link to article (http://www.net-security.org/secworld.php?id=8489)


Cenzic released its report revealing the most prominent types of Web application vulnerabilities for the first half of 2009. The report details the steady rise of attacks targeting these exploits ultimately costing the U.S. a substantial amount of money in both IT damage and identity theft.

Specifically, the report identified over 3,100 total vulnerabilities, which is a 10 percent increase in Web application vulnerabilities compared to the second half of 2008. Cenzic analyzed all reported vulnerability information from sources including NIST, MITRE, SANS, US-CERT, OSVDB, OWASP, as well as other third party databases for Web application security issues reported during the first half of 2009.

[...]

Among Web browsers, Mozilla Firefox had the largest percentage of Web vulnerabilities, followed by Apple Safari, whose browser showed a vast increase in exploits, due to vulnerabilities reported in the Safari iPhone browser:

Has Mozilla just gotten complacent, or have the fanboys just been overestimating the advantages of FF over IE?

Has Mozilla just gotten complacent, or have the fanboys just been overestimating the advantages of FF over IE?

... or did Microsoft "helped" in that report? :smallbiggrin:

I use my trusty old Firefox&Thunderbird but thinking about using more Chrome... however there are always those "google knows what you're doing"- feelings

Has Mozilla just gotten complacent, or have the fanboys just been overestimating the advantages of FF over IE?

From discussion on Slashdot, I gathered that the numbers were based on the number of vulnerabilities documented by the browser developers... which means that a well-documented product with frequent releases will show more of them. Essentially, the report's methodology meant that if you search for vulnerabilities to correct them and are open about finding them, you get a worse score than if you turn a blind eye to them.

If this is true I'm glad I don't use Firefox, I'm a Chrome man myself.

From discussion on Slashdot, I gathered that the numbers were based on the number of vulnerabilities documented by the browser developers... which means that a well-documented product with frequent releases will show more of them. Essentially, the report's methodology meant that if you search for vulnerabilities to correct them and are open about finding them, you get a worse score than if you turn a blind eye to them.

So placing higher=better?

So placing higher=better?

Not strictly. Given two equally open projects, one with fewer vulnerabilities recorded may simply be better coded to start with, and have fewer there to be found. The issue is that if you're going off how many vulnerabilities the developers themselves admit to having found, you give those who don't release such numbers, fudge them, or just don't bug-hunt in the first place, a really obvious way to game the system. It invalidates the comparison.

I'm just going off what I remember reading in a brief skim of the comments, mind. I'll see if I can find more detail on the subject later this evening.

(There were also comments that the report was essentially a PR fluff piece bought and paid for by Microsoft, but I don't know if they were substantiated or just bellyaching.)

From discussion on Slashdot, I gathered that the numbers were based on the number of vulnerabilities documented by the browser developers... which means that a well-documented product with frequent releases will show more of them. Essentially, the report's methodology meant that if you search for vulnerabilities to correct them and are open about finding them, you get a worse score than if you turn a blind eye to them.

This may be true...reading through the actual report, the only way it seems to mention how it gathered information was through "reported vulnerability information." it doesn't mention how it was reported though.

I think the real thing to look at though is that only 8% of the vulnerabilities were from web browsers, with 90% being from (commercial) online applications. So running Firefox isn't really an alternative to anti-virus as some people I know believe.

I think the real thing to look at though is that only 8% of the vulnerabilities were from web browsers, with 90% being from (commercial) online applications. So running Firefox isn't really an alternative to anti-virus as some people I know believe.

It's a good alternative to running IE, with Active X enabled, on your Admin account. I haven't been a windows user in quite some time, but what I just mentioned was standard when I quit.

Also, were these percentages weighted at all? Doesn't sound like it. Some vulnerabilities are more serious than others. Granted, grading them can be somewhat subjective. However, a bunch of tiny holes, none of which can do much damage on their own, is probably not as bad as two or three great big crippling gorges.

Using Firefox isn't about making you a harder target (hell you can do that with a variety of addons for any browser) but a smaller one. Imagine if the same amount of effort is put in to exploit weaknesses in Macs as it currently is for Windows system, the I'm a Mac and I'm a PC ads would go away pretty quickly.

Same concept for browsers. Plus, there's an imaginary safety blanket that the bad people of the internet don't primarily go after people who search out alternate programs and security features.

Using Firefox isn't about making you a harder target (hell you can do that with a variety of addons for any browser) but a smaller one. Imagine if the same amount of effort is put in to exploit weaknesses in Macs as it currently is for Windows system, the I'm a Mac and I'm a PC ads would go away pretty quickly.

Same concept for browsers. Plus, there's an imaginary safety blanket that the bad people of the internet don't primarily go after people who search out alternate programs and security features.

This I believe. Question, though.

...assuming this is a contributor, should Firefox become the most popular browser, wouldn't it become the new most targeted area?

This I believe. Question, though.

...assuming this is a contributor, should Firefox become the most popular browser, wouldn't it become the new most targeted area?

*ahem* Firefox IS the most popular browser.
(http://www.w3schools.com/browsers/browsers_stats.asp)

And yes, it will, and then it will all depend on how good its developers are. I don't need to think FireFox will always be the best choice, I just think it's the best choice NOW. If in two years FireFox starts sucking for whatever reason, I'll switch.

And yes, it will, and then it will all depend on how good its developers are.
Right. It's not just a matter of being a popular target. Being a hard-to-hit target is part of it, too. Security through obscurity itself has always been an illusion. Regardless of size or ubiquity, it's really the actual security features that do the job.

Looked over the article. I can't see any description of methodology. They just "counted the number of vulnerabilities" from a variety of sources, so the numbers aren't worth much as far as I can tell. The problems I mentioned earlier may be in play, as may others.

Here's the Slashdot discussion (http://tech.slashdot.org/story/09/11/11/1626224/Firefox-Most-Vulnerable-Browser-Safari-Close?art_pos=2), and a useful comment (http://tech.slashdot.org/comments.pl?sid=1439892&cid=30065934) contradicting the criticisms I referred to above (which is immediately contradicted itself; essentially, the way they might have counted vulnerabilities should be more reliable than I suggested, if you trust Microsoft to diligently search for and promptly patch all vulnerabilities, which not everyone does).

Also, Opera (http://my.opera.com/haavard/blog/2009/11/10/cenzic-security) (who come off best in the report) also criticize it. They're not saying the count of vulnerabilities is invalid, though, just that simple numbers aren't a useful metric.

Right. It's not just a matter of being a popular target. Being a hard-to-hit target is part of it, too. Security through obscurity itself has always been an illusion. Regardless of size or ubiquity, it's really the actual security features that do the job.

And now that Firefox is no longer a smaller target...

As far as I know, Firefox was never particularly secure. The discussion just said "Well, nobody uses Firefox, so it's vulnerabilities don't matter..."

I'd say Mozilla hasn't gotten complacent (any more than they were) and of course the fanboys overestimated. They always do.


Using Firefox isn't about making you a harder target (hell you can do that with a variety of addons for any browser) but a smaller one. Imagine if the same amount of effort is put in to exploit weaknesses in Macs as it currently is for Windows system, the I'm a Mac and I'm a PC ads would go away pretty quickly.

The problem is that not only are Macs a smaller target, you would have to spend a lot more energy on a Mac to get the same effect by the nature of the system. PCs evolved from older, well, PCs. The user is God. It is assumed that someone with access to the system knows what they're doing and might need access to various things that viruses like access to. Viruses can then imitate those users. Macs, by contrast, view Apple as God. Therefore, there are many things the user is not allowed to play with, ever. So imitating a user (even an Admin) doesn't get you much.

The problem is that not only are Macs a smaller target, you would have to spend a lot more energy on a Mac to get the same effect by the nature of the system. PCs evolved from older, well, PCs. The user is God. It is assumed that someone with access to the system knows what they're doing and might need access to various things that viruses like access to. Viruses can then imitate those users. Macs, by contrast, view Apple as God. Therefore, there are many things the user is not allowed to play with, ever. So imitating a user (even an Admin) doesn't get you much.

And then there's the fact that Apple demands use of its proprietary hardware for the system itself, meaning that component upgrades (and the machines as whole) are more expensive, whereas the basic Windows core was made to work with and adapt to as many different machines as possible, so other companies can specialize in producing off-the-shelf components for upgrading.

The problem is that not only are Macs a smaller target, you would have to spend a lot more energy on a Mac to get the same effect by the nature of the system. PCs evolved from older, well, PCs. The user is God. It is assumed that someone with access to the system knows what they're doing and might need access to various things that viruses like access to. Viruses can then imitate those users. Macs, by contrast, view Apple as God. Therefore, there are many things the user is not allowed to play with, ever. So imitating a user (even an Admin) doesn't get you much.

Apple seems to be doing a fine job without viruses (http://www.engadget.com/2009/10/12/snow-leopard-guest-account-bug-deleting-user-files-terrorizin/) :smallwink:

Really though, the information I have on macs is outdated, and might not have been completely true to begin with, but I think the differences in what viruses can do to the softwares is basically that a Mac virus won't affect hardware, while a PC one may (for instance, wiping the BIOS). There's still the chance that it'll muck up your OS...though if that's all malware did these days I'd be thankful.

