Login:
Password:
Lost Password?
Print this article  |  E-mail this article  |  Comment on this article

Microsoft: Firefox users in danger due to more frequent updates

By Scott M. Fulton, III, BetaNews

November 30, 2007, 4:39 PM

The author of a controversial white paper comparing Firefox' security integrity with IE's has released an update, which now makes an even more contentious claim than the original.

Because Microsoft releases Web browsers less frequently and supports older editions for longer periods, claims Microsoft Security Strategy Director Jeff Jones in his latest report, Internet Explorer 7 users are less susceptible to security vulnerabilities than users of Firefox, whose updates come more frequently and whose older versions are disavowed sooner.

"One key factor of lifecycle is simply the fact that 'unsupported' versions of products don't get patches developed for them," writes Jones. "This is equally true for all vendors, but shorter lifecycles mean more people may still be running an unsupported version and be exposed."

Microsoft's policy, Jones points out, is to provide support for a previous service pack for a product for at least one year following the release of a new service pack. Mozilla, by contrast, continues support for an older version for only six months.

"So, according to its original schedule, Firefox 3.0 was scheduled to ship in November 2007, which meant Firefox 2.0 support would end in May 2002," he writes. "To put this in perspective, if Microsoft had this same policy, then support of Internet Explorer 6 would have ended in May 2007, or similarly Internet Explorer 5.01 support would have ended in 2001."

Jones cited evidence that Mozilla discontinued support for Firefox 1.5 on schedule, but two months after it was selected for inclusion in Red Hat Enterprise Linux Desktop 5. As a result, he said, Red Hat was in a position of distributing a product on behalf of another vendor that had already discontinued support for it.

Microsoft's Security Technology Unit Director Jeffrey Jones
Microsoft's Security Strategy Director Jeffrey Jones

Such discontinuation of support, he contends, leads to situations where users who hang on to their installed software for as long as possible -- one of only two types of people, he says -- may find themselves using vulnerable software that the vendor is unwilling to patch.

But as one of Jones' own charts makes clear, Firefox had undergone three lifecycles in the same time IE6 was only most of the way through one. Plus, he quotes from a message that had been posted to Mozilla's own Web site, advising its customers that one way to get support again is to upgrade: "All users are urged to upgrade to the newest version of Firefox," it read.

Such short messages and such terse terminations of support, Jones contends, pose a problem for home-based browser users who have a natural expectation of longer product lifecycles than merely six months.

In an update to his claim earlier this year that Firefox was a riskier Web browser than IE because Firefox' manufacturer found and fixed more vulnerabilities than did IE's manufacturer, Jones cites new data showing that in the first 12 months of their respective lifecycles, Mozilla found and fixed 56 vulnerabilities for Firefox 2.0 (13 of them rated "high"), while Microsoft found and fixed 17 vulnerabilities for IE7 for Windows XP (14 of them "high") and 14 vulnerabilities for IE7 for Windows Vista (11 of them "high").

Among so-called "unfixed vulnerabilities," which he describes as problems described in advisories but have yet to be fully addressed as of last Tuesday, 24 unpatched vulnerabilities currently exist in Firefox 2.0 by Jones' count (8 of them "high"), versus 21 security holes in IE7 (10 of them "high").

While considerable effort has indeed been expended in making IE7 a more secure browser than its predecessors (many contend it could only have gotten better), even those who agree with that general conclusion raise doubts as to whether the number of problems, as opposed to the nature of those problems, is a proper metric for judging software integrity.

At the last TechEd Orlando conference, one IE user asked Jones, doesn't the fact that a company addresses more problems make you feel better about that company than when it refuses to acknowledge them?

"While the results in this study showing fewer vulnerabilities in Internet Explorer might be surprising to some," Jones concluded in his study from Tuesday, "to others the results will simply be a confirmation that improving security is a hard job even with the best of intentions. Further, it shows that with commitment and focused effort, vendors can make progress in improving computer security for software products."

Add a Comment (171 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By tigreseis

posted Dec 5, 2007 - 11:21 AM

Alright, I apologize to anyone I have called a moron. I don't really mean it. I am just trying to get your hackles up and get you passionate about your answers. It wasn't a Christian thing to do. So, sorry and Merry Christmas!

Score: 0

By M^3

posted Dec 3, 2007 - 8:31 PM

Mosaic rocks! It hasn't been updated in so long it must be the most secure browser ever! AND it runs on my Windows NT 3.51 workstation, also not being updated and so therefore perfect. I AM UNHACKABLE!

Score: 0

By TSThomas

posted Dec 3, 2007 - 4:21 PM

Also worth bearing in mind; Firefox is a browser... period. Whereas Internet Explorer is integrated into the Operating System. Should extended support really be that surprising?

Score: 0

By wearl

posted Dec 3, 2007 - 3:22 PM

I work with repairing computers for customers all the time. I find most spyware come from ActiveX on websites that should not be trusted asking you to install ActiveX to see certain content. By the way I would rather have updates all the time for a browser and fixed sooner than Microsoft's some vulnerabilities that are still open from years ago... ActiveX itself needs to be replaced. ActiveX is IE's biggest flaw and biggest security risk compared to any other hole in the software that is a risk. I have yet to see any spyware come though firefox unless you acually download an executable willingly that has spyware in it. Firefox is alot faster than IE and a lot safer. when has Microsoft ever been anywhere near safe? Never!..

