Langa Letter: The Pros And Cons Of Firefox

[organ_shifter]

Langa Letter: The Pros And Cons Of Firefox

April 17, 2005

Firefox is a good browser, but not the panacea its most ardent fans think it is. While Microsoft's IE gets most of the attention for its security vulnerabilities, the reality is that Firefox (like other open source products) has security flaws of its own that readers need to be aware of, Fred Langa notes.

By Fred Langa

For an industry built on logic--at their deepest level, computers are logic circuits--blatant illogic somehow manages to cloud many issues.

Take Firefox, for example, a very nice browser from Mozilla.org. It's free, Open Source, and the result of literally years of development. It's also a cross-platform application, available for Windows, Mac, and Linux--a huge plus in computationally diverse environments because the configuration and training/learning curve is basically the same, no matter what platform the browser's installed on. Its human language support also is extensive, with versions in everything from Afrikaans to Welsh. No question: It's impressive software.

Some also like it simply because it's not from Microsoft. I think this approach has some merit: Whenever Microsoft loses serious competition in any software category, it grows complacent, and the pace of innovation slackens. IE6, for example, came out in 2001; an eternity ago, in computing terms. Except for a boatload of security updates and patches, it's still basically the same browser it was then.

And those security issues aren't trivial: All browsers, by design, open a two-way channel to the servers they connect to; browsers that contain security flaws therefore expose their host PCs--and their owners--to the potential of malicious attack by exploitation of the security flaws. Microsoft's software has exposed more users to more potential and real attacks than any other software.

Root Insecurities

Microsoft's problems with online security stretch back to the early days of Windows, when networking was somewhat of a black art. Much of Windows' internal development in Windows 3.1 and 3.11 was to make Windows network-aware and largely self-configuring. The Windows developers mostly succeeded, and Windows became easy to network, with few obstacles to interconnection in the "friendly" confines of LANs, where other PCs and their users could be regarded as non-hostile.

But the explosion of interest in the Web took Microsoft by surprise, and the company rapidly integrated a browser into Windows, producing an operating system version called "Windows 95 Microsoft Internet Explorer." This, in essence, exposed an easy-to-connect-to operating system to the online world at large; a fact almost immediately exploited by crackers and other cybermiscreants. Microsoft has been busily backfilling security holes ever since; even in later versions of Windows, in which the company should have known better and taken more aggressive steps to lock down the core operating system.

While Microsoft, with a 95% market share, struggled to patch the myriad security holes in all its operating systems, the Mac and Open Source products such as Linux gained a reputation for being more secure. In fact, that's one of the main reasons cited now for people switching to Firefox--that it's more secure than Internet Explorer. It's a very appealing concept, and has become part of computing's conventional wisdom: Non-Microsoft = More Secure.

Trouble is, that's a falsehood based on a common error: Failure to adjust for the effects of the installed base.

Full story here (Great 4 page reader): Langa Letter: The Pros And Cons Of Firefox

[peepnklown]

[KingCobra]

Non-Microsoft = smaller target (currently).

The problem is that the malicious hackers will eventually go after the FireFox crowd.

[peepnklown]

Same thing with MAC

[Cobra]

Non-Microsoft = smaller target (currently).

The problem is that the malicious hackers will eventually go after the FireFox crowd.  It isn't a matter of if, but when.

well, until then, im ridin' the wave, baby!

[organ_shifter]

The wave will be over when IE7 drops. It's a given. You've got a few months though.

[paladin]

:)

Looks like I may have been smarter than I thought, as I did not

download  FF.  :o

[organ_shifter]

:)

Looks like I may have been smarter than I thought, as I did not

download FF. :o

Check this out! It's getting worse. News is spreading. Could FF's troubles get any worse?

Multiple flaws in Mozilla

18 April 2005, 14:45 GMT

Several flaws have been discovered in the FireFox and Mozilla browsers, the series of problems being comparable to a

[organ_shifter]

Mozilla is still currently having problems. Users beware.

Mozilla Firefox 1.x with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Extremely critical

Full report here: Mozilla Firefox 1.x - Vulnerability Report