Is the Firefox honeymoon over?

[YLAP]

http://blogs.zdnet.com/Ou/index.php?p=103

Is it really safer... It's up to you to decide... 

[DavidR]

This is truly one of the worst one sided pieces of junk I have ever had the displeasure of reading.

Yes firefox has had issues but for the most part these are dealt with promptly.

You only have to check Secunia to see what issues there have been for both firefox and IE and what are still unpatched and that will truly open your eyes as to how bad IE is, there are vulnerabilities that have been unpatched and have remained so for over a year.

Firefox will be intrinsically more secure than IE as it isn't an integral part of the OS, so if you defeat the browser you have in effect defeated the OS. There is no activeX in firefox, there are no BHOs in firefox and these two elements are a major source of malware infection.

So no I don't think the honeymoon is over for firefox, especially when you get your information on security from a security orientated source.

[bob3160]

David
All of this still boils dow to user preference. I personally have never had anything except IE or at present an
IE based browser as my default browser.  I'm also positive that I'm not the only one in this catagory.
My operating is safe and clean despite the fact that I don't use Firefox. 

[szc]

Exactly and I never ever had any problems with my IE either... we all have to agree that all those stories are a little bit blown out of proportions by many IE antagonists out there. Right now I'm watching the Firefox vs. Opera fight... when Opera came out as a wonderful free product, everything started to go down for Firefox. Now they got another enemy to fight against... 

I don't even know what's spyware/adware anymore and everybody who uses SpywareBlaster will say exactly the same... So if you know how, you can be "clean" even with IE, and you don't need any other browser, especially not all those add-ons that will just make your browser crawl...

EDIT: Of course some people like to have more useful features in their browser, so it's understandable that they always look for something different. Both Firefox and Opera are pretty much fully loaded, so I guess they are good choice for people who really need all those additional bells and whistles. What I don't like, is usually those competitive browser developing teams towards IE, tend to search for IE's vulnerabilities just to prove how invulnerable their product is... they do that so often, so they sometimes just forget to clean the mess in their own backyard...

Maybe they all should unite and work together to help people, instead of fighting and trying to prove how really bad is other competitive product... I am sure we all would surf much safer then..

[MWassef]

Symantec: Mozilla browsers more vulnerable than IE

[DavidR]

David
All of this still boils dow to user preference.

With due respect this has nothing to do with user preference, the report is rubbish. The problem with this is there is absolutely no reference to unpatched vulnerabilities and that is the true issue when talking about supposed security issues. Have you even read it and the comments that were raised in the TalkBack (below the report)?

When you are basing the report on vulnerabilities and exploits, then history is a pathetic measure it is what vulnerabilities and exploits remain unpatched (just my opinion), you can't just report one side of the security issue.

Otherwise it is no longer a security report but 'Now firefox is more popular it is attracting more attention from virus writers, etc.' but even that would have to report the closure of vulnerabilities and exploits. So it still requires a balance of what the companies are doing about those vulnerabilities and exploits, otherwise it is unbalanced.

Microsoft Internet Explorer 6.x with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Highly critical

This is based on the most severe Secunia advisory, which is marked as "Unpatched" in the Secunia database. Go to Unpatched/Patched list below for details.

Currently, 19 out of 85 Secunia advisories, is marked as "Unpatched" in the Secunia database.

Mozilla Firefox 1.x with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Less critical

This is based on the most severe Secunia advisory, which is marked as "Unpatched" in the Secunia database. Go to Unpatched/Patched list below for details.

Currently, 3 out of 23 Secunia advisories, is marked as "Unpatched" in the Secunia database.

Also note the severity of those unpatched advisories, firefox Less Critical, IE Highly critical and the totals of advisories and those unpatched. This should give an idea of how unbalanced the report is.

[DavidR]

Symantec: Mozilla browsers more vulnerable than IE

ZDnet is going down in my estimation, quickly. Still talking history and giving almost newspaper punchy headlines to the story, yet their story doesn't match the headline!

Symantec reported that the gap between vulnerabilities being reported and exploit code being released has dropped to six days on average. However, it's not clear from the report how quickly Microsoft and Mozilla released patches for their respective vulnerabilities, or how many of the vulnerabilities were targeted by hackers, though Microsoft generally releases patches only on a monthly basis.

Symantec admitted that "at the time of writing, no widespread exploitation of any browser except Microsoft Internet Explorer has occurred," but added that it "expects this to change as alternative browsers become increasingly widely deployed."

There is one caveat: Symantec counts only those security flaws that have been confirmed by the vendor. According to security monitoring company Secunia, there are 19 security issues that Microsoft still has to deal with for Internet Explorer, while there are only three for Firefox.

[Umath]

Update:  A lot of people have complained that I didn't list the number of actual "in-the-wild" attacks against the two browser platforms.  The problem with this theory is that they either didn't read the entire article or they don't understand what I meant by "published exploits" in the second chart in this blog.  When I say published exploit, I mean a downloadable script or source code that can be used to attack real live browsers in the wild.  These are not simple advisories that talk about certain theoretical exploits.  Published exploits are basically freebies for professional hackers and script kiddies to use in the wild.  Unpublished exploits have to be bought in the underground Internet and I don't list them here because I have no way of knowing how many there are.  If anyone is wondering why I don't include any links to the exploit code, that isn't a mistake.  It is our policy not to link to exploit code.

I don't think Firefox is perfect but this update virtually makes the article itself invalid.

There are three kinds of lies: lies, damned lies and statistics. - Twain

[JediMasterCK]

Question: How many Firefox users does it take to screw in a Light Bulb?

Answer: We don't know - the Firefox cache hasn't updated in over a week

Question: Why did the Firefox users cross the road?

Answer: Because Opera users forced them to

[Umath]

Exactly speaking, I am not using Firefox but a Mozilla alternative but about the cache issue, I set both caches to 1.

We don't need to be forced to do something.  Opera and Mozilla browsers are just offering alternatives.  In fact, I am juggling among browsers and I don't know why I need to stick to one.  To maximize the users' benefits, I'd like mass-media to write more useful, insightful and analytic articles rather than writing a misleading one like this,　which makes me doubt the intelligence or the motivation of the writer.

Search engines and forums are getting more and more reliable sources than such old style journalism are.  Browsers are now daily tools for the purpose, which naturally refrects the preferences of the users.

[darth.mikey]

[CharleyO]

***

The thing all of us need to remember is that those who attack browsers do so to the one or ones most popular in order to effect the most computers/people. This is why there are more reports of problems with IE. As any other browser becomes popular enough, faults and bugs will be found and it will also have problems with attacks. It's just that simple.

***

[Starfighter]

Could someone please explain to me the joke about the "cache issue" with Firefox?   I don't get it...     Is the cache in Firefox bad or something?
Thanks!

[szc]

You again ? Who gave you those cryons ? Haven't I told you just to use pencils ?

        

[Umath]

Could someone please explain to me the joke about the "cache issue" with Firefox?   I don't get it...     Is the cache in Firefox bad or something?
Thanks!

Opera has a function, where it doesn't use hard disk cashe at all.  With Mozilla based browsers, we need to set cashe at least 1kb (In IE's case, 1mb).

For broad band users, hard disk cashe is rather slowing the browsing activity.  It is not recommendable to keep old cache for security reason, either.  So, I set my Mozilla alternative's hard disk cache to 1, which virtually works like cashless.