Score: 0

By popa

edited Dec 12, 2007 - 6:50 AM

A resent report seen on a Mc Afee web site claimed china is responsible for attacks on individual and industrial computer networks Now national security has become a concern for U.S.A, Germany and India. Firefox, therefore, will be more relevant in the future. I prefer Firefox, It seems safer than IE,as for me,a user friendly browser. Worth mentioning Russia has been accused of involvement in Cyber warfare during 2007

Score: 0

By tigreseis

edited Dec 3, 2007 - 8:24 PM

Now, you show your moronic tendencies. Active X is potentially the biggest security risk. I thought you might be slightly intelligent at that point, but then the moron in you came out and you made some great sweeping statement like,

"when has Microsoft ever been anywhere near safe? Never!.."

First, use capitals to start a sentence (every once in awhile), it can make you appear to be intelligent. Second, if Microsoft was so unsafe, I dare say there would be a mass exodus to such great systems like OSX and Linux (which I use). What's that? Oh yea, some 90+% of the market uses Microsoft products.

Need for a lobotomy=1 you=0

Score: 0

By SteveJohnSteele

posted Dec 3, 2007 - 2:25 PM

option 1 ...
software is a month old
holes are known by hackers
next update Tuesday next month (maybe)

option 2 ...
software is a week old
holes just discovered
next update tomorrow

you decide

Score: 0

By Lawrence01

posted Dec 3, 2007 - 11:11 AM

I'd rather deal with firefox issues rather than active X stuff in IE. Its so easy for a new user using IE to get their system full of malware in no time.

Score: 0

By tigreseis

posted Dec 3, 2007 - 1:05 PM

That's an idiotic statement. most malware comes through illicit web sites or downloads, not active x. So, a "new" user can screw up in Firefox as well.

I use both. I prefer Firefox, but it crashes more than IE7.

Score: 0

By mcbit

edited Dec 3, 2007 - 4:48 PM

It may be caused not by the Firefox, but by an add-on you have installed. They are coded not by professionals sometimes. Even though FF still has a few memory leaks, I find it more stable compared to IE.

Score: 0

By tigreseis

posted Dec 3, 2007 - 8:29 PM

Some times it has been caused by an add-on, other times not. I have equal functionality in IE7 with add-ons, but it doesn't crash as often. Now, take that with a grain of salt when I say often. I am talking crashing maybe once a month. My point was that Firefox does it and IE7 doesn't. That being said, I still prefer Firefox, but it annoys me that people go to extremes to bash Microsoft when they don't know what they are talking about. It is a follow the crowd mentality. Use your own brain!

Score: 0

By Floodland

posted Dec 3, 2007 - 7:36 AM

Well, Microsoft releases patches every month for IE6 and 7. If you count the patches for IE6 you may reach the millon, and it *is* still a pile of serious garbage. IE7 improved a bit (6 years?), but still requires useless monthly (and never ending) patches, MS released too many patches for IE. Mozilla updates the minor version number when patching, Microsoft does not, so the whole story is just BS.
IE is flawed from design (as most of their software), but even more since MS integrated with the OS back in 1997, when DOJ questioned about the forced IE inclusion into windows 95. IE was not really integrated into W95 but it was into 98. Microsoft ruined even more their security scheme just to sink Netscape.

Score: 0

By popa

edited Dec 12, 2007 - 5:16 AM

It would seem Microsoft is a prisoner of the past

Score: 0

By tigreseis

posted Dec 3, 2007 - 1:11 PM

Moron. You act like Firefox doesn't need patching. They have gone from 2.0.0.8 to 2.0.0.11 in just the last few weeks.

"IE is flawed from design (as most of their software)"

Give me a break, you show your bias right there. Like Microsoft is the great deceiver that has duped the whole world into using there products. Wake up and get your head out of your as*(that's butt for you illiterates).

Score: 0

By djhayman

edited Dec 3, 2007 - 10:12 AM

Are you trying to say that, because FireFox's version is incremented each time they fix a bug or security issue, it doesn't count?

And because Microsoft doesn't increment the version each time, they're somehow worse?

FireFox 2 is still FireFox 2, whether or not it's 2.0.0.0 or 2.0.0.5 or whatever.

"Mozilla updates the minor version number when patching, Microsoft does not, so the whole story is just BS."

That has *GOT* to be the *DUMBEST* thing I've ever read.

Score: 0

By Floodland

posted Dec 3, 2007 - 11:08 AM

Just read my comment again after waking up:

The article states
"Microsoft: Firefox users in danger due to more frequent updates"

The concept is wrong from the title, but it get even worse: Microsoft actually released more patches (updates) for IE than Mozilla for FF by a large margin, only that Microsoft does not document the changes through versioning.

Betanews should monitor articles before publishing them, they should be ashamed about this one.

Got it now?

