Firefox Fans Play Defense Respond to new wave of criticism What started with an increase in pop-unders, a java vulnerability, and comments from one Firefox developer on a manpower shortage, have evolved into a steady stream of "Honeymoon is over" Firefox articles from major outlets ( Information week, IT Observer). Many of them cling to a recent Symantec study that claims Firefox had more vulnerabilities than IE from July to December of last year. MacNewsWorld even goes so far as to claim Mozilla browsers could make Mac fans vulnerable to security threats they rarely face. The new criticisms have Firefox advocates at MozillaZine and Mozillanews defending their security claims; CNET explores how volunteer marketers are being forced into damage control. Are the concerns valid, or is this an inevitable backlash to what has become an amazing (approaching 50 million downloads) open source software phenomenon?
|
  woody7Premium
join:2000-10-13
Torrance, CA | Hmmmmmmmmmm  "FUD"
--
BlooMe | |
|  | |
| | opera that's why i stick to opera and when something doesn't work i use IE, not too often, i just don't trust firefox | |
| |  Defiance82Computer ElitePremium
join:2002-09-11
Burlington, WI
 ·Time Warner Cable
·Comcast
| So the tables turn... Never did like FireFox. I installed it back when it was starting out and it was slow as all hell. Would take a bit to load and then a lot of sites I went to on a frequent basis never worked. I had to scrap it and go back to IE. It doesn't really matter who has what exploits or bugs as long as you know better than to install junk or spyware. You can catch both on either browser no 1 browser is 100% safe. You are only as safe as you allow yourself to be not the browser.
--
My crime is that of outsmarting you, something that you will never forgive me for. I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all... after all, we're all alike. | |
| | | | | Re: So the tables turn... I don't like Firefox either. It appears as dumified Mozilla Suite so I am still using the later.
For example, why have a separate search text box from the address one? Where are the Cookie, Image, Popup, Password managers that are under the Tools menu in Mozilla? Why can't there be an Apply button in the Preferences dialogs? Why every time I update the program I have to do so manually by downloading a new version and have to reinstall all the extensions instead of clicking a "WebUpdate" button in the application itself?
On my old Pentium 3 I see no performance improvement except startup time. which I do once a day. | |
| | | |  SpitefulCrowInsert Witty Tag HerePremium
join:2003-06-04
Berkeley, CA | Re: So the tables turn... The separate search box is actually useful, you can get to a Google results page without having to go through Google's front page.
If you have to reinstall all your extensions when you update Firefox you're doing it wrong and installing extensions to the application directory instead of your user profile directory. | |
| | | | | | | Re: So the tables turn... In Mozilla I can add a Search button to the address bar, select Google as my search engine, type search strings in the address bar and click the search instead of go button.
When installing extensions neither Mozilla nor Firefox ask me where to install them. There is simply an install button.
Another thing, in Mozilla the Print button has a pull-down print-preview function -- very useful, Firefox doesn't. | |
| | | | | | | | Re: So the tables turn... I think you just discovered the reason... The search feature of the address bar wasn't discoverable to a lot of people (I forget where I read that, but I am not just making it up) so they decided to split it. Personally I'd like an option to put it back together again once you know about it, but that's just me. | |
| | | | | | | | | Re: So the tables turn... Yes, hence my opinion of Firefox being "dumified" or at least stripped down too much.
One more gripe, if I may  The sidebar in Firefox can ony display Bookmarks or History. Mozilla has a rolling sidebar where you can easily chose between search, bookmarks, history and some others. F9 turns it on and off, I keep it on.
Maybe once Firefox evolves into V2 I will try it again. By then the no longer evolving Mozilla might be obsolete. | |
| | | | | | | | | | Re: So the tables turn... Well, I'm glad to see people keeping up to date, whichever browser they use. I'm an Opera fan, but that's just me.
Can't you do something like g in FF, like in Opera?
Also, as much as I have played this down, it might just be the more people that use it, the more vulnerabilities are found is coming true.
