“Is Browser Security getting better? That is tough to say but Firefox is definitely not leading the way. Despite all the hype, despite all the Myths, Firefox 1.x has a worse security record so far in 2006 than Internet Explorer 6.x.”
“Is Browser Security getting better? That is tough to say but Firefox is definitely not leading the way. Despite all the hype, despite all the Myths, Firefox 1.x has a worse security record so far in 2006 than Internet Explorer 6.x.”
I’d like to just say that I’ve never had something install it self just by visiting a page in firefox… happened a number of times when I was using IE
This doesn’t happen anymore in IE6 SP1. Which has been out since late 2005.
IE6 SP1?
You certainly are not speaking about THE IE6 SP1 that has been around for much longer than that.
You may have been speaking about the aditional patches that were added to IE in Windows XP SP2.
And even with that, there are more unpatched exploits for that compared to Firefox.
Edited 2006-09-10 01:08
Okay let me clarify IE 6 SP1 (post XP SP2).
>> And even with that, there are more unpatched exploits for that compared to Firefox.
Did you happen to read the article or are you just spouting the same old lines.
Honestly, I have to say I am posting this from Firefox right now. However you have to give credit where it is due and according to this article credit is due to Microsoft IE for not sucking as bad at Firefox when it comes to security.
I read the article…
And visited Secunia myself to verify.
I would have thought the same thing but I experienced this last year with IE 6 SP1.
I was looking for information on spyware to help a friend and the dang page I found that supposedly contained information hijacked my browser upon simply viewing the page. Installed all sorts of crap.
I quit using IE that day for good.
*double post* – sorry guys
Edited 2006-09-10 14:26
Give me links to site which ‘automatically install things’; maybe if you’re visiting hacking/cracking and underage porn sites, its karma serving a good helping of punishment in the form of stuffing your PC up.
Myspace? (twice)
And what was trying to get installed?
I’m running IE 6 SP2, and if an activeX control wishes to be installed, a bar at the top informs me that an activex component wishes to be installed, and I actually have to manually tell it to install it, if I want the said thing to do so.
Case in point, I visited a site, it had flash, I needed it installed, I was presented with the bar at the top, I clicked on the bar, I clicked on ‘install component” the dialogue came up asking whether I wish to install Flash 9, I clicked on the install button, and voila, installed.
How is it Microsofts problem if people choose to ignore TWO dialogue boxes?!
You obviously didn’t hear the news. Mysapce had poisen adverts for a short period that installed spyware with zero popups, buttons, confirmations, anything. Literally, just installed by viewing the page. IE 6 SP2 is still far from secure.
As quoted in the article: http://blog.washingtonpost.com/securityfix/2006/07/myspace_ad_serve…
Internet Explorer users who visited a Web page containing this ad and whose IE was not equipped with the WMF patch would not get that warning. Rather, their machines would silently download a Trojan horse program that installs junk software in the PurityScan/ClickSpring family of adware. This stuff bombards the user with pop-up ads and tracks their Web usage. Only a little more than half of the anti-virus programs used at anti-virus testing service AV-Test.org flagged the various programs that the Trojan tried to download as malicious or suspicious.
Interesting, this patch released for Internet Explorer 6 SP2 on February 14 2006, and the article is dated July 19, 2006, so assuming that the date is cloose enough to the event, one had over 6 months to install the update, and be protected against the vulnerability.
If a user refuses to install updates, then issue isn’t with Microosft, but the user and their ignorance, and arrogance of not addressing that ignorance.
I believe there have been a couple of banner-ad providers who got caught doing it.
There are little homepages, which are all worthless but you don’t always know until you click.
Links in e-mail attachments: I know, it’s crazy to think viewing a webpage should be a safe activity (that was sarcasm).
Friends playing games on you.
Why would a cracking site do it? Do you honestly think they don’t deny listing in their robots.txt? They don’t want any joe finding their howtos….
Not by my first hand experience, and that of the several hundred computers I’ve installed it on.
Severity, not quantity, and if they’re being exploited or not. Also some flaws are in Windows itself because of the IE integration. The Firefox Mac / Linux users are not affected by those.
