Home > Internet > Firefox vs. IE security: Is Two Greater Than Five? Firefox vs. IE security: Is Two Greater Than Five? Submitted by j-s-h 2005-09-18 Internet 70 Comments A recent blog post on ZDNet contends that Firefox is not as secure as promised by counting exploits. Joseph Huang contends that severity and the number of unpatched vulnerabilites matters, not just the number of exploits discovered. About The Author Thom Holwerda Follow me on Twitter @thomholwerda 70 Comments 2005-09-18 1:01 pm Didn’t we have the same topic yesterday already? Enough Firefox blasting and FUD. Firefox is still more secure than IE. It is a fact. 2005-09-18 1:06 pm Thom Holwerda Didn’t we have the same topic yesterday already? It’s common journlastic practice to let both parties in the news have their say. Yesterday it was that ZDNet post, now it’s this one. 2005-09-18 3:29 pm Firefox is still more secure than IE. It is a fact. And this is FUD right there. 2005-09-18 3:32 pm j-s-h What Fear, Uncertainty, and Doubt is that statement making? 2005-09-18 1:12 pm orestes I’m not going to be losing sleep over publlicly known vulnerabilities, it’s the undisclosed ones that worry me. 2005-09-18 1:19 pm j-s-h If fewer and less severe holes have been found in the past, surely that might lead one to conclude that there are fewer and less severe ones that are undiscovered? 2005-09-18 3:01 pm orestes The only sound conclusion I could draw from that is that there hasn’t been a big hole publicly announced yet. 2005-09-18 3:17 pm j-s-h So you can’t draw any conclusions saying that it’s more secure based on what was found in the past? So you basically say there’s no valid way to measuring security? 2005-09-18 3:36 pm orestes Precisely. Unless the codebase is no longer being developed. Even then there is the possibilty of someone finding something. 2005-09-18 1:45 pm aGNUstic “I’m not going to be losing sleep over publicly known vulnerabilities, it’s the undisclosed ones that worry me.” Amen to that. Same goes for the operating system. It’s the “undiscovered” vulnerabilities in a certain operating system, not mentioning the name, that worry me. 2005-09-18 1:15 pm Look at Secunia.com and see that the MSIE has in Generation 6 of the Browser more Bugs than Firefox in the First Generation. And MSIE has mor unpatched. 2005-09-18 2:09 pm jessta You appear to be confused. Firefox is based on Mozilla code which is based on netscape 5. Just because the version number is 1. Doesn’t mean the code is any less mature. The Mozilla guys have a strange habit of not liking the number 2. When they mozilla browser suite got to version 1 they decided to make firefox so they could say that it wasn’t version 1 code yet. You can not compare version numbers between different applications. – Jesse McNelis 2005-09-18 2:20 pm Nope. It’s based on Netscape6. Netscape5 was skipped, and the rendering engine was then replaced and a lot of code rewritten. And then it became known as Netscape 6. Netscape 5 was a nothing but a minor modification of Netscape 4.x. 2005-09-18 2:34 pm You appear to be confused. Firefox is based on Mozilla code which is based on netscape 5. Nope. Netscape 6 was based on Mozilla. Mozilla started with Netscape 5 source … and they jettisoned it. Mozilla is the base, not Netscape. 2005-09-18 3:17 pm Well said. The timeline goes like this: 1) Netscape 4 (4.7x) 2) Netscape releases source code, naming the project after the working name of Netscape (mozilla) 3) The community starts to hack that code and quickly discovers it’s a an unmantainable mess, and choose to start from scrap. 4) Mozilla betas start to come out. From the 0.9.6 days it’s quite usable and even then largely better than IE 5) Netscape releases Netscape6, an ugly rebrand of Mozilla with AIM. 6) In parallel with Mozilla some other gecko browsers start to rise: Galeon (first with tabs*) and Phoenix being the most important. Phoenix 0.2 was already better and a lot faster than Mozilla. (*) Don’t come saying “Opera had them first”, because all opera had was MDI. And MDI sucks. 2005-09-18 4:35 pm eMagius all opera had was MDI. And MDI sucks. What? Tabs are nothing more than a cut-down form of MDI — MDI without the options it provides. Way back in the Opera 2 betas (1996) you could do everything Firefox or Galeon can do now. That’s rather like saying Firefox 1.5’s tabs (which offer more Opera-style functionality than 1.1’s) are really worse because they’re even less like Galeon tabs. On topic, Secunia lists three browsers at the top of its start page: IE, Fx, and Opera. Opera 8.x has 0 unpatched vulnerabilities (7 total). Firefox 1.x has three (some dating back over a year) (22 total). Internet Explorer 6.x has 19 (85 total). 