- Related Stories
-
Opera 8 aims for simpler browsing
April 19, 2005 -
Mozilla flaws could allow attacks, data access
April 18, 2005 -
Firefox draws 2.6 million surfers in March
April 13, 2005 -
IBM on the hunt for Firefox programmers
April 13, 2005 -
Start-up wants to improve on Firefox
April 11, 2005
With Monday's reports of the Mozilla Foundation's patches for significant new security holes that could let attackers install malicious code or steal personal data, Firefox partisans are finally acknowledging that the core sales pitch for their browser may be vulnerable.
"The versions of Firefox up to version 1.0.3 have had terrible security risks," wrote one participant for the volunteer Firefox promotion, Spread Firefox. "I think these security risks have undermined the promise of Firefox as a more secure browser."
While Firefox offers popular features like tabbed browsing that Microsoft's Internet Explorer browser doesn't have (third-party IE-based browsers do offer them), it has managed to take IE down a few notches in market share--primarily based on perceptions that Firefox is safer than IE.
As Firefox approaches the 50 million download mark, some participants have begun contemplating celebrations of that milestone. But others have begun to fret that security concerns are weakening what many see as the browser's primary raison d'etre.
Those concerns have sprung a major leak in the Mozilla's message that Firefox is more secure, as foundation President Mitchell Baker asserted at PC Forum last month.
"The cynical may note that two Firefox security updates have been issued since Mitchell made her comments," Mozillazine wrote in a Monday posting.
The Mozillazine discussion is one of many that have sprung up on Slashdot and other forums after recent columns in InformationWeek and in the IT Observer questioned Mozilla's security superiority.
Eyeing the wave of bad press, Mozilla's marketing volunteers are staying on message with the security theme.
One campaign under consideration would associate the open-source browser with the security of a condom, showing a condom wrapped with the Firefox logo sticking out of the rear pocket of someone's jeans.
"Always use protection," the ad copy reads. "GetFirefox.com. Firefox is the free Web browser that offers greater privacy and prevents pop-ups, spyware and viruses."
The image was developed for a college poster campaign, but was scuttled because of concerns over offending people, according to the blog of Mozilla staffer Asa Dotzler, who manages Firefox and Thunderbird product releases. Mozilla said that volunteers, and not the foundation itself, planned to revive the image.
Mozilla insisted, as it has in the past, that it enjoys fundamental security advantages over IE.
"Firefox is safer for a couple of reasons," said Chris Hofmann, director of engineering for the foundation. "With these security releases, the security development community that works
See more CNET content tagged:
Firefox, Mozilla Corp., volunteer, foundation, security
This is no good.
It's going to become as tiresome as Windows and IE if there is a huge download / reinstall every other week.
Firefox 1.0.x has been available for a few months, and has corrected some security problems that have surfaced (before they appeared as exploits in the wild) IE 6 has been out for years, and MS is still trying to deal with new (and existing) security problems that can (and are) exploited.
The rabid pro-Firefox crowd, while their devotion is admirable, needs to understand what their browser is not. Firefox is not the digital messiah. Firefox is not going to unseat Microsoft's domination of the Internet browser "business." Firefox is not going to become more than mainstream in its current form.
Granted, competition is good for the industry, but a little reality never hurts the optimistic.
Chris is playing on the ignorance that most people don't know about other browsers and only know about IE, so he can conveniently leave out the word "safer [i]than IE[/i]". But this only just confuses people who are led to believe that Firefox is safer than all the other browsers out there (Opera, Safari, iCab, OmniWeb, Konqueror, Lynx) which just isn't true and which also don't support ActiveX.
"Mozilla insisted, as it has in the past, that it enjoys fundamental security advantages over IE."
You could fault the story for focusing too much on the two browsers at the expense of the others you cite, but you can't fault Chris for "playing" on anyone's "ignorance."
The CNet article used the comment to imply that active Firefox advocates have second thoughts about the browser, but nothing of that sort has been seen on SpreadFirefox. The site's forums allow anyone to register and post comments, so the posting could have been made by a Microsoft employee, the CNet author or any other person unrepresentative of the Firefox advocacy community.
Don't go slamming someone else without taking a good look in the mirror first.
IMHO CNET is also part of the "Get the facts" FUD campaign.
And all you who believe these articles and switch back to IE, I'm not gonna stop you, the same way as I'm not stopping smoking people from smoking or suicidal people from comitting their last act.
Cheers.
Personally, I'm having fun with Opera 8 right now & don't anticipate hitting the brakes, to go back to the slow buggy that is FF.
On a more serious note, having a full install rather then a patch is a lot easier for extension developers/users, since you know what is compatiable with your extension. It is a lot easier to say blah blah works with FF 1.03 or greater, rather then blah blah works with FF .10 with patches blah blah blah installed.
Personally I feel that the FF full update is small and transparent enough for most users to not be affected, also it is a reminder that a PC isn't a bury hea din the sand technology. Be it social or technological we should all do our little bit to keep ourselves safer...
- Welcome to the bandwagon :)
- by orangeacid April 22, 2005 12:01 AM PDT
- Hi C|net and welcome to the bandwagon!
- Reply to this comment
-
(31 Comments)Everyone on this bandwagon belives that firefox, a project which is entirely profit free, and is open source (meaning that people are free to reconfigure the coding and redistrobute), and which is run entirely by volunteers, and which has managed to get over 46 >million< downloads since its release a few months ago, and which holds an enormous percentage of the browser market for considering it doesn't come bundled with an OS that 95% of the world use, is full of holes and security liabilities.
The fact that firefox works differently to MSIE (it infact runs of the Gecko engine) doesn't make it more secure at all. We try and ignore the fact that this means virtually all malicious code designed for internet explorer doesn't work on this browser. ActiveX controls are disabled by default, but who cares? Most people aren't even aware of the threats ActiveX can pose. Plugins have to be enabled per site rather than disabled per site, but surely this doesnt mean anything.
Firefox has a massive community, full of extensions which perform a range of tasks such as automated weather reports, built in search bars, quick searches, RSS support, mouse gestures and the like, which the IE 'community' couldn't dream of having, atleast as effectivly. But who cares?
Lets all jump on the slag off Firefox and the Open Source community bandwagon :)
No, C|Net.