Apple seems to be doing a fine job without viruses (http://www.engadget.com/2009/10/12/snow-leopard-guest-account-bug-deleting-user-files-terrorizin/) :smallwink:
Guess I should stay on Tiger just a little longer, then. :smalltongue:

this is why im glad i use opera, Firefox is overrated just because its the "open source alternative". either way using the least used major browser has the advantage of security through obscurity.

this is why im glad i use opera, Firefox is overrated just because its the "open source alternative". either way using the least used major browser has the advantage of security through obscurity.

Security through obscurity isn't considered to be especially good security. I'll agree that opera is usually credited as more secure than firefox, but it's not because of its lack of popularity.

this is why im glad i use opera, Firefox is overrated just because its the "open source alternative". either way using the least used major browser has the advantage of security through obscurity.

I'm not sure on what basis you claim it to be "overrated."

I'm not sure on what basis you claim it to be "overrated."
I think he's going along the lines of it's not really the best thing out there, and doesn't necessarily deserve the praise it gets as such. If you read my post above, you'll know that there's some people who believe it to be good enough that they don't need antivirus.


http://imgs.xkcd.com/comics/perspective.png

I think he's going along the lines of it's not really the best thing out there, and doesn't necessarily deserve the praise it gets as such. If you read my post above, you'll know that there's some people who believe it to be good enough that they don't need antivirus.


http://imgs.xkcd.com/comics/perspective.png

People who do not realize this about things they love? Rawrface.

Browsers and OS's are the main culprits here. >.>

I think he's going along the lines of it's not really the best thing out there, and doesn't necessarily deserve the praise it gets as such. If you read my post above, you'll know that there's some people who believe it to be good enough that they don't need antivirus.

I agree that there are significantly large groups of outspoken firefox users who are either misinformed about firefox or, let's say, overzealous in its promotion.

But on the other hand, I feel that claiming it is "overrated" implies that FF is not a good piece of software. Frankly, it IS a good piece of software. It IS quite secure, does what it claims to do, and has very large amounts of professional support.

While it is almost certainly true that its current popularity can be tied significantly to having been the only major open source browser for a lengthy period of time, that does not mean that it worked its way to the top by any method other than being a good piece of software, and it does not mean that its current popularity is undeserved.

As for the actual report, it seems that their analysis on the web browsers boils down to a pie chart, indeed, the same one posted on that link. They give no explanation as to their methods in the report, and no justification for their findings. They literally wrote one paragraph, which just summarizes the pie chart. Regardless of exterior claims of poor methodology, the web-browser section of the report is completely meaningless.

SAFARI! :smallcool:

SAFARI! :smallcool:

I prefer chrome.

Wonderful diversity of options these days.

this is why im glad i use opera, Firefox is overrated just because its the "open source alternative". either way using the least used major browser has the advantage of security through obscurity.

Opera rules.
I don't say this at the expense of Firefox also being, as Ponce LeRue has more charmingly elocuted, good ****, but all the same --
Opera rules.

Opera rules.
I don't say this at the expense of Firefox also being, as Ponce LeRue has more charmingly elocuted, good ****, but all the same --
Opera rules.

So true, so true.

I think its just because I don't know a single person who uses IE anymore- practically everyone uses Firefox.
Seems a little...well, unrepresentative of the whole picture.
Could just be IE trying to regain some face value.

I think its just because I don't know a single person who uses IE anymore-

*raises hand* I do!

I use IE. And I use Firefox.
One thing that frustrates me about all this "I don't use FF because it's cool, I use it because it's better" discussion is that the vast majority of people don't even consider IE as an option. Most people probably started using FF because it was the most widely available "This is not from Microsoft" product out there. I'd wager that a goodly percentage of people couldn't even tell why Firefox is supposed to be better or why IE is supposed to be worse, they just believe it because it's cool to be anti-Microsoft. Any discussion of what software people use is met with disbelief and even disdain when someone says that a Microsoft product is their product of choice. :smallsigh:

Well, from a developer point of view, FF was better than IE6 and IE7 (which seems to have been sadly rushed out of development), but IE8 is a rather fine piece of software.
Personally, I use IE8, Opera and Safari for browsing.

I don't use IE because I dislike the interface, to be perfectly honest. I'm a Firefox man, and before that I used Netscape. I like firefox, though. I like how it runs, I like the interface, and I like my nifty little collection of add-ons.

I just don't see any reason to use a different browser at this time.

I use Chrome. I used to use FF but it started crashing my internet connection on a regular basis, so I switched. Now when I switch back that massive clunking icon bar at the top feels like an eyesore. =/

I do miss Adblock, though. Especially when I browse ICHC.

I used Netscape for a long time because it was better than IE. I went to FF after Netscape was shot down by AOL. I refuse to use IE. I'm not sure about Vista or 7, but I found out what happens when a virus gets into IE on an XP machine. It's not pretty. Seems huge chunks of XP's GUI run off of IE subroutines. IE gets a virus and your OS is funched. Should I tell you how much fun it is to be away from home for 9 months, only to come back and find out that your PC can't keep a window open for more than 2 minutes before your GUI crashes and restarts itself?:smallannoyed:

I used Netscape for a long time because it was better than IE. I went to FF after Netscape was shot down by AOL. I refuse to use IE. I'm not sure about Vista or 7, but I found out what happens when a virus gets into IE on an XP machine. It's not pretty. Seems huge chunks of XP's GUI run off of IE subroutines. IE gets a virus and your OS is funched. Should I tell you how much fun it is to be away from home for 9 months, only to come back and find out that your PC can't keep a window open for more than 2 minutes before your GUI crashes and restarts itself?:smallannoyed:

So, you stayed with "the actual Netscape" then? :smalltongue:


I'm actually surprised a report like this didn't admit more vulnerabilities than this. FireFox, being open source, will have many of its vulnerabilities laid out to the prying eye more easily, as well as more people willing to report on them (and fix them!).
Given that it doesn't mention which version of FireFox (3.0, 3.5, 3.6 are all significantly different), as is the same with most of the other browsers on the list. This is ultimately a silly report.


Personally, I'm a FireFox user. Why?
Adherence to w3c's standards. If I write a webpage or web application, using FireFox as an assistant development tool (which it is very good at), and then test it on Opera, Chrome, Safari, and Internet Explorer.... there are very few times where I didn't have to go back and modify the css or javascript just for IE. It annoys me to no end.
As with FireFox vs Opera, Chrome, and Safari?
The Error console and GreaseMonkey, AdBlock Plus, FireBug, and FireFTP addons. Oh, and my kitty theme. *snuggles it*

Without my development requirements (and kitty theme), I would be using Chrome.

As with FireFox vs Opera, Chrome, and Safari?
The Error console and GreaseMonkey, AdBlock Plus, FireBug, and FireFTP addons. Oh, and my kitty theme. *snuggles it*

Without my development requirements (and kitty theme), I would be using Chrome.

Yup. I'm thoroughly entrenched in firefox for professional reasons. Foxmarks is also a big one for me, especially since it honors keyword searches. Supposedly Opera has done bookmark synching, but I've never gotten it to work. New versions of Chrome support it though. If I can get that installed on my work comp (where I'm not an admin) I may give it a more serious try.

Chrome and Opera are memory hounds on my system. They're in mah RAM, monopolizing mah bitz!

Seriously tho, I switched to FF because it had tabs (and IE was a piece of junk at the time). Now everyone has tabs, but hey look, IE is still a memory hound too!

Granted, FF has gotten worse as they try to impart more and more features, but it still comes out the winner in my rigorous "which slows down my system the least" testing.

If this is true I'm glad I don't use Firefox, I'm a Chrome man myself.

Actually, that falls under Safari.

In truth, this is probably pretty far out - the choice of measure is odd (they should have looked at the length of time for which each web browser had unpatched vulnerabilities, not at the total number of discovered vulnerabilities).

Firefox is safe at the moment, as is Opera. Apple seem to have picked up their game as well - there have only been four advisories for the latest version of Safari, and none of them are unpatched.

There are some holes in IE - a cross-site scripting exploit and a way to spoof part of the address bar.

As for the "no incentive to look for Apple exploits" - actually, that isn't true either.

OS X is based on FreeBSD, which is pretty secure and stable, but also happens to be binary-compatible with Linux. At the same time, most servers on the internet happen to run Linux, FreeBSD or something similar.

I doubt that a hacker would make a worm or a virus for Linux or FreeBSD without at least considering using the same principle on Macs.

I agree that there are significantly large groups of outspoken firefox users who are either misinformed about firefox or, let's say, overzealous in its promotion.

Now thats part of the problem, half the firefox users you encounter claim it is the be all, end all, of browsing and computer security. Yes, its open source, and open source is good, but just being open source does not make a program good.


