, no wise man has the power to reason away.
    2. Re:Chrome and IE are the most secure browsers by hey! · · Score: 4, Insightful

      Well, let's wait and see.

      Software products are products of corporate cultures. That's not just how people in a corporation tend to think, it's what they tend to value. There is no doubt that Microsoft is capable of producing a secure browser when faced with public criticism and strong competition. The question is whether they will continue to do so if public attention flags or the competition declines, or whether security will be sacrificed to some other business goal.

      Of course you can ask that of *any* browser produced by *any* organization, but the point is that it is a bad idea to accord any one browser product a privileged position. Developers should develop to standards then test against multiple products, and users should not be shy about changing browsers. The problem is that IE inherently has a privileged position, and Microsoft has a history of using interlocking, non-proprietary product stacks to drive sales across product categories. That means Microsoft has unusual temptations when it comes to security, because of IE.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
    3. Re:Chrome and IE are the most secure browsers by InsightIn140Bytes · · Score: 5, Interesting

      You would only gain additional security if the exploits actually targeted the browsers. They don't - most of them target plug-ins and work in every browser. Now, both Chrome and IE sandbox them and have extra security layers for plug-ins just so that even if plug-in is vulnerable, you can't actually gain access to system. Since Firefox doesn't offer any of these options, you gain access directly after compromising the plug-in.

    4. Re:Chrome and IE are the most secure browsers by InsightIn140Bytes · · Score: 5, Informative

      If you browse the same site for Chrome, you'd notice that the list is about same length for the latest version. And the total vulnerability count is huge for Firefox compared to Chrome and IE.

    5. Re:Chrome and IE are the most secure browsers by hedwards · · Score: 3, Insightful

      The study itself appears to be bunk. They assume that the browser is going to be exploited which doesn't give any credit to how difficult that might be. It is valid to look at that, but it's incredibly misleading for them to suggest that all browsers are equally likely to be broken. Ultimately, by the time those technologies come into play you're more or less screwed. They can somewhat limit the damage, but if somebody's broken into the browser they probably know where one of the exploits is to get out of the browser.

      It also doesn't take into account common security extensions that people are likely to have or the types of people that use the browsers. Ultimately, it doesn't matter how secure your browser is if you just go around clicking random links and downloading questionable software.

    6. Re:Chrome and IE are the most secure browsers by InsightIn140Bytes · · Score: 3, Insightful

      Yes. But 99% of people are going to keep their Flash and PDF readers. But if you download PDFs and read them locally later, you can still be exploited if you use vulnerable reader. All of them have had exploits too, but Adobe's is the most targeted one.

      And yes, these exploits work for Linux too, if someone just remakes their payload to target them. In many cases you don't even need root access to most malware, so Linux security doesn't really offer much. However, in that case it actually needs the malware author to create separate payload for Linux.

    7. Re:Chrome and IE are the most secure browsers by InsightIn140Bytes · · Score: 4, Informative

      The links you showed lists new vulnerabilities for:

      Chrome 15.0.874.121 (really minor version number)
      Firefox 8.0 (FF 11.0 is in the works already!)
      IE 9.0 (now we suddenly have a major version number)

      Both Chrome and Firefox use insane version number schemes which really doesn't make that comparison valid. Because of that you have to compare the vulnerabilities within some time frame, for example one year or two years. But I suspect you knew that.

    8. Re:Chrome and IE are the most secure browsers by dln385 · · Score: 2

      Yes, you can use something like NoScript in Firefox (and other browsers), but majority of people don't. In fact even I don't because frankly, it's pain in the ass to use.

      Install NoScript and enable scripts globally in its options. I do this and it's like it's not even there, but once in a while when I'm on a shady website, it'll pop up and say that it blocked a suspected malicious script or XSS attack. Better than nothing.

    9. Re:Chrome and IE are the most secure browsers by Anonymous Coward · · Score: 4, Interesting

      You don't even need to read them, if you happen to ever have had adobe's reader installed, the shell extension remains lingering around, which means merely hovering over the file icon will open you to exploits.

    10. Re:Chrome and IE are the most secure browsers by Vellmont · · Score: 3, Interesting


      Anyone who still says that IE is insecure browser just doesn't know what he is talking about.

