Submitted by “The top two browsing programs of net users got a big update this month as Microsoft released Internet Explorer 7 and Mozilla unleashed Firefox 2.0. Here we take a quick spin through some of the features to be seen in the new versions.” Meanwhile, a spoofing bug has been found in IE7. Update: Another Firefox 2.0 review.
While Microsoft is plugging Security holes Mozilla will be hard at work on FireFox 3.0 and 4.0 IE-7 has been out one week and two Security holes have been found already in a year the browser will look like Swiss cheese.
FireFox 3.0/4.0 info:
http://www.internetnews.com/xSP/article.php/3639946
I’m a Firefox user, but the holes in IE7 are because people are actively searching for them. Hundreds of hackers are frittering hours away because
a) they want to show up Microsoft by claiming as many flaws as early as possible
b) exploits can be sold underground to individuals, or to spyware companies who pay-per-head.
I’m sure Firefox 2 has some security flaws, current practices mean it’s not realistic to release a major version and be bug-free. It’s just that Firefox is still not the no.1 target for the no.1 reason – greed.
This is a good thing that people are actively looking for bug in IE, I would like the same for Firefox.
The difference is, more people could send patches to Mozilla.
As far as showing someone up Firefox has probably as much fame and recognition in finding bugs as it’s been something of a media event in the last year. IE7 has too because it’s the latest offering from Microsoft, and well, IE6 was just that bad so why not prove IE7 is too (from a cracker’s perspective)?
As far as selling exploits, they won’t be valuable for about another 3-6 months: When your average –idiot who doesn’t run updates– will be using IE7. By finding and publishing them now you’re losing any shot at selling them.
Secondly, people who sell exploits don’t tell Secunia about them. They hide them, and we find out about them when a security researcher finds them or finds the crack used in the wild.
This is a common defense though, but it’s about as naive as saying that IE7 is going to be horrible just because two bugs were found quickly in the initial release.
The security troubles in IE6 were due to ignorant design decisions that weren’t considering what a nasty place the web was and that maybe you shouldn’t _ever_ allow native code to be executed. Microsoft spent years trying add security on-top of a wide open system, and it was hard, and they were moderately successful.
Both issues in IE7 seem to be non-critical, and you simply have to expect bugs like this in a .0 release of any product.
I’m not a big IE fan myself (and I’ll avoid it because the company has an ugly history with the web, and I like the web), but I’m not a Firefox fan either (it was awesome when it was called Phoenix, it’s since lost its charm to me).
Firefox is not secure via obscurity. Please, stop trying to make this argument folks.
EDIT: Spelling errors fixed.
Edited 2006-10-26 16:59
A counter-point.
Don’t you think Microsoft doesn’t have people dedicated to finding flaws in FF?
PAID people, with SOURCE access. I’d take 5-10 good coders/security analysts, and source – and wager they’d be able to find more security issues/bugs/etc than 10000 random coders (some good, some bad) attempting to find bugs in X closed source program.
Security flaws are only part of IE’s problems, I think.
Microsoft’s piss-poor CSS implementation, crappy PNG support and use of ActiveX makes it one craptastic browser. IE7 hasn’t improved things that much either.
The first “security hole” found in IE7 wasn’t a hole in IE7, as even the article cited for this thread admits.
This second flaw is a “who cares?” flaw. It’s not a design flaw and it’ll be fixed on the 2nd Tuesday of next month.
And you gloss over the fact that Firefox releases security updates with ever increasing frequency, with ever more holes fixed.
Hi MollyC. Still a Windows fan, I see.
“And you gloss over the fact that Firefox releases security updates with ever increasing frequency, with ever more holes fixed.”
If they are fixed, then they are fixed.
=======================
Off-topic, I know, but I have a link for you that you might be interested in.
http://business.newsforge.com/business/06/10/20/1621200.shtml?tid=1…
I like this bit:
“The IDABC drafted something called the European Interoperability Framework, which serves as a guideline to member states and EU bodies. It identifies the core requirements of administrations, which are: availability and reliability, security, accessibility, sustainability (including availability over the long term), independence from vendor lock-in, value for money (including the cost of software implementation and licensing), scalability, and re-usability.”
That pretty much sums it up, I’d think. This is where software end-users thinking is heading in this day & age.
Pretty much eliminates Microsoft software from consideration, doesn’t it?
Microsoft software just doesn’t do some of those interoperability things, in particular the “independence from vendor lock-in” thing.
Relating this back to the current topic, of the three premier browsers available right now (those being Opera, IE7 and Firefox), there is one that stands out as (a) the least installed right now, (2) the least compliant with web standards, and (3) the only one that is constrained to one platform only.