But on the other hand, I feel that claiming it is "overrated" implies that FF is not a good piece of software. Frankly, it IS a good piece of software. It IS quite secure, does what it claims to do, and has very large amounts of professional support.

Its overrated, or if you would prefer a kinder sounding term, overhyped. Its a good piece of software, and I would use it if I didnt have opera, but its not the great browser most firefox fans claim it to be. Its ok, but it lacks the security and features that opera has that I find innovative, like the built in torrent manager, tabs being able to show pictures of the websites they contain, widgets and the speed dial. Sure, most of these you can get with the addons for firefox, but still, it lacks the right out of the box features that opera has, at least in my opinion.

I'd wager that a goodly percentage of people couldn't even tell why Firefox is supposed to be better or why IE is supposed to be worse, they just believe it because it's cool to be anti-Microsoft.

In the world of science, "laws" exist. A law, as defined by Wikipedia because I don't feel like looking for another source, is "a generalization based on empirical observations of physical behavior." An apple will fall if I drop it. I don't need to know why. I don't need to know that the Earth attracts it to itself, all I know is the apple falls.

I switched to Firefox roughly two years ago, exactly the same time I switched from Norton to AVG. My computer became much faster and less spammy. Whenever I opened Internet Explorer by accident, because I never deleted it, my computer immediately started giving me pop-up messages, all the freaking time. When I used Firefox, there were no pop-ups.

I've never as much as looked at the code for either of the browsers, all I have to go on is my own observations, through which I concluded that Firefox is better. Why? I don't freakin' know. I know by experience, by observation. Almost like a law of physics: You don't need to know why something happens to know that it happens.

And given that I've never had any reason to switch from Firefox, as it's never caused me any real problems, I've no interest in finding out about Opera, Chrome or Safari, and I certainly have no interest in going back to Internet Explorer. Whether they've solved those problems that made me switch or not, this is a user they've already lost.

Opera certainly has advantages over Firefox, but I wouldn't say that either of them is so much better than the other that there is no decision involved.

The current version of Opera comes with:

Decent standards support (nearly passing Acid3)
An e-mail, newsgroups and IRC client
An RSS reader that displays RSS feed entries as e-mails
A free service that compresses web pages before sending them to you
A pile of developer tools, although these are still in beta.
User JS (which has existed since the dawn of time, and certainly isn't something Firefox invented).
A pretty decent download manager with support for the BitTorrent protocol
Inbuilt content blocking (there is no centrally maintained blacklist, but blocking ads is usually pretty simple - pop-ups are also basically nonexistent)
Thumbnails
A smaller user interface.


It's also about half the size of Firefox, and about the same in terms of memory usage and performance.

As I said, the two are close enough that the choice between them is a matter of taste. I prefer Opera personally (hence the bias in my post).

Bear in mind, however, that Firefox is basically the single most extensible web browser on the planet, even though Opera is more versatile out of the box.

Chrome and Opera are memory hounds on my system. They're in mah RAM, monopolizing mah bitz!

Seriously tho, I switched to FF because it had tabs (and IE was a piece of junk at the time). Now everyone has tabs, but hey look, IE is still a memory hound too!


:smallconfused:

I swapped to Opera from Firefox since I found the opposite to be true. Odd. Maybe we used pretty different versions of FF.

I've actually started gravitating back towards Internet Explorer, though Microsoft needs to make the damn thing standards compliant. Opera and FF handle flash-heavy sites (I visit a few) poorly, and in general I find IE to run faster. Firefox takes a good 2 minutes to completely shut down on my computer, and occasionally decides it doesn't like my mousewheel and won't listen to it.

Seriously tho, I switched to FF because it had tabs (and IE was a piece of junk at the time). Now everyone has tabs, but hey look, IE is still a memory hound too!I don't remember what thread I posted it in, and it was some time ago, but I posted screen shots of my desktop with FireFox and IE7 with the exact same tabs open, and my Task Manager open in the foreground showing that IE7 was using half the memory.


Granted, FF has gotten worse as they try to impart more and more features, but it still comes out the winner in my rigorous "which slows down my system the least" testing.This also, I have the reverse experience. I have a system with an AMD Phenom II x4 and 8GB of RAM that FireFox (despite my protestations, FF is my current default browser) will bring to a crawl. I occasionally have to actually close it out because it's using 95% of my CPU cycles and more than 4GB of RAM and I can't play Plants Vs Zombies because of it, let alone whatever MMO I'm engaged with at the time.


In the world of science, "laws" exist. A law, as defined by Wikipedia because I don't feel like looking for another source, is "a generalization based on empirical observations of physical behavior." An apple will fall if I drop it. I don't need to know why. I don't need to know that the Earth attracts it to itself, all I know is the apple falls.

I switched to Firefox roughly two years ago, exactly the same time I switched from Norton to AVG. My computer became much faster and less spammy. Whenever I opened Internet Explorer by accident, because I never deleted it, my computer immediately started giving me pop-up messages, all the freaking time. When I used Firefox, there were no pop-ups.

I've never as much as looked at the code for either of the browsers, all I have to go on is my own observations, through which I concluded that Firefox is better. Why? I don't freakin' know. I know by experience, by observation. Almost like a law of physics: You don't need to know why something happens to know that it happens.

And given that I've never had any reason to switch from Firefox, as it's never caused me any real problems, I've no interest in finding out about Opera, Chrome or Safari, and I certainly have no interest in going back to Internet Explorer. Whether they've solved those problems that made me switch or not, this is a user they've already lost.This is not what I'm talking about. I don't mean they can't answer "why is it better?" I mean they can't answer "why do you like it more?" I mean if you ask the average John Q. Public why they prefer Browser over OtherBrowser, they don't know. They don't know why they like it better. They just know that it's what they're supposed to say. I wasn't talking about knowing the code to say why it's better. I meant that the masses can't even tell you "because it's faster" or "because it's less resource intensive" or even "it slows down my computer less".

Of course, as expected, a whole host of people posted after me explaining why in order to prove me wrong. Twenty or a hundred people who can say does not negate the thousands (who aren't going to post) who can't. I have no problems with people preferring whatever it is they do, I have problems with people bashing without any concept of why.

I am especially perturbed by people who bash based on nothing other than the vendor logo in the corner. One can dislike Microsoft for any number of reasons, but "all of their software is subpar to other software" is not a valid commentary. They did not get where they are by making substandard software. Has everything they've done been a flawless work of perfection? Hardly. They know that as well as anyone. (Try to find someone who'll admit to being responsible for Windows Me, for example.) But judge each application on it's own merits rather than dismissing it out of hand just because it has MS stamped on the box.

Well, I switched over around IE6-7, so when I switched, IE was being revealed to have all kinds of gaping security holes that firefox didn't have due to having much more limited ways of being accessed without user permission.

Then my computer died and I moved to my apple laptop, so I was already familiar with firefox so I just got it for mac.

I don't remember what thread I posted it in, and it was some time ago, but I posted screen shots of my desktop with FireFox and IE7 with the exact same tabs open, and my Task Manager open in the foreground showing that IE7 was using half the memory.

Curious, I repeated this attempt with IE8, full updates, with FireFox 3.6.
Comparison (http://pifro.com/tempmove/Desktop-2009-11-16.jpg)

These are with tabs I had open anyways.
Note, since this is 3.6, most of my extensions aren't enabled, though a couple are. 3.6 seems to miles easier on the memory sides of things than 3.5 was, and now I'm slowly modifying each of my extensions for this. Wonderful.

On memory: iexplorer's memory ram consumption is a mess here! Sure, any one given iteration has less than FireFox's... but it has so many iterations! Closing IE as a whole did close all the memory iterations as well, so it most definitely was the browser.
That's:
208100 K (IE)
75900 K (FF)

After this (https://addons.mozilla.org/en-US/firefox/addon/6543) lovely extension, I re-enabled all of my add-ons (without issue) and with a bit more exploring on only FireFox during the database backup, FireFox is now topping at around 115,880 K for me.

Edit:
Further testing has eventually made it go up to 120,550 K (still, far under IE).
I then found this very useful config option:
http://kb.mozillazine.org/Config.trim_on_minimize
If you have a faster system, there is no delay (as suggested) when waking up. It keeps resetting the memory use, as well. I'm using a consistent 75~80K no matter how long it persists.

I just opened Opera and Internet Explorer, with the same 7 tabs in each.

Opera is eating 80,584 Kb.

IE eats 209,640 Kb.

I don't have Firefox or Thunderbird installed, so I'm not sure how efficient they will be under the same circumstances.

It's still pretty damning.

Just to ensure reproducibility, here are the tabs I used as a test:

- http://www.giantitp.com/forums/showthread.php?t=125099&page=10

- http://www.giantitp.com/forums/showthread.php?t=130774

- http://www.giantitp.com/forums/showthread.php?t=131638

- http://www.giantitp.com/forums/showthread.php?t=98722&page=9

- http://www.giantitp.com/forums/showthread.php?t=131739

- http://www.giantitp.com/forums/showthread.php?t=131044&page=4

- http://www.giantitp.com/forums/showthread.php?p=7325037#post7325037

I personally use Firefox just because I'm used to it at this point, but my old computer was rather slow and had low memory, so that's why I originally switched, or rather I tried it out first, it was always faster and ran with less memory than IE for me.