      Care to point to any actual data on breakins, rather than theoretical security models to demonstrate this point?

      You might want to look at the pwn2Own contest results from this year:
      http://en.wikipedia.org/wiki/Pwn2Own

      Teaser:
      The second and last browser to fall for the day was a 32-bit Internet Explorer 8 installed on 64-bit Windows 7 Service Pack 1.[23] Security researcher Stephen Fewer of Harmony Security was successful in exploiting IE. Just as with Safari, this was demonstrated by running Windows' calculator program and writing a file to the hard disk.

      Day 3
      No teams showed up for day three. Chrome and Firefox were not hacked.

      Only IE8 was in the competition since IE9 wasn't even released until shortly afterward. We'll see how the new batch of browsers does next year.

      So I have to ask: Why does "anyone who thinks IE is an insecure browser doesn't know what he is talking about"?

      --
      AccountKiller
    11. Re:Chrome and IE are the most secure browsers by Runaway1956 · · Score: 2

      I've had pretty good luck with gnash, myself. To be perfectly honest, though, I most often right click the video, and save it to disk, then view it locally, in VLC.

      Lightspark, I just looked at, and never did try it. Maybe I'll test it out soon.

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
    12. Re:Chrome and IE are the most secure browsers by LordThyGod · · Score: 2

      Windows is also Operating System for Dummies, Desktop for Dummies and Internet for Dummies all in one convenient package. Malware authors know they have a much better chance of such people not updating their software and doing other dummy kinds of things. Its a natural fit.

    13. Re:Chrome and IE are the most secure browsers by tycoex · · Score: 2

      My browser tells me which looks are 'good' links and which are 'bad.'

      http://www.mywot.com/

    14. Re:Chrome and IE are the most secure browsers by cryptoluddite · · Score: 4, Interesting

      Both IE and Chrome offer sandboxing, JIT hardening and ways to make vulnerable plug-ins less easy to exploit and gain access to system. Firefox offers none of these.

      On the other hand only Firefox is checked with static analysis tools before released, meaning that there are very, very few actual flaws in the browser (IE might be, Chrome certainly isn't). For instance when Chrome added a very basic memory checker to their test servers they caught dozens of bugs -- and that's just from the most basic of runtime checks. When people have run their commercial static analyzers on Chrome they've found several hundreds of potential flaws.

      What does this mean in practice? The inner sandboxed code in Chrome is wide open to attack. They aren't even using serious methods to try to protect that code and are instead relying completely on the sandbox. This is the reason why you'll get random crashes in Chrome, and why they purposely try to keep you from using too many tabs (if a process is rendering more than one tab then when it crashes more of your tabs have to reload). On the flip side, this is the reason why in a years of running Firefox nightly it has never crashed once. Yes, there are errors in Firefox, but they are complex ones not the simple mistakes that crash Chrome left and right.

      Personally I've never had a malware in dozens of years, so browser stability matters a whole lot more to me than security. A sandbox would be nice, but one that is relied on and causes random page crashes is worse than not having one but having far fewer crashes.

    15. Re:Chrome and IE are the most secure browsers by InsightIn140Bytes · · Score: 2

      Yes, because that AC obviously was me.

      He made the initial argument that IE has somehow had way more vulnerabilities than Chrome and Firefox, and then backed that argument with invalid data. I just pointed out that.

    16. Re:Chrome and IE are the most secure browsers by RobbieThe1st · · Score: 3, Informative

      I've found the same thing. FF seems to be extremely stable, does what I want, and is configurable enough that I can make it look /how/ I want(unlike Chrome and, I suspect, IE), which is something like the UI of FF3.
      Also, aside from a couple of glitches I've seen in nightly versions(locking up if reloading over 30 tabs at once being a problem I saw for a year), It's been pretty fast and stable.

    17. Re:Chrome and IE are the most secure browsers by bonch · · Score: 4, Insightful

      He didn't blindly dismiss your evidence. He directly refuted it by pointing out there are in fact vulnerabilities for Chrome, contrary to your claim that there are zero, and that you have to compare vulnerabilities within the same timeframe, which is entirely logical or else you could cite vulnerabilities from years ago in comparison to browsers today.

    18. Re:Chrome and IE are the most secure browsers by Anonymous Coward · · Score: 3, Informative

      Not according to the national vulnerability database. Here is the score for the last three months:

      We can argue that it makes more sense to look at holes over the last year instead of over the last three months, but the evidence indicates that Chrome is the least secure and IE is the most secure. (Security holes by version doesn't make sense for Chrome, since it changes its version number so quickly. Ditto with Firefox).

    19. Re:Chrome and IE are the most secure browsers by shutdown+-p+now · · Score: 4, Insightful

      As the other guy who replied to you have noted, you're comparing apples and oranges (or rather cherries and watermelons) here - you're picking a specific release of Chrome (a browser that updates version number several times month), a specific version of Firefox (a browser that updates version number several times per year), and a specific version of IE (a browser that updates version number once in two years). To make a meaningful comparison, you need to compare similar time periods, no matter how many versions were released in that period for the browser.

      So, IE9 was released in March 2011 - let's look at the time period from that point until today. Looking at release history in Wikipedia, this means Chrome from 10.0.648 to 17.0.963, and at Firefox from 4.0 to 8.0 (note that IE9 also had numerous updates in that time frame, it just doesn't count them as releases).

      Now I won't even bother counting, because even just looking at the earliest versions of both Chrome and Firefox as listed above both produce two pages worth of vulnerabilities, versus one pages for IE. It's obviously a very rough metric because this doesn't account for severity of those vulnerabilities, but it already goes to show that your original numbers (zero and two) are bullshit. I hope someone who's more patient than me will go through those lists and make a nice summary.

      Also, specifically with respect to Chrome, a good half of vulnerabilities are ones from Flash. This is technically correct, because Chrome ships bundled with Flash. However, in practice, vast majority of browser users on the desktop have Flash installed in any browser that they're using; so, to get a meaningful security comparison for a typical desktop, you need to either subtract those Flash vulnerability numbers from Chrome, or add them to other browsers. This would make Chrome the most secure by far, and Firefox the least - exactly as TFA says.

      It's also basic common sense. You're comparing two browsers who have sandboxed-process-per-tab with a browser that does everything in a single process with no security boundary. Of course the latter is going to be more vulnerable!

    20. Re:Chrome and IE are the most secure browsers by shutdown+-p+now · · Score: 2

      Keep in mind that Chrome holes include Flash holes, because Chrome ships with Flash. IE and Firefox stats don't count Flash, because it's technically a separate product. But, in practice, 99% of desktop PCs have it installed, so you might as well count it against all three browsers.

    21. Re:Chrome and IE are the most secure browsers by shutdown+-p+now · · Score: 2

      As a web programmer I know that CSS renders differently in IE9 than in Chrome or FF, and has a different box model in some cases. It also does play well with jquery yet, which is a "standard" library, even if not standards compliant.

      IE only has a different box model in quirks mode. If you use a proper DOCTYPE, you get the standard one - and this has been the case for a long time.

      With respect to "CSS renders differently", can you give an example? I'm sure there are some, but IE8+ declares support for pretty much all of CSS2. CSS3 is a much wilder area, and IE (even v9) lags behind other browsers in that regard, but then it is still a draft standard.

      The part about jQuery is certainly false, at least unless you're talking about IE6. jQuery actually ships in the box with Visual Studio these days, and if you create a .NET web application project in VS, it'll add jQuery to it automatically. Do you think anyone would do that if jQuery didn't work with IE?

    22. Re:Chrome and IE are the most secure browsers by shutdown+-p+now · · Score: 2

      No, a flaw in IE cannot root your system, unless there is a different elevation exploit in the OS itself (in which case it would apply also to any other browser). IE is not "deep in the system" - it's just a bunch of DLLs that contain the rendering and scripting engines, and an executable that provides chrome for it. It's precisely why people have been able to make unofficial "mods" of Windows with IE stripped out.

    23. Re:Chrome and IE are the most secure browsers by BZ · · Score: 2

      Firefox offers various security mitigation strategies (in terms of properly dealing with various memory-safety issues, say) that Chrome does not. As far as I can tell, this study just started off with a subset of the list of techniques that Chrome implements and then "studied" which other browsers also implement them, instead of studying what browsers actually do to ensure security and how difficult they are to actually exploit.