The problem is that they have to compare all the fixes since IE 6.x and FF 1.x (or FF 1.5x) appeared. If you stop developing an application, and you have only 5 years of bug patching, its obvious that at the 6th year, its probably going to be bugs free. Also, it is important to consider what the severity of the bugs are.
Edited 2006-09-10 00:31
its obvious that at the 6th year, its probably going to be bugs free
Bug-free is bug-free, no matter how it got to be that way. Firefox has been around in various incarnations dating back to 1997 (Mozilla/Gecko; back to 1994 if you count Netscape). There has been plenty of time to fix bugs.
Firfox has unlike IE6 been actively developed the last years. And IE6 certanly isn´t bug free.
If user has enough brains, he will keep his browser secure, thankfully it’s not so hard, both Windows and FF have auto-update features.
The question is how fast Mozilla or MS issue patches, how much time attacker has to exploit vuln.. Mozilla is better, if we’re talking about speed of patching (imho).
Blog! Blog! Blog! That is not journalism, sorry (an offense to any serious journalist). It simply doesn’t deserve a linkage to here. Especially as the guy did not look under the hood, examining how “critical” the bugs really were and under which OS. He failed to take a deeper look at a “problematic topic”, thus creating a great flame-bait blog-entry that reads like a teenage “my-browser-is-better-than-yours” shoutout.
I explain it differently. He just listed what he found (the facts). Nothing more. Judging by number of security advisories from Secunia… He is simply right. Not that it really matters (I don’t use IE because of the Spyware problem), but still.
Quantity is something very different than quality.
Let’s take a look at it this way: I buy two boats and want to travel with them from Japan to Australia. The first boat has 5 holes. All of them are small in size (1×1 cm) and I have some tape to fix those holes. I might make it to Australia with that boat, although it is still a risky voyage.
Now I take the second boat. It has only three holes. But they are bigger in size, e.g. 10×10 cm. I can try to fix the holes with the same tape I used on the other boat. I might manage to make the boat water-proof, but chances are that it will stay very vulnerable and that I might drown on my way to Australia.
Now, which boat would you take? The one with five small holes or the one with only three (considerably bigger) holes?
Edited 2006-09-09 18:00
Excellent analogy. I was considering posting a comment about the same point, that the number of bugs does not matter compared to the severity of the bugs, but you put it in much better words. Thank you.
Thom, that is simply not true. He did not “just list the facts”. He made a conclusion from them: that IE is more secure. Number of vulnerabilities found does not have a direct correlation to the degree of security.
“Just listing the facts” would be listing the number of vulnerabilities and saying “Firefox 1.x had more newly reported vulnerabilities than IE 6.x in 2006”, NOTHING MORE.
However, on the flipside, saying Firefox is “more secure” is disingenuous as well.
Guys, take a look at this thing. This article defines browser security as the number of vulnerabilities as reported by Secunia in 2006. Operationalising browser security this way, IE is more secure than Firefox.
What is so difficult about that? You can disagree with the way this article operationalises browser security (in fact, operationalisation is the a common attack vector when critisizing scientific articles), but you can NOT say the guy has his facts wrong. Becuase they are CORRECT.
Like I said, I won’t start using IE. But this article uses FACTS to come to its conclusion. Whether you like it or not.
I don’t think anyone has said he lied. The issue is that he talks about 1 fact and says it supports Firefox, then talks about another and says it means the IE is more secure. The truth is that both facts are mostly worthless, and the blog makes no attempt to explain why we should care about these stats. The really galling problem is that his conclusion contradicts some really advanced and high quality analyses and is based on pretty much nothing. The only thing at all that is going for this is it’s title: “Internet Explorer 6.x More Secure than Firefox 1.x in 2006,” which is clearly a controversial stance designed to draw attention.
To be clear, his stats are right, they are just useless. If I wrote an article that said there were 50 states in the US and each of them have 2 senators, and then conclude that each state must be the same size. That is clearly wrong, but would you have linked to that?
Edited 2006-09-09 18:49
At least you’d be doing something more than saying X > Y, therefore this. You’d have a real path of logic to try and argue against, instead of a statistic and some conjecture.