I don't use any addons, at all... people usually ask me why I use Firefox since I don't though :smalltongue:

I'd like to try Opera or Chrome, but I'm lazy <_<

Is there a noticeable difference in speed between Firefox and Chrome/Opera?

I doubt you'd see one between Firefox and Opera - Opera uses a little bit more memory because of the mail client.

Firefox has also had another release since Opera 10 came out, so it might render JavaScript a bit faster. That will probably change pretty soon though.

Bizarrely, IE starts up more slowly than Opera for me, even though many of the IE components are loaded as the system starts.

Chrome is, on a simple level, undeniably faster than FireFox, at least, 3.0 and 3.5 versions of FireFox.
I have no tried Chrome and FireFox 3.6 in the same context. Though, it'd be a harder push. 3.6 is feeling immensely faster so far.

In short, if you only have a couple of tabs open usually. Chrome is beautiful.

I have not done FireFox vs Opera testing. Opera is a good browser, I just never had a desire to switch.

Seven tabs in FF... 221, 528 Kb :smallbiggrin: For the record:

http://www.giantitp.com/forums/forumdisplay.php?f=50

http://lparchive.org/LetsPlay/IWD2/index.html

http://ethesis.helsinki.fi/julkaisut/laa/kliin/vk/pirkola/ch3.html

http://www.forensicpanel.com/

http://chinesewall.ccc.de/freedomstick-en.html

http://www.boxofficeprophets.com/column/index.cfm?columnID=9241

And this one, to answer in it.

Yeah, quite damning. But then, my computer is running 24/7, hasn't been cleaned of viruses or dust in the longest time and some other migitating factors. Not sure how much they migitate it, but hey.

I use firefox mainly for the add-ons, although I do prefer the look of the browser. I would be using chrome except it doesn't have the features I can get through add-ons, nor does it seem to work on half my computers...

My main problem with Fx is the fact that it chrews through memory. While it starts at a manageable 80,000 K or so, it can end up over 200,000 K after a few hours open. Once it hit 500,000 K meaning I had to restart it. Not a huge problem, but can get a bit annoying at times.

Also, currently sitting on 10 tabs open, 220,000 K usage.

I have a personal preference for Opera.

And as I see, as long people aren't using IE6 and IE7, it's okay. IE7 is miles ahead of IE6, but IE8 is far more W3C complaint, and much better browser than both.

I can't wait to see the "kill IE6" movement gain momentum. It's overly outdated and people should be forced to move on.

I'm thinking of switching to Chrome myself, but like Dis said, add-ons. When Chrome will have Stumble Upon, I'll seriously consider changing the browser.

That and I really don't know how to fix the bookmarks. I have about 100 of them, in three different categories and Chrome throws everything together when I transport them over. It makes a big mess out of it and I'm really not liking this, because it would mean I once again have to sort everything by the hand. And that would take too much time.

That and I really don't know how to fix the bookmarks. I have about 100 of them, in three different categories and Chrome throws everything together when I transport them over. It makes a big mess out of it and I'm really not liking this, because it would mean I once again have to sort everything by the hand. And that would take too much time.

This is a big one for me, but even bigger is the fact that I have three computers I browse the web on, and add bookmarks almost religiously on each. I have 24 folders of bookmarks containing anywhere from 4 to 20 pages in them, then I have well over 100 unsorted bookmarks that are useful when I need to download random things or am looking for something I've lost due to a reload of my system.

Dis, Mordokai, and anyone else who has the constant upscaling memory issue with FireFox being on all the time:
I highly emphasize the following trick:
http://kb.mozillazine.org/Config.trim_on_minimize

Just hitting minimize for a moment and bring it back up (with an active download) in the middle of typing this cut the memory use to ~36,000 K (with 8 tabs open).

Dis, Mordokai, and anyone else who has the constant upscaling memory issue with FireFox being on all the time:
I highly emphasize the following trick:
http://kb.mozillazine.org/Config.trim_on_minimize

Just hitting minimize for a moment and bring it back up (with an active download) in the middle of typing this cut the memory use to ~36,000 K (with 8 tabs open).

Thanks, not sure if it's working, but I'll bookmark it and see if I can get it working :P

Thanks for that, I shall try it too :smallsmile:

I use firefox mainly for the add-ons, although I do prefer the look of the browser. I would be using chrome except it doesn't have the features I can get through add-ons, nor does it seem to work on half my computers...

My main problem with Fx is the fact that it chrews through memory. While it starts at a manageable 80,000 K or so, it can end up over 200,000 K after a few hours open. Once it hit 500,000 K meaning I had to restart it. Not a huge problem, but can get a bit annoying at times.

Also, currently sitting on 10 tabs open, 220,000 K usage.

I'm honestly starting to wonder if memory use is a good metric for evaluating browsers anymore. The reason Chrome is so fast is because it uses a separate thread (or process, it's been a while since I read up on Chrome) for each tab. All the others run in a single process. Chrome is deliberately being more resource intensive, and it's utilizing the resources in a useful way. I'm sure there are plenty of other memory related tricks too. When I open my bookmarks, I want them to load immediately instead of from disk. If that means using an extra meg of RAM, that's RAM well spent IMO. Computers are shipped with 4 or more GB of RAM, so browsers are taking liberties with that RAM. If it goes to good use (and not to a poorly coded extension. Try firefox without extensions and it'll run much better), then why not feed your browser a little more memory.

Apologies for babbling. This thought would have been more coherent had I slept last night. If needed I'll edit it later.

I'm honestly starting to wonder if memory use is a good metric for evaluating browsers anymore. The reason Chrome is so fast is because it uses a separate thread (or process, it's been a while since I read up on Chrome) for each tab. All the others run in a single process. Chrome is deliberately being more resource intensive, and it's utilizing the resources in a useful way. I'm sure there are plenty of other memory related tricks too. When I open my bookmarks, I want them to load immediately instead of from disk. If that means using an extra meg of RAM, that's RAM well spent IMO. Computers are shipped with 4 or more GB of RAM, so browsers are taking liberties with that RAM. If it goes to good use (and not to a poorly coded extension. Try firefox without extensions and it'll run much better), then why not feed your browser a little more memory.

Makes sense, but when you're running a laptop with 1gb ram and a 1.67ghz dual core, you start to get concerned about where stuff goes. While my other computers can run it no problem (Q6600 2gb ram, i5 4gb ram) my laptop struggles to do anything that might require decent use of resources :P

Makes sense, but when you're running a laptop with 1gb ram and a 1.67ghz dual core, you start to get concerned about where stuff goes. While my other computers can run it no problem (Q6600 2gb ram, i5 4gb ram) my laptop struggles to do anything that might require decent use of resources :P

Understood. My laptop is almost exactly half that. 1.7ghz single core, 512 mb RAM :-P

Using extra resources for speed should obviously be done intelligently and with care. If a system is above 90% memory use, it's probably time to drop bookmarks out of RAM and load them from the disk. Or whatever else is eating memory.

Has Mozilla just gotten complacent, or have the fanboys just been overestimating the advantages of FF over IE?

Possibly niether. I use Chrome, IE and Firefox. They've each got a problem though:
Firefox- Sloooow to load. When it can't connect it'll pop up a connection prompt and forces it to the "front". Very annoying when playing full screen videogames.
Chrome- If it partially loads an image before timing it it will not be able to fully load it again until I wipe the cache.
Internet Explorer- Can't load the en.wikipedia search provider, only es.wikipedia (I'm running a spanish version of Vista).

Chrome has the nicest feature set but Firefox has the vital Download Them All add-on.
I've heard Opera is the best web browser.

Opera rules.
I don't say this at the expense of Firefox also being, as Ponce LeRue has more charmingly elocuted, good ****, but all the same --
Opera rules.

Switched to Opera as a result of reading this thread, and I agree, it's good. Just one feature I really miss from Firefox, and that's the Ctrl-F in realtime rather than having a dialog for it.

The best thing about firefox is the adblock plugin, which I have yet to find a good substitute for in any other browser.

Switched to Opera as a result of reading this thread, and I agree, it's good. Just one feature I really miss from Firefox, and that's the Ctrl-F in realtime rather than having a dialog for it.

Press F3 and type away! :smallbiggrin:

Press F3 and type away! :smallbiggrin:

Still brings up a find dialog. I liked having the bar at the bottom where I could just type and it would find as I typed, rather than having a window coming up, blocking the screen, and having to click find manually.

Checking the default shortcuts, inline find is accessed by typing . or /

So, as long as the focus isn't on an input box of some sort, press . or / and type away. :smallsmile:

I skimmed the thread but didn't see anything mentioning this, so I thought I'd point it out. Ahem:

OF COURSE FIREFOX IS VULNERABLE. YOU HAVE TO USE PLUGINS TO MAKE IT LESS VULNERABLE.

