backtop


Print 95 comment(s) - last by Tomcatter.. on Dec 9 at 11:55 PM

A recent Microsoft took a rather insulting stab at Mozilla, so the open-source firm decide to do some trash talking of its own.

Mozilla is all hustle and bustle these days, trying to fix the remaining bugs before it rolls out its final release of the third iteration of its popular Firefox browser.

Perhaps catching wind of the press on these bugs, Microsoft released a security report on November 30, titled "Internet Explorer and Firefox Vulnerability Analysis".  The report, which examined the quantity and threat level of vulnerabilities within the two browsers, came out very strongly skewed in Microsoft's favor.  It reported that Internet Explorer experienced fewer threats across all security levels (low, medium, and high) than Firefox.  It also reported that Mozilla had to fix 199 security vulnerabilities, while in the same period of time Microsoft only had to fix 87.

Microsoft products are not always known as secure platforms, largely because they are the market leader and the biggest target for malicious attacks.  Not so, the report indicates, when it comes to Internet Explorer.

The report was produced by Microsoft's Jeff Jones, a security strategy director in Microsoft's Trustworthy Computing group and is available, here.

Mozilla's Mike Shaver had some choice words in response to the report.

"Just because dentists fix more teeth in America doesn't mean our teeth are worse than in Africa," he said, said left handedly comparing Internet Explorer to a festering tooth.

He continued, "It's something you'd expect from maybe an undergrad.  It's very disappointing to see somebody in a senior security position come out and say that because an organization is more transparent about their bugs and fixing them, they're somehow less secure."

Shaver says the analysis is lazy and possibly "malicious."

He does raise a valid point that Microsoft often lump several security issues together into a single "threat" that gets fixed irregularly with the arrival of the service pack.  Shaver points out that Mozilla has constantly been working to roll out fixes far more quickly than Microsoft's.  Shaver explains:
"If Mozilla wanted to do better than Microsoft on this report, we would have an easy path: stop fixing and disclosing bugs that we find in-house. It is well known that Microsoft redacts release notes for service packs and bundles fixes, sometimes meaning that you get a single vulnerability 'counted' for, say, seven defects repaired. Or maybe you don't hear about it at all, because it was rolled into SP2 and they didn't make any noise about it."

Shaver says in his blog, that we would have to be in a "parallel universe" for Microsoft to even "approach Mozilla's standard of transparency.”

In an interview with eWeek, he continued to vent, saying, "The vast majority [of the Firefox user base] is updated to the most secure version of Firefox in less than a week;  those are the things we measure and talk about publicly. Reports like [Jones'] really point the industry in a dangerous direction, which is to say you're [given an incentive] to keep [browser security fixes] quiet. That doesn't keep you safer, it just helps companies hide the real nature of what they're doing."

Earlier last month Jones had published a report on how Windows Vista was far less vulnerable than Leopard OS X or most Linux OS distributions.

Many will be sick of Microsoft and Mozilla's bickering, but when they attack each other so publicly, it’s simply hard to ignore.  This is unfortunate as it simply leaves the user feeling less secure and unsure of who to trust.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Sometimes I wish
By Chaser on 12/3/2007 3:10:51 PM , Rating: 2
Having choices and competition is a good thing but sometimes I wish with browsers there was one one stop shop that was fast, secure, reliable and FULLY compatible. I like Firefox, I like some things of I.E. 7, I think Opera 9.5 looks promising, and Safari in some ways is very fast. But to me having to pick and choose (sometimes) depending on the site adds another layer into the process that I believe really should be simple. I don't care what name, who makes it or whatever. I'd prefer one size fits all and fits well so I can move onto what I am trying to find or get faster.




RE: Sometimes I wish
By Screwballl on 12/3/2007 3:28:07 PM , Rating: 5
Competition is good in this type of market. Mozilla knows what it is talking about and Microsoft knows how to cover up exploits and vulnerabilities.


RE: Sometimes I wish
By TomZ on 12/3/2007 3:42:21 PM , Rating: 2
That's a pretty naive view. In reality, a browser's security is probably a function of the size of its functionality, it's popularity in the market, and the number of engineers who are available to perform security audits and to investigate and fix reported and suspected issues.

If I were to look into the future, I would guess that as Firefox continues to gain in popularity, it will be attacked more and more by hackers. The question then becomes, if Firefox is for example just as popular as IE, does Mozilla have the resources to keep ahead of the hackers or not, let alone keep ahead of Microsoft. Clearly Microsoft will invest those resources, and we know the hackers will, but will Mozilla? I kind of see it as simple as that.

What I don't see for Mozilla is a huge revenue stream that can be tapped to wage the good war. They have no silver bullet for security that will keep them out of the battle.


RE: Sometimes I wish
By fic2 on 12/3/2007 4:22:45 PM , Rating: 5
quote:
Clearly Microsoft will invest those resources


Why? If firefox went away tomorrow do you think that MS would invest any more money into IE? MS stopped updating IE when Netscape went away. How many years was it before there was any type of IE release between Netscape going away and FF coming into being? 3? 4? 5 years?


RE: Sometimes I wish
By TomZ on 12/3/2007 4:33:50 PM , Rating: 1
I disagree. Microsoft see IE as part of the "platform" and has made a commitment to building a more secure platform.

In terms of adding features and functions, I do agree that Microsoft's investment in adding these to IE will be strongest when there is a competitive threat, e.g., the one IE faces today with Firefox. "Competition is good."

But my point really is to ask whether Mozilla can afford to engage in a war against hackers for security issues and against Microsoft for competitive position - at the same time. I don't see a large revenue stream available to Mozilla for these types of activities.


