It's simply silly to say that Firefox would have "more" security holes if more people used it. That's like saying wheat becomes less nutritious the more people that eat it. In other words, hunh?!?!?!

When Netscape, Mozilla's parent FYI, had 90% market share it had nowhere near the security problems that IE has always had. It's just that simple. You can't argue your way out of the straight facts.

And even when IE had an "ease of use" advantage over Netscape, it was only because the latter was releasing crud like NS 6.0.

It's laughable for the MSFT dude to assert that interweaving a browser with the OS does NOT compromise security! Of course it does. And MSFT's endless series of "CRITICAL SECURITY" updates makes this Massy's comments even sillier.

Back in '97, there was nothing but Netscape and they were charging $50 just for the barebones browser. The "full" package cost $100! So, Netscape needed competition.

It needed competition because Barksdale, et al, just like Jobs/Wozniak envisioned their own monopoly using, in the former case, a browser to make obsolete the OS (Netscape's success would have made it the "monopoly" and a Netscape "browser" would probably cost what Windows does) or, in the latter case, a completely closed loop where all hardware, the OS as well as the apps would be controlled solely by one company (Apple).

Fortunately, both failed: from a consumer point of view. Unfortunately, as we all know, the company that won these two fights cares little for IT quality. Unfortunately for us, the victorious company's rivals completley failed to understand IT as a business.

What IT did NOT need was a slapdash, piece of doodoo whose only goal was eliminating a possible challenger to the OS paradigm. THAT was always IE's purpose--and in that it succeeded perfectly.

What it has NEVER succeeded in doing is providing a secure, technologically cutting edge browser. It's never happened. Just as 9x was inherently unstable because it was jury-rigged on top of DOS for business--in no way technical--reasons; to leverage the DOS "legacy." Again, from a business perspective= mission accomplished. From a tech/security standpoint=disastrous. The endlessness of MSFT's total disregard of security can be seen with the hundreds of security "fixes" issued in the last seven years.

Exactly how many security fixes has Netscape/Mozilla had to issue? I'll bet it's less than 100th of 1% of IE's security "releases."

If FireFox was used by as many people as IE, it would have as many known security holes, if not more, than IE.

It's all about market share and how much attention your browser gets.

People wont bother finding security in holes in browsers that wount yeild them the most victims.

It's called logic... try it sometime.

Exactly! Just like the Apache web server is known to have more holes than IIS, because it's so much more popular.

Oh, wait a minute... Never mind.

What were you saying about "idiots", again?

A Microsoft product manager said IE is not less secure! Wow, hold the phone, this is news!!!

This story is right up there with stories that begin, "According to a study, paid for by Microsoft..." This is not news, it's PR, nothing more. This is Microsoft again insulting their customers with comments like, "IE's ties with Windows are frequently misunderstood." Awwwww...poor IE, so misunderstood. I think the DOJ cleared most of that up years ago.

Microsoft has got to stop thinking that all of their customers are so stupid. Of course, as long as people buy into ad releases like this one, they will never get that message.

Massy seems to be saying "IE doesn't suck because it's part of Windows, it sucks completely on it's own merit." and then goes on call "irrational" the fear that IE exposes OS functionality to the Web, even though that has been demonstrated in a new way at least once a month for the last five years. If I didn't know better, I'd've thought ActiveX was some kind of general purpose rootkit development tool for Windows.

MS can spin and lie and spread FUD all they want. Their record on security is miserable, always has been and probably always will be. They're a monopoly; they don't have to care. They have a fairly stable system (NT), they've managed to kill off the DOS legacy... about 5 years too late, and now they can just sit back and dress up OLE with a new snazzy name and rerelease it every couple of years as the Next Great Thing. (Don't forget "dot Net", the technology so advanced that no one can actually describe why anyone would want it.) Oh, and break compatibility with older versions of Office or whatever it is they do these days to force unneeded upgrades to that bloated corpse of a product.

Is Firefox better? I think so, but it's far from perfect. However, I have far more optimism that Firefox will continue to evolve and improve while IE has been stagnant for years. As a user, IE6 is virtually indistinguishable from IE4, which came out in 1997, and that version's biggest selling point was something called "Active Desktop", a feature whose usefulness was never successfully demonstrated by anyone in the 8 or so years it's existed. Oh, yeah, it was to herald in the whole "push" content paradigm, which we were supposed to believe was some radical new approach and not just, in effect, another name for "bookmarks".