2005-09-18 7:00 pm ma_d Incorrect. Firefox uses the Mozilla code, not based on: Uses. The Mozilla code is a full rewrite of Netscape 1-4.x. Netscape 5 was project Mozilla, I believe. Firefox began as an independent project to try and make a lighter version of Mozilla. The Mozilla Project adopted the project later, and even later focused on it. Firefox is something like a 5 year old project, a little younger than Mozilla. IE is something like a 11 year old project. TMK, most of the big problems with firefox lie outside of the Mozilla code. 2005-09-19 12:10 am sappyvcv It uses pretty much all the same code as Mozilla for networking, the runtime platform, rendering engine, extensions, etc. It’s just a modified Mozilla. After all, you compile it from the same codebase, just pass different flags when building. 2005-09-18 1:18 pm Buck How about Opera vulnerabilities? Safari vulnerabilities? Konqueror vulnerbailities? Why do we always have to hear about IE vs Firefox?? Why not make IE vs Firefox vs Opera vs Safari vs Off-By-One? 2005-09-18 1:49 pm Operais probably the most secure browser…but you get this comparison because these are the two browser with significant market share. Sorry. 2005-09-18 3:07 pm roguelazer http://en.wikipedia.org/wiki/Dualism 2005-09-18 1:53 pm j-s-h I like Opera, especially the Opera voice. It takes really long to start on my Debian computer though. And while we’re at it, let’s compare Dillo, links, lynx, etc… The line must be drawn somewhere, and I happened to draw it at Firefox. If you want to do a comparision between more browsers, go right ahead. 2005-09-18 1:22 pm Repeat after me; “I will not read flamebait from ZD publications. I will not read flamebait from ZD publications. I will not read flamebait from ZD publications. …” There’s nothing to see here. Please don’t give add money to ZD by visiting them. Ever. 2005-09-18 1:22 pm I like Firefox, but it’s been hyped far too much. There’s a lot of old code in there that hasn’t been looked at for years, since the early Mozilla days, and it’s starting to bite them. Just because something’s open source, doesn’t mean everyone’s looking at all the code — see the horrible number of memory leaks as an example. Firefox takes ages to start up (much more than IE, and it’s not down to preloading — IE is faster under WINE) and has many memory leaks. It’s also suffering from security issues now too. And there’s this on the website: “Firefox empowers you to browse faster, more safely and more efficiently than with any other browser.” How’s that for dodgy marketing? Faster than any other browser? I could name ten browsers that were faster and more efficient. Same for “more safely” — evidently not. When Microsoft comes up with such rhetoric about their products, we rightly make a fuss about it. But it seems to be double standards that false claims can be made about open source software and nobody bats an eyelid. 2005-09-18 2:17 pm LOLOLOLOLOLOLOLOLOLOLOL That’s all I gonna reply. Statistic proves you wrong, as does Firefox popularity. 2005-09-18 2:18 pm I was actually curious after reading your post and decided to test. My findings are that they both start up equally fast. On first start I have the feeling firefox is a bit faster then IE. but we are talking nano seconds here. This was tested on a pretty fast PC, perhaps your timings are from a 386 with win95 and IE4 boots up quicker then firefox? P.S. It sureley is more efficient and safer… 2005-09-18 7:28 pm re_re I have a couple very fast pc’s and I have to say that on those pc’s I see little difference in the start times or the render times between firefox and IE6. However, on my p2 300 celeron, IE tends to run faster, the same goes for my 1.3 ghz celeron box my personal conclusion….. on modern hardware, does the speed factor really make a difference? To me it dosen’t, I click on the firefox icon and it opens and renders almost instantly. 