RE: Sometimes I wish
By Alexstarfire on 12/3/2007 5:40:41 PM , Rating: 4
What world do you live in? I don't see Microsoft making there platform THAT much more secure. It seems to me that they only make it secure enough so the majority of the mass doesn't complain about it. I know you can't predict all security threats on a piece of software, but you shouldn't be rolling out multiple updates per month to fix holes.


RE: Sometimes I wish
By TomZ on 12/3/2007 7:21:49 PM , Rating: 2
I guess you don't understand the nature of security threats. First, let me say that for Vista, Microsoft went through and did a lot of security audits and re-wrote a lot of old code to clean up security issues. IE7 and recent releases of Office got the same treatment.

Second, continuous updates are part of the security strategy. The reason is that the threat is continually changing, with hackers coming up with new types of exploits practically daily. Since it is literally impossible to anticipate all future attacks, to some degree it is necessary to fortify code based on emerging attack trends. The updates deliver these changes.

And I agree, Microsoft is not shooting for "perfect" security, because it is not actually possible to achieve that. That is why you see some security problems that are discovered not get updated since the possibility of them being exploited is so low. Microsoft focuses its resources on areas that are important, which is rational and reasonable.


RE: Sometimes I wish
By Targon on 12/3/2007 7:45:42 PM , Rating: 3
The problem still remains that Microsoft has yet to make a significant update to IE in terms of the engine....ever. It's almost impossible to fix problems with the fundamental design of a program by doing these little updates here and there. IE is flawed by design, and many so-called fixes are just work-arounds for that flawed design.


RE: Sometimes I wish
By TomZ on 12/3/07, Rating: 0
RE: Sometimes I wish
By Alexstarfire on 12/3/07, Rating: -1
RE: Sometimes I wish
By Rampage on 12/3/2007 10:35:58 PM , Rating: 5
RE: Sometimes I wish
By LogicallyGenius on 12/3/07, Rating: -1
RE: Sometimes I wish
By Master Kenobi (blog) on 12/4/2007 10:17:12 AM , Rating: 2
You have a rating of 0.8 with only 108 posts. The system prevents you from voting if your rating sinks too low, it's to prevent abuse by bots/trolls/bad people. Make a few posts (they start at 2) that aren't flaming someone, and it will be up past 1.0 in no time and voting works again.


RE: Sometimes I wish
By jamdunc on 12/4/2007 2:28:37 PM , Rating: 2
So how do I vote? Lurked herfe for ages and finally started posting but still can't work out how to vote :p

How thick am I?


RE: Sometimes I wish
By Master Kenobi (blog) on 12/4/2007 2:39:42 PM , Rating: 2
Well, you can't vote right away (Prevents abuse by bots, etc...) you have to post a few times (Not sure what the threshold is, but its something in the range of 25-50). Once you've crossed this threshold you will see the option to mark something as "Worth reading" or "Not worth reading", Being a Up or Down vote respectively. Now if you post in a topic, you will be unable to vote in that same topic, and any votes you had previously will be removed.

You know, as much as these questions get asked, maybe we should write an FAQ :P


RE: Sometimes I wish
By Master Kenobi (blog) on 12/4/2007 2:41:39 PM , Rating: 1
quote:
You know, as much as these questions get asked, maybe we should write an FAQ :P

Sorry, mean't to say "add to the FAQ". We have one, but your question isn't covered.


RE: Sometimes I wish
By misuspita on 12/4/2007 3:19:24 PM , Rating: 3
Yep, I think it would be an excellent ideea. You just cleared the missing vote mistery here at DT. At least for me. Thanks!


RE: Sometimes I wish
By Ryanman on 12/9/07, Rating: 0
RE: Sometimes I wish
By mmntech on 12/3/2007 8:24:33 PM , Rating: 5
Arguably, IE7 would not have come out when it did if it wasn't for Firefox. A lot of people adopted it in the early days due to the major security holes in IE6. Microsoft's biggest problem in recent years has been a failure to innovate. Competition is the best thing in a market that has long been dominated by monopolies and duopolies.


RE: Sometimes I wish
By GreenyMP on 12/4/2007 10:14:40 AM , Rating: 3
In the Netscape vs. Explorer days browsers evolved quickly. When the competition subsided Microsoft reallocated resources to other projects leaving the browser in almost a maintenance mode. When asked why it was almost abandoned their reply was always, "We provided so many features that were not being used. Finally we decided to let the web catch up." The problem with that approach was that developers became tired of dealing with the same bugs rolling from version to version. (Serious JavaScript memory leaks, select box zIndex issues, etc.) Eventually the market was prime. So along came Firefox with its faster render times, tabbed browsing, and superb development tools (beating Microsoft at their own game). In essence you can thank Microsoft for Firefox.


RE: Sometimes I wish
By Alexstarfire on 12/3/2007 5:38:21 PM , Rating: 2
What you say may be true. I have thought about that quite a bit.

The analogy they use is quite true, but it also completely disregards how bad the teeth are that they have to fix. Fixing a million cavities isn't as bad as having to pull teeth and do root canals.

The same can be said of the amount of vulnerabilities in each browser. I'd rather have 50 low level threats than 1 high level threat. Of course, I'd rather not have threats at all, but nothing is perfect. I'm also curious as to how many vulnerabilities IE would have if they didn't "lump" some of them together. If neither company lumps them together then you can at least see a bit more of the big picture.


RE: Sometimes I wish
By tjwolf on 12/3/2007 8:41:14 PM , Rating: 3
One could argue that yours is the naive view. Obviously security is partially a function of complexity: the more complex the application, the more likely it is to have bugs that can be exploited to circumvent security. But it is also one of design - which you entirely ignore: if one creates an application that only has one door through which exploits can be made, it is obviously more secure than an application which has a 100 doors. Firefox doesn't have 1 door, but it has a heck of alot less doors through which exploits can be made than IE with its tight integration with the operating system (via its inane ActiveX and other insecure extensions).

