Firefox myths

[piratePenguin]

The page is nothing exciting - it's a list of misconceptions made by people who just happen to not understand everything in the world. Not many of them would dispute a friendly, well-reasoned argument against what they're saying.

MT seems pretty sure they've been misled, presumably intentionally, by FF "promoters" - except for once he forgot to cite a source. Hmmmm.

[H_TeXMeX_H]

Maybe removing the trolled posts would be better than binning again ? ... cuz there is a troll ...

[Mastertech]

So do I which is why I hate your artical, note I don't think much of Internet Explorer or Firefox, but I prefer the latter.

That doesn't make sense. If you hate misinformation you would love Firefox Myths since is corrects vast amounts of it.

And what's a nube to do?

Probably just click on yes because they don't know what they're doing, oh and good old CERT knows about the problems with ActiveX too (read on).

Irrelevant. The point is clearly how ActiveX works. Phishing style attacks do not change the security aspects of ActiveX. People all over spread BS that with ActiveX running you just simply get spyware autoinstalling ect... Simply untrue. Autoinstalling spyware is due to exploits that you failed to patch. It has nothing to do with the security design of ActiveX. IE vulnerabilities are largely exploited using code written in ActiveX this in no way makes ActiveX the cause of the problem. It is just like blaming C++ because a virus author uses it to write his virus.

Either way, no one here believes any of the Firefox myths, we all know that FireFox isn't 100% secure (no browser is) but you cannot deny the fact that Microsoft Internet Explorer is the worst as far as security is concerned. Opera is probably one of the most secure browsers around, infact my bet would be on a text-only browser like Lynx.

Neither Firefox nor IE are secure as of this writing. Opera currently is with no unpatched vulnerabilities. Currently Firefox has slightly less total vulnerabilities than IE but this is changing rapidly has more and more Firefox vulnerabilities are discovered. All of which is irrelevant to the Firefox Myths page. Why are you bringing up irrelevant things? The Myth being debunked is that Firefox is Secure. It isn't. Making excuses for this does not change this fact.

You talk about standards, well as far as I'm concerned IE is one big problem because it's using a form of vendor lock in to retain its dominance rather than being superiour from a technilogical aspect.

I really don't care this has nothing to do with the Firefox Myths page.

That doesn't mean anything, any software vendor can give overly optimistic minimum system requirements, the very fact that you've mentioned this means you're trying to misinform people. Rather than look at this you should focus more on things like memory usage, here's an example of how minimim requirements are confusing XP lists a minimum requirement of 64MB of RAM while Ubuntu, lists 256MB, however the default configureations for both OSs result in similar memory usage, both use between 80MB and 110MB when booted up with no other porgrams running.

Microsoft is VERY clear about it's minimum requirements. IE will run on them as I have tested it to work fine. Have you? Everyone making these claims never tested anything. I've been building PCs since the 80s. Windows XP's requirements are stated clearly that 64 MB will limit features and performance and thus mentions 128MB as the recommended minimum, which is what I also clearly recommend. Your lack of understanding and obvious complete lack of testing is the real misinformation here. Minimum requirements are just that, the minimum of which the software application will run. Misinformation is NOT telling them this. Mozilla clearly set the minimum requirements were they were most likely due to Firefox being unusable below those. I can confirm 100% that IE will run on the minimum requirements listed. If you have a problem with Firefox's then bring it up with them I simply report the facts.

Well you can play with the numbers all you want but does anyone really care?

If counting the number of vulnerabilities is "playing with the numbers" then please tell me how. This is the reality. If you cannot grasp the fact that an advisory is released with a variable amount of vulnerabilities I cannot help you.

For example I could argue that UNIX has more vunerabilities than Windows because more are listed on Secunia, but there again I would be forgetting the fact that UNIX is a very big familly of operating systems.

See my point?

No and irrelevant.

The anti-Firefox crowd will push the figures one way and the pro-Firefox crowd will push them the other way.