2005-09-18 1:59 pm segedunum I didn’t want to reply in the other article, because there’s a lot of crap in there, but this follow up has dumped that existing article right where it belongs – in the rubbish bin. The previous article was based on classic Microsoft bone-headed thinking on security. “Oh, let’s tot up the number of exploits, compare numbers, and see what we get!” That’s why all their data comparing Windows to Linux distributions is crap as well (aside from the fact that a Linux distro does ten times more than just Windows by itself). It’s the nature of the software, and the nature of the exploits, that are the issue. Compare how many exploits in IE, Windows, ActiveX and elsewhere give you a carte blanche, free-hand into the operating system itself. You’ll find a hell of a lot more in IE, Windows and in Microsoft software. Sorry Microsoft fans. It’s a very, very poor technique to make Microsoft software look good that has been debunked consistently for years. I can’t believe that Microsoft, or anyone else, is still trying to use it. 2005-09-18 3:25 pm Rehdon And don’t forget the other favorite trick by Microsoft funded “independent” studies: carefully study the compared objects history, then choose the timeframe where the one you want to favor looks best. This is how they could maintain with a straight face that Windows is more secure than Red Hat in the “Get the FUD” ads, for instance. Firefox probably isn’t the best browser out there, but it surely is more secure than IE if you look at *all* facts. rehdon 2005-09-18 4:29 pm Ravnos I can’t believe that Microsoft, or anyone else, is still trying to use it. They still use it because so many people are still fooled by it. When people stop falling for this kind of thing, you won’t see it anymore. “Only two things are infinite, the universe and human stupidity, and I’m not sure about the former.” 2005-09-18 2:04 pm jessta If I create a closed source application that only a few people use and no security flaws are found in it because of it’s non-wide spread use. Is it more secure? Open source applications should generally have more reported vurnerabilities because there are more eyes on the code. Now if the number of reported vurnerabilities doesn’t reduce over time then we do have a problem. 2005-09-18 4:18 pm Firefox probably isn’t the best browser out there, but it surely is more secure than IE if you look at *all* facts. Facts like this, taken from the article prominently linked on Mozilla Web page? — But Firefox has better security and privacy than IE. One big reason is that it won’t run programs called “ActiveX controls,” a Microsoft technology used in IE. These programs are used for many good things, but they have become such powerful tools for criminals and hackers that their potential for harm outweighs their benefits. And it has a cool feature called “Extensions.” These are small add-on modules, easy to download and install, that give the browser new features. Among the extensions I use are one that automatically fills out forms and another that tests the speed of my Web connection. — A man says it with the straight face, he is not sarcastic or something. Now, tell me about *all* facts. 2005-09-18 4:56 pm Rehdon What’s the part you don’t understand, “ActiveX is bad for security” or “FF has extensions”? Both statements are true, IE integration in the operating system is one of the reasons why any security exploit can have disastrous consequences. So, what’s your problem with facts? That IE has extensions too? We’re talking about security here, in case you haven’t noticed. rehdon 2005-09-18 11:41 pm JLF65 — But Firefox has better security and privacy than IE. One big reason is that it won’t run programs called “ActiveX controls,” a Microsoft technology used in IE. These programs are used for many good things, but they have become such powerful tools for criminals and hackers that their potential for harm outweighs their benefits. And it has a cool feature called “Extensions.” These are small add-on modules, easy to download and install, that give the browser new features. Among the extensions I use are one that automatically fills out forms and another that tests the speed of my Web connection. — A man says it with the straight face, he is not sarcastic or something. You totally misunderstand the two. ActiveX – little programs run by the browser when you visit a page the ActiveX program is attached to. As long as ActiveX is enabled, the ActiveX program ALWAYS runs simply by visiting the page. ActiveX programs can do almost anything in your system. Couple the facts that in IE ActiveX is enabled by default, permitted to do anything by default, and the user is running at administration level by default, and you see that ActiveX is a HUGE source of insecurity. FF