Of course, you’d still be horridly wrong, but one comment would easily demonstrate how.
Let us not denigrate “scientific articles” by including this blog post in them. If this artcle was submitted for scientific peer-review, it would be rejected for cherry picking data. While I agree with you that the “facts that are used” are correct. And it is silly for people to say “that is not my experience”. Also, it is silly to say that “millions of people’s experience with Firefox cannot be wrong”. For hundreds of millions of people, IE is the Internet, and we all know that they are wrong. SO let us not confuse anecdote and popularity with science either.
However, there is no excuse for incomplete use of available data – especially only using metrics that support your own hypothesis while overlooking other blatantly obvious ones like the speed of patching, severity of unpatched vulnerabilities, severity of all vulnerabilities, etc. (I am not a security expert, these are just the obvious things, I imagine are relevant). It appears the blog post was put out as flamebait (ad revenue?) after a cursory examination of some data that appears to support the author’s belief but that does not make it Science.
Anytime you come to a conclusion, ESPECIALLY from a small set of data, you can not say “It’s just facts”.
Is his article title a fact? No, it is not. It is not just facts. That, my friend, *is* a fact.
This article defines browser security
Now this is my main problem with this linking: the day you start realizing such crap can’t be called an article on this planet without a certain type of smile, and stop linking them like certain low quality link-piling sites do, now that day will be the one when maybe you’ll see the light at the end of the tunnel.
Those aren’t facts. Those are statistics.
Well, it depends on how you want to spin the information; in the case of Firefox, if it has ‘more vulnerabilities’ the spin could easily be, ‘because it is opensource, it is more transparent, thus, enabling more people to analyse the code” – thus giving the spin that they’re being proactive in their bug hunting
The same could be said for Internt Explorer, because more people are using it, and it is in higher rates of usage, there are more people able to probe and test for vulnerabilities, its merely a benchmark on how many people use the product, thus they can claim (like they do) that more vulnerabilities are found because more people use it, and thus, the exposure area is greater.
Right. Spin is a good way to describe it. I couldn’t put my finger on it.
You’re smarter than this Thom. Security metrics can’t be easily summed up into a single metric, and that metric definitely can’t be any metric you choose. He chooses to ignore advisories and pay attention to number of vulnerabilities.
Besides that, you misquoted him, from the number of security advisories he’s wrong. It’s the number of vulnerabilities that support him.
Your parenthetical phrase serves as anecdotal evidence against his thesis as well, not to mention your mistype of “vulnerabilities” as “advisories” denotes the tiny jagged rock his thesis stands on, a misplaced word makes it seem silly.
My mother often warned me to brush my teeth. Those warnings are not my dental record. It is a fact that she warned me many times. That fact, however true, does not support a claim that I have a better dental record.
A security record consists of incidents, not advisories. My dental record shows the number of fillings, not the number of times I was given advice.
Faulty reasoning applied to true facts produces a meaningless conclusion. No one disputes the advisory count; the problem is whether any useful conclusion may be drawn from such a count. For example, Secunia lists 26 advisories against XP Pro for 2006, compared to 2 for Windows Millenium. Over all time, XP shows 150 versus 35 for Millenium. So Me must be more secure than XP?
“I explain it differently. He just listed what he found (the facts). Nothing more. Judging by number of security advisories from Secunia… He is simply right. Not that it really matters (I don’t use IE because of the Spyware problem), but still.”
Facts can be missleading if you don’t know how to interpret them. You really have to understand about software and security. So no, he is not simply right. Asserting that is a way to simplify the whole process to make it idiot understandable.
Blog! Blog! Blog! That is not journalism, sorry (an offense to any serious journalist). It simply doesn’t deserve a linkage to here.
That’s analogous to saying, “Einstein is only a patent clerk! Relativity is bunk!”
Here’s a different take: Deal with the facts presented by the article rather than try to shoot the messenger.
I think he makes a good point. Based on Secunia statistics, he’s right: Firefox is less secure. Despite all of the “that isn’t my experience” testimonials from its advocates.
Excuse me, what is wrong with a blog entry, all he did was collate some information, and provide his own conclusion on how he looked at the facts – I hardly see that as a tresonist act.
If you want to ‘counter’ his claims, why don’t you create your own blog entry on your own blog and reanalyse the facts which layout your case that he got is wrong.
Its called democracy toots, the ability to hold differing opinions, debate, and hopefully, the net result is a better understanding of the issues on both sides.
“I hardly see that as a tresonist act.”
Sure, but it’s not journalism and is it not a good “blog post”/article.
“Its called democracy toots, the ability to hold differing opinions, debate, and hopefully, the net result is a better understanding of the issues on both sides.”
The good thing about the Internet is that anyone can publish whatever they want.
The bad thing about the Internet is that people publish whatever they want.
Blog! Blog! Blog! That is not journalism, sorry (an offense to any serious journalist). It simply doesn’t deserve a linkage to here.
That’s analogous to saying, “Einstein is only a patent clerk! Relativity is bunk!”
Here’s a different take: Deal with the facts presented by the article rather than try to shoot the messenger.
I think he makes a good point. Based on Secunia statistics, he’s right: Firefox is less secure. Despite all of the “that isn’t my experience” testimonials from its advocates.
Replying to the “FACTS” in the artical….
Current information from Secunia, after all we are worried about what is the most secure browser NOW not yesterday etc.
Firefox (http://secunia.com/product/4227/)
Unpatched 11% (4 of 35 Secunia advisories)
Most Critical Unpatched… is rated Less critical
IE (http://secunia.com/product/11/)
17% (18 of 105 Secunia advisories)
Most Critical Unpatched… is rated Moderately critical
Opera 8.0 (http://secunia.com/product/4932/)
0% (0 of 15 Secunia advisories)
Most Critical Unpatched…. NONE
Opera 9.0 (http://secunia.com/product/10615/)
0% (0 of 0 Secunia advisories)
Most Critical Unpatched…. NONE (However you must note this is very new software)
Ok so Firefox currently has less unpatched advisories (by number and percent) than IE and is therefore currently the safer browser (also not the worst open advisory is less severe) and the last two Opera versions are better than both IE and Firefox
Is that person here ?
The strange point is that degree of danger is not defined for each browser, neither the dangerosity of each : a crappy page, just look at the other articles of this blog.
Yes, he is posting as ‘Mastertech’ here, although you may know him as ‘GeneralAres,’ amd he has used multiple sock puppets in the past in blog comments.
http://www.webdevout.net/forums/viewtopic.php?t=37&sid=1986c7e6aea4…
Mozilla hater is right. At the Poptech forum he says of Firefox: ‘Coded by amateurs for amateurs.’
http://s4.invisionfree.com/Popular_Technology/index.php?act=ST&f=2&…
Another Forum member says of Andrew: ‘I would pay good money to get a psychologist in to post in this forum just to see his reaction to Drew’s FF-Phobia.’
http://z4.invisionfree.com/Popular_Technology/index.php?showtopic=1…
Simply looking at the advisories between Firefox 1.x in 2006 and Internet Explorer 6.x in 2006 gives a misleading 9 to 13 advisory “win” for Firefox but once you add up the actual vulnerabilities for each it is clear Internet Explorer 6.x has been the more secure browser so far in 2006: 64 to 30 vulnerabilities
As if that isn’t just as misleading a stat. This is nothing more than flamebait and I think the guy just wrote it to get more traffic to his blog.
more flaws… maybe – at least KNOWN flaws since who knows how many IE actually has
more exploitable by flaws and due to integration and so forth – NO WAY!
Since switching my parents, in-laws, other family members to firefox I have seen a LOT less junk on their systems especially popup related ad junk and hijackings, and those forsaken do-everything toolbars…
Firefox: http://secunia.com/product/4227/?task=statistics_2006
IE6: http://secunia.com/product/11/?task=statistics_2006
Oddly, these page say:
Firefox 1.x: 9 advisories from 2006
IE6: 13 advisories from 2006
Maybe I’m doing some confusion or the author counted advisories from 0.x and 1.x?
Also in the links above:
Firefox: Most Critical Unpatched: Less critical
IE6: Most Critical Unpatched: Moderately critical
Check also:
http://secunia.com/graph/?type=cri&period=2006∏=4227
http://secunia.com/graph/?type=cri&period=2006∏=11
I just can’t understand.
EDIT: Now I see he was couting vulnerabilities. Shame on me. Also, check the Unpatched number (FF:4, IE:18) and the Impact stats (System Access: Firefox: 22%, IE: 53%). Firefox looks better to me.
Edited 2006-09-09 18:03
I’ll remember this survey next time I spend a couple hours removing spyware and other badware from another computer. I work IT(per job) and I spend at least twice a week fixing a new computer and undoing the mess that IE allowed onto it…
Pure experience dictates the greater security of firefox over IE. Once again, I don’t think numbers trump user experience.
I’ll remember this survey next time I spend a couple hours removing spyware and other badware from another computer. I work IT(per job) and I spend at least twice a week fixing a new computer and undoing the mess that IE allowed onto it…
Just out of curiosity, why are you allowing your users to run with admin privileges? If they were normal users, spyware wouldn’t be able to root it
Just out of curiosity, why are you allowing your users to run with admin privileges? If they were normal users, spyware wouldn’t be able to root it
We’re an outsourced IT company. We’re not in a position to control what people can or cannot do on their computers. We deal with a number of clients with different needs. We deal with home user computers as well as company computers.
We’re an outsourced IT company. We’re not in a position to control what people can or cannot do on their computers. We deal with a number of clients with different needs. We deal with home user computers as well as company computers.
It doesn’t obviate the fact that you’re not administering your computers as they should be administered (ie. running with reduced privileges, etc). I understand that you don’t have the ability to do that but, rather than blame IE for spyware, you might consider blaming the folks that sign your checks for not allowing you to do your job properly.
First of all, they’re not “my” computers. I’ve recommended a safer browser for fewer headaches, and they’re just as scared of changing browsers as they are reducing administrative rights, which(while being more secure as you said) will only cause more complications with software incompatible with such restrictions.
That is unnecessary. Using some free software and some common sense you can quickly eliminate most of your problems. If the systems are not centrally managed turn AutoUpdates on Automatic, makes sure MSJVM is uninstalled, install Spyware Blaster and Windows Defender + your companies AV.
All major business related software should have documentation on setting up their software to work in a user priviledge environment if it does not out of the box. Otherwise you can get around alot of it by installing the offending apps to the user’s My Documents folder.
Using some free software and some common sense you can quickly eliminate most of your problems. If the systems are not centrally managed turn AutoUpdates on Automatic, makes sure MSJVM is uninstalled, install Spyware Blaster and Windows Defender + your companies AV.
That’s actually what I do when I encounter systems infected with spyware
“Just out of curiosity, why are you allowing your users to run with admin privileges? ”
Have you ever tried to run Microsoft Office without admin privileges?
Have you ever tried to run Microsoft Office without admin privileges?
All the time. Everyone at work does so, too, with no problems.
Have you tried to program in Visual Studio without Admin?
Possible, yet so annoying that you definitely dump it and go the admin road..
Have you tried to program in Visual Studio without Admin?
The only problem with non-admin accounts and Visual Studio is that the debugger can’t be run. This is rectified by adding such users to the Debugger Users group.
Note that granting debugging privileges to malicious users is a security risk.
Nonsense. I do it every day. Office runs fine with reduced privileges.
Is it normal practice to post blog entries which are clearly not thought out on a controversial subject, most likely in the interest of generating comment traffic for your site?
Apparently “Andrew” believes that within 3 paragraphs, and a couple short statistics, he can disprove the beliefs of millions, the analysis of others, and the purpose of more complex security metrics (like impact of holes, time to fix, occurance of zero-day exploits, etc, etc).
I suppose the next article will be entitled: “Microsoft is better because it’s gots more moneys.” (sic)
He did it for the lulz
Yeah, he presents the “facts” leaving out other facts that are more important. If there were 30 vulnerabilities of paltry severity, that are patched, that is quite more secure than having 5 unpatched vulnerabilities of high severity. Of course, since Thom agree with the conclusion, he must be perfectly correct, and only presenting “facts”, right?