Secondly, you say that security is a function of the number of engineers working on the product to find these problems and assert that Microsoft has more resources to do so. Sure Mozilla is a small organization, but with back from Google, its financial resources aren't negligible. And since the browser is open source, absolutely anyone can not only help find bugs, they can help fix them! That includes engineers from many of the world's largest companies (including engineers from the aforementioned Google). So, it's pretty obvious to anyone that doesn't cling to the naive notion that it's Mozilla against Microsoft that Firefox development actually has more resources at its disposal than Microsoft.


RE: Sometimes I wish
By TomZ on 12/3/07, Rating: -1
RE: Sometimes I wish
By Zurtex on 12/3/2007 11:44:53 PM , Rating: 5
Mozilla hires about 100 full time staff...

And as for what you say about the rest of people who look over the code, visit bugzilla some time, seriously, it's an amazing place. With the build up to Firefox 3, I've been there a lot, tracking how my bugs have been doing and seeing if there's any others I'd like to have fixed.


RE: Sometimes I wish
By tjwolf on 12/4/2007 11:07:13 AM , Rating: 2
You seem to have heard of the feature called ActiveX (remember - you called it 'powerful' and 'elegant'?) That is a very complex feature - and it doesn't exist in Firefox. Therefore, IE is quite a bit more complex than Firefox. And for no good reason since, as I said, ActiveX shouldn't exist in a Web browser.

Your assertion that most people don't contribute to fixing bugs is based on no knowledge - have you ever gone to the bugzilla web site? Check out how many people file bugs, fix bugs, etc.


RE: Sometimes I wish
By TomZ on 12/4/2007 12:40:30 PM , Rating: 1
ActiveX is actually so simple it's stupid. It is easy to write an app that hosts an ActiveX control. I can't imagine that part adds much complexity to IE.


RE: Sometimes I wish
By tjwolf on 12/5/2007 8:25:17 PM , Rating: 2
You mistake the ease of programming with lack of complexity. ActiveX is a layer which allows access to the entire underlying OS. Therefore, IE with ActiveX carries with it the complexity of the entire Windows OS. That is why it's such a bad design! Any security vulnerability in the OS could, theoretically, be exploited by an attacker through ActiveX.

With regards to ActiveX's ease of use - it's MS' intent: to let every Joe Average program the Web by leveraging the entire OS' capability. Hordes of MS VB script kiddies became instant Web developers (at least Web developers in MS' mind).

...never mind any security concerns or adherence to standards or letting non MS IE users look at your info...


RE: Sometimes I wish
By Pythias on 12/9/2007 3:17:47 AM , Rating: 2
quote:
That's a pretty naive view. In reality, a browser's security is probably a function of the size of its functionality, it's popularity in the market, and the number of engineers who are available to perform security audits and to investigate and fix reported and suspected issues


A browser is only as safe as the actions of the person operating it.


RE: Sometimes I wish
By Tomcatter on 12/9/2007 11:55:07 PM , Rating: 2
quote:
by TomZ on December 3, 2007 at 3:42 PM

quote:
That's a pretty naive view. In reality, a browser's security is probably a function of the size of its functionality, it's popularity in the market, and the number of engineers who are available to perform security audits and to investigate and fix reported and suspected issues.

If I were to look into the future, I would guess that as Firefox continues to gain in popularity, it will be attacked more and more by hackers. The question then becomes, if Firefox is for example just as popular as IE, does Mozilla have the resources to keep ahead of the hackers or not, let alone keep ahead of Microsoft. Clearly Microsoft will invest those resources, and we know the hackers will, but will Mozilla? I kind of see it as simple as that.


Here's the big difference to my mind. If someone hacks Firefox, they've hacked Firefox. But, because of the way Microsoft integrated IE with the operating system to kill off Netscape, if you hack IE, you simultaneously mess up or take control of the operating system as well. This also makes IE a much bigger target and that much harder to fix (when MS chooses to develop fixes).


RE: Sometimes I wish
By customcoms on 12/3/2007 3:31:01 PM , Rating: 3
Firefox features an addon that allows one to load IE7 within Firefox: https://addons.mozilla.org/en-US/firefox/addon/141...

I hardly ever use real IE7 because of this addon; however IE7 is a perfectly acceptable browser in my opinion, and consumes less ram than Firefox generally-it is much better for the parents/grandparents etc. who don't know/don't want to know about Firefox than IE6 anyway.


RE: Sometimes I wish
By FITCamaro on 12/3/2007 3:45:55 PM , Rating: 2
I have a question that you might know the answer to. IE7 runs in reduced permission mode in Vista (and XP I believe). Does Firefox 2.0? Will 3.0 if not?


RE: Sometimes I wish
By TomZ on 12/3/2007 3:53:41 PM , Rating: 1
Protected Mode exists for Vista only, not XP. And AFAIK Firefox was going to add support for it in 3.0, however, I haven't followed it too closely to know if that got done or not. Here's a starting point, maybe you can google for more details:

http://www.pcadvisor.co.uk/news/index.cfm?newsid=8...


RE: Sometimes I wish
By FITCamaro on 12/3/2007 4:56:58 PM , Rating: 2
Thanks Tom. Thats a big feature I wanted for my parents. I have to get them back in IE7 now after getting them to use Firefox when they still had XP.


RE: Sometimes I wish
By Silverel on 12/7/2007 2:42:54 PM , Rating: 2
If you have a modern processor, there are ways to keep Firefox from eating all your ram.