One nice thing about Opera, admid the frustrations of ignorant webmasters, is that I doubt anyone is actively targetting it for installing spyware or whatever. | |
|
| |  cbrigante2Cubs 20??Premium
join:2002-11-22
North Aurora, IL | said by Defiance82:Never did like FireFox. I installed it back when it was starting out and it was slow as all hell. Would take a bit to load and then a lot of sites I went to on a frequent basis never worked. I had to scrap it and go back to IE. It doesn't really matter who has what exploits or bugs as long as you know better than to install junk or spyware. You can catch both on either browser no 1 browser is 100% safe. You are only as safe as you allow yourself to be not the browser. I used to feel the same way, but since version 1.02 it has been my primary browser. They had to pry IE out of my hands, but they had a better crowbar. I really like FF now, and of course when I like a piece of software...it's the kiss of death!;)
--
Why is abbreviate such a long word? | |
| | | | | I'm not sure what hardware you are running, but I have a couple of Pentium III 1.2GHz / 256MB machines that run WinXP & FireFox like a champ. Absolutely no problems. What I love about FireFox is that with a little effort, you can make it extremely secure, and very customized.
Coupled with the Adblock extension (and the extension system in general), and it will take a lot to pry FireFox off my system.
Yes - I have tried Opera, and didn't like it (and it had nothing to do with the ads in the sponsored version). I suppose it's just personal preference... | |
|
| | | Re: opera I like Firefox over Internet Explorer. However my favorite browser, and the one I use at home almost exclusively, is Opera. That reminds me. I need to take a look at the new version that's come up. Any thoughts on it? | |
| | | | | Re: opera it should be 7.5 not 8.0 no big changes except that voice thing which i don't know how anyone would use it, sitting alone and talking to your computer COME ON
other than that same old good opera but now you close the tabs right next to the name of them not all the way under the "program close" cross which i don't like since you if you're not careful you'll close your whole window, but i'll check in the options for that maybe i can put it back where it was and still should be
works without any problems so far but i had beta and it was crashing on java, i hope they fixed that i haven't really tested on applets yet but it worked on one
enjoy using opera | |
| | | | | | Re: opera Ummm, first of all, the last version was 7.54u2. So going from that to 7.5 would have been slightly odd.
Second, voice is developed for phone use, but Opera has the same codebase for all platforms AFAIK, so you get it on the desktop (windows at least).
Third, it's far from the only update. One is the new options for handling tabs like Opera 7 or like FireFox.
User Javascript?? That's a huge upgrade. ua.ini for Opera managed site specific cloaking so more sites with broken sniffing work without user intervention + the ability for users to add their own options.
Autoupdate/update check(there isn't a new version out yet so I'm not entirely sure how that works)? That's a biggie too.
StartBar? That's a new thing. New security info, including warning about how secure the connection is, and telling users if the connection is weak? In Line error pages - an old wish fufilled?
What about GMail support + XMLHttpRequest?
So, to say there's nothing new... | |
|
| MordhemLove it, Hate it.
join:2003-07-10
Baltimore, MD | When there is cash to be made from a exploit or otherwise it will be done with all browsers and any browser if it starts to gain a big number of people. Its simple really
I still use both firefox and ie, opera could die out I would careless. | |
|
 rewketPremium
join:2003-08-21
Longueuil, QC | hmmm WTF? Ever since i have been on firefox i have visited about 200 scripted webpage that would of harmed me if i had IE
yet no harm ever with firefox, xcept a couple popups recently
so..
WHICH ONE IS MORE DANGEROUS? | |
| | | | Re: hmmm WTF? said by rewket:Ever since i have been on firefox i have visited about 200 scripted webpage that would of harmed me if i had IE yet no harm ever with firefox, xcept a couple popups recently so.. WHICH ONE IS MORE DANGEROUS? My experiences with Firefox are similar. I've only experienced an extremely few pop-unders and no popups from the myriad of sites I visit regularly and occasionally. The near 2 1/2 years I've used the Firefox/Firebird/Phoenix browser beats the crap out of the 7 I've spent using IE.
Those who use IE, please continue. I enjoy the money I make fixing your computers afterwards. | |
| | |
approval from:
TheGiant 
thumbs down from:
Jigsaw
| Re: hmmm WTF? you guys wouldn't have that problem if you learn to secure ie
i have been using ie since the 90s never once a spyware
noobs | |
| | | |  GlaiceStill around herePremium
join:2002-10-01
North Babylon, NY | Re: hmmm WTF? said by firefox is for noobs:
you guys wouldn't have that problem if you learn to secure ie
i have been using ie since the 90s never once a spyware
noobs
Troll
--
Religion is for the weak | |
| | | | |
thumbs down from:
Jigsaw
| Re: hmmm WTF? troll my ass i have been visiting dslreports.com since the summer of '99 i just never bother to register
my first bb isp is flashcom ever heard of it?