Browser: Links (1.00pre12; Linux 2.6.17-2-k7 i686; 80×25) (Debian pkg 0.99+1.00pre12-1)
Is this REALLY the sort of “quality” that OSNews want’s to be known for?
Good greif what a joke.
Two weeks ago I upgraded to IE7 beta on Windows XP and I like it a lot. For the last two years I was a Firefox user. I have to admit it that Microsoft did a good job of borrowing some of the best browser UI features out there and cleanly brought them together in IE7. I set all the security options to high and enabled only Flash and Acrobat reader as plugins. I used to be a heavy Firefox user but now I find myself using IE7 a lot when I have to use XP. Having Firefox, Opera, and others around has been good for IE since it needed to be updated in order for it to remain competitive.
Well, let’s see how many time it will take to have a critical (or 0 day) exploit in IE7 before anything else.
I am an old firefox user (started with phoenix 0.1 back in 2002), and I used it on the crappy copy of MacOS (named Windows), linux and MacOS-X
It could had been named IE 6.5 in order to be honest with the rendering engine and security settings… But trying to secure the swiss-cheese OS…
Just another *unix vs windows fight….
“Just another *unix vs windows fight….”
Does Firefox only run on *nix? I can run Firefox on Windows. Does IE6 only run on Windows? I can run IE6 on Linux.
No.
Firefox is available on more OS than IE7. Not really hard too.
The bad point is that a lot of people are still using Win2k (and I understand them easily)…
So many flamebaits latelly. Whats going on? This is ridiculous…
Who cares about the number of exploits found in 2006? The overall numbers makes IE look like a swiss cheese anyway. Does anything still believe IE to be more secure than virtually any other browser?
This is a really poor quality flamebait… boring!
Edited 2006-09-09 18:55
“The overall numbers makes IE look like a swiss cheese anyway.”
Not fair. Firefox has tons of Mozilla code in it. In fact the first 40 or 50 (or more) security holes in Firefox were also in Mozilla.
So, to be fair, you have to count Mozilla holes back as far as you count IE holes.
I think you would be embarrassed as to how many are in the combined Mozilla/Firefox.
Any OS with a proper configured Mandatory Access Controll mechanism amongst other defences is more secure than any other OS without.
You can’t trust any browser so why bother.
The reality for 2006 is that I have had (by my official records) more than 380 service calls JUST for spyware through Internet Explorer since the start of 2006. I have not had one for Firefox, which I “forced” onto most machines with dead or infected IE. Not one machine has become re-infected which has Firefox on it, and as many safeguards securing up IE as possible (primarily loads of tricks to prevent it from running at all unless opening a local document, and some of those should to be denied to prevent re-infection).
The truth *IS* that while Internet Explorer may be seemingly becoming more secure, it is simply that many of the old exploits are still unresolved so the rate of discovery has slowed as researchers likely end the near of the road for cataloguing the thousands of bugs/holes/vulnerabilities/(exploits)^10000.
Also, Firefox asked for this to happen, in a way, by claiming straight-up that Firefox’s security was better than IE’s. Everyone set out to prove that true (or false in many cases, I’m sure). Then everyone is upset when a few flaws are found and the first few Firefox-targeted spyware apps show up.
To really know which is more secure, I.E. and Firefox, you could just have to wait for about 18 months or so, when Vista is mainstream, and Firefox has hit a few more revisions.
I.E. is nearly at 7.0 now… Firefox is early at 2.0.
I.E. has FIVE generations of code that has to be fuddled with.. can’t be too pretty.
–The loon
Firefox is based on the Gecko core, which is around 6 years ago, and like IE, it has its own issues that need resulving.
Erh… ?!
“Also, Firefox asked for this to happen, in a way, by claiming straight-up that Firefox’s security was better than IE’s. Everyone set out to prove that true (or false in many cases, I’m sure). Then everyone is upset when a few flaws are found and the first few Firefox-targeted spyware apps show up.”
Which is windows only one. God bless, I am using a true OS
“I.E. is nearly at 7.0 now… Firefox is early at 2.0.”
Which means NOTHING !
Windows XP => NT 5.1, but there were not NT 1.x, NT 2.x !
Firefox had its root back in 1998 when Netscape opened his source code. And Netscape was founded in 1993-1994.
IE 1.x was born in 1995. So, in some way, Firefox is older than IE.
“I.E. has FIVE generations of code that has to be fuddled with.. can’t be too pretty.”
Firefox 1.0.0 (which is based on Mozilla 1.7.5) has at least 7 generations of mozilla.org code behind it !
I mean : Mozilla 0.x (starting with 0.6 aka Netscape 6.0), Mozilla 1.0, 1.1, 1.2, 1.3, 1.4, 1.6, and 1.7
IE is only running on Windows, Firefox on Windows, Linux, Solaris, OS/2, BeOS, Free/Net/OpenBSD, MacOS-X.
So finding more flaws will be a firefox problem not an IE one.
So IE is crappy from start, denying it…
Even being “open source” doesn’t make a product safer by default. People still have to volunteer to do the dirty work (plug whole, make embedded SWF work, etc…)
Internet Explorer 6.x more secure than Firefox in 2006.
Luckily, experience easily beats such blog-conclusions.
Now seriously, how many times have we and you been over such and similar “news” ? How many times have we concluded that it’s useless ? Right. So why is it now you link to such a two-liner on a blog ?
Maybe your target should be aimed a bit higher than this digg-level.
Edited 2006-09-09 19:54
Lets first remember that old adage:
Lies, damn lies and statistics. – Mark Twain
That’s right! No matter how long we live we always see people being caught on the same trap. They use “facts” based on raw data to explain their beliefs. We see this all the time on economics, psychology, engineering, politics, and so on.
While there is nothing wrong in doing that we should think twice (at least) before spill the “truth” or “reality” (being it whatever it is, physics don’t know what is made of).
How many times “proofed” things turned on partially “true” or, even worse, false assertions (sometimes with a triumphant come back)? There is nothing on science that could assure us with 100% of certainty (putting math definitions apart) about pretty much anything.
But people has this strange inclination to believe on something “absolute”.
It is a bit old reading, but good to make us scratch our heads: http://www.bbc.co.uk/dna/h2g2/A1091350.
Regardless of the merits of these claims i would just like to say that,
Opera has always been the best browser … Opera ASA has failed at marketing and community up till now, they’ve learnt allot from Firefox in that respect.
I don’t know how he count it:
31% unpathed IE
22% unpatched FF
Next thing would be checking severity of unpatched vulnerabilities.
this is FUD
Way to verify the info before posting, Thom.
From Secunia…
Current information, after all we are worried about what is the most secure browser NOW not yesterday etc.
Firefox (http://secunia.com/product/4227/)
Unpatched 11% (4 of 35 Secunia advisories)
Most Critical Unpatched… is rated Less critical
IE (http://secunia.com/product/11/)
17% (18 of 105 Secunia advisories)
Most Critical Unpatched… is rated Moderately critical
Opera 8.0 (http://secunia.com/product/4932/)
0% (0 of 15 Secunia advisories)
Most Critical Unpatched…. NONE
Opera 9.0 (http://secunia.com/product/10615/)
0% (0 of 0 Secunia advisories)
Most Critical Unpatched…. NONE (However you must note this is very new software)
Ok so Firefox currently has less unpatched advisories (by number and percent) than IE and the last two Opera versions are better than both.
Edited 2006-09-10 04:54
to say which browser is more secure by counting the fixed bugs is damn stupid!
OK may there was only 30 bugs fixed in IE and more than 60 in Firefox. But could there be about 2000 more bugs in IE still unfixed?
This is just another case of someone using a few statistics to see what they want to see. The same statistics could be used to make the case that Firefox is more secure.
As for me I use a number of browsers on my Mac and Fire fox is one of them. On the Windows box I only use IE when I check for updates. I still work on computers from time to time for people running Windows. and the ones that are the most loaded with garbage are on the systems where the people run IE 6. When I put the insecure browser Firefox on these systems and clean them up most of the problems seem to go away. I get tired of opening up IE on peoples systems and finding all kinds of toolbars added on.