Score: 0

By tigreseis

posted Dec 3, 2007 - 1:12 PM

mo·ron [mawr-on]
–noun
1. a person who is notably stupid or lacking in good judgment.

Score: 0

By Floodland

posted Dec 3, 2007 - 1:59 PM

Great, I am glad you did manage to find an autobiographic noun in the dictionary!
Maybe now you could learn to write comments without acting as fanboy, or at least giving arguments before insulting (if your brain cannot avoid it, of course)...

Score: 0

By tigreseis

posted Dec 3, 2007 - 8:12 PM

I like that one, but if you had read an earlier post, you would have seen that I use Firefox.

You would have also seen that I have given arguments.

Great, a blind moron. The worst kind.

Score: 0

By john0978

edited Dec 3, 2007 - 10:56 PM

shut the **** up

Score: 0

By tigreseis

posted Dec 4, 2007 - 9:17 AM

That's either:

shut the f*** up or,
shut the h*** up.

Which is it?

Either way, no, but I am glad you had something to add to the conversation. It must be refreshing to come out from under your rock and practice your language skills.

By the way, that should be "Shut the **** up."

Score: 0

By meral

posted Dec 2, 2007 - 11:49 PM

most of the vulnerability s come from javascript activex and popups disable both. Pretty sad this day and age you can still take down a fairly big website with ddos even. FF still blows ie away.

Score: 0

By dvferret

posted Dec 2, 2007 - 10:59 PM

"'So, according to its original schedule, Firefox 3.0 was scheduled to ship in November 2007, which meant Firefox 2.0 support would end in May 2002,' he writes."

Surely that must be an error.

Score: 0

By mcbit

posted Dec 2, 2007 - 9:35 PM

I think, we should be looking at IE vs FF from many angles. First, which is most important to me, is FUNCTIONALITY and ease of use. I consider IE being the follower here. Mozilla introduced tabbed browsing first. I am using add-ins, which make FF unbeatable in comparison to IE. I could not find anything similar that can be used with IE. When it comes to deployment, I find Firefox installation/uninstallation much cleaner. It leaves a smaller footprint and does not integrate into the OS like IE does making the system less vulnerable to system-level attacks because of it.
Plus, when I download FF, I always get the latest version, and I don't have to download and install patches after the browser is installed, like in the case with IE. From the time IE is installed to the time it is patched the browser remains open to the attacks that the patch have not been applied yet.
Shorter update periods mean more proactive approach to fixing problems to me. Shorter release periods for new versions typically mean more or better functionality. The only concern that I have is that new functionality may lead to slower overall operation. As long as Mozilla can manage it, I think, I am going to stick with FF before switching to IE.
Developers can only appreciate FF conformance to W3C standards. Switching from FF 1.0 to 1.5 and 2.0 was seamless to me. After upgrading to IE7 I found more sites "broken", when the layout changed because IE7 often renders CSS differently from IE6.
Bottom line, IMHO Jeffrey Jones tried to focus on things that would be more important to a system administrator rather than to a home user. Microsoft is playing a catch-up role and tries to mask it with statements like Jeffrey's. And, many responses in this thread confirm that.

Score: 0

By djhayman

posted Dec 3, 2007 - 10:06 AM

Incorrect - with IE7, you are not left "open to attacks" once you install it.

If you install a clean version of Vista, the install process downloads updates as part of the setup process.

And if you install IE7 on Windows XP, it too downloads any applicable updates as part of the setup process.

One might pose the question - if you download FireFox and always get the newest version, exactly how are you downloading FireFox? Perhaps by using an older version?!? By your logic, you're left "open to attacks" while waiting for your download to complete.

Score: 0

By TSThomas

posted Dec 3, 2007 - 4:13 PM

"Incorrect - with IE7, you are not left "open to attacks" once you install it.

If you install a clean version of Vista, the install process downloads updates as part of the setup process.

And if you install IE7 on Windows XP, it too downloads any applicable updates as part of the setup process."

Actually, that's optional.

Score: 0

By djhayman

posted Dec 3, 2007 - 5:39 PM

OK... So would you select "no thanks" just to prove a point? Or would you, like most people, allow it to install those updates by default?

Score: 0

By il-loostya

posted Dec 2, 2007 - 8:31 PM

Quit your spamming, you parasite.

Score: 0

By Mystiqq

posted Dec 2, 2007 - 4:20 PM

Danger from updates that are, by default, automatically installed on start up and updates are being checked while browsing? Is there any real reason why anyone would have to use old versions?

Basically, you are damned if you do and damned if you dont.

Score: 0

By superdragonpoop

posted Dec 2, 2007 - 8:53 PM

Just using Linux as an example here...

I know quite a few people who have slapped Linux on machines for their parents. How many of their PC's are checked routinely to ensure they have all the updates? If you come to this site you're part of the few that actually checks this kind of stuff. Fewer people are looking out for mom and pop.

Score: 0

By tigreseis

edited Dec 3, 2007 - 1:22 PM

That's beside the point on Linux because there is really no perceptible active malware confronting the linux system.

Besides, that is what automatic updates is for moron. You set it up in Windows and you set it up in Linux.