learn to secure ie noobs | |
| | | | | | xirianPremium
join:2003-01-26
Beacon, NY
kudos:1 | Re: hmmm WTF? said by firefox is for noobs:
learn to secure ie noobs
thats the part that makes you trollish. | |
| | | | | | |
thumbs down from:
Jigsaw
| Re: hmmm WTF? well if they blame the faults on ie solely then i have to do my duty to point out that only their incompetence is to be blamed | |
| | | | | | | | | | Re: hmmm WTF? Uhh. You see, 99.9% of IE users are not smart enough to secure it. THAT is the problem. So, the browser needs to be secure to begin with. Personally, I prefer Firefox, even though I did secure IE. **shrug** It's a hell of a lot faster and it very very very rarely crashes. | |
| | | | | | | | | | | Re: hmmm WTF? Faster? FF doesn't come close to IE for me in terms of speed. | |
|
| | | said by rewket:Ever since i have been on firefox i have visited about 200 scripted webpage that would of harmed me if i had IE How did you come up with these stats?
--
home | |
| | cbiggers
join:2000-08-10
San Luis Obispo, CA | said by rewket:Ever since i have been on firefox i have visited about 200 scripted webpage that would of harmed me if i had IE yet no harm ever with firefox, xcept a couple popups recently so.. WHICH ONE IS MORE DANGEROUS? What kind of websites are you going to? | |
| | | | | Re: hmmm WTF? I'm on a different machine and I forgot me PW. Forgive me
---quote---
Ever since i have been on firefox i have visited about 200 scripted webpage that would of harmed me if i had IE
yet no harm ever with firefox, xcept a couple popups recently
so..
WHICH ONE IS MORE DANGEROUS?
What kind of websites are you going to?
---end quote---
I only need to give one example, which is in the next paragraph. There are of course many more I could give, suffice it to say that whenever I remove spyware from another machine, almost exclusively I wouldn't have been called had it not been for ActiveX and IE out of the box style security. I believe people who use Firefox, Opera, OffByOne, etc. are far more likely to configure their browser to be safe than are IE users. This alone makes it more important that IE be secure out of box. MS has decided that it's better to inconvenience the people who wish to be secure browsers rather than inconvenience those who don't care about safe surfing. It is *far* too easy to get an executable to run from a web page on IE. It all boils down to the differences between two ideologies. Safety and control, vs. functionality and convenience.
When the DNS poisoning was happening a few weeks ago, many popular websites, like www.weather.com, www.ups.com, www.cnn.com, all got redirected to find-it.web-search.la or something like that. Firefox (out of the box config) didn't install spyware on the machines I maintain, IE did.
Of course, if IE had been configured with safety in mind, it would have been more difficult for "Security iGuard" and all the other malware to install itself on all these computers. IE makes this far more difficult than it needs to be, by not being accurate and "unattractive" with error dialogs, among other things. When a page has java or javascripting, and IE won't allow it in that case, you get a "You can't run ActiveX controls" dialog. Is "Active Scripting" javascript? Exactly how do you make a judgement on how to set your "Software Channel" safety level? What exactly is a software channel?
When I asked some everyday users (who never heard of Firefox or any other browser) what Active Scripting and software channels were, I got nothing. Many of these same users knew what java and javascript are. It's no surprise that they don't configure all these arcane functions.
While we are educated on these issues, remember who IE's core user base is. They may benefit from accurate error dialogs, by not calling a dog a hyena, and by leaning toward initial safety rather than convenience.
If IE is aimed more closely at the neophyte, why make it so much more difficult to secure? With the possible exception of WinXP SP2 and W2K3 Internet Explorer Enhanced Security Configuration, IE has always been wide open, rather than secure, out of the box.
Firefox is easier for me to configure. I like the tabbed browsing. I like that javascript is somewhat configurable. If they would add a "disable OnMouseOver" (which may already exist in about:config for all I know) on the javascript manager, I would be all the happier. IE picked up some of the features that Firefox has had built in for some time now, like cookie control and pop-up blocker w/notification bar. I am happy with Firefox, and can surf safely with it, with no plugins or addons and minimal time in configuration.
There will be those who will say that their IE mod takes care of some of their functionality issues, which is fine for them, and at the same time proves that IE isn't configurable to their liking. The same goes for local proxies, script filters, etc. Many IE users won't surf without them.