Security patches aside, IE7 will probably just be warmed over IE6 with some cheesy UI chrome hacked in by some intern one Friday afternoon between foozball games so that the marketing weenies have a few more tick marks to brag about. After all that's what the last 4 releases of WMP have been, almost nothing but successively uglier and more obtrusive "skins". Well, that and DRM, which no user wants, not even the honest ones.

MS doesn't need to improve IE. They have nothing to gain. If Firefox takes over 25% or 50% or 90% of the browser share, will it stop Microsoft from strongarming OEMs, flouting the FTC and generally beating the crap out of anyone they don't like.

Very well said!!!

Couldn't have said it any better myself.

I almost stopped reading after "IE6 is virtually indistinguishable from IE4." Dude.... get real. You're obviously smarter than that, so don't make such an incredibly false statement. I agree - what Massy said doesn't make much sense. I'll just leave it at that.

I recently stopped using Firefox (1.0.2 now) because it still can't block popups and it won't build in popular features it leaves to buggy plug-ins. And what's with the speed — every other build is slow, then fast, then slow, then fast again. NetCaptor blows the doors off of Firefox, period.

While Firefox comes across to users as a 3rd party 3rd rate web browser it does have some good points: it can read some HTML and in some cases parse it.
Security just shouldn't be an issue for users. It's like playing with fire, if you get to close to it you'll be burnt. Much is the same with browsing warez sites packed with ActiveX scripts and the like. Although "Come ON Microsoft! Make us a browser so that we can ignorantly click away care free to any consequences."

The more FireFox takes the center stage, the more it's going to pinned down with security flaws and bugs.

hahaha... that one made me laugh. =)

The more popular FireFox gets, the more flaws they are going to find with it. Talking and hyping up something will bring negative effects too... call it a sad fact about the world.

after 15 mins of reading the messages here, i still have one question.

FF or IE... thats like a neverending question.
I agree that FF has more extensions, IE has some good 'features' or whatever u call it.

I am not comfortable yet to use Linux since my knowlegde in Linux aint good yet, so im still runnin xp sp1.
i do use ad aware and norton system works 2005.
i had ff, ie and Opera.
most of the times i use opera, and it never gave me any trouble. Yeah i know the ads are quite anoying if ya didnt register... still, i find it more stable in a way than ff or ie...

i guess it all depends on the people using different browsers.
yet one question remains, why would u choose IE or FF when you could also use Opera?

just a simple question open for answers :)

I stopped reading your comment at "still can't block popups." Either you're an idiot, or you just can't figure out how to check a box (maybe both).

To be fair, people have figured out how to make popup-unders work with Firefox. I've been seeing a lot of them in the few months. I'm sure the Mozilla team or some extension writer will figure out how to block them and the advertisers will figure out how get around that. We'll see this ping-pong match going on for as long as we continue to browse the web.

Here's what I wish advertisers would learn: Animated ads are extremely distracting and the more they try to grab your attention through motion (or worse _flashing_), the more annoying they are. I don't mind ads at all, but if I see c***roaches scurrying around while I'm trying to read a news story (what moron came up with that idea?), or anything else with more than a tiny amount of movement, I will go out of my way to remove and/or block that ad. Static ads don't bug me, and in fact, I will actually look at them.

But we all know most advertsing people aren't smart enough to try to entice people with something interesting (besides sex), all they seem to be able to come up with is more ways annoy us.

Kazkokia nesamone vistiek zmones naudosis kitomis narshyklemis, microsoft ziuriu nespeja tobulinti nuo spyvare o ka jau kalbet apie kurejus puslapiu
ai nx siaip pasijungiau

First off, MS does fix most of its problems....
IE has a few open issues, but they are working on
them. Your system security isn't just with the
browser... It has to due with the whole system.
The OS ... all patches, anti-virus, spyware and
some common sense.

These days a firewall, anti-virus and spyware
tools are a must. In July-Sept. time frame we will
see IE 7. An a preview release of SP3 for WinXP ..

MS couldn't care less about IE or anything else they sell.

They been sitting on their ***** doing nothing about their browser for years except having high-priced puppets sell promises will waiting for others to create the future. Then they buy it and renamed MS-We_Invented_This(TM and Copyright). Nice gig if you can get it.

The more people download and use Firefox the more work Massy's got to do - selling promises...