Extensions: little programs run by the browser if installed and enabled. They are NOT automatically installed – you have to actually download the extension and choose to install it in FF. ActiveX programs are rarely open source and rarely peer reviewed. Extensions for FF are open source and peer reviewed to make sure they aren’t malicious. As mentioned above, ActiveX programs automatically run without notifying the user that they are even present. FF extensions require the user to download and install them. Plenty of time to decide if you wish to actually use it. Hopefully now you have a better understanding of why ActiveX makes IE insecure while extensions don’t not NECESSARILY make FF insecure. Now if you download a closed source FF extension from an unknown party off some unknown web page and install it, you get what you deserve, but don’t blame THAT on FF. 2005-09-19 2:40 am As long as ActiveX is enabled, the ActiveX program ALWAYS runs simply by visiting the page. Whether ActiveX controls run by default isn’t the issue. The issue is download. Downloading behavior depends upon the “Zone” in which the page is running (ie. Internet Zone, Local Intranet, Trusted Sites, Untrusted Sites, etc) and the Security level of the user. By default, users run with “Medium” Security, which prompts the user with a dialog that identifies the source of the control and asks whether the user wants to install it. 2005-09-18 5:49 pm Why are you all worrying about undiscovered vulnerabilities? If its undiscovered, that means no one knows it and no one can exploit it. The ZD net article specifically says the vulnerabilities that have a published EXPLOIT. That means anyone can get their hands on it and use it immediately. And then theres the comment that IE gets attacked more (or to that effect). Well it doesn’t even take a retard to know that since IE has so much more market share that it will be the favorite target of hackets. And why is it that once someone shows any negative statistics on open source software, everyone jumps in and bashes it? Is it not possible for open source to have any negatives??? You guys are not open minded enough if all you do is bash negative open source comments. ps- I’m using Firefox and Windows XP. I run a BSD server. Why do I use firefox? simply because it can’t install activeX stuff that takes over my browser. Nothing more. 2005-09-18 5:56 pm I say the jury is still in deliberations. M$ IE has ALWAYS been insecure. On the other hand Firefox has grown and in those growing pains came across corrections. Safari and Mac OS X had problems when it first started out, but now all is fine. I can’t say the same for Microsoft products, it’s like they want their stuff to be insecure. 2005-09-18 5:58 pm If you do a bit off research and look on various related sites such as secunia.com you’ll see that IE has actually more and especially more severe bugs than Firefox. The upcoming version of Firefox will be even more secure. 2005-09-18 6:07 pm We all know IE is the best browser out there. That is why it is number 1 and always will be #1. IE is faster, and more secure than firefox. Why even use firefox when you get IE with windows 2005-09-18 7:08 pm We all know IE is the best browser out there. That is why it is number 1 and always will be #1. No, we don’t know that. We actually know the opposite. It’s only no. 1 because it’s shipped illegally with windows (mind you – I’ve been using windows since 1990 (and dos before that), so I’m not a zealot for any side). IE is faster, and more secure than firefox. Faster in loading the app (happens during startup, no matter what) or faster loading pages? I’d say yes to the first, but no to the last. On my systems Firefox loads the pages much faster than IE. This is true for NS7.2 and Opera 8.0 as well. Security is a joke with IE. Check Secunia. IE is the most insecure browser. Why even use firefox when you get IE with windows Because IE is slow in loading pages, doesn’t support standards too well, and is highly insecure, and lacks a lot of functionality (and the list goes on). dylansmrjones kristian AT herkild DOT dk 2005-09-19 12:36 am sappyvcv Ahh, don’t spread lies. The ruling that said IE was shipped with windows “illegaly” was ruled void. In the eyes of the court system, IE shipping with Windows has not been determined to be illegal (yet). 