For kicks, I tried one of the POCs at www.mikx.de on both Firefox and IE. The javascript window spoofing POC did the same thing on IE as well as Firefox. I'll try the rest on both browsers, but not tonight. I'm tired, I need more caffeine.
IE, as a standalone, is difficult to use safely without third party products or effort which is likely be considered unreasonable by it's own core user base. That is my major issue with IE. Firefox is relatively young, and not perfect, but already it is moving much closer to what I want from a web browser. I am glad to see IE going that direction also, with XP SP2 and W2K3 Internet Explorer Enhanced Security Configuration. | |
|
| | | It just a god damn browser its not like a browser makes a difference I use EI and Firefox, both work good I just like FF cause it is faster on dial up, and to be different from all IE users | |
|
 yockTFTCPremium
join:2000-11-21
Miamisburg, OH
kudos:3 | Product maturity I think it largely boils down to the maturity of the product, Firefox in this case. As young as Firefox is it will inevitably have serious flaws. One of the benefits of open source development is that hundreds and thousands of talented sets of eyes mull over Firefox everyday looking for these flaws. People find them, submit them, and in many cases help fix them.
Conversely, how mature is IE? Such a highly stable and mature product, yet we still see critical vulnerabilities at the same level as Firefox. We also see the continual exploitation of IE's ActiveX component to install malicious software without consent from the user. Firefox has to date shown no vulnerability to this.
Both products have their problems, and yes early adopters like us often get burned. Sticking with Firefox, however, is likely to help everyone in th long-run as it forces ALL browser developers to create a more stable and secure product. Competition is a very good thing.
--
Search first, ask questions later. | |
| | | | Re: Product maturity You really can't call firefox a young product. To do so would be like calling mozilla a young product.
--
Email/MSN: Michael at hardwaregeeks.comAIM: MikeR35292 | |
| | |  elboricuaEl SubestimadoPremium
join:2001-08-12
Bronx, NY | Re: Product maturity said by HardwareGeek:You really can't call firefox a young product. To do so would be like calling mozilla a young product. Firefox while sharing some of the same codebase is NOT Mozilla so yes it can be called a yound product. when the code was split from Mozilla many changes were made. Some of those changes were ported back into Mozilla but started out in Firefox.
--
Sending script kiddies to /dev/null since 1995! | |
| | | yockTFTCPremium
join:2000-11-21
Miamisburg, OH
kudos:3 | said by HardwareGeek:You really can't call firefox a young product. To do so would be like calling mozilla a young product. The HTML rendering engine is about the only Mozilla piece left in Firefox. Most supporting components were written from the ground up to be more complementary and modular rather. This was done so that large pieces of code could be removed and replaced as needed, allowing for the possibility of a small piece of software. Another side effect of that is it allows large portions of code to be completely overhauled without re-engineering the entire browser. The Mozilla architecture is nothing like this.
--
Search first, ask questions later. | |
| | | |  sivranOpera convertPremium
join:2003-09-15
Arlington, TX
kudos:1 | Re: Product maturity So, why don't the remove and completely overhaul the interface so that it's not cute and kiddy and overall unprofessional-looking, and implement something plain, simple, and mature like that found in Mozilla?
Really it's the user interface that turns me away from Firefox every time I try it. I've actually stopped trying Firefox milestones now, because every time it's the same thing: the lack of certain widgets, the incomplete preferences dialog, the default settings.. they all end up driving me nuts. They should implement a version for us Mozilla die-hards: one that looks and acts just like Mozilla, but without Mailnews, composer, etc. I mean a complete mimic: Edit->Preferences not Tools->Options, press down arrow from the address bar to get to Google Search, finish the Preferences dialog, and add a friggin new tab button to the tab bar...
/rant
--
TCPA - Treacherous Computing
Kerio 2.1.5 - Best damn firewall
Home licensing should be just that. | |
| | | | | yockTFTCPremium
join:2000-11-21
Miamisburg, OH
kudos:3 | Re: Product maturity I can't help the appearance of the UI, but there is a rather complete UI development kit and many themes to choose from at their website. I don't like the default UI either, but rather than pass Firefox off I went and found one that works for me.
As for the preferences dialogue, I have no clue why it isn't comprehensive. What is it missing that you really need though?
--
Search first, ask questions later. | |
| | | | | | sivranOpera convertPremium
join:2003-09-15
Arlington, TX
kudos:1 | Re: Product maturity said by yock:I can't help the appearance of the UI, but there is a rather complete UI development kit and many themes to choose from at their website. I don't like the default UI either, but rather than pass Firefox off I went and found one that works for me. It's really the placement of things that gets me. Mind you I have been using Mozilla for a long, long time--since 1.2.1. I used to love Phoenix 0.5, it was actually fast back then (kinda like Opera used to be fast, but even faster). Unfortunately I'm no developer so I don't think I can move things around on my own.
There's also the matter of Firefox's bookmark manager only importing, having no Open Bookmarks File option like Mozilla's does. What gives? That's totally nonsensical.
I'm sure there are other things, but it's these little things that just add up and really start to get to me.
As for the preferences dialogue, I have no clue why it isn't comprehensive. What is it missing that you really need though?
Come to think of it I can't remember. I'll have to download Firefox again and poke around. I -do- remember always having to go to about:config and change some settings there to get FF behaving somewhat like I wanted, something I never have to do with Mozilla. With Mozilla I just download, set some prefs, grab Mouse Gestures, MultiZilla, and maybe AdBlock, and I'm ready to go.
...And Mozilla's popup blocker works better too.
--
TCPA - Treacherous Computing
Kerio 2.1.5 - Best damn firewall
Home licensing should be just that. | |
|
|  novaflareThe Dragon Was HerePremium
join:2002-01-24
Barberton, OH | said by yock:I think it largely boils down to the maturity of the product, Firefox in this case. As young as Firefox is it will inevitably have serious flaws. One of the benefits of open source development is that hundreds and thousands of talented sets of eyes mull over Firefox everyday looking for these flaws. People find them, submit them, and in many cases help fix them. While true open source also allows the black hats to easly find those same flaws but instead of reporting and fixxing they will make use of them. Im guessing that right now malware viri etc authors have a big list of unpatched flaws that they watch to see if get fixxed so they can remove them from their list. This way all htey have on their list when FF becomes a juicy target are working flaws they can use.
Already have flaws that allow popups resizeing etc for firefox what else is out there we dont know about?
--
DSLR security chat at us.ausirc.net chanel #dslr_sec lets pack this channelopen source dns server for *nix and windows »powerdns.com | |
| | | yockTFTCPremium
join:2000-11-21
Miamisburg, OH
kudos:3 | Re: Product maturity said by novaflare:While true open source also allows the black hats to easly find those same flaws but instead of reporting and fixxing they will make use of them. Im guessing that right now malware viri etc authors have a big list of unpatched flaws that they watch to see if get fixxed so they can remove them from their list. This way all htey have on their list when FF becomes a juicy target are working flaws they can use. Already have flaws that allow popups resizeing etc for firefox what else is out there we dont know about? That seems like a possibility, yes, but it historically hasn't been how the hacker community has worked. If that were the case you'd have thousands of microcosms for every open source tool, just waiting to exploit them, and that doesn't really exist. What *DOES* exist is an entire community waiting to exploit ActiveX and MSVM. Why do you suppose that is?
--
Search first, ask questions later. | |
|
|  hpguruCurb Your DogmaPremium
join:2002-04-12 | said by yock:One of the benefits of open source development is that hundreds and thousands of talented sets of eyes mull over Firefox everyday looking for these flaws. And you know this how?
--
Get hpHOSTS! Member ASAP | |
| | | yockTFTCPremium
join:2000-11-21
Miamisburg, OH
kudos:3
1 edit | Re: Product maturity said by hpguru:said by yock:One of the benefits of open source development is that hundreds and thousands of talented sets of eyes mull over Firefox everyday looking for these flaws. And you know this how? Omniscience is a gift I cherish daily.....
But seriously, spend even a small amount of time involved in open source support and you'll meet the people who dedicate their lives to the GPL, MPL, BSD, etc. licenses. Even so much as glancing at sites like »secunia.com will tell you they're out there. All you must do is look.
--
Search first, ask questions later. | |
| | | | Talis
join:2001-06-21
Houston, TX
1 edit | Re: Product maturity said by yock:But seriously, spend even a small amount of time involved in open source support and you'll meet the people who dedicate their lives to the GPL, MPL, BSD, etc. licenses. And how exactly does this relate to "hundreds and thousands of talented sets of eyes mull(ing) over Firefox everyday"? | |
|
 Ant718
join:2002-01-30
Bronx, NY
1 edit |  WTF are they talking about??
Always had issues w/ IE. Opera is to messy for me & not very user friendly IMO!
Until I have a problem w/ FF its my defualt browser.
Done! | |
| | | | Re: WTF are they talking about?? I certainly have experienced pop up windows and pop under windows on Firefox, but that's about it. Not sure what dangerous exploits some are talking about. Since using FF I haven't found any new spyware or other hacks on the laptop I frequently use it on. | |
|
CrematumPremium
join:2005-01-10
Canton, CT | Oh boy... You are only safe until someone gets clever and creates a Firefox equivalent of an IE security flaw. It will happen when people least expect it, and all of the people clinging to Firefox and saying how great it us will suddently be singing a different toon. Don't get me wrong, I use FF and IE for the line of work I do and think FF is a fine browser, but I'd never be so naive to think that some creative hacker won't come up with a surprise way to really hose a lot of FF users (heck, the source code is available, which makes their job much eaiser). If something like that happened, the publicity backlash against FF would have people leaving it in droves.
Think about it... hackers love Microsoft because they are big and hacks are so noticable and widely publicized. You've hit the big time when your hack is well known. The hackers just haven't realized that because of the cult following of FF, there is just as much publicity to be gained from hacking it -- all of those Microsoft lovers are just waiting to pounce on a big story like that just like the FF lovers love to make a big deal when Microsoft finds another hole in their browser. | |
| |  volntnThe VolunteerPremium
join:2002-01-05
Cleveland, TN | Re: Oh boy... said by Crematum:You are only safe until someone gets clever and creates a Firefox equivalent of an IE security flaw. It will happen when people least expect it, and all of the people clinging to Firefox and saying how great it us will suddently be singing a different toon. Don't get me wrong, I use FF and IE for the line of work I do and think FF is a fine browser, but I'd never be so naive to think that some creative hacker won't come up with a surprise way to really hose a lot of FF users (heck, the source code is available, which makes their job much eaiser). If something like that happened, the publicity backlash against FF would have people leaving it in droves. Think about it... hackers love Microsoft because they are big and hacks are so noticable and widely publicized. You've hit the big time when your hack is well known. The hackers just haven't realized that because of the cult following of FF, there is just as much publicity to be gained from hacking it -- all of those Microsoft lovers are just waiting to pounce on a big story like that just like the FF lovers love to make a big deal when Microsoft finds another hole in their browser. Firefox at this moment has more holes than the latest version of IE and XP . Thats the whole point of the article. | |
| | |  brydry...it's meat-cake
join:2004-12-05
Safety Harbor, FL | Re: Oh boy... Quoted from above:
Firefox at this moment has more holes than the latest version of IE and XP . Thats the whole point of the article.
I believe that article to be a bit misleading. Sure, there are open flaws in both browsers. At this moment Firefox actually has far fewer holes according to Secunia. They say IE has 19 unpatched vulnerabilities to FF's 4. Some of IE's holes are unpatched now for 2 years, and one of those is marked as "highly critical".
Here have a look at both:
IE: »secunia.com/product/11/
FF: »secunia.com/product/4227/
What seems kinda funny to me is that one of the best ways to make IE safer is to turn off Active X. Then Windows update doesn't work. What a mess... How about we all just get along in here and agree that we will sometimes disagree with each other.
--
Be kind to your TSA security screeners, they are there to help you so just shut your pie hole and take your dang shoes off | |
|
 Matt3All noise, no signal.Premium
join:2003-07-20
Jamestown, NC
kudos:12 | Get Over It Even Open Source Software has security holes. No software is perfect.
Nothing to see here netizen, move along.....
»www.informationweek.com/story/sh···60900911
Even though I too am secretly laughing my ass off at all the zealots who proclaimed FireFox was "teh best!!11". | |
|  reub2000Premium
join:2001-12-28
Evanston, IL | And IE is any better? I belive IE has exploits. Besides, try getting IE to work on gentoo linux without using crossover office. | |
| |
See 7 replies to this post | |
| | Pop-ups I love firefox and have never had a security issue with it, but some popups have been appearing as of late.
One example, zophar.net. When clicking the "Web Boards" drop-down menu a pop-up appears. Why can't firefox block it? | |
| |
See 8 replies to this post | |
 nixenRockin' the BoxenPremium
join:2002-10-04
Alexandria, VA | Don't Get Me Wrong I like Firefox. I use Firefox and have been using it since Phoenix. That said, nothing like zealots to make anyone hate something, even something good.
-tom
--
"Some people have morals, standards and ideals about quality, but I'm an American: I couldn't care less." --Tony Pierce (paraphrased) | |
| | | Lynx I'm going back to Lynx. 
--
OneHeart | |
| | reub2000Premium
join:2001-12-28
Evanston, IL | Re: Lynx I'll use links. Tables are the great idea. | |
|
 PhylopPremium
join:2002-11-17
Reston, VA | Firefox is great Firefox is a great browser, and I've been using it since it was phoenix, and it became my main browser when it became Firefox. Recently it has had some trouble with pop-unders, and I've had some trouble with those too. But this doesn't make a bad browser, and certainly not less secure than IE.
I think people have had their expectations of what Firefox can and can't do set really high, and then when it has a few problems, it's the end of the world. Give them time, there's already a couple methods out there for fixing the pop-unders, just search around on the web, I forget where I found the fix, it was about a month ago. Also try using the Adblock extension.
After using IE for a week or two of normal browsing then scanning for spyware, I find at least a couple chunks of spyware on my system, sometimes it's just cookies, but once in a while, something worse. After browsing with Firefox for a week or two, no spyware is found.
Firefox is a much better browser, yes if you're used to using IE it will taking some getting used to. But in the end, it's a better browser. More features, more security. | |
|  SteveI know your IP addressConsultant
join:2001-03-10
Yorba Linda, CA
kudos:5 | Steady stream of security issues When one sees that one smart guy in Germany finds security bug after bug in a relatively short period of time, I don't see how one can get a whole lot of confidence in a codebase.
Steve
--
Stephen J. Friedl • Unix Wizard • Microsoft Security MVP • Tustin, California USA • my web site | |
| | Matt3All noise, no signal.Premium
join:2003-07-20
Jamestown, NC
kudos:12 | Re: Steady stream of security issues said by Steve:When one sees that one smart guy in Germany finds security bug after bug in a relatively short period of time, I don't see how one can get a whole lot of confidence in a codebase. Steve Wow, no kidding. | |
| | | | | SteveI know your IP addressConsultant
join:2001-03-10
Yorba Linda, CA
kudos:5 | Re: Steady stream of security issues said by FastEddie:Guys like that make Firefox developers job easier by findings the flaws so they can fix them. I think it's great that Firefox is so responsive to security issues, and their Bugs Bounty program is even better: a determined person can make real money while helping all the users.
It turns out that the really smart guy, Michael Krax, actually found one of these bugs while thinking about it on the plane, reporting it when he got back to Germany. I suspect that there's going to be pretty fertile ground for a while as Firefox bugs are flushed out, and this is good for everybody.
Steve
--
Stephen J. Friedl • Unix Wizard • Microsoft Security MVP • Tustin, California USA • my web site | |
|
| | | I, sir, agree completely. Ignorance is bliss. How dare Mr. Krax try to help improve Mozilla Firefox! | |
|
bmn? ? ?Premium,ExMod 2003-06
join:2001-03-15
hiatus | Never use a product for one reason... This just goes to show that using a product for one reason is never a good idea... Security holes aside, there's still quite a bit that I like about Firefox and will keep using it.
If you are looking for a truly secure browser, there is no such thing. Some are more secure than others and some get patched more quickly than others, but there is no 100% secure browser.
--
64 bit CPUs and OSes? That's so 1996.
Since the dawn of time, man has yearned to destroy the sun. -CM Burns | |
| | | Firefox is more secure. It's very easy to find a flaw in Firefox since the source is open and available to everyone. If a hacker finds a flaw, there is a good chance that the open source community will find it too and correct it. When Secunia discovered a security bug a few weeks ago, a new nightly beta build came out the next day and defeated the problem.
IE is a closed browser which means that vulnerabilities aren't discovered easily. And when they are, M$ employees have to figure it out all by themselves, and release patches that are weeks late.
Bottom line is hackers aren't interested in hacking a browser that most people don't use, and especially if the browser will defeat the problem tomorrow. | |
| |
See 6 replies to this post | |
 Fluker
join:2005-04-07
West Lafayette, IN
1 edit | Exploits...... I really like the initiative behind Firefox. It is open source, with an efficient UI, and completely different from anything out there so that it doesn't fall for the same tricks.
The problem now is that its user base has become so large that it's users are once again targeted by malware distributors and it is again playing the patch'n-pray game. I'd hate to see it but I think the interval between necessary updates is going to shrink if the number of users continues to grow.
Open source is double edged sword, lots of eyes mean fewer errors, but also a clearer view into the guts of this program for the trojan writers.
said by RevGen:
....hackers aren't interested in hacking a browser that most people don't use
If every single user of Internet explorer suddenly adopted Firefox tonight, I think Microsoft would start boasting right away about the superior security of IE in comparison to FF. It's not that better code is used, it's that malware writers just haven't invested time in finding holes because the payoff is not yet adequate
-Unfortunately, where there are sheep, there will be wolves. | |
| | | | Re: Exploits...... "...The problem now is that its user base has become so large that it's users are once again targeted by malware distributors and it is again playing the patch'n-pray game..."
less than 10% is too large to handle? lol good luck firefools | |
|
 algPassionately apatheticPremium
join:2001-04-10
Houston, TX
kudos:3 |  EVERYBODY JuST SHUTUP
--
Mein Fuhrer, I can walk! | |
| | sivranOpera convertPremium
join:2003-09-15
Arlington, TX
kudos:1 | Re: EVERYBODY JuST SHUTUP What he (alg) said. I feel I oughta add though, that people should be open-minded about browsers other people like and *gasp* try them out, at least every few versions or so, just to see what the fuss is about. I do this with Firefox and Opera. For me though, it's Mozilla all the way. Best browser, in my opinion and for my needs.
And I wanna see that sweet tuba that can browse the 'net...
--
TCPA - Treacherous Computing
Kerio 2.1.5 - Best damn firewall
Home licensing should be just that. | |
|
MatsayzPremium
join:2005-02-08
Henderson, NV | why the noise? every product has its flaws, i dont get why everyone is like "OMFG FireFox has flaws and could let popups get thru!!!! run for the hills!!!!" i mean, with bout 50mil in d/l's and counting something has to be working correctly. yes its big time news because its challenging IE. but i mean c'mon. how many flaws has IE had over the years??? all these "security experts" and critics are tossing crap in their articles over breadcrumbs. i think everyone needs to chillout and just use the browser, suggest corrections, fix flaws/exploits. i mean this is a volunteer effort that these people have put together. why arent people talking about that! IE has BILLIONS of $$$ behind it. i think everyone needs to get off FireFox's back and relax. i mean i can still access the net with it so whats wrong?
matt
...its not the end of the world... | |
| | | Look it was never a honeymoon, it was an affair with a slightly crazy chick who's pretty good in beb bit just might kill you while your sleeping.
IE might be old, not really that robust and might get hacked a bit (as it is the most popular browser in the world)...so one might be tempted to "stray" but everyone always comes back...
A little fun on the side ain't bad but in the end everyone comes back to the IE. | |
| |  traviszPremium
join:2004-01-10
Lancaster, PA | Re: Look it was never a honeymoon, it was an affai Well, the only thing I use IE for anymore is browsing my ftp and only then because it treats my ftp as if it were a folder on my computer, and not a web directory like Firefox does (or last I checked). Everything else is Firefox for me.
-soul | |
| | | | I only use IE on Bungie.net cause it doesnt work well. and other sites that dont support it. I just switched to firefox because it if usck up less RAM then IE, also I just like Firefox, to me its just my browser, I dont mind using IE, they're all browsers. I have been seeing 1 or 2 pop ups. | |
|
| | hard to understand The consensus seems to be that no browser is 100% secure. I agree with that.
Having never owned a Microsoft product (except a keyboard), I come from the Linux side of things, and installing IE on Linux is not all that easy, although it can be done, and it's required sometimes to get other Windows programs, like Microsoft Office, to work on Linux (but that's another issue entirely).
What does it really mean to have a secure browser, and what is going to happen to you if your browser gets hurt from a security hole? See, from my perspective, this has as much to do with Windows as it does with any browser. If my browser gets hosed, I can delete and reinstall it. No big deal. It won't affect Linux. Spyware? How? Viruses? Not really the biggest worry on Linux. To be perfectly honest, I've never worried about the security of any Mozilla product running on Unix or Linux. Sure, no browser is perfect, but a secure OS provides a huge safety net.
So I realize that browsers have holes, but from my perspective, 99% of this "insecure" stuff has to do with the OS it's running on, not the browser itself. So if it really bothers you, you should be using Linux or FreeBSD or OpenBSD or perhaps even OS X instead of Windows. On a secure OS, a browser isn't a significant problem; on an insecure OS, a browser isn't an effective solution. Ditch Windows if you're that worried about it... | |
|
| |
|
|