That's like saying "cars without lockable doors installed have a high chance of being stolen." No sh**. Put a lock in your car then!

This so-called "article" is comparing all the browsers naked - no NoScript, no Adblock, no nothing. Who in their right mind uses naked Firefox?

If you raised your hand, kick yourself right now - hard - stop reading this post, and go download some plugins. Now. Do it. They're free.

IE is actually very secure compared to naked Firefox - the problem is that it is slow, because Microsoft loads it down with a lot of unneeded crap. Chrome is IE with all that stuff taken out, some of which makes it less secure. Firefox has a higher potential for security (AND vulnerability) than all of them, simply because its code is available for the world to see and modify, but in the world of open source, the white hats outnumber the jerks.

Who'd buy a car that you had to install your own locks, or seat belts?

Who'd buy a car that you had to install your own locks, or seat belts?

Who buys firefox? Bad analogy is bad.

Who buys firefox? Bad analogy is bad.

Who pays for web browsers period? You're the one who mentioned FF being like a car without locks. Since the most common way for legally obtaining cars is by *gasp* purchasing them, the wording makes sense. If you prefer, you can replace "buys" with "chooses", but that's still a horribly hollow argument, and a cheap way of avoiding the issue at hand.

Why should I be forced to go somewhere else to get essential parts for a product?

Who pays for web browsers period? You're the one who mentioned FF being like a car without locks. Since the most common way for legally obtaining cars is by *gasp* purchasing them, the wording makes sense. If you prefer, you can replace "buys" with "chooses", but that's still a horribly hollow argument, and a cheap way of avoiding the issue at hand.

Why should I be forced to go somewhere else to get essential parts for a product?

So your argument is that because his metaphor was lacking Firefox sucks? :smallconfused:

Who pays for web browsers period? You're the one who mentioned FF being like a car without locks. Since the most common way for legally obtaining cars is by *gasp* purchasing them, the wording makes sense. If you prefer, you can replace "buys" with "chooses", but that's still a horribly hollow argument, and a cheap way of avoiding the issue at hand.

You're the one who mentioned "buying" in the first place. I used a car analogy because the core argument - security vs. speed - is identical for both situations.

The article is flawed. It is comparing IE (with no additional addons) to Firefox (with no additional addons) to Safari (with no additional addons) etc.

In practice, NOBODY (i.e.: ONLY IDIOTS) use firefox without installing a single plugin, and then complain when they get malware. IE doesn't need these plugins because it has better security built-in - along with a crapton of other "features" that you don't need, which translates to most webpages loading in twice the amount of time as other browsers.

Returning to the car analogy - you are offered a Mercedes Benz for free and told "the locks aren't installed though - just go right across the street and they'll put them in for you. The whole process will take less than a minute and costs you nothing." You are also offered a Daewoo with the locks installed. "You can drive it right off the lot. It's pretty clunky but a lot more secure." Which option would you take?

You're saying you'd rather drive the Daewoo off the lot because you're not willing to spend a minute installing some locks in your free Mercedes. That's your choice. I'd take the Mercedes myself.


Why should I be forced to go somewhere else to get essential parts for a product?

Because it costs you nothing to do so! Get it yet?

Nobody makes viruses for Linux. I don't have to care.

(Hey, sand, here is my head.)

In practice, NOBODY (i.e.: ONLY IDIOTS) use firefox without installing a single plugin, and then complain when they get malware. IE doesn't need these plugins because it has better security built-in - along with a crapton of other "features" that you don't need, which translates to most webpages loading in twice the amount of time as other browsers.


Based on what I've seen in tech support, the ONLY IDIOTS group sticks with IE. They know there's better stuff out there, but aren't willing to try it out and risk messing up their computer.

Techies and power users will use FF and they will use extensions, because those extensions are a key part of firefox. I like naked Chrome better than naked Firefox, but Firefox has the extensions to make up for that.

There is however a third kind of user. That's the person who is too scared to try anything new on their machine, but lets their techie friends install things for them. These are the users likely to have FF (and they probably call it 'Foxfire'), but don't have any extensions. This user is much more common than the power user. For each power user out there, all his computer illiterate friends fall into this group, as opposed to the first group. (Actually, I'm not sure about this type being that common. It was in college. My sample spaces don't really go too far outside of academia though. I'd guess that outside of academia, you have fewer users of this type because theres less mingling between the masses and the techies.) At any rate, these are the people who run Firefox, claim it's better but can't explain why, and have 0 extensions installed unless their techie friend put them there.

I'm also going to disagree with the generalization that IE is more secure than naked firefox. IE is part of the system. It's what you use to browse files on your hard drive. Removing IE will cripple your windows installation (though I've heard that it can be done). IE has ActiveX. This allows IE to perform functions beyond what a webpage can usually do. The *only* good and legitimate use I've *ever* seen for ActiveX is windows update. Everything else has been malware. ActiveX isn't as dangerous as it used to be - IE actually tells you when ActiveX is trying to run and it asks your permission first. But among users who play 'click the button that makes the error disappear the fastest' this warning is no good.

I also don't trust MS to do anything securely. They're notoriously bad at honoring open specs and standards. If you've ever done any web design, you've noticed that IE renders pages differently than every other browser. This is because they ignore standards. Most web pages are built up out of boxes. Each box has a margin around the outside, a border, then padding at the inside, and then finally content. Standards indicate that if a width is given to a box, the whole box fits inside that width. MS decided that IE should use that width for determining the width of the border, and any margin size can go past that. This just one example. If MS can't get that right, I absolutely do not trust them to follow standards for security either. That said, IE8 improved quite a bit when it comes to honoring web standards. In my experience, it's still not quite up there with Opera, Chrome, and Safari but it's in the same league. Hopefully they learned to follow security standards too.

--

IE ranting aside, I use Opera at work alongside firefox. It has one error that keeps me from using it more often. When I scroll flash content, the flash sticks in place some of the time. I don't really care if it screws up the appearance of a YouTube page. The problem is Google reader. My RSS feeds occasionally include video. It sucks to have that video take over the whole screen. It especially sucks if I've scrolled a few articles, marking them as read, but unable to read them. Normally I'd just reload, but then those articles disappear because reader thinks I saw them. Very irritating. Anybody else get this problem? I wouldn't be surprised if its a linux only thing.

Based on what I've seen in tech support, the ONLY IDIOTS group sticks with IE. They know there's better stuff out there, but aren't willing to try it out and risk messing up their computer.

Techies and power users will use FF and they will use extensions, because those extensions are a key part of firefox. I like naked Chrome better than naked Firefox, but Firefox has the extensions to make up for that.

In a purely naked comparison, IE comes out ahead of both. You are absolutely correct though that IE has greater potential for abuse due to its OS-integrated nature. That's another point that the article that kicked off this thread neglected to mention. That was why I felt such bile towards the article; it seems to be assuming that people using the internet would somehow have no way of acquiring a free and easy-to-install extension for their browser. It also assumed that all the browsers in their little round-up were exactly the same, when only one is inextricable from the operating system's shell and only one can run ActiveX, like you said.


There is however a third kind of user. That's the person who is too scared to try anything new on their machine, but lets their techie friends install things for them. These are the users likely to have FF (and they probably call it 'Foxfire'), but don't have any extensions. This user is much more common than the power user. For each power user out there, all his computer illiterate friends fall into this group, as opposed to the first group.

Perhaps "idiot" was an overly strong term, but you are describing the same people that I was. "Ignorant" might be a better fit; such people are unaware that simply installing Firefox and leaving it with no extensions makes them exactly as safe as putting a car alarm in their car and not connecting it to the battery.

Which is to say, not a damn bit.

So your argument is that because his metaphor was lacking Firefox sucks? :smallconfused:

No, my argument is that his insistence that the test was flawed because all browsers were used as issued is false. I just tried to continue using the analogy when I probably shouldn't have.


You're the one who mentioned "buying" in the first place. I used a car analogy because the core argument - security vs. speed - is identical for both situations.

The article is flawed. It is comparing IE (with no additional addons) to Firefox (with no additional addons) to Safari (with no additional addons) etc.

In practice, NOBODY (i.e.: ONLY IDIOTS) use firefox without installing a single plugin, and then complain when they get malware. IE doesn't need these plugins because it has better security built-in - along with a crapton of other "features" that you don't need, which translates to most webpages loading in twice the amount of time as other browsers.

I guess I know plenty of idiots then. Hell, I guess my university's IT team are a bunch of idiots, since the only addons are IE tab, Microsoft .Net Framework Assistant, and Zotero. Nevermind that nothing on the computers is saved at log-off; clearly they're idiots by your standards. it'd probably be better if you stopped with gross over generalizations.


Returning to the car analogy - you are offered a Mercedes Benz for free and told "the locks aren't installed though - just go right across the street and they'll put them in for you. The whole process will take less than a minute and costs you nothing." You are also offered a Daewoo with the locks installed. "You can drive it right off the lot. It's pretty clunky but a lot more secure." Which option would you take?


You're saying you'd rather drive the Daewoo off the lot because you're not willing to spend a minute installing some locks in your free Mercedes. That's your choice. I'd take the Mercedes myself.


I would in fact take the Daewoo. Regardless of the fact that I don't like Mercedes, I have no warranty for if the locks fail, I don't know the credentials of the people putting in the locks, and if the person giving me the car didn't have the foresight to take care of the locks (since it's so easy and pain-free to do), I'm left to wonder what else he didn't feel was necessary, and how many other shops I'll have to go to in order to get it to my specifications.



Because it costs you nothing to do so! Get it yet?

But it doesn't cost me anything to use IE, or download Chrome or Opera either. Why should I use Firefox if to get it working "right", I need to download additional, 3rd party software.

But it doesn't cost me anything to use IE, or download Chrome or Opera either. Why should I use Firefox if to get it working "right", I need to download additional, 3rd party software.

Hypothetically if Mozilla were to offer FirefoxPlus, which was a bundle of Firefox w/ recommended extensions including AdBlock (and all these extensions were passed through Mozilla's quality control), would you be on board with that?

Mozilla's library of extensions is a feature. It should be taken into consideration when evaluating the browser. Maybe the study should have included naked browsers and extended browsers. If anything that would illustrate the importance of maintaining your browser, instead of installing firefox and assuming you're done with security.

[QUOTE=Haruki-kun;7301963]
*ahem* Firefox IS the most popular browser.
(http://www.w3schools.com/browsers/browsers_stats.asp)

From that web-site:
W3Schools is a website for people with an interest for web technologies. These people are more interested in using alternative browsers than the average user. The average user tends to use Internet Explorer, since it comes preinstalled with Windows. Most do not seek out other browsers.
These facts indicate that the browser figures above are not 100% realistic. Other web sites have statistics showing that Internet Explorer is used by at least 80% of the users.

Hypothetically if Mozilla were to offer FirefoxPlus, which was a bundle of Firefox w/ recommended extensions including AdBlock (and all these extensions were passed through Mozilla's quality control), would you be on board with that?

It'd make much more sense to me, but I'd still wonder why they don't just integrate the add-ons into Firefox and call it a day.

EDIT: I should probably point out that I do infact have Firefox, and all the add ons I 'need', as well as some extra security-related ones. I just don't run it as my default because I think Chrome looks and runs better.


Mozilla's library of extensions is a feature. It should be taken into consideration when evaluating the browser. Maybe the study should have included naked browsers and extended browsers. If anything that would illustrate the importance of maintaining your browser, instead of installing firefox and assuming you're done with security.

Possibly, but as I said before, it's really a fairly moot point as to what you choose from a security standpoint. Browsers are only responsible for 8% of the problems. The difference of 44% and 15% seems huge, but the difference of 3.5% and 1.2% isn't so bad.

You're saying you'd rather drive the Daewoo off the lot because you're not willing to spend a minute installing some locks in your free Mercedes. That's your choice. I'd take the Mercedes myself

This is a flawed analogy, too. It's like getting a standard version of a car (IE), instead of getting a naked chassis and engine and having to put the rest of the necessary components in yourself (FF). Sure, the potential to have a much better car is there...but what you're getting is, frankly, worthless.

This is not advocating opinions of mine, rather, it's an analogy that fits your own argument.

Oh, and for the record? Anyone who calls people who use software other than their own preference, or in a manner other than the way they do? Is an idiot.

I guess I know plenty of idiots then. Hell, I guess my university's IT team are a bunch of idiots, since the only addons are IE tab, Microsoft .Net Framework Assistant, and Zotero. Nevermind that nothing on the computers is saved at log-off; clearly they're idiots by your standards. it'd probably be better if you stopped with gross over generalizations.

Either that or masochists, if they're letting any user just hop on firefox with no extensions installed.

"Nothing is saved at log off" is a locking the barn door after the horse is stolen situation. Deep Freeze and other "system restore" programs work fine for cleaning up messes; they do nothing to prevent such messes from occurring in the first place. I suppose it will be a nice consolation to know that even though the paper you were working on when you got Last Measured (thanks to not being able to block the script's execution) was irretrievably lost, that the computer itself was saved. Perhaps it will make that hapless user's F a bit easier to swallow. Me, I'd just as soon have a browser where accidents like that can't happen.


I would in fact take the Daewoo. Regardless of the fact that I don't like Mercedes, I have no warranty for if the locks fail, I don't know the credentials of the people putting in the locks, and if the person giving me the car didn't have the foresight to take care of the locks (since it's so easy and pain-free to do), I'm left to wonder what else he didn't feel was necessary, and how many other shops I'll have to go to in order to get it to my specifications.

All right, let's use your analogy.

We know the credentials and warranty of the Daewoo people (Microsoft, in this instance) because we have their track record. Worst browser throughout the ages? IE. Routinely exploited and used to access critical system procedures? IE. Slow as a river of bricks? IE.

"I don't care if it works! It has no warranty!" Well, you can take the peace of mind of knowing that you can call customer support after a malicious script tapdances all over your computer if you like. Me, I prefer the peace of mind of knowing that I won't need to call customer support. I guess I'm just bass-ackwards that way.

Mercedes (Mozilla) did not make the locks because they made an open-source car. You see, open source programs are easier to update because the initial programmers don't have to do all the work. This is a lesson Microsoft has yet to learn. Thus they are continually behind the curve when it comes to patching up holes in their Daewoo... I mean, browser.


But it doesn't cost me anything to use IE, or download Chrome or Opera either. Why should I use Firefox if to get it working "right", I need to download additional, 3rd party software.

So you don't need to download anything extra at all to make IE secure? I hope you have an antivirus program.


Oh, and for the record? Anyone who calls people who use software other than their own preference, or in a manner other than the way they do? Is an idiot.

I never called anyone. I don't even have anyone's phone number.

This is a flawed analogy, too. It's like getting a standard version of a car (IE), instead of getting a naked chassis and engine and having to put the rest of the necessary components in yourself (FF). Sure, the potential to have a much better car is there...but what you're getting is, frankly, worthless.

See, no it isn't. Not quite. You don't have to "put the rest of the necessary components in yourself," you just have to choose which one and tell them to put it in for you. Few clicks of a mouse.
And even assuming that little flaw isn't a flaw at all, and I'm wrong, then it's still something that takes a few minutes, tops. So, still not something to throw away a chassis and engine with such great potential for.

I never called anyone. I don't even have anyone's phone number.

:smallsigh:

Read the sentence again. >.<

What you're doing is being an arrogant superior fanboy, who's so convinced his way of doing things is correct that he won't accept any critique.

Either that or masochists, if they're letting any user just hop on firefox with no extensions installed.

"Nothing is saved at log off" is a locking the barn door after the horse is stolen situation. Deep Freeze and other "system restore" programs work fine for cleaning up messes; they do nothing to prevent such messes from occurring in the first place. I suppose it will be a nice consolation to know that even though the paper you were working on when you got Last Measured (thanks to not being able to block the script's execution) was irretrievably lost, that the computer itself was saved. Perhaps it will make that hapless user's F a bit easier to swallow. Me, I'd just as soon have a browser where accidents like that can't happen.

The paper doesn't get saved anyways. And in this day and age, if you don't have reserve copies emailed to yourself and/or a flash drive, it's your fault for having anything "irretrievably lost".


All right, let's use your analogy.

We know the credentials and warranty of the Daewoo people (Microsoft, in this instance) because we have their track record. Worst browser throughout the ages? IE. Routinely exploited and used to access critical system procedures? IE. Slow as a river of bricks? IE.

"I don't care if it works! It has no warranty!" Well, you can take the peace of mind of knowing that you can call customer support after a malicious script tapdances all over your computer if you like. Me, I prefer the peace of mind of knowing that I won't need to call customer support. I guess I'm just bass-ackwards that way.

Mercedes (Mozilla) did not make the locks because they made an open-source car. You see, open source programs are easier to update because the initial programmers don't have to do all the work. This is a lesson Microsoft has yet to learn. Thus they are continually behind the curve when it comes to patching up holes in their Daewoo... I mean, browser.

But how do you know that your Mercedes will work indefinitely? What happens if something breaks? What happens if you download some malicious add-on for Firefox, or more likely, what if some malicious script piggybacks on one of your downloads?

As far as customer support - why bother. I sit on the line for 2 hours when I can fix it myself before the tech on the other side would ask me if my comp's plugged in.


So you don't need to download anything extra at all to make IE secure? I hope you have an antivirus program.

Everyone should have anti-virus anyways. Firefox IS NOT a replacement for virus protection. It never has been, and never will be. Anyone who thinks so is mistaken. Also, as I've stated earlier, I don't use IE; so you don't need to fret yourself worrying about the wellbeing of my computer.

IE6 is clearly the best browser. Visit saveie6.com (http://www.saveie6.com/) to see why.

:smallsigh:

Read the sentence again. >.<

I did. Calls people what?

If you live in a glass house...


What you're doing is being an arrogant superior fanboy, who's so convinced his way of doing things is correct that he won't accept any critique.

Ah yes, the "fanboy" defense. Well, I'm sorry if pointing out the flaws in a very sensationalistic article makes me a "fanboy" in your eyes. You'd think an article titled "FIREFOX MOST VULNERABLE BROWSER" would have actually made use of the tools that the developers themselves recommend to protect against such vulnerabilities, or hell, even MADE MENTION of them, but hey.

Your "correction" to my analogy holds no water at all. An engine and a chassis cannot function on their own, but firefox can run just fine without extensions. It's just not a good idea.


Everyone should have anti-virus anyways. Firefox IS NOT a replacement for virus protection. It never has been, and never will be. Anyone who thinks so is mistaken.

I didn't say it was. Preventing scripts from running without your explicit consent is a useful step in the protection process, however.

I did. Calls people what?

If you live in a glass house...

I know this is confusing, but he said 'read' in past tense, as in "I read that wrong", not present tense.




Ah yes, the "fanboy" defense. Well, I'm sorry if pointing out the flaws in a very sensationalistic article makes me a "fanboy" in your eyes. You'd think an article titled "FIREFOX MOST VULNERABLE BROWSER" would have actually made use of the tools that the developers themselves recommend to protect against such vulnerabilities, or hell, even MADE MENTION of them, but hey.

I believe he's drawing that conclusion by your, umm, passionate defense of Firefox and comdenation of IE. If it's untrue, at the very least you could have worded your posts a little better, so they didn't come off as "fanboy RAGE". All in all, the report wasn't that well written out as far as the methods, so we don't even really know how they tested these platforms.



I didn't say it was. Preventing scripts from running without your explicit consent is a useful step in the protection process, however.

You definitely inferred that it was a necessity for IE but not so much for Firefox (and if you mentioned them at all, perhaps other browsers). Like I said, antivirus is pretty much a requirement regardless of what browser you use. Kinda like how every car on the market needs gas, but how often you're reminded of this differs depending on model and driving habits. I'd count it as an 'add-on' to having a browser as much as I'd count having to pay for Internet.

On my main 'puter, IE would just load up as soon as I clicked the button, and if I clicked it too early it would load before the computer was ready, and crash. So I switched to Firefox, and it waits for a bit before opening, and avoids this particular problem with a 100% record.
On the laptop (that I'm on now) I use IE because it's the default and I have no real reason to change.

I'm not serious enough about it to know which verions of each I'm using. I think it's IE6, but I can't remember which version of Fx.

I prefer Chrome, but usually use Safari (as Chrome isn't out on Mac yet). I don't really know much about which browser is faster or stuff like that, I only think the interface of Chrome is better than those of the other browsers I've tried, (Opera, Firefox and IE). When I had discussions with people about browsers some would say "Just use Firefox and get a Chrome theme! Firefox can look just the same AND YOU HAVE ADBLOCK." I think this is a stupid argument, just like saying that the GUI of an OS doesn't matter as you can mod them. Yes, there might be some features with all the add-ons that make a browser better than other browsers, but to say that you have infinite superiority because you can download add-ons to make the browser just like you want I find naive.

Also, I never found a Firefox theme looking like Chrome that really looked as good and pleasently to the eye.

I also liked Opera, maybe I'm going to try it again. I always liked the speed dial.

My main + with opera is the mouse movements - although it kind of cripples me on any other computer. :smallfrown:
I've found a browser I personally like, and as long as they keep me happy I'll stay with it. As an ordinary user I don't really count the differences in loading-time with nanoseconds (although I'm allergic to long start-up times).
- Its the ease of use and reasonable options of customisation which stands high on my list.
http://i174.photobucket.com/albums/w116/Julle34/IEvsOpera.gif

I believe he's drawing that conclusion by your, umm, passionate defense of Firefox and comdenation of IE. If it's untrue, at the very least you could have worded your posts a little better, so they didn't come off as "fanboy RAGE". All in all, the report wasn't that well written out as far as the methods, so we don't even really know how they tested these platforms.

If he wants to dismiss my objections toward this article by calling me a fanboy (never mind his thinly veiled calling me an idiot) without actually addressing said objections, that's his business. I'm smart enough that I don't have to resort to unprovoked ad hominems to get my point across.


You definitely inferred that it was a necessity for IE but not so much for Firefox (and if you mentioned them at all, perhaps other browsers). Like I said, antivirus is pretty much a requirement regardless of what browser you use. Kinda like how every car on the market needs gas, but how often you're reminded of this differs depending on model and driving habits. I'd count it as an 'add-on' to having a browser as much as I'd count having to pay for Internet.

Fair enough - your analogy between an antivirus and gasoline is a good one. But we were talking about the usefulness of those browsers to an inexperienced user, were we not? Browsing habits, in this analogy, would thus be akin to the "driving habits" you mentioned. An inexperienced user is the kind of person that would click a link in their e-mail promising free goodies, not run a scan regularly, fall for a phishing scam etc. Such a person in the 'driving habits' analogy would burn through their gas much more quickly, just as an inexperienced browser would put more strain on their antivirus program due to exposing their system to more threats.

Now, some car models get better mileage, and so are more forgiving of bad driving habits. In the same vein, some browsers are more secure, and so make up for bad browsing habits. My point was that IE is not one of those browsers, and neither is naked Firefox. But while Firefox can be easily improved to make it more secure, securing IE is much more difficult.

No really, it's a lot easier. Google "make firefox safer." The first result are 9 extensions (NoScript of course tops the list) that are free to download and easy to install. Now google "make internet explorer safer" - the first result advises you to download Firefox instead. Coincidence? I think not. But I guess the writers of that article didn't include a simple Google search in their "research."

No really, it's a lot easier. Google "make firefox safer." The first result are 9 extensions (NoScript of course tops the list) that are free to download and easy to install. Now google "make internet explorer safer" - the first result advises you to download Firefox instead. Coincidence? I think not. But I guess the writers of that article didn't include a simple Google search in their "research."

Plus IE is constantly trying to make you use Boink which is a vastly inferior search engine.

If he wants to dismiss my objections toward this article by calling me a fanboy (never mind his thinly veiled calling me an idiot) without actually addressing said objections, that's his business. I'm smart enough that I don't have to resort to unprovoked ad hominems to get my point across.

I wouldn't call dismissing people who don't "secure" Firefox as idiots unprovoking. Maybe that's just me though...




Fair enough - your analogy between an antivirus and gasoline is a good one. But we were talking about the usefulness of those browsers to an inexperienced user, were we not? Browsing habits, in this analogy, would thus be akin to the "driving habits" you mentioned. An inexperienced user is the kind of person that would click a link in their e-mail promising free goodies, not run a scan regularly, fall for a phishing scam etc. Such a person in the 'driving habits' analogy would burn through their gas much more quickly, just as an inexperienced browser would put more strain on their antivirus program due to exposing their system to more threats.

Now, some car models get better mileage, and so are more forgiving of bad driving habits. In the same vein, some browsers are more secure, and so make up for bad browsing habits.

I'm not quite sure why you decided to explain my analogy to me (I did pick it for a reason), but OK...so long as we're on the same page I guess.


My point was that IE is not one of those browsers, and neither is naked Firefox. But while Firefox can be easily improved to make it more secure, securing IE is much more difficult.

No argument here. The disagreement is in whether or not Cenzic should have included these upgrades to Firefox when testing browsers.


No really, it's a lot easier. Google "make firefox safer." The first result are 9 extensions (NoScript of course tops the list) that are free to download and easy to install. Now google "make internet explorer safer" - the first result advises you to download Firefox instead. Coincidence? I think not. But I guess the writers of that article didn't include a simple Google search in their "research."

Actually, the first result (http://surfthenetsafely.com/surfsafely6.htm) mentions switching over as an option. It doesn't recommend it, merely presents it at the end of a page detailing ways to secure IE. In fact, the link it provides in that section (if it were valid - the page is fairly old) supposedly links to a fairly balanced list of pros and cons of switching.

I wouldn't call dismissing people who don't "secure" Firefox as idiots unprovoking. Maybe that's just me though...

None of those people were in this thread. Who did I provoke?

Besides which, I already amended it to "ignorant" several posts ago. Sheesh.


No argument here. The disagreement is in whether or not Cenzic should have included these upgrades to Firefox when testing browsers.

I see no reason at all why they shouldn't have. Mozilla themselves recommend the addons; even the most babe-in-the-woods user of the internet should come across that recommendation at some point. I find Cenzic's omission to be irresponsible at best.


Actually, the first result (http://surfthenetsafely.com/surfsafely6.htm) mentions switching over as an option. It doesn't recommend it, merely presents it at the end of a page detailing ways to secure IE. In fact, the link it provides in that section (if it were valid - the page is fairly old) supposedly links to a fairly balanced list of pros and cons of switching.

Mentioning firefox - and specifically firefox, not just "another browser" - in a page dedicated to securing IE sounds like a recommendation to me.