Microsoft doesn't sell IE...

Where can I go to learn how to lie and get paid for it like Dave Massy does?

I thought MS won a lawsuit, something to do with allowing IE to be installed with windows because it is part of the OS - now they are releasing a stand-alone? does that mean that it is not part of the OS anymore?

They're not releasing a stand-alone browser, they're releasing an in-place upgrade that replaces the OS components in question, and only on XP SP2.

And they lost that lawsuit - but instead of a slap on the wrist, the DOJ gave them a stern... oh, who's kidding - they didn't do anything.

actually, they LOST that lawsuit, and the federal government ruled that Microsoft had to seperate MSIE as well as other applications from the operating system, and that MS had to have seperate entities for their software divisions and their os division. But in typical ms fashion, they ignored the federal government and did what they wanted to.

for the record as well, ms was under censure from the governemnt (that was the reason for the most recent anti-trust trials - because ms ignored the censure and did what they wanted to anyway.)

You guys kill me with these grandious stories you keep coming up with.. First of all, NO ONE ignores the federal government. Second, MS has not ignored ANY request. They are doing the same thing EVERY ONE else does, and its called "appeal". That the judiciary system, you can do it until you lose the appeal, THEN you have to comply. And last, Ms has removed the core components related to IE from the OS, namely Active Desktop components, which is where this whole thing got started in the first place.

As a side note, I think its interesting, that OTHER people complain about CUSTOMER suggestions. Win95 was never integrated, then a customer suggested they should because they whined about having to download a browser, updates, a calculator, a this and a that.. so MS listened to its customer base of people, like myself, that WANTED everything INCLUDED. Its called "packaging". When you buy a car, it has leather seats as an option. Do you see leather companies in your local cities complaining they didnt' get a fair chance to install THEIR leather? Of course not, because its econonmics, but MS gets attacked why? Because they consider it Anti-Trust they want to include what customers asked for.

AOL put Netscape with their online service at one point in time.. no one complained, because Netscaped sucked, AOL continues to suck, and the service is for kids..but let MS come out with an online service, and everyone screams un fair, un fair!

Walmart is doing the same damn thing. Noone wants Walmart anymore, because when they come to town, they bring everything and the local businesses will be out of business inside of a year. MS comes to town, and people think that just because they include a browser, you can't download another one. You want to use Firefox Mozilla, netscape, go ahead.. They aren't stopping you or Crippling other software. Its just stupid paranoia.

It's so funny when people get so riled up about which browser is more secure. Frankly, it doesn't matter. Maybe one is more secure, maybe they're both the same. What it really comes down to is user-intelligence. If you know what you're doing, you will almost never be infected - because you know what's a threat. The people that say "I got 20 spywares" don't realize what they're telling people about their computer knowledge.

I haven't been infected with spyware for almost a year since I started looking up info on it and finding out how to protect myself. User intelligence makes a heck of a lot more difference than what browser they're using.

It all comes down to user preference. If you like IE, use it. If you don't, use something else. There are lots of good options out there. Personally, I can't make up my mind between IE and FF. Both suit me well at different times.

Wincement, I would normally agree with you. However, you are forgetting the ads are becoming more and more prevalent. And websites have no standard for who can advertise. When you allow that nextel ad banner to appear on a page, who is to say its *REALLY* a Nextel ad? As long as they are a paying customer.. it runs, and it sits on the page.. maybe you click it, maybe you don't. I was on CNN, a paypal ad was on the page. I didn't click it. I didn't do anything, after a few seconds an error message appeard "unable to download..blah blah blah..". Website www.usaads.com/paypal/clickitads.html.. something like that. Seemingly harmless right? Wrong.. Ad-Aware caught it, I found the temporary file, and it was from paypal.. A legitimate site, but the integrated ad failed, initially.. I cleaned it, but now we have to turn off pictures, and incidentally.. This was a java app.. just as a test it did the same thing in the new netscape 8.0 beta based on Firefox.. and it still replaced the spyware.. except no error message. IE got an error, and Netscape did not.. but same result..

you may *THINK* you are safe for now..but don't give yourself false hope, like another user said Anti-Spyware/Anti-Virus/Firewall are a necessity. You can't live without them.