There are no numbers to "push". There are the total number of vulnerabilities and that is it.

Again, it depends on how you measure speed, the fact that you only mention start up time is an indication thet you're trying to decieve people, also you've made no mention of the fact that IE is only faster because it's already loaded when you boo Windows and that you can pre-fetch Firefox so it pops up just as quickly.

Here let me help you:

1. What you read:

"Internet Explorer 6.x is clearly faster than Firefox 1.x in 6 out of 7 measures of performance and is significantly faster from a cold start."


2. What certain people are incapable of reading:

"Internet Explorer 6.x is clearly faster than Firefox 1.x in 6 out of 7 measures of performance[/size] and is significantly faster from a cold start."


Now read the note and try to understand it. If you don't get it read it again 50 times until you do:

The argument that components of Internet Explorer may load during Windows Startup is nullified by Opera's start times. Which means there is no excuse for this except poor coding on Firefox's part.[/SIZE][/b]

Still don't get it? Read it 50 more times.

This is plain wrong, just read the CERT article and you'll see.

So now you are calling the IE devs liars? Read the IE Dev post 50 more times until you understand it. It is quite clear.

I know, Opera is the only browser that passes it, but just you try it in IE then Firefox, sure Firefox doesn't pass but it's a damn sight nearer to passing than IE is.

Who frickin cares!! There is no Myth that IE passes it or passes it well. STOP making excuses.

Neither is Internet Explorer, but there again just because more developers support IE it doesn't make it any better.

IE is by FAR compatible with more sites. This is indisputable.

And I've read it and it's bullshit, the very fact that you've been infected by a Rootkit before means you're not doing things right.

It is not that simple anymore. Software is getting more complex and people are not going to sacrifice ease of use for security.

Anyway, I've read on your site you like OpenOffice.org, what's your view on MS Office, and what about MS Works? Do you agree with me tha MS Works is a complete was of space?

MS Office is hands down the better product. However it is very expensive and generally unnecessary for the home user. Businesses who rely on Excel or Access will and should continue to use MS Office. MS Works never impressed me and I find Open Office a better solution. Open Office is recommended because I found it to be the best free (as in money) Office Solution.

[Dark_Me]

IE vulnerabilities are largely exploited using code written in ActiveX this in no way makes ActiveX the cause of the problem. It is just like blaming C++ because a virus author uses it to write his virus.

No it's nowhere near blaming C++ for viruses made with it. C++ is a low level programming language, ActiveX is a component of a browser. The two do not compare.

There are no numbers to "push". There are the total number of vulnerabilities and that is it.

The total number of vulnerabilities means jack shit on its own. How many of these vulnerabilities are for *NIX systems? How many are for Windows? What do they do? How critical are they? Are they patched?

[piratePenguin]

Opera currently is with no unpatched vulnerabilities.

Excuse me?

[Mastertech]

No it's nowhere near blaming C++ for viruses made with it. C++ is a low level programming language, ActiveX is a component of a browser. The two do not compare.

The concept is the same. Malware written using ActiveX scripting to exploit an unpatched IE vulnerability cannot be blamed on ActiveX. It is not an ActiveX vulnerability that is being exploited.

The total number of vulnerabilities means jack shit on its own. How many of these vulnerabilities are for *NIX systems? How many are for Windows? What do they do? How critical are they? Are they patched?

Which is why the critical vulnerabilities are listed as well. And they are not all patched making even the latest version insecure.

[Lead Head]

Piratepenguin, he seems to be ignoring that Opera has one real nasty vulnerability

[Mastertech]

I see none Opera 9 (Secunia)

[Canadian Lover]

Microsoft is VERY clear about it's minimum requirements. IE will run on them as I have tested it to work fine. Have you? Everyone making these claims never tested anything. I've been building PCs since the 80s. Windows XP's requirements are stated clearly that 64 MB will limit features and performance and thus mentions 128MB as the recommended minimum, which is what I also clearly recommend. Your lack of understanding and obvious complete lack of testing is the real misinformation here.