None of those people were in this thread. Who did I provoke?
I'm here, but my apathy prevented me from caring ^^

I use zero virtual protection. I don't feel like I need it.


I do use a clone of my hard drive with all my programs installed in case I do mess up my system

None of those people were in this thread. Who did I provoke?

Just because they're not present doesn't make it justifiable. If you plan to swing your arms around, expect people to swing back.


Besides which, I already amended it to "ignorant" several posts ago. Sheesh.

Not really any better IMO.




I see no reason at all why they shouldn't have. Mozilla themselves recommend the addons; even the most babe-in-the-woods user of the internet should come across that recommendation at some point. I find Cenzic's omission to be irresponsible at best.

Mayhaps because the test was of browsers in and of themselves. Mozilla may realize there's a problem and offer outsourced solutions, but that doesn't increase the browsers own security any. It's akin to hiring security guards to block a doorway because the door doesn't shut. Is it effective? Yes, but the door's still open.




Mentioning firefox - and specifically firefox, not just "another browser" - in a page dedicated to securing IE sounds like a recommendation to me.

If I say "Homemade pudding is a delicious treat" and then say "Jello pudding is an alternative" am I recommending Jello brand pudding over homemade pudding? No, I'm just saying it's another choice.

The reason they specifically mentioned Firefox is because it's an old web page. They wanted to present an easy-to-use replacement (sorry, but that's not exactly Opera's strong suit), and Chrome wasn't released. While there are other browsers out there such as Lynx, Firefox was the most well known and fit the requirements.

Not really any better IMO.

It's accurate whatever your personal preferences of the term may be. Lacking knowledge or information as to a particular subject or fact. (http://dictionary.reference.com/browse/ignorant)


Mayhaps because the test was of browsers in and of themselves. Mozilla may realize there's a problem and offer outsourced solutions, but that doesn't increase the browsers own security any. It's akin to hiring security guards to block a doorway because the door doesn't shut. Is it effective? Yes, but the door's still open.

It's pretty obvious those were the parameters of their "test." My argument was that the test is rather useless if it doesn't take any common measures into account when forming their conclusion. If I want to, I can conduct a test that concludes "doors with no locks are easy to break into." The resounding response to that test should be "No duh."


If I say "Homemade pudding is a delicious treat" and then say "Jello pudding is an alternative" am I recommending Jello brand pudding over homemade pudding? No, I'm just saying it's another choice.

If I say "here is how to make your own delicious homemade pudding" then I say "Alternatively, you can just get Jello pudding" I am implying that I think Jello is delicious. It would be pointless to recommend an alternative that I don't support simply because it's an alternative. Therefore, their specific mention is an endorsement, plain and simple.

What do people think they're dealing with here?

The analysis was on the number of vulnerabilities each web browser reported - it wasn't some comprehensive study of how to exploit the web browser, it was simply "how many vulnerabilities did the manufacturer disclose?". Firefox being open-source, it has quite a few people picking it apart all of the time. Browsers like IE don't have that luxury because they aren't open-source - they look like they have fewer vulnerabilities, but that isn't actually the case.

A better measure of safety is how good the updates are - Firefox and Opera are both incredibly secure because when something is found to be wrong, it gets fixed.


OF COURSE FIREFOX IS VULNERABLE. YOU HAVE TO USE PLUGINS TO MAKE IT LESS VULNERABLE.

A lot of vulnerabilities do require a script or a piece of plugin content to run before they can be exploited. Funnily enough, any web browser on the planet can be configured not to run plugins or scripts for that exact reason. NoScript is irrelevant to this discussion, and failing to use it certainly doesn't earn one the label 'idiot'.

ABP should be useless and meaningless. It will only ever pick up hotlinked ads, and in an ideal world, web browsers would at least warn you that images have been hotlinked anyway.

Firefox and Opera will both warn you if you visit a website that is known to be dangerous, either because it is fraudulent or because it might distribute malware.

The issue is browser vulnerabilities - not whether or not they get exploited, but whether or not they exist. Even with a vulnerable browser, there are ways to minimise the danger. But the bottom line is that browser manufacturers sometimes have to patch their browsers.

At the moment, Opera, Firefox, Chrome and Safari are all essentially safe. That's all you really need to know. If you're really worried about it, I'm sure Secunia has an RSS feed for your browser.


(sorry, but that's not exactly Opera's strong suit)

The myth that Opera is "hard to use" is just that.

Long since stopped reading what peope were posting (too complicated for my liking).

My personal experience is that IE is slow beyond reasonable use (and because I haven't done anything with it in a while the top toolbar covers 1/3 of the screen).

FF never worked on my laptop, it downloads, opens then breaks and my laptop cries about it for ages.

Chrome has a 99% record with me, so I never tried Opera or any other thing. I love my Google Chrome :smallbiggrin: <strokes laptop>

It's pretty obvious those were the parameters of their "test." My argument was that the test is rather useless if it doesn't take any common measures into account when forming their conclusion. If I want to, I can conduct a test that concludes "doors with no locks are easy to break into." The resounding response to that test should be "No duh."


It wasn't a test. It was an analysis of the number of vulnerabilities discovered in various web browsers over the past year.

As I said, NoScript is irrelevant, as is AdBlock. Content blocking and ignoring scripting are both meaningless to a discussion about browser vulnerabilities, partly because the same options exist in every web browser ever, including IE 6.

The report is about how many mistakes were discovered in each web browser's code that someone else could use to do something naughty. We don't know how naughty, we don't know how long it took to patch, or how long the issue existed before someone fixed it, all the report covered was how many ways someone could make the browser do something naughty.

I hope that doesn't come across as condescending. I know it wasn't too technical, but that wasn't my intent.

It wasn't a test. It was an analysis of the number of vulnerabilities discovered in various web browsers over the past year.

As I said, NoScript is irrelevant, as is AdBlock. Content blocking and ignoring scripting are both meaningless to a discussion about browser vulnerabilities, partly because the same options exist in every web browser ever, including IE 6.

The report is about how many mistakes were discovered in each web browser's code that someone else could use to do something naughty. We don't know how naughty, we don't know how long it took to patch, or how long the issue existed before someone fixed it, all the report covered was how many ways someone could make the browser do something naughty.

I addressed that very point in my first post in this thread; naked IE has less code vulnerabilities than naked Firefox. I never disputed that.

My problem is primarily with the article in the OP, and less with the report it is citing. The article is titled "Firefox most vulnerable browser, Safari close second" which is clearly a sensationalistic title. It never mentions ActiveX, (which itself is mentioned only once in the actual report), OS Integration, extensions, or any other measures that actually make Firefox secure.

Is it technically correct? Sure. Is it good journalism? I submit, no.


I hope that doesn't come across as condescending. I know it wasn't too technical, but that wasn't my intent.

You're fine, don't worry.

None of those people were in this thread. Who did I provoke?

Besides which, I already amended it to "ignorant" several posts ago. Sheesh.I am on this thread. I did not make the same decision as you. I'm neither an idiot nor uninformed. You flatly called me an idiot, though not by name, and when someone called you on it, you downgraded it to simply ignorant. Pardon me if I don't send a Thank You card. :smallannoyed:

My problem is primarily with the article in the OP, and less with the report it is citing. The article is titled "Firefox most vulnerable browser, Safari close second" which is clearly a sensationalistic title. It never mentions ActiveX, (which itself is mentioned only once in the actual report), OS Integration, extensions, or any other measures that actually make Firefox secure.

Is it technically correct? Sure. Is it good journalism? I submit, no.


The main issue is that the journalist has drawn a false conclusion from evidence he doesn't understand.

The evidence presented does not show that Firefox is the most vulnerable web browser. It shows that Firefox has the most disclosed vulnerabilities. There is a big difference between the number of disclosed vulnerabilities and the actual danger level.

Mozilla will tell you when something goes wrong with Firefox. In truth, they don't really have a choice - it's open-source, after all.

The same can be said of Opera - while it isn't open-source, the Opera developers do take security pretty seriously.

Part of the difference between the Opera figure and the Firefox figure stems from there being more people looking to break Firefox than there are people trying to break Opera. I suspect that even professional security companies devote less time to hacking Opera than to hacking Firefox, and Opera doesn't have a community of additional programmers to find more flaws in it.


Opera is an incredible piece of software, and I highly recommend it, but I wouldn't cite the article in support of that recommendation.

Also, note that the ActiveX security issue in MSIE has been patched hard. MSIE is not a danger because of OS integration either. And the extensions you mentioned don't do anything that can't be done in another browser, they just make it a little easier.

I am using IE right now because my firefox crashes a lot. But whenever i try to look at a picture, it is just the little red x in the white box. half of the avatars in this thread did that. I use FF for that.

I am using IE right now because my firefox crashes a lot. But whenever i try to look at a picture, it is just the little red x in the white box. half of the avatars in this thread did that. I use FF for that.

I suspect that either IE or your AV software has been set to take issue with hotlinking. Are the custom avatars the ones that go missing?