Question for you, are you running a spyware program? Maybe you don't realize you have spyware..I think if you check.. you WILL see some.. and if your spyware doesnt' catch it, try a different one. I will wager you have spyware, you just have not CAUGHT it.

uhhh.... obviously. What good is looking up info on spyware and how to defend yourself if you don't use it? As far as PC security, I currently have:

Ad-Aware, Spybot, Windows AntiSpyware, Spyware Guard, Bazooka, Spyware Blaster, Yahoo Anti-Spy, Guard Bar, AVG Anti-Virus, BitDefender Anti-virus, A-squared, and ClamWin Anti-Virus... all behind my Kerio Personal Firewall. I haven't had a single problem in about a year.

Like I said, I use both Firefox and IE. I use Firefox for those times when I REALLY need tabbed browsing and other misc. situations. IE is my default, but I don't necessarily use it more. I find myself using both about half-and-half now. I also use Netscape as a backup (It's rare, though).

Again, I restate, it comes down to user knowledge. Your example enforces that point. You had the knowledge to protect yourself from the threat and recognize it when it happened. BTW, those ad-tracking cookies are next to harmless.

When I look at the two browsers, they are just about the same, other then Firefox has Tabs, Find as you type, and more extensions available.

The largest difference in security comes from the fact that Firefox does not have ActiveX support.

How many legit sites use ActiveX? Not many.
How many deliver spyware/adware/Trojans that way? A large number.

I use Firefox because of the features and because it does not support ActiveX controls.

I rest my case.

And notice, most of the sites that do distribute spyware via activex are QUESTIONABLE sites, such as warez sites or crack sites linked from astalavista.box.sk or asta-killer.com! Go figure, look for cracks for software and get hacked, hmm

Dude, what is the weather like on your planet? Legit sites that use ActiveX? Gee, how about MOST of them..Most of the good sites have 3 pages, Java, ActiveX, and generic. ActiveX is THE predeminant popuplar way to distribute anything.. Not java. ActiveX is huge. Java is become more popular because its portable, where ActiveX only works on IE on windows machines, but each page detects your environment and generates the page on the fly based on the browser you are using.. so if you are NOT using IE you won't see ActiveX, but that doesn't mean its not there.

..your nickname wasn't "linuxistheft"
'nuff said.

Anyone who believe IE is secure in any way go here and read this http://bcheck.scanit.be/...page.php?name=stats2004

That means that a fully patched Internet Explorer installation was known to be unsafe for 98% of 2004. And for 200 days (that is 54% of the time) in 2004 there was a worm or virus in the wild exploiting one of those unpatched vulnerabilities.

Mozilla and the family (including Firefox, Netscape Navigator and Camino browsers) display a much shorter window of opportunity for a prospective attacker. There were 56 days (15%) in 2004 when there was a publicly known remote code execution in Mozilla and no patched release.

Oh please... I've used IE since it was first released as an add-on with Windows 95 Plus! and I have yet to experience a single legitimate hack or infection, and I run Windows Updates as soon as they're released.

Another user on this thread points out that security starts and ends with the user... if the user doesn't know how to protect themselves and doesn't read dialogs when prompted, of course they're going to get infected with crapware.

Apparently, most of you on this site don't remember the days of Netscape 4.x where they would release an entirely new download (several MB's!) every week-- a few times even within the same week-- because of security and bug issues within those versions.

Yeah, security is an issue-- keep your software up to date and don't be an idiot when you surf, and you will be fine.

I too since day one... IE user never once had a bug or a virus. I do try out other browsers don't get me wrong, but 98% of the time IE since version 3.0. Note I also have not ever had a virus, but I guess the real trick there is to know how to use the internet, out of 7 or so personal computers in my house/business only one has ever had a virus and that was my wife's fault by clicking on something she even said herself that she new better... but had to give it a try anyway DOH! hehe Even my wife is a IE user 100% of the time. And I do purchase online.

becheck does not mention which version of IE they were checking, whether it was IE6 on XP SP2.

Microsoft would have done us a favor by naming IE 6 on SP2 as IE 6.5. A fairer comparison could be made with Firefox which has had many serious problems already this year, let alone in the 2nd half of 2004.

Either

a) your systems have been secured far beyond the norm, you update immediately, and/or you're behind an excellent corporate security net.... or

b) you have no idea, and your surfing habits have been spread all over the net like a cheap hooker's legs...

Load up IE, go over to http://www.pandasoftware.com and run the active scanner... if you're clean, you're a testament to good clean surfing.

