backtop


Print 95 comment(s) - last by Tomcatter.. on Dec 9 at 11:55 PM

A recent Microsoft took a rather insulting stab at Mozilla, so the open-source firm decide to do some trash talking of its own.

Mozilla is all hustle and bustle these days, trying to fix the remaining bugs before it rolls out its final release of the third iteration of its popular Firefox browser.

Perhaps catching wind of the press on these bugs, Microsoft released a security report on November 30, titled "Internet Explorer and Firefox Vulnerability Analysis".  The report, which examined the quantity and threat level of vulnerabilities within the two browsers, came out very strongly skewed in Microsoft's favor.  It reported that Internet Explorer experienced fewer threats across all security levels (low, medium, and high) than Firefox.  It also reported that Mozilla had to fix 199 security vulnerabilities, while in the same period of time Microsoft only had to fix 87.

Microsoft products are not always known as secure platforms, largely because they are the market leader and the biggest target for malicious attacks.  Not so, the report indicates, when it comes to Internet Explorer.

The report was produced by Microsoft's Jeff Jones, a security strategy director in Microsoft's Trustworthy Computing group and is available, here.

Mozilla's Mike Shaver had some choice words in response to the report.

"Just because dentists fix more teeth in America doesn't mean our teeth are worse than in Africa," he said, said left handedly comparing Internet Explorer to a festering tooth.

He continued, "It's something you'd expect from maybe an undergrad.  It's very disappointing to see somebody in a senior security position come out and say that because an organization is more transparent about their bugs and fixing them, they're somehow less secure."

Shaver says the analysis is lazy and possibly "malicious."

He does raise a valid point that Microsoft often lump several security issues together into a single "threat" that gets fixed irregularly with the arrival of the service pack.  Shaver points out that Mozilla has constantly been working to roll out fixes far more quickly than Microsoft's.  Shaver explains:
"If Mozilla wanted to do better than Microsoft on this report, we would have an easy path: stop fixing and disclosing bugs that we find in-house. It is well known that Microsoft redacts release notes for service packs and bundles fixes, sometimes meaning that you get a single vulnerability 'counted' for, say, seven defects repaired. Or maybe you don't hear about it at all, because it was rolled into SP2 and they didn't make any noise about it."

Shaver says in his blog, that we would have to be in a "parallel universe" for Microsoft to even "approach Mozilla's standard of transparency.”

In an interview with eWeek, he continued to vent, saying, "The vast majority [of the Firefox user base] is updated to the most secure version of Firefox in less than a week;  those are the things we measure and talk about publicly. Reports like [Jones'] really point the industry in a dangerous direction, which is to say you're [given an incentive] to keep [browser security fixes] quiet. That doesn't keep you safer, it just helps companies hide the real nature of what they're doing."

Earlier last month Jones had published a report on how Windows Vista was far less vulnerable than Leopard OS X or most Linux OS distributions.

Many will be sick of Microsoft and Mozilla's bickering, but when they attack each other so publicly, it’s simply hard to ignore.  This is unfortunate as it simply leaves the user feeling less secure and unsure of who to trust.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

MS is being ungrateful and divisive.
By gochichi on 12/3/2007 5:22:31 PM , Rating: 1
Firefox made an awesome, free, product that is HIGHLY compatible with Windows XP and Vista. A product that stopped threats on Windows at a time when it seamed like a Windows computer was never going to be secure and virus free (that time is not now, but MS should acknowledge friend from foe. Should be saying thank you to Mozilla, rather than taking cheap shots.)

It's important for people to realize that even though IE 7 has caught up to Firefox in many ways, and even surpassed it in some ways... that IE 7 is NOT the browser of choice. Safari isn't either. Web browsing involves dealing with a lot of UNIX and LINUX servers, and it's high time that Microsoft developed a cross-platform browser if they intend to pit themselves against Firefox... who as far as I can tell, is just a good product, that works great on Windows, OS X, and very importantly on LINUX and others.

Apple and Microsoft have this deal amongst each other to pretend they are the only two parties in the computer industry. In fact, I think the Mac vs PC ads are a joint venture between MS and Apple (conspiracy theory I know, but it makes too much sense... remember, Jobs and Gates are probably personal friends, they are certainly two of a kind... same social class (ultra-elite), same age, proprietary software moguls). Well, Linux, may not be entitled to DirectX 9 or 10... but it's certainly entitled to a usable web-browser.