It's basically a beta, but Firefox Ultimate Optimzer works well to keep almost ALL of your ram free. With 4 tabs open I'm using under 1MB of ram. Been using it for about a week now, and except for a little extra load on the CPU, haven't found any real downside to it.


RE: Sometimes I wish
By djcameron on 12/3/2007 6:47:07 PM , Rating: 1
Try Avant Browser(http://www.avantbrowser.com). It uses the IE core, so it's compatible with everything, it's faster than all of the other browsers, and the interface is better than IE7 or Firefox..


RE: Sometimes I wish
By Chaser on 12/4/2007 8:09:52 AM , Rating: 2
Its a shell. And for now at least it's compatible with Vista but doesn't use the Aero features nor have the look and feel of Vista IE 7.


RE: Sometimes I wish
By Fritzr on 12/4/2007 11:33:06 PM , Rating: 2
One stop is here now. If all websites stuck to the published standard then all compliant browsers would work equally well.

The reality is that IE7 is very "forgiving" when it comes to errors in coding & tries to guess what was really intended. FF, Opera, Safari and the other browsers that work well in the real world are doing the same thing. The lst of bugs that IE ignores or corrects is confidential ... Many designers test using IE. Result is that browsers that do not handle coding errors in the same manner will be seen as "bad" when the reality is that it is the website that has a problem.

IE will have problems with pages that were tested with FF, Opera, Safari or another browser that does not make exactly the same corrections as IE does.

Get the browsers to stop silently correcting bad & lazy code and you'll see a lot more cross browser compatible code.

Had one case where Opera did a data base dump due to coding errors that IE quietly corrected displaying only the selected record(s). Since the coders never bothered to test with any other browser and they had enough errors in their code that I'm surprised any browser could understand it, they released it to their customer and were SHOCKED when it was reported that confidential info was exposed. It seems that the people who paid to have the code written were also supposed to ensure that none of the people logging into the site used anything but IE ... The application was meant to be used by the general public.

Idiocy is promoted by the silent correction by proprietary algorithms that are trade secrets. Then the end users wonder why their brand X browser, that otherwise perfectly suits their needs, can't handle the websites that are actually out there.


Chuck Norris>Opera> All other browsers
By MatthewAC on 12/3/2007 3:27:07 PM , Rating: 2
'nuff said :).




RE: Chuck Norris>Opera> All other browsers
By Goty on 12/3/2007 3:38:40 PM , Rating: 2
I use Opera Mini on my cell phone, but I can't stand the rendering errors and incompatibilities on the PC.


RE: Chuck Norris>Opera> All other browsers
By Etsp on 12/3/2007 4:00:40 PM , Rating: 5
Those "rendering errors" are in fact, not errors. Items are displayed in a way that is much closer to the HTML standard. When you see a "rendering error" it is in reality, a page that was designed poorly with the general aim to get around the rendering errors in IE.

All browsers other than IE are often accused of not being able to render a page properly, when the truth is the reason the pages appear different is because these other browsers don't share in IE's deficiencies, which has sadly created it's own standard via brute force.


RE: Chuck Norris>Opera> All other browsers
By TomZ on 12/3/07, Rating: -1
RE: Chuck Norris>Opera> All other browsers
By tjwolf on 12/3/2007 9:14:38 PM , Rating: 5
It isn't a broad generalization just because you say it is. And you're telling us what the 'reality' is by simply giving 'broad generalizations' yourself.

Just about everyone who does Web development and who is familiar with HTML standards knows that IE has almost always been the least compliant of the major browsers. But lately there isn't *that* much of a difference, afaik (see below why).

Your comment about IE only straying from the path in the development of ActiveX and ActiveX being a "powerful and elegant solution" kind of gives away your "MS fanboy" status: ActiveX is a Microsoft product that goes against the grain of what the Web was designed for: the exchange of information among all its users. As ActiveX is an IE-only feature, people who employ it purposely exclude anyone who doesn't use IE. Furthermore, ActiveX is one of the reasons why IE is so insecure in the first place!

You describe people who have a negative view of ActiveX as "lay people". I am not such a person - I've designed Web based software since Mosaic 1.0 came out (around 1993)- I say ActiveX is bad technology whose primary goal was/is to push the Web into a proprietary (i.e. Microsoft-controlled) direction. It did/does so by luring lazy web developers with "easy, pre-built functionality" - never mind the security issues and the fact that the resulting application can only run on IE.

Thankfully, and partially due to the existence of alternative browsers, this has not worked. ActiveX is on the wane - being replaced by truly cross-platform solutions (e.g. HTML/CSS/AJAX/SVG/Java/Flash, etc.)


RE: Chuck Norris>Opera> All other browsers
By TomZ on 12/3/07, Rating: -1
By robinthakur on 12/4/2007 5:23:25 AM , Rating: 5
No. in the nicest possible way, you know nothing so please stop talking and misinforming people. I've been designing standards compliant web pages for several years, and IE7, while a big improvement on IE 6 (transparent PNG files anyone?) is not that great as a standards based browser as for example Firefox, Safari or Opera which are all streets ahead and embrace CSS3 standards in a way in which IE7 does not. The number of browser-specific hacks you used to have to work around in IE such as the breakage of the standard box model would have been laughable if it didn't make my life so miserable for so long. The problem in IE7 is a lack of innovation. If only they accepted the latest and greatest web standards agreed by the W3C then I would welcome it with open arms. The fact that the most widely used web browser's development effectively stalled around version 5-6 means that we are still using standards which are years out of date purely because nobody feels that they are safe to use them as there isn't enough support. Its not a proprietary thing.
As for Active X controls, are you even being serious?!? Do you actually work for Microsoft? Microsoft certainly understood that it needed to do something to stem the flow of developers going over in droves to Sun's java and the coming threat from Flash. I think when you say it was powerful, you mean it was insecure because that's what most developers remember about Active X, not the ease of implementation.
If everyone developed in XHTML and CSS and embraced the new powerful CSS3 standards then the world would be a better place [sniff...]
R
T


By retrospooty on 12/3/2007 10:25:47 PM , Rating: 5
"Your comment about IE only straying from the path in the development of ActiveX and ActiveX being a "powerful and elegant solution" kind of gives away your "MS fanboy" status:"

That and the fact that he vigorously defends MS at every step, regardless of logic provided, evidence presented, or anyone else's experience. :D


RE: Chuck Norris>Opera> All other browsers
By Staples on 12/3/2007 5:25:49 PM , Rating: 2
I have been using Opera nearly 100% of the time for nearly two years. There are still a few things that it has problems with such as WebCT (I have to use IE or Firefox to log in) but the majority of them have been fixed over that time period. It is the best browser as far as I am concerned. It actually has features to set it apart from the other two heavyweights (which are a lot closer to each other than Opera is to either).


RE: Chuck Norris>Opera> All other browsers
By aos007 on 12/3/2007 7:03:26 PM , Rating: 1
Likewise, using Opera as the main browser 90% of the time.
The main reason is I like the way it presents all the information at once - specifically RSS feeds and email (plus no stupid questions about "do you want to close all tabs?" and the like). No other browser presents email and RSS so nicely organized (and easily searchable). And it all works out of the box.


RE: Chuck Norris>Opera> All other browsers
By ertomas on 12/6/2007 5:06:15 PM , Rating: 2
quote:
plus no stupid questions about "do you want to close all tabs?


AFAIK Firefox has the option to disable that message. I like it because if you accidentaly click the X you loose all open tabs!.

That's why almost every piece of software asks you if you really want to quit. I don't think it's a stupid question.


RE: Chuck Norris>Opera> All other browsers
By Fritzr on 12/8/2007 5:20:21 AM , Rating: 2
Opera avoids the need to ask by allowing you to reopen all tabs from the previous session without remembering to set a preference before the browser crashes. Very convenient, I keep roughly 20 pages open at all times and click the X regularly.

When Firefox adds the capability of starting with all tabs open & dynamic data restored from the previous exit to it's startup screen, then the message will no longer be needed. Currently you can select this option AFTER FF is opened. No way to do this is you select start with home page or blank page instead ... Opera asks each time it opens if you would like to restore a previous session.


By HeelyJoe on 12/9/2007 12:21:01 AM , Rating: 2
Just in case you didn't know, Tab Mix Plus has an option to resume the previous session.

I do wish the option was included by default, though.


What's the big deal?
By iFX on 12/3/2007 3:06:02 PM , Rating: 5
I use both, I like both. They are both good products. Arguing about it is pointless. The developers from either side arguing about it is pointless.

People pick some SILLY things to waste their passion/energy on. Example? Well, just watch this topic heat up as people bash each other for liking/defending one or the other.




RE: What's the big deal?
By tallcool1 on 12/3/2007 3:14:03 PM , Rating: 3
I agree, lets move back onto DT finest bashing topics like Playstion 3 vs XBOX 360, and/or Blue Ray vs HD-DVD! ;-D LOL


RE: What's the big deal?
By glenn8 on 12/3/2007 3:17:33 PM , Rating: 2
Don't forget the wealth of political topics. :)


RE: What's the big deal?
By afkrotch on 12/3/2007 3:14:15 PM , Rating: 2
That's so true. I'm sure this topic will get 100+ replies of who's better than who.


RE: What's the big deal?
By TomZ on 12/3/2007 3:16:09 PM , Rating: 1
It's just a browser...

http://xkcd.com/198/


RE: What's the big deal?
By iFX on 12/3/2007 3:17:07 PM , Rating: 2
Hah!


MS is being ungrateful and divisive.
By gochichi on 12/3/2007 5:22:31 PM , Rating: 1
Firefox made an awesome, free, product that is HIGHLY compatible with Windows XP and Vista. A product that stopped threats on Windows at a time when it seamed like a Windows computer was never going to be secure and virus free (that time is not now, but MS should acknowledge friend from foe. Should be saying thank you to Mozilla, rather than taking cheap shots.)

It's important for people to realize that even though IE 7 has caught up to Firefox in many ways, and even surpassed it in some ways... that IE 7 is NOT the browser of choice. Safari isn't either. Web browsing involves dealing with a lot of UNIX and LINUX servers, and it's high time that Microsoft developed a cross-platform browser if they intend to pit themselves against Firefox... who as far as I can tell, is just a good product, that works great on Windows, OS X, and very importantly on LINUX and others.

Apple and Microsoft have this deal amongst each other to pretend they are the only two parties in the computer industry. In fact, I think the Mac vs PC ads are a joint venture between MS and Apple (conspiracy theory I know, but it makes too much sense... remember, Jobs and Gates are probably personal friends, they are certainly two of a kind... same social class (ultra-elite), same age, proprietary software moguls). Well, Linux, may not be entitled to DirectX 9 or 10... but it's certainly entitled to a usable web-browser.

As of late, Microsoft is heading to their tried and true monopolistic practices to stop the user leakages. iPod/iTunes were gateway products into the Mac, and now their Zune products in addition to Media Center are probably even better than Apple's IMHO (I consider that leak just about stopped). Firefox was definitely a gateway product into Linux and other alternative platforms, and now their trying to stop that too. I think that's fine, but I also think that producing an IE7 for Linux would serve the same purpose benevolently. Linux users could be impressed with IE7 and decide to switch back to Windows... then we wouldn't have to have IE7 compatibility and then everyone else. It would make their own Microsoft Exchange Server customers/users happier too.

Microsoft is no dummy, and more importantly it is a for-profit wealthy company that will surely have one of the best internet browsers for it's own freaking operating system forever and ever. That it's even debatable whether it is the best or not, means that the open model may just be THAT good that it can more than compete on Microsoft's own platform AND make an equally polished product for every other platform. Wow.

So Microsoft can almost work with itself, while Mozilla can play with everyone. It begs the question: Should Microsoft be in the browser business, or is the browser business unique, and should it be handled by an open 3rd party (where Microsoft can fund the Windows side of things if they so chose).

As for Apple, in order for them to save face with me, they need to release one single friendly neighbor thing to Linux. Is it iTunes or Safari or Quicktime? I don't care, but for a company in its position it sure is strange that they are so eager to compliment the Windows platform, when its products are already just about compatible with openBSD and easily transferable to Linux, at least certainly Safari is.

So I guess, in closing, closed and proprietary codecs are best left to smaller third parties such as Adobe, b/c they are in bad hands with Apple or Microsoft. The internet is about openness and communication, and Microsoft has definitely not shown itself to be able to lead and deliver on these requirements.

So while yes, technically at this very moment, IE7 has some advantages to Firefox, Firefox is the real deal. IE7 has horrible button placements that are extremely confusing (and not intuitive to newbies either), and no more powerful in the end than Firefox's. Whenever you have a learning curve for no reason, I think it's bad design. Firefox has skins and integrates well with any environment, IE7 has a one size fits all.

In terms of security, perhaps IE7 is slightly better perhaps it's not. What I do know, is that no other company dropped the ball as hard as Microsoft when it comes to their browser's security. Not enough time has passed for Microsoft to be making these ridiculous claims and accusations against Mozilla. Seriously, if Toyota had released a Corolla that catches on fire when it hits 55MPH in 2002, would it be appropriate for it to be bragging about not exploding in 2007?

Microsoft had complete control of the browser market and they showed us that they can't handle that kind of responsibility, so why are we even discussing doing so? Stick with Mozilla, I know I will, they are secure, and Firefox 3.0 will be out before you know it and it will catch up to and surpass any positive that IE7 may have had.




By Clauzii on 12/3/2007 5:47:52 PM , Rating: 2
"So Microsoft can almost work with itself, while Mozilla can play with everyone. It begs the question: Should Microsoft be in the browser business, or is the browser business unique, and should it be handled by an open 3rd party (where Microsoft can fund the Windows side of things if they so chose)."

- That will, I think, depend a great deal on the quality of the FF3 release.

"So while yes, technically at this very moment, IE7 has some advantages to Firefox, Firefox is the real deal. IE7 has horrible button placements that are extremely confusing (and not intuitive to newbies either), and no more powerful in the end than Firefox's. Whenever you have a learning curve for no reason, I think it's bad design. Firefox has skins and integrates well with any environment, IE7 has a one size fits all."

- Amen!


RE: MS is being ungrateful and divisive.
By sweetsauce on 12/3/2007 6:04:32 PM , Rating: 5
ATTACK OF THE GREAT WALL OF TEXT OMG!!!!!!!


By Captain Orgazmo on 12/3/2007 7:14:37 PM , Rating: 2
Haha, I second that. When I see a comment that long, I don't even bother trying to read it. This is not an essay contest.

Anyhoo, just to put in my two cents: when I used to use Internet Explorer (version 5 I think...), I would end up with about 2 viruses per month, plus about a half dozen ad/spyware programs (per week). I switched over to Firefox circa version 1.4~ish; since then: zero viruses, zero ad/spyware.


By martinrichards23 on 12/6/2007 5:44:26 AM , Rating: 2
That comment is so big it's visible from space!


Perhaps but...
By FITCamaro on 12/3/2007 3:43:37 PM , Rating: 2
quote:
"The vast majority [of the Firefox user base] is updated to the most secure version of Firefox in less than a week;


While this may be true, you don't have many vast corporations using Firefox as the company approved web browser. The majority of Firefox users are people who use it on their own time. I have Firefox installed at work, but I don't use it for any company related task as the sites generally don't even work on Firefox. Our company intranet site doesn't. Our timecard systemd doesn't.

There's a big leap when a browser goes from being popular to being supported by large corporations. Firefox hasn't gotten there yet. Not because its a bad browser. Just because companies have invested time to develop their apps for IE since it was the standard for years, and they don't want to spend the money to redo their sites. Now granted, they wouldn't have to if Microsoft didn't do its own thing with IE. If IE followed all web language standards, sites that worked in IE would work the same in Firefox and vice versa.




RE: Perhaps but...
By mechBgon on 12/3/2007 3:54:47 PM , Rating: 4
IE is also manageable by design. It can be mass-audited across one's fleet using Microsoft Baseline Security Analyzer to see if the systems are up-to-date. It can be centrally mass-updated when (and only when) the I.T. staff want it to be updated, using WSUS. Browser settings, including add-on restrictions and security/privacy options, can be mandated by I.T. using local or domain Group Policy, whether the computers' users feel like cooperating or not.

I think designed-in manageability is one reason IE will continue to be very popular in the corporate arena.


RE: Perhaps but...
By Clauzii on 12/3/2007 3:56:31 PM , Rating: 2
Adding new themes and plug-ins in FF should be made possible only on the administrators demand.


Vulnerabilities?
By LeviBeckerson (blog) on 12/3/2007 4:37:38 PM , Rating: 2
I use Firefox because it doesn't open links in new, not maximized windows. That and the layout just agrees with me more.