      Your larger point that modern IE is a fairly secure browser (like any modern browser) is correct, of course.

  2. Here it comes by masternerdguy · · Score: 4, Insightful

    Nobody is going to RTA. This is going to be a good flamewar though.

    --
    To offset political mods, replace Flamebait with Insightful.
  3. Opera by jaak · · Score: 5, Interesting

    The researchers dd not evaluate Opera in their study. I wonder how that would have compared...

    1. Re:Opera by kangsterizer · · Score: 5, Interesting

      They don't care about opera. It's not a technical study. It's a marketing study.
      Opera has no market share. Chrome's easiest target is Firefox.
      IE's easiest target is Firefox too, and they made a similar advertising study, where IE is on top of security, way ahead of Chrome - but not too much.
      Both put Firefox down.

      All of them fail to mention other security features of Firefox. All of them fail to mention noscript and the like.
      (and before you ask a list, take a look at Firefox's separated memory management per tab, or frame poisoning protection, etc.)
      Also, no mention of CVE count of course, aka the actual discovered vulnerabilities.

      That's just making a checklist where you put names of technologies that the opponent doesn't have, but don't put names of the ones you do not have.
      Then put a mark in front of them to make you appear better.

      In the past they've been (as in all corporations) doing that for ages, Microsoft certainly did a lot of it. The difference here is that they now buy out companies to do it for them.

    2. Re:Opera by InsightIn140Bytes · · Score: 4, Informative

      Opera is the most used browser in many CIS countries, having almost 50% market share in some and beating all IE, Chrome and Firefox. Maybe you wanted to say that Opera has no market share in the US.

  4. Re:NoScript! by calibre-not-output · · Score: 4, Insightful

    They tested the vanilla browsers, as they should. Most people don't install NoScript, and many who do get annoyed with it and switch it off.

    --
    Nothing lasts forever but the certainty of change.
  5. Won't hurt either by hal2814 · · Score: 3, Interesting

    It won't hurt Google's fraying partnership with Mozilla. Their "partnership" is Google writes a check and Mozilla cashes it. I'm pretty sure Google can say or do what whatever they want. It's not like Mozilla will stop cashing any checks that Google writes.

  6. Switching to Chrome on Linux? by yuna49 · · Score: 2

    I've read the first few pages of the report and intend to read the details about the three areas where the authors think Firefox is lacking -- sandboxing, plug-in security, and JIT hardening.

    However I will point out the comparison applies only to versions of these browsers running on Windows 7. For Linux users, the comparisons might not be so important, though I'd obviously prefer a browser that employs technologies like sandboxing and enforces security on plug-ins.

    If I switched to Chrome, how much privacy would I sacrifice to gain these security enhancements? I already use Google dozens of times a day, sometimes with a Google account. I use Ghostery to block most tracking cookies except for Google Analytics. I have some clients' sites subscribed to Analytics so I figure I should support the service myself. Would switching to Chrome provide Google additional information about me that it doesn't get now?

    What about the state of plug-ins for Chrome? Along with Ghostery I use AdBlock Plus, ForecastFox and some download helpers. I won't switch browsers if it means abandoning the functionality available in Ghostery and AdBlock.

    I could just use Konqueror or rekonq, but I've never preferred either of KDE's browsers to Firefox.

    1. Re:Switching to Chrome on Linux? by FoolishOwl · · Score: 2

      You could use Chromium instead, as it's the open source basis of Chrome, and pretty much the same in functionality, but without the Google branding, and I don't think it sends usage data to Google by default.

    2. Re:Switching to Chrome on Linux? by Anonymous Coward · · Score: 3, Insightful

      Perhaps not: http://chromium.hybridsource.org/the-iron-scam

    3. Re:Switching to Chrome on Linux? by calibre-not-output · · Score: 2

      That's good to know. Thanks for the link.

      --
      Nothing lasts forever but the certainty of change.
    4. Re:Switching to Chrome on Linux? by aeoo · · Score: 2

      Now there's a web page written by a douchebag full of hot air. Chromium is open source and distributing your version of the same software with a few changes is not a "rip-off", it's part of the freedom that the open source programmers enjoy. And for this exercise of freedom he decided to sic patent trolls on the Iron's dev? I hope that's not for real.