Panda antivirus is a great virus, i don't give a cent for their large amount of false positives.

another goood site is

http://www.spywareinfo.com/xscan.php

and there are tons of others.

I agree, the "level of securioty" of any windows system is extremely low and those who say they never been infected, hacked or whatnot, they are just fooling themselves as they arent as secure as they think they are or they are operating a closed system, with no floppy or cd drive.

a pc with no floppy or cd drive, wow, your smart on that one. My pc has yet to be infected or exploited running winxp sp2. And that is the truth, Not fooling myself, just stating what I have encountered, which is nothing. It just seems you anti-ms zealots refuse to believe that someone can actually have a safe computing experience on a ms platform.

Except you're not talking to anti-ms zealots.

We're (or at least, I am) an MS customer who loves windows, and is just utterly frustrated with the bulls*** security in it.

My home computer has remained clean, for the most part, through 10 years of upgrades and internet use. That's using Netscape 3, 4, IE 2, 3, 4, 5, 5.5 and 6, Mozilla M2-1.7, Firefox .3 to 1.02, Opera 2-8

I like having a choice of web browser, and I dislike that Microsoft has allowed their browser to stagnate so badly that everyone out there makes a better browser than they do.

IE is an outdated piece of crap with more holes that the average week at Krispy Kreme - which is a little better than Windows in general.

The proof is in the people who go to Best Buy, Future Shop, Business Depot, places like that, and buy a new computer.

The bring it home, plug it in, and expect security. They don't know how to fix it, they don't want to know how to fix it. They just want it to work.

I get paid $100 a crack to clean out all the spyware and crap on people's computers. When I do it, sometimes I install Mozilla, sometimes I install Firefox - and they don't notice the difference. Because it works juts as well on a new machine as IE, and better in some cases.

The result?

Machines with users that demand IE as the primary browser are repeat customers, paying $100 every 3-4 weeks to clean crap up, clean out viruses, etc.

The Firefox/Mozilla customers?

I had ONE come back, and that was because their CD-ROM failed. I checked the OS, and it was still clean.

I love IE, because it makes me money.

I love Firefox, because it gives me (and my clients) much more peace of mind.

It's one of the best anti-virus solutions out here, especially their free online scanner.

It gets a consistent 5 Star rating, and one of the highest satisfaction rates around.

That being said... I only use their online scanner, which gives me all the info I need... I don't tend to trust installed virus scanners, because far too often they've been compromised by trojans or other viruses that have rendered them incapable of detecting anything other than their own existence.

Funny, I would think a good tech support person would show you how to clean it up yourself the first time so you didnt have to come back ;-)

That's the thing - they don't want to know. :P

I DO show them how.

I install adware removal and protection software, teach them how to use it, updated anti virus, the whole kit and kaboodle.

They don't care - they'd rather pay me to fix it.

And the people who run IE do pay - the ones who run Firefox or Mozilla don't need to.

*lol* I so wish people cared enough to learn how to protect themselves, it'd make the whole security argument moot, since everyone would secure their systems, and clean out anything that creeped in.

Yeah, and safety tests for new cars less than 4 months old are unavailable until the following year, why? becuase people aren't going out and buying the newest stuff yet. that is not a good test at all. Ie has been out since what.. 94? Firefox hasn't been out long enough to make it a target, but don't get bogged down with details or get comfy. Once hackers and programmers realize people are trying to avoid them by using a different browser.. They will find you. why target less than 10% of the users? That's no fun. Go after the majority.. Just because you are in the minority does not eliminate the problem, you are just not important at the moment, so enjoy it while you can.. but you still need to protect yourself.

Amen Brother! Amen!

I run exlusive Windows XP/MS environment, and I believe its up to the user.. If you aren't staying current with updates, you are looking for trouble. The fact of the matter is, most users don't update, keep their anti-virus current, or even care if they have a firewall, its just not important. The people on this group, probably are not a good cross section of the real world people that could care less if they follow the suggested windows recommendations that updates are available.. they really don't care. the updates go ignored, and the machine dies a slow death.. Then they call me. I charge $100.00/hr. Let them get hacked, virus, and crashes.. Its making me some money! I have given up on telling people to update, its reducing my income..

So don't install updates, don't get anti-virus or anti-spyware. I say great, don't do anything.. Just keep calling me every 2 months at 400 bucks a whack to fix it. Great! That's more Vegas money.