Point of fact is that I'd still use Opera if it weren't for their wonky bars layout.

Vulnerabilities schmulnerabilties. It's all about the usability. Don't want to be the victim of an exploit? Don't do stuff that'll make you one.




RE: Vulnerabilities?
By kextyn on 12/3/2007 5:16:26 PM , Rating: 2
Which bars are you referring to in Opera? Every single bar is customizeable (position, buttons, hidden or not, etc). I honestly can't stand the default layout, but with about 20 seconds of customizing it works great.


RE: Vulnerabilities?
By darkpaw on 12/3/2007 6:29:08 PM , Rating: 2
quote:
Vulnerabilities schmulnerabilties. It's all about the usability. Don't want to be the victim of an exploit? Don't do stuff that'll make you one.


This is idiot talk no matter what browser you use. Professional criminals have no problem inserting exploit code in perfectly legitimate websites now a days. It doesn't matter if you just browse "safe" sites, you can still get code served up if you are not properly protected.

Sure, browsing high risk sites is much more likely to cause problems, but its not the only problems out there.


RE: Vulnerabilities?
By teckytech9 on 12/4/2007 12:55:16 AM , Rating: 2
quote:
Experts will agree: Firefox is really safer with NoScript!

http://noscript.net/

Sorry for the Spam-I-am.


It's important to remember
By borismkv on 12/3/2007 6:23:43 PM , Rating: 2
The weak link in any security plan is the user. A perfect security system can be completely screwed up by one dumb user. You know, the type of person that says, "Okay" when a large flashing button pops up that says, "Going to this web page will destroy the whole world." The *vast* majority of malware is targeted at these people. The simple fact of the matter is that pretty close to 100% of these people use IE. Why? Because that's what their computer comes with and they don't care to change it. People who use Firefox are more likely to be conscious of what will cause their computer harm. Either they've been taught by someone who knows a thing or two about staying safe on the Internet, or that same knowledgeable person recommended it to them.

The people who write malware are very conscious of what it takes to infect someone's computer. They know that if they can get the user to do something stupid, they'll have a free ticket to getting their software on that person's computer. As a result, they program more towards the vulnerabilities in the browser that uninformed or uncaring individuals use more often. Which, as I pointed out already, is IE. It doesn't matter how many vulnerabilities exist in a browser, it matters what type of user is operating the browser. If a complete click-on-everything-that-flashes moron is using it, you only need one vulnerability, disclosed or not, to get them.




RE: It's important to remember
By mechBgon on 12/3/2007 8:09:53 PM , Rating: 2
I think you should revise your first paragraph to say that the weak link is the computer's Administrator(s) . There's a great deal that can be done to "user-proof" a Windows PC, regardless of whether the user is smart or cooperative with policy, or which browser they're being idiots with today. ;)

Also, realize that browsers are not necessarily the direct target of the bad guys anymore, merely an attack vector by which to reach their actual target, which might be something like Flash Player, QuickTime, WinAmp, etc. For a recent case in point, read: http://www.f-secure.com/weblog/archives/00001325.h...

quote:
Symantec has some excellent analysis located here. They found that this exploit crashes the ActiveX Control in IE. Firefox on the other hand may pass off the QuickTime request directly to QuickTime player depending on configuration. So Firefox users may therefore be more vulnerable, not because of the browser itself, but because Firefox will deliver the exploit directly to its most optimal platform.


My suggestions:

1) Use a non-Admin user account whenever possible. http://www.mechbgon.com/build/Limited.html

2) Clean house, and remove software you don't actually use. It can't be attacked if it isn't there.

3) Keep everything patched up (home users, consider using Secunia's checkup utility found at https://psi.secunia.com for this purpose)

4) If you're a Windows Vista user, keep the User Account Control enabled and leave IE7 in Protected Mode (both of which are the default settings).

5) Use antivirus software, but don't place excessive reliance in that layer of security alone.

6) Do avoid all obvious risks, but again, don't assume that you will necessarily be able to avoid all hazards.


RE: It's important to remember
By mindless1 on 12/4/2007 9:49:45 AM , Rating: 2
in summary, jump through a lot of hoops while suggesting the user is at fault.

No, the user of a general purpose monopoly OS merely surfing the web should not have to be a security guru, and indeed it is fairly clear most are not so they are the target users, the standard against which a general purpose browser must be designed.


RE: It's important to remember
By mechBgon on 12/4/2007 8:48:44 PM , Rating: 2
quote:
in summary, jump through a lot of hoops while suggesting the user is at fault.


I could make a rather good analogy with the safety features of your car, such as seatbelts, headlights and windshield wipers. It's not unfair to expect you to know what they're for and to use them, even if they're not automatic, and even if you don't intend to do something stupid that causes a collision.

quote:
No, the user of a general purpose monopoly OS merely surfing the web should not have to be a security guru, and indeed it is fairly clear most are not so they are the target users, the standard against which a general purpose browser must be designed.


If there's a browser/OS that does fit your description, then in my opinion it would be IE7 in Protected Mode on Windows Vista, which is the default setup. No guru qualifications required, and no hoops to jump through. Stuff runs with the non-Admin part of your token and WIC watches over it to prevent hostile actions against system files. Thus, mitigation of working exploits is already planned into the OS and browser. Other browsers don't get the entire benefit of Vista's protection, but they do get some of it.