  7. chrome installs in insecure place by Billly+Gates · · Score: 2

    The folder has default write privileges. This is how a standard user can install it. It also means privilege escallations dll injections and other nasties. Worse on XP the default user is a full admin without aslr or dep fully implemented.

    --
    http://saveie6.com/
  8. In fact ... by Kaz+Kylheku · · Score: 3, Informative

    The PDF paper trashes NoScript. That is to say, it is mentioned in a paragraph that basically states that Firefox has add-ons, and add-ons are a security threat. Nothing is mentioned about the security benefits that add-ons can provide.

    1. Re:In fact ... by makomk · · Score: 2, Insightful

      Chrome of course is "secure" because it protects against malicious extensions by restricting them to the point they can't actually do a lot of things people want them to do. Talk about spin...

  9. Firefox still a single-process browser by Animats · · Score: 5, Informative

    Many of the security issues mentioned in the paper for Firefox come from the fact that Firefox is, for historical reasons, a single-process browser. It's the last of the single -process browsers.

    This is both a performance problem and a security problem. Even add-ons aren't yet running in separate processes. The Mozilla project to make Firefox multiprocess is behind schedule and in trouble.

    "Fennec", the Mozilla browser for mobile devices, is already multiprocess. But getting that machinery into the main line of Firefox has run into problems, and, after two years of effort, multiprocess Firefox is now on hold. "Converting an established product, like Firefox, from a single- to multi-process architecture requires the involvement and coordination of many teams. ... Electrolysis requires a large investment of resources and time and has a long timeline for completion. How long? At this point we do not have a definitive answer...."

  10. Firefox has a fucked up "architecture". by Anonymous Coward · · Score: 2, Insightful

    Of all of the major browsers, Firefox has by far the most fucked up architecture. When you examine it, it's no wonder why Firefox suffers from so many performance problems, excessive memory usage, and various other problems.

    The core parts of it are written in C++, which isn't a bad idea, by any means. However, they've decided to use a stuck-in-the-1990s variant of C++ that's extremely handicapped and limited. This might make it portable, but it also encourages the creation of obtuse, low-quality C++ code.

    It's the crap they've layered on top of this core that really makes any good software developer ask, "What the fuck ?" XPCOM is braindead. It's a pile of crap beyond belief. It makes MS COM a pleasure to work with, if you can even imagine that.

    Then they implement the UI in a horrid mix of JavaScript and XML (they call it XUL). If you've done any serious UI development using real toolkits like Motif, MFC, wxWidgets, Swing, SWT, WinForms, and even Gtk+, you'll immediately see how stupid this JavaScript/XUL approach is. It's everything that's bad about JavaScript (and that's just about everything about it), combined with everything that's bad with XML, combined with everything that's bad about HTML and web development.

    The use of JavaScript and XUL to build desktop applications is, to me, a sign of ignorance. When all you know is web development, you'll try to use the same techniques for application development, and it'll be a disaster. See Firefox.

    It should be clear to any good software developer why Firefox has such poor performance, and why it uses so much memory. Its architecture is complete rubbish. It's as if every bad idea possible was chosen, from the use of a poor subset of C++ to the extensive use of JavaScript and XML where neither is appropriate for use.

    It also becomes clear why it was relatively easy for Chrome to crush Firefox so easily. It's apparently developed by proper C++ developers, who are smart enough to know to not use web development techniques for desktop application development.

  11. Re:NoScript! by calibre-not-output · · Score: 4, Insightful

    Yes, that's exactly what I didn't mean. The test was a test of Firefox (and IE and Chrome), not a test of "Firefox with some add-ons installed". Chrome has optional third-party security plugins too, and they also weren't enabled for the test. NoScript isn't a part of Firefox, doesn't come bundled with the browser, and isn't developed by Mozilla. Why should it be included in the test?

    --
    Nothing lasts forever but the certainty of change.
  12. Re:NoScript! by calibre-not-output · · Score: 3, Insightful

    it would be like reviewing an SLR and not using its raw mode

    No, it'd be like reviewing an SLR without an external flash bulb. Raw mode is built-in to the camera, NoScript is not built-in to Firefox. NoScript, like the external flash bulb, is an optional feature that the browser/camera is made to accept, but also made to work without. Most Firefox users don't use NoScript, even though almost every power user does. Likewise, most people who buy SLRs are overspoiled teens who will never leave the safety of "Auto" mode and probably don't even know that you can swap lens at all - but every serious photographer has a bag full of peripherals for each specific kind of photo they want to make. I've never read a side-by-side comparison of, say, a Nikon and a Canon camera where the reviewer concludes that despite being all-around worse than model B, you should still buy model A because it fits more different kinds of peripherals. It's the same thing with web browsers.

    --
    Nothing lasts forever but the certainty of change.
  13. Re:NoScript! by InsightIn140Bytes · · Score: 2

    Most people don't use AdBlock or NoScript. That's what matters. You can disable scripting and plug-ins in other browsers too, and get practically the same results. But it's not a real world scenario, not how 99.9% users use their browsers.

  14. Re:What about Opera! by calibre-not-output · · Score: 2

    This was a market-oriented study and Opera has a negligible market share when compared to IE, Firefox and Chrome. It's a pity. I really like Opera, but from a market standpoint it's irrelevant.

    --
    Nothing lasts forever but the certainty of change.
  15. Re:Potential shill: First post & instant Score by InsightIn140Bytes · · Score: 2

    Doesn't this "omg he must be a paid shill!" stuff never get old in Slashdot? It's even more telling that you get modded up for that instead of coming up with any arguments about the actual topic.

  16. Secunia Gives Different Results by DERoss · · Score: 2

    Rather than rely on a biased study by Google that damns its competitors, look at what Secunia -- an independent source -- says.

    At http://secunia.com/advisories/product/38734/?task=statistics_2011, we see that Firefox 8 has 1 minor vulnerability (unpatched).

    At http://secunia.com/advisories/product/38537/?task=statistics_2011, we see that Chrome 15 has 3 vulnerabilities, with 2 considered "highly critical". Those two have patches; the minor vulnerability is not yet patched.

    It seems that security for Chrome and Firefox are currently equal but not perfect.

  17. Re:Potential shill: First post & instant Score by Dhalka226 · · Score: 3, Interesting

    Okay, I have noted those things. Now can you explain to me why I should care?

    The vast majority of his post was statements of fact that can be proven true or false. If you have something to say about the information he provides, by all means, enlighten us.

    If your complaint is that he might be paid to post it, I honestly can not be bothered to give a shit. This is not a review site where he is posting fake opinions to make a product seem better or more well-liked than it is. His motives mean nothing; whether or not the information he gives is accurate does, and that is independent of whether or not he is a shill. (Getting facts out about a product is also called "marketing," if one is not instantly out to make it be a nasty thing.)

  18. Re:NoScript! by TheGratefulNet · · Score: 2

    agreed. those are the 2 killer apps for safe browsing.

    to talk about safe browsing and then ignore the rich plugins that are, for all practical purposes, very standard - is just intellectually dishonest.

    I don't trust google and so I refuse to consider chrome. their goals are not consistent with my goals (google vs me) and I'll never trust things they push. if they are for it, I'm usually against it. so chrome is, by definition, NOT a safe and secure browser for me.

    FF is slow and bloated but I've not lost any work in the last 5 years or so; about as long as its been since they added journaling so that you're data is checkpointed and you can resume after a possible crash (for me its usually running out of swap). I might get a FF crash a few times a year. its not that bad and again, it does not ever lose state or data.

    finally, no corporation is behind mozilla. that reassures me. google is just too close to some things and I refuse to trust them any farther than I can throw them.

    --

    --
    "It is now safe to switch off your computer."
  19. Look people by cshark · · Score: 3, Informative

    I love Slashdot, always have. But as a community, we seriously need to stop applying the term "study" to every observation, or web page with pretty charts on it. This last thing wasn't a study. Not in the formal sense. It was a feature comparison. Biased, maybe. But who cares? It's not a study. And it's not the first time this has happened here.

    --

    This signature has Super Cow Powers