Even at the 128 level, a whole lot of stuff is ran from the page file, slowing everything down. Maby there's a reason everyone else recommends 256?

[piratePenguin]

I see none Opera 9 (Secunia)

Oh so you can't think for yourself no?

EDIT: I sent them a feedback thing to see my post.

[piratePenguin]

Mozilla Firefox 1.x with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Less critical

Microsoft Internet Explorer 6.x with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Moderately critical

What a surprise!

[Lead Head]

I've ran firfox on a 200Mhz Pentium running windows XP with 64MB of ram. It ran pretty damn well considering the outrageous specs of the machine.

EDIT: Ive run firefox on a 133Mhz Pentium running Win98 with 32MB of ram, even then it still ran better then IE on the 233Mhz Pentium running XP

[Canadian Lover]

If IE is as safe as Firefox, why can I do this in IE?



(code actually loads onto the page, here's the link: http://www.openopen.org/old/ie/open-cd-ie.html)

[Lead Head]

If IE is as safe as Firefox, why can I do this in IE?

Theres no image

[Aloone_Jonez]

Mastertech,

Right, you've got me agree on a couple of things, but don't worry it illustrates my point perfectly as you'll see.

That doesn't make sense. If you hate misinformation you would love Firefox Myths since is corrects vast amounts of it.

Your artical doesn't provide all the facts and thus doesn't allow the reader to make an informed decision about their choice of browser.

Irrelevant. The point is clearly how ActiveX works. Phishing style attacks do not change the security aspects of ActiveX. People all over spread BS that with ActiveX running you just simply get spyware autoinstalling ect... Simply untrue. Autoinstalling spyware is due to exploits that you failed to patch. It has nothing to do with the security design of ActiveX. IE vulnerabilities are largely exploited using code written in ActiveX this in no way makes ActiveX the cause of the problem. It is just like blaming C++ because a virus author uses it to write his virus.

The I suggest you read the US CERT article again.

Service Pack 2 for Windows XP disables Active scripting and ActiveX controls for IE and several other programs using Local Machine Zone Lockdown.

But that doesn't stop it becoming re-enabled.

Neither Firefox nor IE are secure as of this writing. Opera currently is with no unpatched vulnerabilities.

Correct.

Currently Firefox has slightly less total vulnerabilities than IE

Well that's an understatement.

but this is changing rapidly has more and more Firefox vulnerabilities are discovered.

As they are they're being fixed, and so are the IE vunerabilities.

Not only that but Firefox's vulnerabilities being discovered at a similar rate as IE's.

http://www.webdevout.net/security_summary.php#graphs_total

All of which is irrelevant to the Firefox Myths page. Why are you bringing up irrelevant things? The Myth being debunked is that Firefox is Secure.

Of course it's rellevant, you're debunking myths about Firefox right?

Firefox is a web browser so why is it not rellevant to compare it to another web browser like Opera? You've already compared it to Internet Explorer.

You need to make sure your readers understand that security is relative, and it's a fact that Internet Explorer is insecure relative to Firefox which is insecure relative to Opera.

It isn't. Making excuses for this does not change this fact.

I'm not making any excuses - I'm merely filling in the gaps.

I really don't care this has nothing to do with the Firefox Myths page.

Yes does.

Microsoft is VERY clear about it's minimum requirements. IE will run on them as I have tested it to work fine. Have you? Everyone making these claims never tested anything. I've been building PCs since the 80s. Windows XP's requirements are stated clearly that 64 MB will limit features and performance and thus mentions 128MB as the recommended minimum, which is what I also clearly recommend. Your lack of understanding and obvious complete lack of testing is the real misinformation here. Minimum requirements are just that, the minimum of which the software application will run. Misinformation is NOT telling them this. Mozilla clearly set the minimum requirements were they were most likely due to Firefox being unusable below those. I can confirm 100% that IE will run on the minimum requirements listed. If you have a problem with Firefox's then bring it up with them I simply report the facts.

Have you ever tested Firefox on hardware lower than the minimum requirements? If so you'll find that it actually works, these are recommended minimum requirements not absolute minimum requirements like MS states for it's products.

What you've stated is true, Microsoft's minimum requirements are just that minimum requirements but some other software vendors bais their minimum requirements to is required to give reasonable performance.

If counting the number of vulnerabilities is "playing with the numbers" then please tell me how. This is the reality. If you cannot grasp the fact that an advisory is released with a variable amount of vulnerabilities I cannot help you.

And you can't understand the fact that Firefox is more secure than Microsoft Internet Explorer.

Wait a second, even US CERT recommends you should use a diffenent browser!

Use a different web browser

There are a number of significant vulnerabilities in technologies related to the IE domain/zone security model, trust in and access to the local file system (Local Machine Zone), the Dynamic HTML (DHTML) document object model (in particular, proprietary DHTML features), the HTML Help system, MIME type determination, the graphical user interface (GUI), and ActiveX. These technologies are implemented as operating system components that are used by IE and many other programs to provide web browser functionality. These components are integrated into Windows to such an extent that vulnerabilities in IE frequently provide an attacker significant access to the operating system.

It is possible to reduce exposure to these vulnerabilities by using a different web browser, especially when viewing untrusted HTML documents (e.g., web sites, HTML email messages). Such a decision may, however, reduce the functionality of sites that require IE-specific features such as proprietary DHTML, VBScript, and ActiveX. Note that using a different web browser will not remove IE from a Windows system, and other programs may invoke IE, the WebBrowser ActiveX control (WebOC), or the HTML rendering engine (MSHTML).

No and irrelevant.

Of course it is and it's exactly why your page totally blows. You can't discuss page rendering and compatability without mentioning standards support which very important.

"Internet Explorer 6.x is clearly faster than Firefox 1.x in 6 out of 7 measures of performance and is significantly faster from a cold start."

[list=1]

• Apart from the start-up speed the other differences are neglidgable.
• These tests don't feature web pages containing a variety of content i.e. each test just looks a one type of content.
• Not in my experiance, for example Firefox renders hotmail faster than IE, Firefox renders this forum faster than IE.
• It doesn't even mention download speed.

The argument that components of Internet Explorer may load during Windows Startup is nullified by Opera's start times. Which means there is no excuse for this except poor coding on Firefox's part.[/SIZE][/b]

Wow, I agree.

Hang on, IE must really be shit then, if it's already loaded when Windows starts, yet Opera actually starts faster!

Well you've proved to me that IE is actually worse than I thought it was before I read your post!

Who frickin cares!! There is no Myth that IE passes it or passes it well.

So what?

You quite rightly raise the point that Firefox doesn't pass the Acid2 test, well done! But wouldn't it be more fair to compare it to IE as well as Opera?

Wouldn't that be providing the reader with more relevant information so they can make a more informed choice?

It's one of those relative things again, something you don't seem to understand.

STOP making excuses.

I'm not making any excuses.

IE is by FAR compatible with more sites. This is indisputable.

But you're neglecting the all important standards debate again - something very important if you want your reader to become more educated.

It is not that simple anymore. Software is getting more complex and people are not going to sacrifice ease of use for security.

Bullshit, Mac OS is both easy to use and secure, ease of use and security can go hand in hand but obviously Microsoft has lead you to believe otherwise, I pitty you.

MS Office is hands down the better product. However it is very expensive and generally unnecessary for the home user.

I generally agree.

Businesses who rely on Excel or Access will and should continue to use MS Office.

On the contrary, bussinesses should continiously evaluate different products and use the one that suits them best - they might be able to make considerable savings.

MS Works never impressed me and I find Open Office a better solution. Open Office is recommended because I found it to be the best free (as in money) Office Solution.

I agree, and if you have money to spare there's always other alternatives like Star Office and Corel Office.