2005-09-18 6:35 pm Thom Holwerda Personally, I’m not a big fan of either IE or Firefox, nor of Opera. Please note that the following are my opinions, and should not be read as if facts. Internet Explorer: I like it, whenever I use Windows at university, because of its speed. It loads pages fast, the program and new windows load fast. I find that a huge advantage over any other browser out there. The fact that this speed might result from the fact that IE is tied with the underlying OS is irrelevant. Speed is speed. IEs downsides to me lay in the security area. Even though spyware, viruses and attacks have never posed a problem to me at all (the only virus I ever had in 15 years of computing was the Junkie boot virus– removed command.com ), I do see less experienced people around me having problems with it. Firefox: I use it daily on my main machine (Firefox 1.0.6 on Ubuntu Hoary), however I’m not fond of FF because it simply feels a lot slower than other browsers, both in program/window loading as in page loading. Please note the use of the word “feel”. I have had this problem with browsers based on the gecko engine for a long time, but I in no way can exactly pinpoint the slowness. It’s a very subjective matter, and a lot of people will rightfully so disagree with me. I use Firefox on my Linux box because it simply is the best browser on Linux, period. On Windows, I’d use both IE and FF. However, I don’t use Wndows. Opera: I don’t like Opera because I find it bloated. To me, an application is bloated when it has too many features and things I don’t need. Opera is such a piece of software to me. — Then, which browser do I prefer? Safari, hands down. Safari 2.0 was a setback over the previous version that came with Panther. I don’t see the use in RSS personally, so Safari 2.0’s RSS feature is bloat to me. Secondly, Safari 2.0 has, like all of Tiger, problems with screen remnants; especially in text input fields (lines double printed) and scrollbars (the scrollblob being copied too many times). And above all: you cannot remove that damn Google search field in Safari 2.0. I *hate* that completely *useless* thing. However, all in all, Safari is fast, provides the best CSS2 support (try rendering my blog, http://cogscanthink.blogsome.com, in Safari and FF/IE; only in Safari does the header render properly (with shadow)), and all in all looks the best too. There. 2005-09-18 7:11 pm ma_d I think the reason most people believe gecko browsers feel slow is because they wait longer to do page renders. If you use IE, you know that it does renders early and often: You see 8 copies of some pages as it’s loading and changing. In old Mozilla you pretty much saw the last render. Showing one render *is* more efficient. But I think they did this because gecko’s parsing and rendering is so inefficient: Say your render takes .5 seconds. You only want to do it once. If it takes 0.05 seconds, you can do it 14 times. I prefer fewer renders, because I just wanna see the final page. The only problem there is when ad.doubleclick.cheap.websites.that.should.use.google.ads.com takes 4 seconds to time out. This isn’t usually much of a problem in firefox, because after a quarter of a second it starts rendering anyway. Opera is fast. Just plain fast, IE can’t dream about that kind of speed. Opera has also crashed on me ten times more than any other browser: And I used firefox when it was called phoenix. Safari is nifty. Unfortunately, it’s Macintosh only. If you wanna see speed: Dillo baby! Seriously, that’s the fastest browser I’ve ever seen. But hey, no CSS support, bad frames support, no ssl, but all in 400KB of C code! 2005-09-18 7:38 pm re_re Isn’t konqueror a derivative of safari? If I recall correctly, you (thome) are a gnome user but konqueror delivers much of the same functionality as safari. 2005-09-18 7:45 pm Thom Holwerda If I recall correctly, you (thome) are a gnome user but konqueror delivers much of the same functionality as safari. Konqueror on KDE isn’t as efficient and well-built as Safari; khmtl on KDE is much buggier than Apple’s Webcore. A long story about Apple being unfriendly to the KDE devs is attached to this, though. And btw, it’s Thom. Just, Thom. 2005-09-18 7:56 pm re_re thom ….. my bad, sorry 2005-09-18 8:03 pm Eh, you got it wrong bubba.. to the extent safari and konqueror are related, safari is the derivative. Not the other way around. 2005-09-18 11:01 pm Varg Vikernes That was well said. I’m also the one who deosn’t give a shit about ganboyism and just use whatever works best for me. For a long time that was IE, then it was Firefox and I’ve tried to port onto Opera but the damn thing is just so damn bloated. Yes, you can disable most of that garbage, but there’s something I don’t understand; there’s probably 100+ settings in opera yet you cannot set tab behavior the IE7/Firefox way (on close go to the previous tab in line, not visited). And I know it has been _much_ talked about on Opera forums, yet the developers seem to ignore it. The other thing about Opera is that I visited Wikipedia and the fonts were all funky weird. I immedietly uninstalled it and never tried again. I understand you “slow” Firefox feel, because it feels the same way for me. I assume the problem is with Gecko rendering everything, even the menus, windows etc… IE, for me, has a much faster feel to it and I’ve only found Opera to top it. The other thing about Firefox that really annoys me is that it comes to a complete hault when I visit a Flash based web page or a site with embeded QuickTime. There’s this 2 secons pause while loading the damn plugins. Then there’s also the smooth scrolling that isn’t all that smooth… I am really looking forward IE7 so I can switch browsers again Maybe I’ll do it again when Firefox 2.0 is ralease, we’ll see. Btw, can anyone tell me what the hell the Mozilla guys have been doing for over a year since FF 1.0 was released? Right now I’m running FF 1.5 beta and honestly I can’t see where they’ve spent all that time. Sure the menu has a different/bloated look and there’s the fast back feature which could probably be done with an extension anyway… But what are the improvements? I, for one, can’t see many. Oh, I see, they made all the extensions to not work… 2005-09-18 6:36 pm IE is faster, and more secure than firefox. Why even use firefox when you get IE with windows I doubt it,but even if you wre right than still that doesn’t matter if IE (still an app) is integrated in an insecure OS. Even when an app has vulnerabillities an OS designed to be secure ensures the vulnerabillity can never inflict great damage,thus no serious escalation. 2005-09-18 6:40 pm Maybe it’s just because I build my own nightly builds of Firefox on Windows using VC++’s optimizations and static linking, but Firefox seems to be faster on my laptop than IE by a wide margin on startup. Same thing for my machine at work. IE is slower on that one too. 2005-09-18 6:55 pm like the OSNews staff is concerned about the security of firefox. If this topic were newsworthy I’d understand the volume of articles, but it isn’t. So, if you really are concerned. Use IE. That way you know if you get a vulnerability it will be the most compatible and supported for your OS. 2005-09-18 7:06 pm Thom Holwerda like the OSNews staff is concerned about the security of firefox. I’m just a fan of perspective. I detest empty statements such as “Firefox is the best browser!!! IE sucks!!!” because they hold no value at all. The best way to go about is, “I find [insert browser] the best because [insert arguments].” Sadly, the latter is barely used. 2005-09-18 7:17 pm ma_d The latter is actually closer to empty. It’s saying “This is the best browser for my reality” where the former says “This is the best browser for all reality.” IE has gotten better lately. But really, Microsoft ignored it for years and they got what was coming: Way behind. 2005-09-18 7:03 pm ma_d “Look at the data and decide for yourself.” This author makes most of the same mistakes as the ZDnet author. He used a couple metrics to try and prove something (in this case he’s showing a counter-example which is generally shorter than a proof anyway). But the difference is that he’s not making a conclusion. If people want to draw conclusions from statistics and reason about firefox/IE that’s fine! But a one page paper is not going to cut it. The ZDnet editor needs to learn that, and begin handing out pink slips. 2005-09-18 7:47 pm >What’s the part you don’t understand, “ActiveX is bad for security” or “FF has extensions”? Both statements are true. Yes, they are. What did not you get? How about this: Internet Explorer has a feature called ActiveX controls. These are small add-on modules, easy to download and install, that give the browser new features. Is this a true statement? Yes, it is. Applied to IE, the conclusion is: they have become such powerful tools for criminals and hackers that their potential for harm outweighs their benefits. Applied to FireFox, the conclusion is: it has a cool feature called “Extensions.” We’re talking about security here, in case you haven’t noticed. Same rules must apply when evaluating security implications of a technology embedded into the browser. Now, tell me about *all* facts. 2005-09-18 9:23 pm Now, tell me about *all* facts. How about; * IE’s ActiveX runs as an app the user’s permission level. * Firefox’s extentions run under the browser. That should get you started. Let me know if you need more help. 2005-09-19 7:07 am Rehdon You are still confusing the issue, which is not about features (extensions) but security: if one of the browsers has a type of extension framework which is inherently less secure, that browser is less secure, period. I don’t care what kind of shiny extensions ActiveX would allow, if I have to pay for them with a compromised OS. rehdon 2005-09-18 8:24 pm Joe User But people prefer to use Firefox because it is “open-source” even if it probably is the browser that has most security flaws. How clever. 2005-09-18 9:25 pm But people prefer to use Firefox because it is “open-source” even if it probably is the browser that has most security flaws. How clever. How do you know Opera is more secure? (I’m not saying it isn’t…just that you don’t justify that bold statement.) 2005-09-19 1:40 pm eMagius How do we know? Zero known unpatched vulnerabilities, compared to Firefox’s three. And whenever a new multi-browser exploit that affects Opera (most multi-browser vulnerabilities only affect Mozilla/Firefox and IE, but a few hit Opera, too) comes about, it is fixed in Opera within 24 hours — these take upwards of a month to be fixed in Firefox (see the IDN vulnerability, for example). 2005-09-18 10:04 pm How about what? Skipping facts? * IE’s ActiveX runs as an app (???) the user’s permission level. You also forgot to mention what would happen if running ActiveX is disabled in IE. Will ActiveX run by itself, as an application? No? Will ActiveX controls that remain from the IE still run if user switched to Firefox? If not, why? Will ActiveX need browser, and properly configured, to run under it, after all? * Firefox’s extentions run the user’s permission level under the browser. You forgot to mention that Firefox extensions also run under the user running the browser, and also need browser to have running of extensions enabled. Truly great representation of *all* facts. Thanks. You helped me very much to prove the point. 2005-09-18 11:18 pm Truly great representation of *all* facts. Thanks. You helped me very much to prove the point. Give it up. The two AREN’T SIMILAR. 2005-09-18 11:20 pm i have used elinks quite a bit as many of the sites I visit I am only interested in reading. how is the security in elinks? or links? I’ve also noticed that most of the places I visit require no active scripting or java. most places I visit need no cookies turned on. so i do a lot of surfing with everything turned off. in XP i can run firefox with everything turned off and visit most of my pages. for hotmail, ifilms and such, i use IE. SO, with that in mind, is there a browser that is simply for reading text made to run on XP. I mean a browser that could not do scropting or cookies even if you wanted it too? 2005-09-19 12:34 am Well Firefox is overrated which I’ve always said all along, maybe firefox is popular because of it’s cool name?. Don’t get me wrong it’s a good browser but I find Konqueror superior because of it’s features. RSS button appears on the bottom right when a website has RSS feeds. Spell checking as you type in forums. Theres just loads of features to list and it’s fast with the added ability to turn off browser identification, which gives no clue to OS type or browser type. To me it’s just a solid browser and firefox’s security maybe a price of it’s cool name popularity. 2005-09-19 4:51 am abdavidson Smaller file size, smaller install size, quicker, and the features are hidden away unless you want them. And yet… people can somehow say “because it has these hidden features I don’t want it is *bloated*.” Bit of a schizm in the thought processes going on there. 