Score: 0

By ogman

posted Dec 3, 2007 - 10:46 AM

Hmmmm...Ubuntu alerts users to new updates and completes the process with just a couple of clicks. I believe that includes updates for the browser. Pretty simple.

Score: 0

By john0978

posted Dec 3, 2007 - 11:02 PM

"Hmmmm...Ubuntu alerts users to new updates and completes the process with just a couple of clicks. I believe that includes updates for the browser. Pretty simple."

As opposed to windows' "Do you want to restart? No? Ok, I'll ask you again in a minute."

Score: 0

By Mystiqq

posted Dec 3, 2007 - 3:05 AM

True, but i think topic was about the browser and its security? Keeping the whole computer up to date is another matter.

The way Firefox updating works, you simply cant make it any easier and simpler to the "ordinary" users. Im assuming its the same way on Linux as well. Theres no manual "checking" involved and only thing you need is to choose when to do the update, now or later, when you are asked to. If you ignore this, id say that the browser security is the least of a problem at this point.

However, ive had quite bit experience with the unexperienced when it comes to this sort of stuff so i understand what you are saying. However, on Firefox's case, you simply cant make it any easier than it already is.

Score: 0

By UniversityofKentucky

posted Dec 2, 2007 - 12:58 PM

I admire the FF community for providing feedback and responding so quickly to vulnerabilities. Plus the daily builds are not meant for the average user.

Score: 0

By tigreseis

posted Dec 3, 2007 - 1:23 PM

He wasn't talking about daily builds moron, he was talking about released versions. The daily builds aren't official released versions.

Score: 0

By john0978

posted Dec 3, 2007 - 11:03 PM

Why do you call everyone a moron in every ****ing post you make? Insecurities? Get a ****ing life will ya

Score: 0

By tigreseis

edited Dec 4, 2007 - 2:35 PM

Why do you use **** often to get your point across? Do you not know how to spell the word, or is a foul mouth a way of life?

I didn't call you a moron, but that was a slip of the keyboard. I won't make the same mistake twice. If you have something intelligent to say, that you can make an argument for, more power to you, even if I disagree, at least you are coherent.

Many of these post are just making grand generalizations about the evil Microsoft bad guy.

Score: 0

By crashoverride

posted Dec 2, 2007 - 3:48 PM

That's what I'm saying. I'm glad that Mozilla puts new releases out so frequently. It shows that they are constantly busy improving their code and take pride in what they are doing. It also shows that they care about their users. A stark contrast to a company that took oh how many years to update a browser that is leaving their customers to the mercy of spyware and hackers.

Score: 0

By jcollake

posted Dec 2, 2007 - 12:16 PM

This article is misrepresenting Jones comments. While I too have little confidence in Microsoft, he was simply stating that Microsoft is maintaining older versions of IE longer than Mozilla is maintaining older versions of Firefox. I doubt this really affects many people in the real world though.

Score: 0

By Nahkanunna

posted Dec 3, 2007 - 9:06 AM

While it's true MS supports older version, it's because they have to. There are so many old version still in use which are not going to be updated. Why do you think they let IE7 to be auto updated on illegal XP's? Because the IE6 installations are still in majority and they have to keep patching it even if it's a pain in the butt for them.

He should have said: "You know we used to make so many crappy versions of IE and tied it to Windows and now we can't make people upgrade and therefore have to kepp patching all those crappy versions. But you know, I tell you it's a good thing!"

Score: 0

By Galway

posted Dec 2, 2007 - 12:57 PM

The amount of times I fix peoples computers only to find they are running old versions of software amazes me. So I can see where he is coming from. The sasser virus, among others, shows that there are too many people running software with un-patched exploits. This is a browser is obviously playing with fire as is running p2p programs especially the kind with built in spyware.

Still ... It keeps me in pocket money, and it gets me hugs n kisses when its all running sweet again.

Score: 0

By TheOldGeek

edited Dec 2, 2007 - 11:44 AM

I've seen several commenters talk about Firefox's recent double update. I have a different take on it than I've seen here, so I'll jump in.

Simply put, the double update tells me that if Firefox has a problem, it will be fixed. As quickly as possible. Period.

I don't have that confidence in Microsoft, and honestly haven't had since I worked for Symantec--maker of the Norton Utilities--during the MS-DOS 6 debacle.

Score: 0

By ingram091

posted Dec 2, 2007 - 11:09 AM

Stuff of nonsense. Firefox actively updates itself all the time... There are no unpatched version out there. if you get firefox you get eh latest version and it updates itself as well as all your plugins and addons for it if they are available at that time, which normally they are. unless you stupidly turn it off for some reason.

Point is if you want to build a distro with Firefox, have it ftp the latest build at install instead of keeping a old file in the install disc. problem solved.

IE7 is ok, but I hate the interface. it just plain is unfriendly and unnatural to use. Unlike Firefox, IE can not be completely uninstalled if you do not like it, so you are ALWAYS vulnerable to IE bugs. ALWAYS. If Firefox is not running or not being used. It can be uninstalled with no problem if there is a critical unpatched bug in it. But that has not happened so far as I have ever seen. Its always updated it self promptly on any major bug discovery. That alone makes it a far superior product in my book. All the useful plugins and addons and themes not withstanding, which I also love and prase all the time...

And heck I got a Firefox portable now too for my iPod so I can take my browser/bookmarks/plugins/ect... with me from now on. Thanks to Betanews for letting me find that gem. I can't live without it now...

Score: 0

By xanderzone365

posted Dec 2, 2007 - 9:10 AM

Seems kinda rubbish.

Score: 0

By Willy

edited Dec 2, 2007 - 7:45 AM

Is this dude on dope? Who pays imbeciles like this to create this rubbish? MS? Think so...

Score: 0

By klavc

posted Dec 2, 2007 - 6:32 AM

I think somebody is afraid of Firefox3 :D

Score: 0

By sturgess

posted Dec 2, 2007 - 7:01 AM

Could be, I tried it and it certainly frightened me. Took three hours to get my computer to start up again, still trying to sort out the mess it left. Sounds like you had the same problem then klavc ?

Score: 0

By Setian^Stalker

posted Dec 2, 2007 - 5:53 PM

Mine freaked out too, system restore fixed that though :)

It was a beta, these things do happen.

Score: 0

By orizng

posted Dec 2, 2007 - 8:15 AM

lol, i tried it everyday on my mac/linux/windows, no problem so far...

Its hard to imagine fx has anything to do with your core system. and it should be very easy to remove (installation folder, and profile folder)

Score: 0

By ogman

posted Dec 3, 2007 - 10:54 AM

I've been using it for a week with no problems at all.

Maybe those having problems just need to upgrade their hardware. ;o)

Score: 0

By sturgess

posted Dec 2, 2007 - 9:44 AM

It was definitely Firefox, a few others posted similar problems. Machine froze solid as soon as installation was complete. Had to unplug from mains to get anything, files messed up. Have got it sorted, but that is one beta I ain't never goin' near again. Did delete profile and anything I could find containing fox or similar.

Score: 0

By crashoverride

posted Dec 2, 2007 - 3:36 PM

Haven't had any problems with FF3 beta on XP or XP 64bit. Now Vista is another situation. Started the browser after installation and it froze the system within minutes. i had to hit the reset switch. However after setting FF3 to run under XP SP2 compatibility mode it has run without incident.

Score: 0

By Pkshadow

posted Dec 2, 2007 - 4:07 AM

What a wack of BS this guy is.
I would take any software that gets updated and fixed regardless of who makes it over software that does not.

For Firefox at least it advises you that there is a update available and there is nothing to worry about with the install. No reboot needed.

I only wish that they would incorporate this type of updating in Mozilla SeaMonkey as that is my preference of a browser.

As for fighting over a browser, who cares as long as people develop their web pages using the standard of ANY Web Browser as per www.anybrowser dot org/campaign/

Score: 0

By dlowell

posted Dec 1, 2007 - 11:07 PM

lots of fighting going on here.
the main point when talking about web browser security is that the more popular a browser becomes the more its going to be targeted. So all you can do is use a less popular browser or the browser that gets updated the most.

I'm not going to say IE is better then Firefox or vise versa but competition between companies makes for the best possible product in the end for the users. All companies will try to make the best browser possible to gain user base.

Score: 0

By prndll

edited Dec 2, 2007 - 12:09 AM

There is no competition. Every Windows based machine gets IE. The user may choose Firefox or something else as the default browser. But, IE is always there. The only real competition that has ever really existed is between MS, Apple, and other. Other being what is created by open source. Over the last several years, that differance has been blurred. You might say that Firefox is the competitor to IE, but it really isn't. If you could remove IE, then maybe. But, the only way to do that would be to remove Windows.

What I see when I read this is MS saying that their updates is what makes IE less secure....being that if they update it less, it's more secure.

Score: 0

By internetworld7

posted Dec 1, 2007 - 10:59 PM

I think the only way for one to have a TRUE peace of mind is simply to either use Safari 3 beta for Windows or just switch to a Mac and use Safari or Opera on a Mac and say goodbye to security problems once and for all. ^--^

Score: 0

By orizng

posted Dec 2, 2007 - 8:18 AM

apple is like a amateur kid in windows market, their safari 3b can't handle 8 years old windows virus. its absolutely dangerous to use apple product for windows.

Score: 0

By yountmj

posted Dec 1, 2007 - 11:24 PM

Safari 3 beta... on Windows? Secure? You aren't serious, are you?

Within hours of release, there were already a handful of 0-day exploits available.

Score: 0

By Ian C.

posted Dec 3, 2007 - 12:28 AM

Yeah, and Apple has a bad habit of waiting several months to patch their apps, which are almost all based on open source projects. This has been a problem several times already just with their web browser, based on the Webkit open-source project, which is used on their iPhone as well. In fact, it's funny that he would use Apple in the same sentence as security, cause Apple is terrible when it comes to that.

Score: 0

By socialbeta

edited Dec 1, 2007 - 10:37 PM

"So, according to its original schedule, Firefox 3.0 was scheduled to ship in November 2007, which meant Firefox 2.0 support would end in May 2002,"

I had no idea that May 2002 was 6 months from November 2007. This guy is a retard.

Score: 0

By Registered

posted Dec 1, 2007 - 7:30 PM

well the one thing he doesn't mentioned that should of been mentioned,

and that is, when internet explorer breaks, it's very difficult to fix, reinstalling never works, uninstalling is out of the question, because it can't be uninstalled (because of explorer.exe), and removing the damages causing internet explorer to fail is near impossible,

where as if firefox is broke, all one has to do is uninstall it, delete the folder it was installed to, and reinstall, and job done browser working again,

the above article speaks about security, but nothing more, he doesn't seem to mention what plagues internet explorer the most, and that is, the integration between explorer and (it's added module) internet explorer, as long as these are integrated, windows is always at risk of damage, no matter what happens to firefox, the fact remains 99% of the time, windows itself is safe,

internet explorer is getting better, but when it does go wrong, fixing this browser is very difficult and has been since it's creation, and even if the user does get IE reinstalled the problems usually remain,

i also couldn't help noticing underneath the picture above it says's "Microsoft's Security Strategy Director Jeffrey Jones"
this concerns me somewhat, a article coming from such a source gives me a lot of pause.

one last thing to mention, is the fact that the day will come when MS will have to cede to a 3rd party browser being better, a company that is faced with dealing with an entire OS cannot compete with a company devoted to a single program, which leads onto this point, when MS releases a update for windows that addresses it's browser, a lot of compatibility tests has to be done before hand, because if MS screws up, then millions of PC's around the world could boot up with out a desktop, (Explorer.exe),

where as a 3rd party company designing a browser does not have this trouble, even if they screw up, worst case is the browser does not start, then all the user has to do is use IE, to download a updated version of that browser in question, and browser is fixed, no worries, MS does not have this luxury,

MS does not like loosing, and that has always been there strength, but also there downfall, i know for a fact that one day, a 3rd party browser will have more users then IE, i'm not saying FIREFOX, i'm just saying a browser that is not IE, the fact is, will MS accept this, and appreciate the fact that this is OK, and understandable for logical reasons, the fact that they have the most popular operating system on the planet should be all that matters,

Score: 0

By mjm01010101

posted Dec 1, 2007 - 10:22 PM

Also:
Almost all IE patches, all versions, require a reboot of the Operating system. This, in my opinion, is amongst the worst travesties in software design to exist in the 21st century. Microsoft has promised again and again this would stop, that fewer patches would require reboots, and it *never* ceases. Even Vista and Server 2003 require reboots more often than not when security patches are released. Seriously, this is 2007, why aren't operating systems built around this very, very inconvenient aspect?

Score: 0

By Setian^Stalker

posted Dec 2, 2007 - 5:56 PM

Hmm my windows very rarely requires a reboot after updates.
It USED to be really bad with requiring resets several times a month but almost certainly not the case these days.

Score: 0

By ConceptJunkie

posted Dec 1, 2007 - 11:30 PM

Try Linux. Unlike Microsoft, Linux has moved to the 21st century.

Score: 0

By crashoverride

posted Dec 2, 2007 - 3:34 AM

While it's true that Linux doesn't require restarts near as often as windows, but Linux also still shows its command line roots occasionally. In a world where the ignorant masses are in control of a PC this is unacceptable. Sorry to say but even with all the progress made these past few years Linux is still for admins and enthusiasts(tweakers..geeks...what ever you want to call them).

Score: 0

By Frostek

posted Dec 2, 2007 - 5:57 AM

You forget the upside of the command line.

Anyone can type in a few lines of code in from a tutorial, but the GUI method isn't always as straight forward.

I've had dozens of the people I did Windows tech support for go "Start button? Where's that? Or I haven't got a menu with that option - no - it's just not there!", when I know for a fact they weren't looking in the right place or just didn't even want to try and solve their own problems.

By that criteria Windows wouldn't have been considered ready for the desktop either.

Besides, I use linux and I *rarely* go anywhere near the command line these days. It's certainly not what I would call a requirement anymore. You could pretty much stay on the desktop all the time now if you wanted to.

Also you can thank Firefox for IE7. Those IE development guys would still be in cryogenic suspension if MS hadn't thought - "We'd better update IE6 - people are actually beginning to use this Firefox thing after all".

Score: 0

By djhayman

posted Dec 3, 2007 - 10:24 AM

Right... You think that somebody who can't find the Start button is going to have great success "typing in a few lines of code" into a command prompt?

Are you serious?!?

"You could pretty much stay on the desktop all the time now if you wanted to."

Again... For average Joe (who seems to have misplaced his Start Button), you can ONLY offer a desktop-experience at all times.

Score: 0

By methuselah

posted Dec 1, 2007 - 6:02 PM

Using the Microsoft's Security Strategy Director's logic, frequent updates to an antivirus program, to address new viruses, trojans, or worms, would also make one's computer less secure.

Fortunately, logic doesn't agree with this argument. I doubt he believes his own argument.