As I say, Microsoft just doesn’t do interoperability.
Such a pity then that interoperability is becoming such an important consideration for software purchasers these days. Lack of interoperability is becoming a real showstopper issue. A deal-breaker.
Edited 2006-10-26 23:37
RE: http://www.internetnews.com/xSP/article.php/3639946
“We’ve also been working in collaboration with another open source project called Cairo which is a graphics subsystem for KDE and a couple of other things,” Schroepfer explained.
WTF?
included quoted link
Edited 2006-10-26 16:32
IE 7 already has exploits available?
That must be why MS sent the firefox team a cake – firefox won!
IE 7 already has exploits available?
That must be why MS sent the firefox team a cake – firefox won!
And so does every software when it comes out:) Thing, such as software with no bugs does not exists. Meaning every software has available exploits when it ships, difference is based on the fact if they are publicly known or not:)
But if you would mention “publicly known exploits” your comment would be completely different.
How I love nitpicking:)
Secunia has reported on two “security problems” so far.
The first turned out to be a flaw in the MS Outlook Express email client. Not in IE7 at all.
The second isn’t really a security flaw as it is a UI issue.
Given the number of hax0rz actively working to break IE7, it’s held up remarkably (and surprisingly) well so far.
But if you would mention “publicly known exploits” your comment would be completely different.
How I love nitpicking:)
My whole post was a joke honestly, as in I was kidding around. I guess the
did not give it away after all considering someone modded the thing down within 2 minutes.
Sometimes the people on this site take themselves a bit too seriously me thinks
I had a look at IE7 and it seems to have caught up on all the features that a browser in 2006 should have. I can’t comment on speed because I was running it in Virtual PC on an iMac G5 but security issues aside they’ve done a good job bringing the software into this decade.
I do have one huge issue with it though. The new user interface, which I can only describe as shockingly bad, ugly and confusing.
Firefox 2.0 is more evolution than revolution though, and evolution in the right direction. I like Firefox more with every version and am happy to use it even thought it is noticeably slower than Safari.
“I had a look at IE7 and it seems to have caught up on all the features that a browser in 2006 should have.”
I don’t think so.
AFAIK, IE7 cannot render at all some web standards such as SVG.
http://upload.wikimedia.org/wikipedia/commons/1/15/Svg.svg
and although it is improved it is still a long way behind the competition (Opera, Firefox, even Safari & Konqueror) in terms of support of other web standards such as CSS.
I’ve got both installed on my system now. They’re basically the same now. I’ve gotten used to firefox, so that’s what I use now.
But I have one question.
Does anyone know why firefox implemented spellcheck built-in rather than a addon? I mean, their ‘talk-back’ feature comes bundled with firefox and it’s an addon. Was there some technical issue? To me, it just doesn’t sit right that this it part of the browser.
//They’re basically the same now.//
Uh, no.
Firefox is many times more extensible and flexible.
https://addons.mozilla.org/?application=firefox
Enjoy.
//Does anyone know why firefox implemented spellcheck built-in rather than a addon?//
The spell-check (according to a quote I read somewhere) is “fairly clueful”. It doesn’t try to spell-check simple text fields, but rather text boxes only. It doesn’t try to spell-check anything that can be recognised as a URL. I’d imagine that this “cluefullness” was easier to implement when more integrated with the browser core, as opposed to being an add-on.
Edited 2006-10-26 23:25
Not because of features — since as the article points out, the two browsers are “broadly comparable” — but because IE7 largely achieves parity. The ironic thing is that IE7 doesn’t have to be better to halt user defections to FireFox. It simply has to match features. And, by this article, it appears that it’s accomplished that.
That Opera doesn’t even get a mention. Whether you like Opera or not, feature-for-feature, it is at least on par with the big two, and had many features sported by the other two browsers first. Yet people just blow right over it. WTF?
Yeah I was wondering “what’s up with that” too. There are many people who prefer Opera over every other browser. Take solace in the fact it’s the #3 browser for Windows and (I believe) it’s the #1 browser in the embedded market. I look at Opera as being the Internet’s “best kept secret.”
I haven’t had a chance to test IE7 yet. So, I’m glad that this article answered one of my basic questions. Did Microsoft do anything to improve their search within a window?
Firefox has completely spoiled me with their search tool. Their decision to build their own search tool rather than relying on system tools has allowed them to provide a very elegant method for searching that has allowed me to be far more productive when trying to find information than I have ever been with IE. Since a very primary function of a browser (for me anyway) is to find information, this one feature is enough to keep me using Firefox.
Edit: For clarification I’m referring to the tool that opens with <Ctrl+F>.
Edited 2006-10-27 15:59