Firefox fans put new spin on browser protection

(continued from previous page)

on the Mozilla code is actually finding these things before exploits can be developed or discovered by hackers. None of these things that we've produced patches for in the last couple of releases have been things that have been discovered in the wild."

Another reason, Hofmann said, is that Firefox doesn't use ActiveX technology, which he blamed for the preponderance of Microsoft's browser security woes.

"This is the major architectural advantage that we have," he said. "With the ActiveX and the security zone model, Microsoft has taken browsers in a different direction, which provides a mechanism for the most serious exploits in Internet Explorer."

Mozilla has made its own stabs at ActiveX support. One project, which Hofmann deemed "experimental," is an extension that would provide support for specific ActiveX controls like the Windows Media Player. Controls would have to be on a "white list" of vetted applications.

An ActiveX alternative, known as "Plug-ins Future," is a joint effort among Mozilla, Opera Software, Apple Computer, and plug-in makers including Adobe Systems and Sun Microsystems.

One computer security expert called the security contest between Microsoft and Mozilla a toss-up, though he lauded Mozilla's responsiveness and Firefox's pop-up controls.

"The thing I like about the non-MSIE products is that I find they're more easily user-configurable to prevent things like pop-ups and pop-unders, which can be security risks," said Mike Finnie of Computer Forensics. "It seems that the Mozilla group is fairly immediately responsive to incidents of security lapses or bad code, and it seems to be making a genuine effort to fix them and get them released. But on a scale of one to 10, how many more points would they get than Microsoft? I don't know."

The problem is this...

..... it appears Firefox has no ability to patch itself. So every bug fix requires a full install at this point.

This is no good.

It's going to become as tiresome as Windows and IE if there is a huge download / reinstall every other week.

[xpgeek11]

yes, but ..

this is actually a good thing. a 4.7 meg download is no bigger then most windows update patches, and firefox's inability to just have patches change things within the browser makes it more secore, no fake updates, no spyware eventually learning to take adavantage of its patching system.

[Anonymous1234567890]

Firefox CAN patch itself

Get your facts right... see the little green icon at the top-right of Firefox's window? That means an update is available... click it, and Firefox will auto-update with no work from the user.

[finman65]

Why is it . . .

that Firefox 1.0.x is compared to IE 6?

Firefox 1.0.x has been available for a few months, and has corrected some security problems that have surfaced (before they appeared as exploits in the wild) IE 6 has been out for years, and MS is still trying to deal with new (and existing) security problems that can (and are) exploited.

[Christopher Hall]

I have a thought

Perhaps that's because that's what the developers and early adopters have been doing all along. If you're going to play with Microsoft, you'd better be able to back up your claims with rock-solid proof, otherwise they'll either tear you to pieces or buy you. They're quite ruthless like that.

The rabid pro-Firefox crowd, while their devotion is admirable, needs to understand what their browser is not. Firefox is not the digital messiah. Firefox is not going to unseat Microsoft's domination of the Internet browser "business." Firefox is not going to become more than mainstream in its current form.

Granted, competition is good for the industry, but a little reality never hurts the optimistic.

[nrlz]

safer? ignorance.

[i]"Firefox is safer for a couple of reasons," said Chris Hofmann[/i]

Chris is playing on the ignorance that most people don't know about other browsers and only know about IE, so he can conveniently leave out the word "safer [i]than IE[/i]". But this only just confuses people who are led to believe that Firefox is safer than all the other browsers out there (Opera, Safari, iCab, OmniWeb, Konqueror, Lynx) which just isn't true and which also don't support ActiveX.

What Chris actually said...

...was in response to a question posed about Firefox vs. IE, as the previous paragraph makes clear:

"Mozilla insisted, as it has in the past, that it enjoys fundamental security advantages over IE."

You could fault the story for focusing too much on the two browsers at the expense of the others you cite, but you can't fault Chris for "playing" on anyone's "ignorance."

