Is the Firefox honeymoon over

[stash]

http://blogs.zdnet.com/Ou/index.php?p=103

I think I will let this article speak for itself...

 

[MrChad]

But whereas Firefox has only 14% of its vulnerabilities unpatched, IE has twice that number.

 

[n0cmonkey]

Anyone that uses on a web browser for security is a fool. Browsers are too complex and big. They're all trash.

 

[daniel1113]

Half the vulnerabilities with less than 10% of the market share... hehe.

 

[stash]

Originally posted by: MrChad
But whereas Firefox has only 14% of its vulnerabilities unpatched, IE has twice that number.

You miss the point of the article. Yes IE6 has some serious issues with security. The point is, FF has been made out to be the nirvana of web security, when it is clearly not.

 

[nweaver]

Originally posted by: STaSh

Originally posted by: MrChad
But whereas Firefox has only 14% of its vulnerabilities unpatched, IE has twice that number.

You miss the point of the article. Yes IE6 has some serious issues with security. The point is, FF has been made out to be the nirvana of web security, when it is clearly not.

and that title belongs to wget or lynx

 

[spyordie007]

A good argument that running your browser under a restricted account is every-bit as important as which browser you pick.

BTW all major browsers have run into similar issues, Opera, Safari, etc. This isnt limited to just Mozilla and IE.

 

[stash]

and that title belongs to wget or lynx

lol true. I love lynx.

 

[spyordie007]

Originally posted by: nweaver
and that title belongs to wget or lynx

:thumbsup:

limited functionality = limited surface for attack

 

[hooflung]

The problem doesn't come from Firefox being less secure of a browser than IE but rather IEs integration into the Operating System and core OS APIs. Firefox will never have the security breaches in windows that IE will always have ( until they remove it from the OS core ). The windows explorer, iexplorer, tcp/ip stack, win32 API and activeX interface together make up the computer equivalence of the Titanic. Its a smooth, streamlined technological creation that can float with the best of them. But it can hold so many passengers ( ie. the market share ) and has so many point of impact exploit ploints that it can sink better than any other boat on the ocean.

Firefox might not be the the safest browser but its a life preserver from most of the iceburgs that litter the Windows Internet Ocean.

Moreover :
I find that the X windows API, the toolkits that revolve around it ( GTK, QT etc ) and the mozilla engine might not be the integrated cruiseliner that windows provides... but its a fast steam Ice Cutter that can get you accross the cold,rigid north atlantic.

 

[MrChad]

Originally posted by: STaSh

Originally posted by: MrChad
But whereas Firefox has only 14% of its vulnerabilities unpatched, IE has twice that number.

You miss the point of the article. Yes IE6 has some serious issues with security. The point is, FF has been made out to be the nirvana of web security, when it is clearly not.

Yes, but it would seem that the Mozilla community is able to patch severe vulnerabilities quicker than Microsoft. When Firefox gets a true update/patching system, I expect that turn-around time to improve.

 

[spyordie007]

The problem doesn't come from Firefox being less secure of a browser than IE but rather IEs integration into the Operating System and core OS APIs. Firefox will never have the security breaches in windows that IE will always have ( until they remove it from the OS core ). The windows explorer, iexplorer, tcp/ip stack, win32 API and activeX interface together make up the computer equivalence of the Titanic. Its a smooth, streamlined technological creation that can float with the best of them. But it can hold so many passengers ( ie. the market share ) and has so many point of impact exploit ploints that it can sink better than any other boat on the ocean.

Firefox might not be the the safest browser but its a life preserver from most of the iceburgs that litter the Windows Internet Ocean.

Moreover :
I find that the X windows API, the toolkits that revolve around it ( GTK, QT etc ) and the mozilla engine might not be the integrated cruiseliner that windows provides... but its a fast steam Ice Cutter that can get you accross the cold,rigid north atlantic.

Yes and no.

The biggest breaches of security in IE havent come from it being integrated into the OS but rather a volunerability (either technical or social) that allowed it to execute arbitrary code.

Any "bad" code running as Admin = comprimised system. Regardless of the entry point.

 

[spyordie007]

When Firefox gets a true update/patching system, I expect that turn-around time to improve.

I thought it did have one? It automatically detects that there are updates and notifies the user to download/install for both the browser as well as plug-ins.

 

[CTho9305]

quote:
When Firefox gets a true update/patching system, I expect that turn-around time to improve.

I thought it did have one? It automatically detects that there are updates and notifies the user to download/install for both the browser as well as plug-ins.

The 1.5 system is MUCH MUCH better. It doesn't require full reinstalls.

 

[MrChad]

Originally posted by: spyordie007

When Firefox gets a true update/patching system, I expect that turn-around time to improve.

I thought it did have one? It automatically detects that there are updates and notifies the user to download/install for both the browser as well as plug-ins.

Yes, but as Chris just mentioned it currently requires a full reinstall of the browser.

 

[stash]

Yes, but it would seem that the Mozilla community is able to patch severe vulnerabilities quicker than Microsoft

I think if you examine days of risk rather than single anecdotal cases, you will find that isn't true. DOR is an average of all the single cases of how long it took to patch a vuln, and gives a much clearer picture of what is happening.

 

[JackMDS]

LOL, these arguments all boil down to one Word ?Dogma?.

Instead of evaluating the real situation every one has a pre-conceived position (like being against MS, Intel, NVIDEA, etc.) and their suppose analysis is nothing but findings isolated occurrences, or excuses that fit the Dogma.

It would be nice if some one can post (as an examples), I was using Browsers X and every time that I logged to XXX sites my system got hacked, I switched to browser Y and Now I am safe and can freely browse XXX without any problems.

I spend most of the day on the Internet using mainly IE6 and occasionally Firebox. Functionally speaking, beside the Tabs that make it comfortable in certain Browsing situation, I yet to find any important difference (and IE7, soon to come, would solve the Tab issue as well).

[b[Yeah STaSH the honeymoon is over since the position of most popularize Tech. publication is a ?Flip Flop Dogma? they do it in order to be able to maintain business.

I.e. they evaluate that the ?Push for Firebox? over IE is done for a while and it became moot and boring, so it is now time to ?Flip the Dogma?.[/b]

I am not trying to minimize the security problems that are posed by using the Internet, but the way it is handle by the Media is not very helpful.

This is Not about computers, but it illustrates what might be a general societal problem.
http://www.washingtonpost.com/wp-dyn/co...rticle/2005/08/29/AR2005082901391.html

:sun:

 

[The Linuxator]

There is no point about arguing FireFox isn't integrated in windows I don't care even if they don't patch anything in it it's still more usable, flexible, customizable, secure than Bill Gates can ever dream for the integrated IE with HACTIVE-X of being nuff said .

 

[MrChad]

Originally posted by: The Linuxator
There is no point about arguing FireFox isn't integrated in windows I don't care even if they don't patch anything in it it's still more usable, flexible, customizable, secure than Bill Gates can ever dream for the integrated IE with HACTIVE-X of being nuff said .

Way to not read the article and reply in completely broken English. :roll:

 

[kamper]

Originally posted by: n0cmonkey
Anyone that uses on a web browser for security is a fool. Browsers are too complex and big. They're all trash.

QFT

The firefox honeymoon was over a few months ago. The vulnerabilities got more numerous at the same time that the growth rate went down significantly. I guess it's a good thing, now we can just use it without the Opera people getting all agitated about the firefox fanboyism. I personally have no plans to stop using it, unless one of the KHTML browsers add a few key features (proper adblocking and '/' search at least).

 

[spyordie007]

http://www.washingtonpost.com/wp-dyn/content/article/2005/08/29/AR2005082901391.html

Neat article, thanks for the link.

-Erik

 

[SleepWalkerX]

Are they counting vulnerabilities that have already been patched before the vulnerability is even released? I've read some stories on slashdot where a vulnerability was found in firefox, but later it says that current versions of firefox are not affected at all. So only older versions get affected by them. -_-

Its pretty easy to find vulnerabilities in older versions of software that's open-source, but the thing is that those programs seem to get patched very quickly.

 

[The Linuxator]

Originally posted by: SleepWalkerX
Are they counting vulnerabilities that have already been patched before the vulnerability is even released? I've read some stories on slashdot where a vulnerability was found in firefox, but later it says that current versions of firefox are not affected at all. So only older versions get affected by them. -_-

Its pretty easy to find vulnerabilities in older versions of software that's open-source, but the thing is that those programs seem to get patched very quickly.

Agreed.

 

[JonnyBlaze]

can someone explain to me what someone can do if im running ie or ff? iv ran both and never had any problems. is it all just a matter of what sites you visit?

 

[spyordie007]

Originally posted by: JonnyBlaze
can someone explain to me what someone can do if im running ie or ff? iv ran both and never had any problems. is it all just a matter of what sites you visit?

A couple of common issues:

1. Your browser has a volunerability and you visit a website that is able to exploit that voulnerability and execute arbitrary code.
2. Your browser presents you with a dialog asking you to install something and you dont know what it means but you click yes anyways (this is the most common). This is the biggest reason for the new dialogs that were added to IE in XP SP2.