Score: 0

By sturgess

posted Dec 1, 2007 - 6:35 PM

Anti-virus programs are designed to protect you against Trojans, worms and new viruses and as a result need to be updated daily, a browser is for browsing and should only need the occasional tweak, not as in the case of Foxy two tweaks a week. However if it continues to require a patch a day, perhaps you could do like Windows and have patch Tuesday just for your browser, what do you think ? Wednesday for Windows and Tuesday for FireFox, looks like you are going to need your own special day the way things are going.

Score: 0

By pevernagie

posted Dec 1, 2007 - 5:29 PM

LALALALALALALALALALALALALALALALALALA

We're not listening

Score: 0

By sturgess

posted Dec 1, 2007 - 5:24 PM

Two new patches in two days don't look good for Foxy. It may update when a fix is ready, the problem is when they are working on that fix, or don't even know it needs fixing that the bad guys swoop. The more you lot praise your little browser the more folks are going to use it, and the more interested are you going to be to the Russian Mafia. I.E.7 with a goodly load of decent security will do the job and as the guy tells it you are becoming a little too risky to trust. I'm with him on this ,I've dumped your precious browser, Opera for a backup just in case and I.E.7 as the work horse.

Score: 0

By Frostek

posted Dec 2, 2007 - 6:00 AM

So... what you're saying is that your "workhorse" is of four to five times more interest to the Russian mafia than Firefox?

Think I'll stick with FF.

Besides I don't see MS IE for Linux coming out anytime soon... ;-)

Score: 0

By cbeard

posted Dec 1, 2007 - 4:57 PM

fwiw, here are some blog posts that give the Mozilla perspective on this issue:

Damned Lies and Microsoft Security Marketing
by Paul Kim, Mozilla Marketing
http://www.numenity.org/...soft-security-marketing/

Critical Vulerability in Microsoft Metrics
by Window Snyder, Mozilla Security
http://blog.mozilla.com/...ty-in-microsoft-metrics/

Apples, Oranges and the Truth
by Mike Schroepfer, Mozilla Engineering
http://weblogs.mozillazi...ic_which_suits_you.html

Counting Still Easy, Critical Thinking Still Surprisingly Hard
by Mike Shaver, Mozilla Evangelism
http://shaver.off.net/di...still-surprisingly-hard/

Score: 0

By SrKag

edited Dec 1, 2007 - 1:01 AM

You guys just don't get it. Firefox (Mozilla) is always building new browsers, version 1 was on mozilla 4 engine which IE6 and IE7 is still run on. Firefox version 2 is run on mozilla 5 /gecko 1.8.1.10 which is a whole new engine and requires all new security's which we get update for frequently just like windows does from Microsoft. Version 3 Firefox or more correctly Minefield is a new rebuild of mozilla 5/gecko 19b2 what it is right now, but again started from base line and rebuilt. Unlike Microsoft where we all know is the use old technology spiced up, add some flare and bloated code and you end up with IE7. You can snap and grip but this is all true. These are reasons why firefox seems to have security problems, but you have to know these mostly are new one not old ones. As for the memory leak issue, look at windows temp folder in the user files some of you have never cleaned that, it never cleans itself and continues to grow and grow (being a computer tech) I have seen it! and cleaned it. The largest yet 4.2 gigs !!! temp files... USE CCLEANER it works.

The only thing I use IE for is to update Microsoft.

Score: 0

By djhayman

posted Dec 3, 2007 - 10:27 AM

"Version 1 was on mozilla 4 engine which IE6 and IE7 is still run on."

OK - apart from extremely poor grammar, you are a complete retard.

You don't *actually* believe that Internet Explorer has anything to do with the Mozilla engine, do you?!?

The user-agent that IE spits out contains the words "Mozilla Compatible" - means about as much as Apple saying that Mac OS X is "compatible" with anything...

Score: 0

By Grazer

posted Dec 4, 2007 - 3:00 PM

"You don't *actually* believe that Internet Explorer has anything to do with the Mozilla engine, do you?!?"

Well, he does seem to think memory leaks have something to do files on hard drives...

Score: 0

By MikeTechno

posted Dec 1, 2007 - 11:47 AM

Wow, this guy reminds me of the Iraqi Minister of Information during the Gulf War that kept going on camera and issuing press releases stating that the "American infidels are being soundly beaten and will soon be destroyed" the whole time US tanks were rolling closer and closer to Bagdad. He kept going with that same "victory" story right up right until the moment the US troops rolled into the downtown area and he had to go into hiding with Sadam.

Amazing the lies you can convince yourself of if you tell the lie often enough, isn't it? Well, telling them more frequently and more loudly unfortunately doesn't make them more true.

This is just sad.

Score: 0

By UniversityofKentucky

posted Dec 1, 2007 - 2:50 PM

Hats off to MikeTechno. Nothing to add (except he was the minister of disinformation).

Score: 0

By SrKag

edited Dec 2, 2007 - 2:36 AM

Score: 0

By Sven123456789

posted Dec 1, 2007 - 11:23 AM

Pinocchio is laughing at this pile of horse manure. Microsoft has refused to see they have jumped the shark. Vista proved that. Not to mention IE7, WMP 11 and the other disasters coming out from Washington State.