2005-09-19 7:00 am Smaller file size, smaller install size, quicker, and the features are hidden away unless you want them. And yet… people can somehow say “because it has these hidden features I don’t want it is *bloated*.” Bit of a schizm in the thought processes going on there. Its the same old, same old complain of the Usability/HIG freaks: No matter how good an application can be or how its default layout makes sense by many accounts, the biggest factor to reckon when judging whether its worth or not is how many options their Preferences panel/window/whatever shows. Doesn´t matter at all that all those preferences actually empowers the user: If the noob can´t grasp it, it is bloat. I still can´t see why other browsers haven´t included a BitTorrent client, like Opera did on recent versions, for starters. Yes… It is a P2P app, which happens to find its sources mostly on webpages. So, why not? This is getting tired and unfortunately I can´t see it going anywhere: This annoying trend of oversimplification on everything OSS even when it comes in the way. No… Opera is not bloated because of the reasons cited above and many others. It´s a excellent browser. And by the way, I´m not a Opera fanboy. /me prefers Konqueror and Firefox, in that specific order. But I did used it on the past and probably will get back to it sometimes now that I got a registration code after that generous offer from Opera. DeadFish Man 2005-09-19 6:18 am butters Most of IE’s problems come from integration with other poorly designed Microsoft software. Most Firefox vulnerabilities come from programming errors in parsing code. IE vulnerabilities are bone-headed design mistakes, Firefox vulnerabilities are bone-headed programming mistakes… generally speaking. Furthermore, I would really appreciate it if people could understand that Gecko is a rendering engine. It parses the markup and renders the page. It has some potential for security problems in and of itself, but not much. None of the recent Firefox vulnerabilities are related to Gecko. If they were, they would likely effect other Gecko browsers. The recent Firefox vulnerabilities are related to the way it parses URLs, not markup. 2005-09-19 6:20 am Yes, they are. What did not you get? How about this: Internet Explorer has a feature called ActiveX controls. These are small add-on modules, easy to download and install, that give the browser new features. Is this a true statement? Yes, it is. Applied to IE, the conclusion is: they have become such powerful tools for criminals and hackers that their potential for harm outweighs their benefits. Applied to FireFox, the conclusion is: it has a cool feature called “Extensions.” The conclusion is drawn from the fact that ActiveX does not ask you about anything before installing things (it does when prompted to, but it doesn’t have to.), and interacts directly with your core OS. That means spyware, adware, virii, and just about anything else can be installed without asking you, not just new features for your browser. Meanwhile, Firefox extensions are not allowed to be installed from anything other than the trusted mozilla extensions site unless you explicitly allow a specific site/module to be installed. They also do not affect your OS in any way. Thus, it’s more secure. To recap: One allows changes to your OS files without asking you, while the other won’t even let you install a useful application without making you click through to do it. We’re talking about security here, in case you haven’t noticed. Same rules must apply when evaluating security implications of a technology embedded into the browser. Ok, so… you’re saying that the rule is “ignore facts and start arguing nonsense based on the fact that two product descriptions use the word ‘add-on’ at some point in their features list”? Now, tell me about *all* facts. Here’s a fun fact: You have no ability for forming logical statements or thoughts. 2005-09-19 7:53 am Isn’t that a Mark Twain Quote? It is a very good quote though and proven by microsoft all the time. 2005-09-19 11:20 am This weener is: (1) hiding behind ZDNet’s “you cannot disclose details about exploits to the public” policy. Essentially, he can pull crap out of his arse and make IE look like a million bucks. (2) delibrately writing articles this way so more people will come visit and comment…ie : Advertising dollars for ZDNet! (3) claiming its his way to help such open-source projects (Also claims he is a Linux and FreeBSD user)…Yeah right. If you wanted to help, wouldn’t inform Mozilla/Firefox team directly of what you found? Seriously, I have more respect for prostitutes than I have for weeners like him looking for attention and getting advertising dollars for ZDNet. So you know what you OSS folks should do? Keep working on those projects of yours, and ignore these “things” that suffer from a bad case of verbal diarrhoea.