[behemot]

Comment was from a non-participant on SpreadFirefox.com

The comment quoted in the article did not come from a Firefox "partisan." Its author has not made any other postings on SpreadFirefox, has not attracted new Firefox users in the past and as far as one can see hasn't participated in the community in any other way.

The CNet article used the comment to imply that active Firefox advocates have second thoughts about the browser, but nothing of that sort has been seen on SpreadFirefox. The site's forums allow anyone to register and post comments, so the posting could have been made by a Microsoft employee, the CNet author or any other person unrepresentative of the Firefox advocacy community.

[M C]

IMO, CNet's irresponsible reporting harms computer users

Running a story on the flaws without overtly mentioning the (already existing) patch keeps users in the dark and unpatched. I think this is irresponsible and unethical.

Don't go slamming someone else without taking a good look in the mirror first.

I'm not surprised

This wouldn't be the first (or last for that matter) article by CNET that twists the facts. Too bad it dowsn't twist the facts pro-opensource but rather contra. So hard to find some obiective news site when microsoft easily pays tons of $ so that it's products are put in the better light.
IMHO CNET is also part of the "Get the facts" FUD campaign.

And all you who believe these articles and switch back to IE, I'm not gonna stop you, the same way as I'm not stopping smoking people from smoking or suicidal people from comitting their last act.

Cheers.

What more do you want ?

The second paragraph starts "With Monday's reports of the Mozilla Foundation's patches for significant new security holes......" how much more overt do you want the mention of the patches to be?

Personally, I'm having fun with Opera 8 right now & don't anticipate hitting the brakes, to go back to the slow buggy that is FF.

[stevejobless]

take a deep breath and repeat after me...

Patching good, must patch, patching keeps me safe...
On a more serious note, having a full install rather then a patch is a lot easier for extension developers/users, since you know what is compatiable with your extension. It is a lot easier to say blah blah works with FF 1.03 or greater, rather then blah blah works with FF .10 with patches blah blah blah installed.
Personally I feel that the FF full update is small and transparent enough for most users to not be affected, also it is a reminder that a PC isn't a bury hea din the sand technology. Be it social or technological we should all do our little bit to keep ourselves safer...

[petethechop]

Failed to mention....

The author fails to point out that Firefox security holes are being taken care of long before they become a problem instead of waiting until they are being exploited as has been the case with the other browser.

[petethechop]

oops

Oh, look at that, there's a second page! Sorry, my bad.

[chrismessina]

Mando asked me to forward his comments...

A friend of mine asked me to followup about the poster, since it was his recent desktop image that lead Asa to release the original:

Hi! Thank you so much for the kind words. The original photograph is available
in 17x11 inches. And here is the direct link to the desktop:
http://mandolux.mine.nu/archive/2005/0327.html

:)

As for the name: Mando Gomez | email: mandolux@gmail.com | www:
http://www.mandolux.com

Best wishes. Mando


P.S. The stock photo of the image in the desktop is available.

[orangeacid]

Welcome to the bandwagon :)

Hi C|net and welcome to the bandwagon!

Everyone on this bandwagon belives that firefox, a project which is entirely profit free, and is open source (meaning that people are free to reconfigure the coding and redistrobute), and which is run entirely by volunteers, and which has managed to get over 46 >million< downloads since its release a few months ago, and which holds an enormous percentage of the browser market for considering it doesn't come bundled with an OS that 95% of the world use, is full of holes and security liabilities.

The fact that firefox works differently to MSIE (it infact runs of the Gecko engine) doesn't make it more secure at all. We try and ignore the fact that this means virtually all malicious code designed for internet explorer doesn't work on this browser. ActiveX controls are disabled by default, but who cares? Most people aren't even aware of the threats ActiveX can pose. Plugins have to be enabled per site rather than disabled per site, but surely this doesnt mean anything.

Firefox has a massive community, full of extensions which perform a range of tasks such as automated weather reports, built in search bars, quick searches, RSS support, mouse gestures and the like, which the IE 'community' couldn't dream of having, atleast as effectivly. But who cares?

Lets all jump on the slag off Firefox and the Open Source community bandwagon :)

No, C|Net.