On WinXP/2000, I think the best advice is the advice I already gave, regardless of one's browser of choice. Where possible, using a disallowed-by-default Software Restriction Policy is also a good idea: http://www.mechbgon.com/srp


I perfer firefox, heres why
By Nik00117 on 12/3/2007 4:19:27 PM , Rating: 2
1. Its faster in my eyes
2. Its more functional
3. Updates are more common, and easier to implement
4. Lots of nice add ons.
5. Some sites that I go do not support IE 7 or 6, this is because the creators don't want M$ in their business.
6. I like the search feature, yes same thing on IE 7 but better placed.




RE: I perfer firefox, heres why
By notfeelingit on 12/3/2007 5:08:03 PM , Rating: 2
quote:
6. I like the search feature, yes same thing on IE 7 but better placed.


It's in the exact same place.


RE: I perfer firefox, heres why
By ajdavis on 12/3/2007 7:56:39 PM , Rating: 3
Can you press / and start typing to find something in IE? Doing so in Firefox simply searches for your text without interrupting your browsing with a search window.


By Acid Rain on 12/3/2007 4:42:08 PM , Rating: 2
It's biggest shortfall.




By Clauzii on 12/3/2007 4:55:45 PM , Rating: 2
So that is why it's good to clear the download list once in a while? On my machine (1GB RAM) it gets slower and slower unless I clean the list every, say, 30-40 files, ie. pictures?


By Makaveli on 12/3/2007 6:46:34 PM , Rating: 2
ya but I think the only reason they have this advantage is because its integrated into the OS and always running. Where as FF is a separate app.

I also think that if FF was in IE's place boot with the OS, it would run into some of the same security issues that IE had being to integrated into the OS


blogs
By Snuffalufagus on 12/3/2007 3:39:32 PM , Rating: 3
"....,Microsoft released a security report on November 30, titled "Internet Explorer and Firefox Vulnerability Analysis"."

Unless I missed something these are just blog posts and not an actuall company release. It seems a little mis-leading attribute the comments directly to MS and not more specifically to Jeff Jones who is an employee.




RE: blogs
By sweetsauce on 12/3/07, Rating: 0
RE: blogs
By 306maxi on 12/4/2007 4:43:45 AM , Rating: 1
Such comments will only mark you out as a complete idiot. Take Microsoft out of the equation and the whole IT industry collapses or goes back 5 years or so....


missed opportunity
By marvdmartian on 12/3/2007 3:09:24 PM , Rating: 3
quote:
Shaver says the analysis is lazy and possibly "malicious."


Shaver missed the perfect opportunity here......by not following that statement up with, "The folks over at Microsoft know all about malicious, though, don't they???" ;)




Major Typo
By Kensei on 12/7/2007 1:21:30 AM , Rating: 2
There is a typo in the header. Shouldn't there be a word after Microsoft? See quote below.

quote:
A recent Microsoft took a rather insulting stab at Mozilla, so the open-source firm decide to do some trash talking of its own.




Is it just me?
By wordsworm on 12/7/2007 11:07:51 PM , Rating: 2
Recently I got an update to Firefox. I run FusionHDTV often while I surf websites. Now, whenever I open Firefox, HDTV starts acting like it just sprained its ankle. I can't fix it unless I restart the computer. As soon as I open Firefox, it seems one of my cores starts going in 50%-100%. When I close the program, and I can't see it in the task manager, and still it persists. This is the first time in about 2-3 years that I have actually used IE to access anything other than microsoft websites. I like FF much better, even after all the improvements that MS has made to its browser. I'd hate to have to make the switch. I suppose I can always go hunting for an earlier version of FF.

Has anyone experienced similar problems?




By heavenlybright on 12/9/2007 10:30:39 AM , Rating: 2
Almost everything now is web-enabled so you just need any OS with an internet connection and a web browser, except for 3D games and specialized audio/video/graphics programs. Where I work, everything is web-based so I can use whatever I want on my desktop and laptop. I tell people to build web apps instead of taking sides with one OS and one web brower since web apps makes it all common on pretty much all platforms.




The Whole Thing is a SCAM.
By JonnyDough on 12/3/2007 8:25:38 PM , Rating: 1
It's just a big scam to get you to buy add-ons like Virus scanning software, etc! If they really wanted to they could lock it all down tight. =)




What??
By bcalcote on 12/3/2007 10:26:23 PM , Rating: 1
WWWWWhat... WWWWWhat... WWWWWhat... YEAAAAAA!!!!




If your llivelihood doesn't depend on a PC
By violins on 12/3/07, Rating: -1
By behemothzero on 12/3/2007 8:36:15 PM , Rating: 2
That would make me bicker about my whole computer altogether.


By 306maxi on 12/4/2007 4:46:32 AM , Rating: 1
How about the exorbitant cost of Mac hardware. Yeah Mac's family licencing system is great!!!! So cheap!

Why? Because they already boned you on the hardware and you're only buying what is essentially a Service Pack (Free with Windows) type update.....


RE: If your llivelihood doesn't depend on a PC
By mindless1 on 12/4/2007 9:51:22 AM , Rating: 1
It'd make a lovely doorstop while we continue using our PCs.


RE: If your llivelihood doesn't depend on a PC
By 306maxi on 12/4/2007 10:12:05 AM , Rating: 2
I notice you said "using our PC's" rather than "talking about our Mac's as if they were the cure to global warming and world hunger all in one"

Weird.....


By sideshow23bob on 12/6/2007 7:33:11 AM , Rating: 2
Where can i get a bigger version of the ico pic of the girl in the firefox shirt?
i have a new desktop background if i can find it
thanks


By sideshow23bob on 12/6/2007 7:36:41 AM , Rating: 2
nm here's a link to all those interested; http://images.google.com/imgres?imgurl=http://flor... sorry if this is OT


"Let's face it, we're not changing the world. We're building a product that helps people buy more crap - and watch porn." -- Seagate CEO Bill Watkins














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki