- Related Stories
-
Firefox promo site taken down by hackers
October 4, 2005 -
Fix in for Firefox bugs
September 21, 2005 -
Symantec: Mozilla browsers more vulnerable than IE
September 19, 2005 -
Unpatched Firefox flaw may expose users
September 9, 2005 -
Happy birthday, Opera--you survived
September 2, 2005 -
A standards truce in the browser war?
August 4, 2005
Peter Watson, chief security advisor at Microsoft Australia and New Zealand, told ZDNet Australia that the software maker did not get any pleasure from seeing Firefox suffer a string of security vulnerabilities, despite the open-source browser's growth seemingly being stunted over recent months.
"I don't think it creates any benefit for us or anybody in the ecosystem to turn around and say, 'It's good that this company has a whole load of security vulnerabilities'," said Watson.
The Mozilla Foundation launched Firefox last November with the argument that people would be safer if they switched over from IE.
However, as Firefox's popularity has grown--the browser captured more than 5 percent of the browser market in its first six months--a significant number of flaws have been discovered.
Last month, Symantec published a report that claimed Mozilla's browsers were less secure than Microsoft's IE.
Watson was humble in his assessment of Firefox's security issues, claiming that all new technologies are targeted by criminals: "Every new technology that comes out, somebody at some time will try and look for a way to exploit that for illegal purposes."
Watson explained that Microsoft's goal is to help build a secure and reliable platform for its own--and rival--technologies.
"Our whole strategy around trustworthy computing is that we want the computing platform to be as reliable as possible," he said.
Watson's attitude is not surprising, according to James Turner, security analyst at Frost & Sullivan, who said Microsoft would "save millions" if security were no longer an issue.
"Microsoft is not a security company. For them, every dollar they have to spend on R&D in security is dissipation from R&D for their productivity tools. It's reasonable to assume that Microsoft would love all the viruses and worms to vanish overnight. It would save them millions and millions of dollars,' said Turner.
However, Turner admitted that Microsoft could be hiding its satisfaction at Mozilla's despair for other reasons.
"No one in their right mind would gloat over the vulnerabilities of a rival, because pride comes before the fall," he said.
Munir Kotadia of ZDNet Australia reported from Sydney.
See more CNET content tagged:
R&D, Firefox, flaw, Mozilla Corp., open source
Security is not a state, it's a process.
Security will always be an issue. There is always someone who is smarter, or badder.
"Secure" is the state.
"Securing" is the process.
Secure is the state when it is safe from malice. Although practically, this is next to impossible to achieve.
Securing is the process of becoming secure; which may never end.
Security is not a state, it's a process.
Security will always be an issue. There is always someone who is smarter, or badder.
"Secure" is the state.
"Securing" is the process.
Secure is the state when it is safe from malice. Although practically, this is next to impossible to achieve.
Securing is the process of becoming secure; which may never end.
So really it's a tie. Not that there can be any winners, I join Peter Watson in not getting any pleasure in seeing any vulnerabilities.
I agree with your statement, that everyone loses in regards to security flaws. The sad thing is that 95% of the flaws in any software, are easily avoided by doing simple things that any sophomore CS student knows about.
So really it's a tie. Not that there can be any winners, I join Peter Watson in not getting any pleasure in seeing any vulnerabilities.
I agree with your statement, that everyone loses in regards to security flaws. The sad thing is that 95% of the flaws in any software, are easily avoided by doing simple things that any sophomore CS student knows about.
Currently patches are released for FireFox every month, not every few hours.
Most Microsoft security errors have a patch within a week.
Currently patches are released for FireFox every month, not every few hours.
Most Microsoft security errors have a patch within a week.
Setting security aside. I haven't noticed any problems with coldfusion sites and very few with asp using firefox. Are you sure your not confusing bad programming with a browsers ability to render pages. I have found pages that don't work in Firefox, but it's because the author used IE only extentions and in some cases just bad coding that IE knows how to fix.
IE 7 is far from a complete program as well. Microsoft still refuses to implament very many of the W3C recommendations even after developers have hounded them to do so. The whole idea of the web and web pages is to pass information along to people regardless of their browser or OS. Microsoft, although it's not just them, has been working against that goal for years. At one time it might have seamed like a good idea, but today it's just stupid.
You could be right and we all maybe fighting over six of this and a half dozen of the other. I don't understand, outside of greed, why Microsoft won't use the W3C recommendations to it's full potential, but I feel that they should.
** Just a Thought
Why do people feel comfortable letting Microsoft set the web standards and not the W3C? We all know that Microsoft has only itself in mind when doing so.
I think that 90% of the reason people don't like Microsoft is because they are the biggest target, but I also think that Microsoft has shown that they care far more for profit than quality products. People like car analogies so here's mine. If a company made cars that fell apart or were extremely easy to steal, but looked really good. How long would they be in business? I figure they would have a good run for awhile, but eventually people will stop buying them. Software companies are the same. Regardless of who it is. When the product fails time and time again people will eventually stop using it. In the case of Microsoft, people have made considerable investments in software that only runs on Windows. Regardless of how much I would like to see some other OS gain good market share it's unlikely to happen until that investment has run out of usefull life. For many software companies it's extremly hard to justify building software for multiple platforms using legacy code and current IDE's. Simply put it cost to much to jump ship.
** End Thought
Should read "When MS finally gets around to fixing a security flaw, they finally concede the flaw."
Better...
Tabbed browsing
Gestural navigation (extension? - IE: what's that?)
Better text rendering
More customizable
Built-in development tools
And yes, it's prettier
Oh and isn't it free?
Firefox is a threat to IE because it's the first real competition. MS takes them seriously that's why there will be IE7 before Vista instead of waiting until Vista is released.
Finally, I spend my days removing spyware from PC's that run IE. I don't get the problem with people who are faithfull to Firefox. IE is a product that MS ignored, to their peril for a long time. I'm glad they're back in the game because it's good for everyone if they are.
Setting security aside. I haven't noticed any problems with coldfusion sites and very few with asp using firefox. Are you sure your not confusing bad programming with a browsers ability to render pages. I have found pages that don't work in Firefox, but it's because the author used IE only extentions and in some cases just bad coding that IE knows how to fix.
IE 7 is far from a complete program as well. Microsoft still refuses to implament very many of the W3C recommendations even after developers have hounded them to do so. The whole idea of the web and web pages is to pass information along to people regardless of their browser or OS. Microsoft, although it's not just them, has been working against that goal for years. At one time it might have seamed like a good idea, but today it's just stupid.
You could be right and we all maybe fighting over six of this and a half dozen of the other. I don't understand, outside of greed, why Microsoft won't use the W3C recommendations to it's full potential, but I feel that they should.
** Just a Thought
Why do people feel comfortable letting Microsoft set the web standards and not the W3C? We all know that Microsoft has only itself in mind when doing so.
I think that 90% of the reason people don't like Microsoft is because they are the biggest target, but I also think that Microsoft has shown that they care far more for profit than quality products. People like car analogies so here's mine. If a company made cars that fell apart or were extremely easy to steal, but looked really good. How long would they be in business? I figure they would have a good run for awhile, but eventually people will stop buying them. Software companies are the same. Regardless of who it is. When the product fails time and time again people will eventually stop using it. In the case of Microsoft, people have made considerable investments in software that only runs on Windows. Regardless of how much I would like to see some other OS gain good market share it's unlikely to happen until that investment has run out of usefull life. For many software companies it's extremly hard to justify building software for multiple platforms using legacy code and current IDE's. Simply put it cost to much to jump ship.
** End Thought
Should read "When MS finally gets around to fixing a security flaw, they finally concede the flaw."
Better...
Tabbed browsing
Gestural navigation (extension? - IE: what's that?)
Better text rendering
More customizable
Built-in development tools
And yes, it's prettier
Oh and isn't it free?
Firefox is a threat to IE because it's the first real competition. MS takes them seriously that's why there will be IE7 before Vista instead of waiting until Vista is released.
Finally, I spend my days removing spyware from PC's that run IE. I don't get the problem with people who are faithfull to Firefox. IE is a product that MS ignored, to their peril for a long time. I'm glad they're back in the game because it's good for everyone if they are.
Microsoft has hasn't increased their profit margins in over four years and have doubled the the number employes. The reason is that all the extra employees are allocated to fix all the security issues with their current version of windows.
Microsoft only is supporting upgrades on Windows XP. There are many corporations that are still using Windows 2000 and other Windows OS's. Settle for a old version of IE or use Firefox or other browser that works on those OS's.
Integration: By integrating the browser into the operating system has a made windows a security nighmare. Spyware and malware can infect the whole system that is a real problem. The analogy that because Microsoft has most of the market makes them the most likely to be attackes is silly. In Vista they are going to try to implement user level accounts that don't affect the whole system. The is something that Linux and Mac OS's have always had. The operating system can't be infected from a user account unless that user is root. This is also why Firefox and other browser have security benefits is that they are not integrated into the operating system.
Bug fixes: Security flaws are never going to be hidden by the open source community, but I don't think that could be said of Microsoft. The total number of unpatched security issues for Microsoft vs. Firefox is currently like 4 to 1. Do a little research. Reporting more security issues means a more secure browser and not not admitting flaws does just the opposite.
Updates: In the last two weeks my desktop has downloaded two upgrades to Firefox 1.06 and 1.07. The process wasn't complicated, when I see that there are updated to install I just select to install them, it only takes a few minutes to update.
Size of updates: Microsoft may have finally figured out that downloading 200-300 megabytes of updates isn't something every internet user can do, but you still have to do it get to service pack 2 from service pack 1.
Reports by Virus software companies like Symantec are only stating that Mozilla Firefox has found more security related issues that needed to be fixed. They try to analogize that with being buggy and less secure. The reality is that is just they things are with Open Source software when anyone can report a problem. You can't really see all the probles that would exist in IE's code if only Microsoft developers can see the code. The reality is that the more people that use Firefox the less risk there is and Symantec is in the business of selling antiviruse software. Symantec s very existance is based on buggy insecure Windows. I have yet to install my AV software, but without spyware and malware problems it isn't on the top of my list of things to do.
I repair computers and I do make some money because of all the garbage Microsoft XP can accumulate. In most cases it is because the computer hasn't been updated, but what can a dialup user do? Other computers dont' have up to date AV software so the get infected. The computer always leaves the shop with latest updates and includes antivirus software and spyware protectiong and removal software. I don't think it would be hard to find any number of computer repair people that are making a killing fixing infected computers.
The Internet is changing the climate and like it or not, Microsoft is soon likely not be at the center of the software universe. Windows XP has already shown many throughout the world that there is a need to become less reliant on Microsoft. Governments and organizations in the U.S. and abroad have started in the process of regaining their atonomy, which means that they will not be using Microsoft products.
The reality is that citizens in many countries couldn't even afford to pay what Microsoft wants for their latest version of Windows which also helps explain widespread piracy. It also add a few thousand more developers to the open source ranks as governments and organizations transition.
Bot-Nets are a purely Windows problem even though the bot software is based on open source bot code. The armys of infected computers number in the thousands all thanks to Microsoft. Sure it is usually unpatched/unprotected computer that becomes a zombie awaiting instructions, but why was this probem even allowed to exist? Is it really the truth that Microsoft is more concerned with the bottom and has little concern for security?
Microsoft has had to recruit large numbers of new employees just to fix all the mistakes in Windows XP. Microsoft Vista is due to be released sometime in the not to distant future, but the more software that integrated into the OS the more insecure it is likely to be. Microsoft may be seeing their worst nightmare once Vista is officially released.
-Jim
Microsoft has hasn't increased their profit margins in over four years and have doubled the the number employes. The reason is that all the extra employees are allocated to fix all the security issues with their current version of windows.
Microsoft only is supporting upgrades on Windows XP. There are many corporations that are still using Windows 2000 and other Windows OS's. Settle for a old version of IE or use Firefox or other browser that works on those OS's.
Integration: By integrating the browser into the operating system has a made windows a security nighmare. Spyware and malware can infect the whole system that is a real problem. The analogy that because Microsoft has most of the market makes them the most likely to be attackes is silly. In Vista they are going to try to implement user level accounts that don't affect the whole system. The is something that Linux and Mac OS's have always had. The operating system can't be infected from a user account unless that user is root. This is also why Firefox and other browser have security benefits is that they are not integrated into the operating system.
Bug fixes: Security flaws are never going to be hidden by the open source community, but I don't think that could be said of Microsoft. The total number of unpatched security issues for Microsoft vs. Firefox is currently like 4 to 1. Do a little research. Reporting more security issues means a more secure browser and not not admitting flaws does just the opposite.
Updates: In the last two weeks my desktop has downloaded two upgrades to Firefox 1.06 and 1.07. The process wasn't complicated, when I see that there are updated to install I just select to install them, it only takes a few minutes to update.
Size of updates: Microsoft may have finally figured out that downloading 200-300 megabytes of updates isn't something every internet user can do, but you still have to do it get to service pack 2 from service pack 1.
Reports by Virus software companies like Symantec are only stating that Mozilla Firefox has found more security related issues that needed to be fixed. They try to analogize that with being buggy and less secure. The reality is that is just they things are with Open Source software when anyone can report a problem. You can't really see all the probles that would exist in IE's code if only Microsoft developers can see the code. The reality is that the more people that use Firefox the less risk there is and Symantec is in the business of selling antiviruse software. Symantec s very existance is based on buggy insecure Windows. I have yet to install my AV software, but without spyware and malware problems it isn't on the top of my list of things to do.
I repair computers and I do make some money because of all the garbage Microsoft XP can accumulate. In most cases it is because the computer hasn't been updated, but what can a dialup user do? Other computers dont' have up to date AV software so the get infected. The computer always leaves the shop with latest updates and includes antivirus software and spyware protectiong and removal software. I don't think it would be hard to find any number of computer repair people that are making a killing fixing infected computers.
The Internet is changing the climate and like it or not, Microsoft is soon likely not be at the center of the software universe. Windows XP has already shown many throughout the world that there is a need to become less reliant on Microsoft. Governments and organizations in the U.S. and abroad have started in the process of regaining their atonomy, which means that they will not be using Microsoft products.
The reality is that citizens in many countries couldn't even afford to pay what Microsoft wants for their latest version of Windows which also helps explain widespread piracy. It also add a few thousand more developers to the open source ranks as governments and organizations transition.
Bot-Nets are a purely Windows problem even though the bot software is based on open source bot code. The armys of infected computers number in the thousands all thanks to Microsoft. Sure it is usually unpatched/unprotected computer that becomes a zombie awaiting instructions, but why was this probem even allowed to exist? Is it really the truth that Microsoft is more concerned with the bottom and has little concern for security?
Microsoft has had to recruit large numbers of new employees just to fix all the mistakes in Windows XP. Microsoft Vista is due to be released sometime in the not to distant future, but the more software that integrated into the OS the more insecure it is likely to be. Microsoft may be seeing their worst nightmare once Vista is officially released.
-Jim
And as for security ... *read some unbiased articles*. There are flaws in IE that Microsoft has known about for YEARS but hasn't fixed. Until Microsoft *finally* decides it's time to update IE, using another browser is a no-brainer.
- I won't user IE because...
- by ppentz October 10, 2005 9:45 AM PDT
- ...I won't use a 5 year-old browser. IE is the poster child for what is wrong with a monopoly. Once IE got above 90% of the market, Microsoft stopped development. There are *so* many features in Firefox (or Opera, or nearly any other browser) that aren't available in IE, and if you don't believe me, try them! You can tell from the comments who has actually tried an alternative, and who hasn't.
- Reply to this comment
-
Showing 1 of 2 pages (74 Comments)And as for security ... *read some unbiased articles*. There are flaws in IE that Microsoft has known about for YEARS but hasn't fixed. Until Microsoft *finally* decides it's time to update IE, using another browser is a no-brainer.