Score: 0

By Umapathy

edited Dec 1, 2007 - 11:23 AM

More people uses the software the more bugs found and hence more bug fixes. Firefox shares have increased dramatically and I am from Sri Lanka over slow connection where Firefox Rocks and internet explorer sucks let it be with IE 7 or IE 6. After all they are providing hassle free upgrades so we don't need to care too much about this guy's statement. After all frequent updates also mean that the developers are working hard so there are frequent updates. Although I have IE 7 I use Firefox for almost all my work. One good thing about IE is that it does support multilingual domains other than that firefox rocks.

Score: 0

By Alpha258

posted Dec 1, 2007 - 10:41 AM

Firefox automatically updates you to the latest version so how could it be vulnerable?? wtf?

How could anyone even be using an older version??
Nice try at saying IE7 is better than Firefox but I don't think anyone would believe it.

Score: 0

By The MAZZTer

edited Dec 1, 2007 - 3:15 PM

I think he's referring to major version changes not automatically updating. IIRC 1.5.x won't auto update to 2.x, and 2.x probably won't auto update to 3.x. You'd have to manually download the new version if you want it.

And I guess basically Microsoft is trying to make themselves look GOOD for pushing unneeded feature and eye-candy-laden updates like IE7 onto users?

The article also fails to address lack of Windows 2000 and earlier support for IE7. They are still vulnerable and can't update! Really the only way they can be secure is to switch browsers.

To be fair, Firefox 3 will drop support for Windows 9x.

Score: 0

By jriley30114

posted Dec 1, 2007 - 5:24 PM

He does make some points that make sense but only from a biased Microsoft viewpoint.

One major flaw is that most Firefox users download the browser and install it while IE comes with Windows. Therefore, IE users are more likely not upgrade where Firefox users are and thereby more secure.

I try to give Microsoft the benefit of the doubt sometimes, but they usually disappoint me severely.

Score: 0

By cbeard

edited Dec 1, 2007 - 4:48 PM

We do offer major upgrades through the automated update facility. However, it is not forced, it an an "upgrade offer".

Most users opt-in to upgrade, and today 95% of Firefox users are on the current 2.x release.

Score: 0

By Point Zero

edited Dec 1, 2007 - 9:42 AM

This guy is just stupid.

Score: 0

By methuselah

posted Dec 1, 2007 - 9:35 AM

Shock, surprise: Microsoft's "Security Strategy Director" says his company's product is less vulnerable.

Unfortunately, it sometimes appears this type of announcement is the bulk of MS' security strategy.

Announcing frequent automatic updates for the browser is, "a problem for home-based browser users" is a great strategy...IF you want to say your own software, with less frequent security fixes, is better. The announcement is a brilliant business decision. Some people will probably believe it.

Score: 0

By c4p0ne

posted Dec 1, 2007 - 7:38 AM

Most ridiculous crock of sh*t I have read in quite a while. Not the part about IE being more "secure" then FF, but the reasons given for it. "Because it is updated less". This sounds like MS sponsored propagandian garbajjee to me.

Oh btw, FF is superior in every respect but load-time to IE Period. And with this new quad-core here, I don't notice it AT ALL. load times are literally identical now as far as I'm concerned.

As for IE security... pfwahah! That active-x garbage will always be a show-stopper for IE. And now "silverlight"? Get ready for another barrage of crap before a few dosen patches come out for the final version of THAT thing.

Score: 0

By The MAZZTer

edited Dec 1, 2007 - 3:19 PM

Firefox 2 has had 11 patches, Firefox 1.5 had a similar number. Should we count the IE6/7 patches?

Also load times are affected by addons and such. For a fair test, you'd have to measure both Firefox and IE running without any custom themes, extensions, or toolbars.

You'll be happy to hear Firefox 3 has greatly improved speed over Firefox 2.

Speaking of Silverlight, I never got that to work. I installed it and the Expression page tells me I don't have it installed. I use the installer again and it stops on a screen telling me to restart my browser. I still get the "you don't have Silverlight installed" prompt and the Silverlight installer is still sitting there looking stupid, with no way to close it. I had to kill the process. I hate Windows Installer.

Score: 0

By Neoprimal

posted Dec 1, 2007 - 6:44 AM

Read his report before you judge him harshly, that's my only advice. The betanews reporter seems a bit subjective in his journalism regarding the interpretation of the report, which really only claims (in my opinion) that FF has more vulnerabilities to fix over the same time period as IE over the years....and it's not really a claim, the figures and numbers are there (unless ofcourse they're made up, which I doubt since this guy actually has some real security experience). It's approx. 9 pages if you ignore the 'about/appendix/etc' but it's...interesting.

Score: 0

By MrFlibble

posted Dec 1, 2007 - 8:26 AM

Good comment over at ZDNET:

One line says it all.
The most telling, and understated line in the whole post.

The study did not take into account silent (undocumented) patches.

Mozilla doesn't get silent patches. When some thing's wrong in Firefox, the world knows about it. MS gets to continue to hold the cards close to their vest, in their pockets and up their sleeves. It's not a poker game if things aren't equal, and things aren't equal.

http://talkback.zdnet.co...geID=769553&start=0

Score: 0

</