As of late, Microsoft is heading to their tried and true monopolistic practices to stop the user leakages. iPod/iTunes were gateway products into the Mac, and now their Zune products in addition to Media Center are probably even better than Apple's IMHO (I consider that leak just about stopped). Firefox was definitely a gateway product into Linux and other alternative platforms, and now their trying to stop that too. I think that's fine, but I also think that producing an IE7 for Linux would serve the same purpose benevolently. Linux users could be impressed with IE7 and decide to switch back to Windows... then we wouldn't have to have IE7 compatibility and then everyone else. It would make their own Microsoft Exchange Server customers/users happier too.

Microsoft is no dummy, and more importantly it is a for-profit wealthy company that will surely have one of the best internet browsers for it's own freaking operating system forever and ever. That it's even debatable whether it is the best or not, means that the open model may just be THAT good that it can more than compete on Microsoft's own platform AND make an equally polished product for every other platform. Wow.

So Microsoft can almost work with itself, while Mozilla can play with everyone. It begs the question: Should Microsoft be in the browser business, or is the browser business unique, and should it be handled by an open 3rd party (where Microsoft can fund the Windows side of things if they so chose).

As for Apple, in order for them to save face with me, they need to release one single friendly neighbor thing to Linux. Is it iTunes or Safari or Quicktime? I don't care, but for a company in its position it sure is strange that they are so eager to compliment the Windows platform, when its products are already just about compatible with openBSD and easily transferable to Linux, at least certainly Safari is.

So I guess, in closing, closed and proprietary codecs are best left to smaller third parties such as Adobe, b/c they are in bad hands with Apple or Microsoft. The internet is about openness and communication, and Microsoft has definitely not shown itself to be able to lead and deliver on these requirements.

So while yes, technically at this very moment, IE7 has some advantages to Firefox, Firefox is the real deal. IE7 has horrible button placements that are extremely confusing (and not intuitive to newbies either), and no more powerful in the end than Firefox's. Whenever you have a learning curve for no reason, I think it's bad design. Firefox has skins and integrates well with any environment, IE7 has a one size fits all.

In terms of security, perhaps IE7 is slightly better perhaps it's not. What I do know, is that no other company dropped the ball as hard as Microsoft when it comes to their browser's security. Not enough time has passed for Microsoft to be making these ridiculous claims and accusations against Mozilla. Seriously, if Toyota had released a Corolla that catches on fire when it hits 55MPH in 2002, would it be appropriate for it to be bragging about not exploding in 2007?

Microsoft had complete control of the browser market and they showed us that they can't handle that kind of responsibility, so why are we even discussing doing so? Stick with Mozilla, I know I will, they are secure, and Firefox 3.0 will be out before you know it and it will catch up to and surpass any positive that IE7 may have had.




By Clauzii on 12/3/2007 5:47:52 PM , Rating: 2
"So Microsoft can almost work with itself, while Mozilla can play with everyone. It begs the question: Should Microsoft be in the browser business, or is the browser business unique, and should it be handled by an open 3rd party (where Microsoft can fund the Windows side of things if they so chose)."

- That will, I think, depend a great deal on the quality of the FF3 release.

"So while yes, technically at this very moment, IE7 has some advantages to Firefox, Firefox is the real deal. IE7 has horrible button placements that are extremely confusing (and not intuitive to newbies either), and no more powerful in the end than Firefox's. Whenever you have a learning curve for no reason, I think it's bad design. Firefox has skins and integrates well with any environment, IE7 has a one size fits all."

- Amen!


RE: MS is being ungrateful and divisive.
By sweetsauce on 12/3/2007 6:04:32 PM , Rating: 5
ATTACK OF THE GREAT WALL OF TEXT OMG!!!!!!!


By Captain Orgazmo on 12/3/2007 7:14:37 PM , Rating: 2
Haha, I second that. When I see a comment that long, I don't even bother trying to read it. This is not an essay contest.

Anyhoo, just to put in my two cents: when I used to use Internet Explorer (version 5 I think...), I would end up with about 2 viruses per month, plus about a half dozen ad/spyware programs (per week). I switched over to Firefox circa version 1.4~ish; since then: zero viruses, zero ad/spyware.


By martinrichards23 on 12/6/2007 5:44:26 AM , Rating: 2
That comment is so big it's visible from space!


"We are going to continue to work with them to make sure they understand the reality of the Internet.  A lot of these people don't have Ph.Ds, and they don't have a degree in computer science." -- RIM co-CEO Michael Lazaridis














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki