Is the Firefox honeymoon over?

http://blogs.zdnet.com/Ou/index.php?p=103

Is it really safer… It’s up to you to decide… :-\

This is truly one of the worst one sided pieces of junk I have ever had the displeasure of reading.

Yes firefox has had issues but for the most part these are dealt with promptly.

You only have to check Secunia to see what issues there have been for both firefox and IE and what are still unpatched and that will truly open your eyes as to how bad IE is, there are vulnerabilities that have been unpatched and have remained so for over a year.

Firefox will be intrinsically more secure than IE as it isn’t an integral part of the OS, so if you defeat the browser you have in effect defeated the OS. There is no activeX in firefox, there are no BHOs in firefox and these two elements are a major source of malware infection.

So no I don’t think the honeymoon is over for firefox, especially when you get your information on security from a security orientated source.

David
All of this still boils dow to user preference. I personally have never had anything except IE or at present an
IE based browser as my default browser. I’m also positive that I’m not the only one in this catagory.
My operating is safe and clean despite the fact that I don’t use Firefox. :slight_smile:

Exactly and I never ever had any problems with my IE either… we all have to agree that all those stories are a little bit blown out of proportions by many IE antagonists out there. Right now I’m watching the Firefox vs. Opera fight… when Opera came out as a wonderful free product, everything started to go down for Firefox. Now they got another enemy to fight against… ::slight_smile:

I don’t even know what’s spyware/adware anymore and everybody who uses SpywareBlaster will say exactly the same… So if you know how, you can be “clean” even with IE, and you don’t need any other browser, especially not all those add-ons that will just make your browser crawl…

EDIT: Of course some people like to have more useful features in their browser, so it’s understandable that they always look for something different. Both Firefox and Opera are pretty much fully loaded, so I guess they are good choice for people who really need all those additional bells and whistles. What I don’t like, is usually those competitive browser developing teams towards IE, tend to search for IE’s vulnerabilities just to prove how invulnerable their product is… they do that so often, so they sometimes just forget to clean the mess in their own backyard…

Maybe they all should unite and work together to help people, instead of fighting and trying to prove how really bad is other competitive product… I am sure we all would surf much safer then…

Symantec: Mozilla browsers more vulnerable than IE

With due respect this has nothing to do with user preference, the report is rubbish. The problem with this is there is absolutely no reference to unpatched vulnerabilities and that is the true issue when talking about supposed security issues. Have you even read it and the comments that were raised in the TalkBack (below the report)?

When you are basing the report on vulnerabilities and exploits, then history is a pathetic measure it is what vulnerabilities and exploits remain unpatched (just my opinion), you can’t just report one side of the security issue.

Otherwise it is no longer a security report but ‘Now firefox is more popular it is attracting more attention from virus writers, etc.’ but even that would have to report the closure of vulnerabilities and exploits. So it still requires a balance of what the companies are doing about those vulnerabilities and exploits, otherwise it is unbalanced.

Microsoft Internet Explorer 6.x with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Highly critical

This is based on the most severe Secunia advisory, which is marked as “Unpatched” in the Secunia database. Go to Unpatched/Patched list below for details.

Currently, 19 out of 85 Secunia advisories, is marked as “Unpatched” in the Secunia database.

Mozilla Firefox 1.x with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Less critical

This is based on the most severe Secunia advisory, which is marked as “Unpatched” in the Secunia database. Go to Unpatched/Patched list below for details.

Currently, 3 out of 23 Secunia advisories, is marked as “Unpatched” in the Secunia database.

Also note the severity of those unpatched advisories, firefox Less Critical, IE Highly critical and the totals of advisories and those unpatched. This should give an idea of how unbalanced the report is.

ZDnet is going down in my estimation, quickly. Still talking history and giving almost newspaper punchy headlines to the story, yet their story doesn’t match the headline!

Symantec reported that the gap between vulnerabilities being reported and exploit code being released has dropped to six days on average. However, it's not clear from the report how quickly Microsoft and Mozilla released patches for their respective vulnerabilities, or how many of the vulnerabilities were targeted by hackers, though Microsoft generally releases patches only on a monthly basis.

Symantec admitted that “at the time of writing, no widespread exploitation of any browser except Microsoft Internet Explorer has occurred,” but added that it “expects this to change as alternative browsers become increasingly widely deployed.”

There is one caveat: Symantec counts only those security flaws that have been confirmed by the vendor. According to security monitoring company Secunia, there are 19 security issues that Microsoft still has to deal with for Internet Explorer, while there are only three for Firefox.

[b]Update[/b]: A lot of people have complained that I didn't list the number of actual "in-the-wild" attacks against the two browser platforms. The problem with this theory is that they either didn't read the entire article or they don't understand what I meant by "published exploits" in the second chart in this blog. When I say published exploit, I mean a downloadable script or source code that can be used to attack real live browsers in the wild. These are [b]not[/b] simple advisories that talk about certain theoretical exploits. Published exploits are basically freebies for professional hackers and script kiddies to use in the wild. Unpublished exploits have to be bought in the underground Internet and I don't list them here because I have no way of knowing how many there are. If anyone is wondering why I don't include any links to the exploit code, that isn't a mistake. It is our policy not to link to exploit code.

I don’t think Firefox is perfect but this update virtually makes the article itself invalid.

There are three kinds of lies: lies, damned lies and statistics. - Twain

Question: How many Firefox users does it take to screw in a Light Bulb?

Answer: We don’t know - the Firefox cache hasn’t updated in over a week ;D

Question: Why did the Firefox users cross the road?

Answer: Because Opera users forced them to ;D

Exactly speaking, I am not using Firefox but a Mozilla alternative but about the cache issue, I set both caches to 1.

We don’t need to be forced to do something. Opera and Mozilla browsers are just offering alternatives. In fact, I am juggling among browsers and I don’t know why I need to stick to one. To maximize the users’ benefits, I’d like mass-media to write more useful, insightful and analytic articles rather than writing a misleading one like this, which makes me doubt the intelligence or the motivation of the writer.

Search engines and forums are getting more and more reliable sources than such old style journalism are. Browsers are now daily tools for the purpose, which naturally refrects the preferences of the users.

http://img242.imageshack.us/img242/7650/opera4cn.jpg


The thing all of us need to remember is that those who attack browsers do so to the one or ones most popular in order to effect the most computers/people. This is why there are more reports of problems with IE. As any other browser becomes popular enough, faults and bugs will be found and it will also have problems with attacks. It’s just that simple.


Could someone please explain to me the joke about the “cache issue” with Firefox? I don’t get it… ??? Is the cache in Firefox bad or something?
Thanks!

You again ? Who gave you those cryons ? Haven’t I told you just to use pencils ?

;D ;D ;D ;D ;D

Opera has a function, where it doesn’t use hard disk cashe at all. With Mozilla based browsers, we need to set cashe at least 1kb (In IE’s case, 1mb).

For broad band users, hard disk cashe is rather slowing the browsing activity. It is not recommendable to keep old cache for security reason, either. So, I set my Mozilla alternative’s hard disk cache to 1, which virtually works like cashless.

I use Firefox all the time. I have my cache set to 0 no problems. I find the extensions Adblock - Flashblock - TabBrowser Preferences and No Script indispensable.

Thanks gang for the explanation of the cache function in Firefox. I had thought (because of the joke) that perhaps Firefox’s cache wasn’t working correctly – but I understand now. :slight_smile:

Craftec: Truth be known, I like crayons better than pencils. Purple and orange crayons are my favorite colours. They are also the most fun because they make the absolute worst mess possible – i.e. when you scribble with them on walls.

One thing I can’t stand is chalk. This is no doubt because many years ago my math teacher frequently threw chalk at me in order to wake me up from my day-dreaming (which I did a lot of). Actually, come to think of it, I think the teacher threw the chalk eraser at me more than the actual chalk – which explains why I still need pencils because they have erasers attached to them! :stuck_out_tongue:

Anyway, just so people won’t criticize me for writing off topic, I see that Firefox’s latest version, 1.0.7, is supposed to fix the latest security glitches:
http://www.mozilla.org/products/firefox/

p.s. I hated math.

Haha, I hated chalks and I hated chalk erasers even more… my mom is still a teacher, and a good one… she would never ever throw those things at children. She is so into teaching that sometimes I think she likes her pupils even more than she loves me ;D ;D ;D

P.S. Cryons on the wall are nasty, but nothing comparing to exacto knife scratches all over the room… ;D

Howdy FF-ers and other browser users,

Yes of course there is a lot of side line thinking coming into this.
Some things in the critics of FF are fair, other things are exaggerated or just wishful thinking. We had these reports a;ready last year that FF would topple over, in August of this year remember it should have fallen prey to malware artists and scumware makers. This has until now not materialized. FF has some weak points, you can read about it in their bug reports and on their developers forums. But IE has/d a worse CONCEPT. Closed software (fixed options, take it or leave it software) versus a product that many work on to improve. And it is not optimal as is Opera, as are other browser products. One point we could make here: FF is specially linked with Google. It is in the line of products which can be associated to be an answer to the M$ monopoly train. FF hangs firmly into the Google train. I cannot see what comes next, how security wise Firefox will develop. I have no crystal ball. I say I keep using Firefox as of now.

greets,

polonus

I think I know where you are coming from. Microsoft’s nightmare inches closer to realityMicrosoft’s nightmare inches closer to reality, Google builds an empire to rival Microsoft (Both articles from Cnet)

If WWW’s fluidity is a threat to monopolizing company such as Microsoft, I don’t think it is not always a bad thing. However, I don’t know how to prevent the domination of a company such as Google. I recommend Mozilla/Firefox users to use Mycroft and other browsers have similar function (For example, Sleipnir, which I recommended as an IE alternative, has this function).