The author needs to get out in the real world with an open mind. Statistics can be very misleading.
“I get tired of opening up IE on peoples systems and finding all kinds of toolbars added on”
Yes, same for me. Friends, friends of friends etc… I’m tired of removing things that came by the way of IE.
Each time I replace their IE icon by FF icon, and then they have no more problem.
And about blogger vs real journalist : I hope to read articles written by real journalist. An article must bring more materials, handled by a professional which gives food for brain.
A journalist reports facts, please stop reporting in OSNews such poor bloggers oriented opinions.
Which makes much more sense.
http://braincore.blogspot.com/2006/09/lol-dumb-and-dumberer.html
It seems interesting that nobody has yet mentioned it, but Andrew is referencing Firefox 1.5.0.5 in his comparison. Current version is 1.5.0.6 and that was out before his blog.
And for those that don’t think a minor version does much, check the vulnerability count he gives for 1.5.0.2 and 1.5.0.4. That’s a difference of 17 problems.
The Devil is more kind than an Angle.
It doesn’t matter how secure you make your browser. User habits will determine how secure your system is.
I’ve read OSNews for years. This is my first post. I consider linking to this article a low-water mark in OSNews history. You might as well start linking the latest news about Britney or Paris or whatever. Seriously, more crap like this and I’m not coming back.
Show this article to our 146 desktop users who have been using IE before I ditched it in favor of Firefox. I have NEVER had any problems with malware ever since I switched ALL 146 browsers to Firefox. NEVER. In comparison, we’ve been having problems with IE (take note, from a fully-patched windows XP machine) since I can remember when.
This article was probably written by a Microsoft employee who is using only ONE computer AND browses ONLY THE MICROSOFT WEBSITE. I doubt any administrator with a network of more than 100 PCs will EVER AGREE with what this author is saying. This is pure crap.
The MySpace issue had to do with an exploit in flash and had nothing to do with IE, SP2 or any IE or Windows vulberabilities, simply update Flash and your safe. I use IE 24/7 with full admin rights and so do all of my clients with no problems. It is all simply a matter of security and user awareness.
If you use noscript on firefox those annoying flash ads just dissappear from untrusted sites
.
There’s fixing bugs, and then there’s preventative care. I really wish they’d add some method for blocking media until you ok it from untrusted websites in Firefox. Sort of like popup blocking.
Noscript isn’t the best solution to that though, there are too many legitimate uses for JavaScript today.
Edited 2006-09-11 16:32
…for proving whatever point you’re trying to make.
is this flaimbait its not even concerning “OS News”.
As far as advsories go between IE AND Firefx, there should be an RSS link for that data.
For those not in the know, ‘Mastertech’ is a sock puppet of the author of the poptech blog, Andrew.
Andrew, commenting on your own blog without identifying yourself as the author is not really on, is it?
This character has a history of using multiple sock puppets:
http://www.webdevout.net/forums/viewtopic.php?t=37&postdays=0&posto…
Just a heads up!
I also notice that the number of comments on the blog has gone down fro, 22 yesterday to 19 today. Censoring the comments, are we, Andrew?
IE more secure than Firefox in 2006? I seem to remember that on of these browsers had a vulnerability which allowed the auto-install of spyware, and that this vulnerability remained unpatched for two weeks, with an expoit avilable and 200+ sites using this exploit to install malware. Which browser was this? It must have been Firefox! No, of course it was the ‘more secure IE’. Andrew, the author of the blog, can only claim that IE was more secure by ignoring incidents like this, in fact flatly refusing to admit them ever happed:
“The reality is Microsoft was not seeing any indications of it being exploited and neither did I. Funny how few security sites covered this “widespread” exploit being exploited. Maybe because it wasn’t?”
http://grantlairdjr.com/wp/2006/05/18/firefox-myths/
In fact, even Microsoft admitted attacks were occuring and advised caution:
http://www.microsoft.com/technet/security/advisory/917077.mspx
The attacks were reported by Websense and Sophos amoungst others, and a video of an attack occuring even appeared on the Sunbelt blog.