Yeah.. its always the first point everyone makes.. "Why aren't you showing people how to fix it themselves". I do! That's the crazy part. I leave links, webpages, and a list of things to do on their desktop. The biggest laugh of it is, its 1 click, 10 minutes of their time, and its pretty much ALL automated, but they STILL don't do it.. And every week they call "should I click this update..". Yes, for the upteenth time, yes! yes! yes!! They never listen.

That's ok. Keep those calls a comin'.. cha-ching!

LMAO!!

I so wish I couldn't relate to that... but it's exactly how it goes, every time.

I'd take your claims of Firefox being more security if:

1) The latest gaping hole wasn't caused by vintage Netscape code from the 1990's

2) Every hole in Firefox wasn't also in Mozilla which is riddled with Netscape era code.

3) Firefox/Mozilla didn't have more critical security holes than IE from mid-2004 on.

Quit fooling yourselves. Firefox (security-wise) is just another Opera. Remember Opera? It was going to be the contender that knocked off IE until so many security holes popped up it became a joke.

Writing a secure browser is hard. IE on XP SP2 is huge improvement. And more secure than Firefox.

If they really do "scour" the source code, why did it take them 7 years to find the GIF exploit?

This article: http://www.theinquirer.net/?article=22024 would generally expose your arguments as false.

How much does it pay to be a Microsoft choirboy?

Go ahead an count up the severe and critical security issues for Firefox.

It will open your eyes.

http://www.mozilla.org/p...wn-vulnerabilities.html

I've seen them all - the holes in IE 6, and the response MS takes to them makes the holes in Firefox look pale in comparison.

AND... I never preached Firefox, nor suggested it in that comment - for you to bring it up is nothing but a smokescreen, because you know IE is a POS, and the only way to avoid facing it is distraction tactics.

I kept getting Ad/Spyware on my computer while using IE despite having done everything right in terms of software to protect myself and trying several combinations to no avail.

When I switched to Firefox there was a HUGE decrease in the programs (data miners etc.) that were slipping on to my computer.

The proof is in the pudding, however I think a radical change in thinking has to occur for everyone in terms of security protection. To be 99.99% protected is unacceptable if that .01% of the code damages a system.

What needs to be done with not just IE or Mozilla but all web browsers is an area that would be created on the hard drive that would hold all of the files for which ever program you wish to use and everything that is done online is held in that area. Call it a Sand Box if you wish I don't care... but any web surfing or downloading would only be associated with that area of the hard drive and not allowed - any - none - zilch - access to anywhere else on the computer. If this were done then I can bet my bottom dollar that most if not all of the problems would be fixed.
The real problem is that all of these programs inter-act with the O/S in one way or another, but what needs to be done is remove this ability from these type of programs (IE, Mozilla, Netscape, Outlook Express, Outlook, Pegasus Mail, Popcorn Mail, FTP, and many many more I'm sure) to have access to other areas of the computer. Then if your web browser becomes infected with some stupid but a simple Delete the Program Folder for that particular program and re-install it.

This is perhaps the best suggestion yet. Cooperation! What, what a concept.. alas, your browser sucks and mine is better mentality prevails. No one wants to work that OTHER company to fix the problems. Its too much trouble to get everyone to agree, so we have competing browsers, which if they would SIMPLY pool resources, everyone would win..

But we are back to square one, who gives a flip! Stop Spam and develope a standard for utilize ISP's.. That's the answer. the browser should be a dummy terminal.. doesn't it bother anyone that YOUR browser, on YOUR computer is the LAST line of defense? Think about that.. I make a webpage, sitting on a ISP server, it can send programs half way around the globe in seconds going through multiple ISP's gateways, countless hard drives, propagated over hundreds of email servers, and yet.. the BROWSER gets blamed for not stopping the flow of harmful data.

That's like saying we should all put up fences around our houses and sit on our porch with shot guns and protect our own homes, because there is no police, there is no army, there is no national guard, and there is not one else watching children and neighborhoods.

Its rediculous. The browser should be a minor issue, not the first thing people secure. Putting a dead bolt on your front door should be a last measure of defense, not the ONLY thing stopping a person with a bazooka. That's just silly.

By default, IE is entirely open to any site wishing to use it to gain control of the user's system. Unless Microsuck stop relying on activeX and focus on security and on STANDARDS, all other browsers based on non-explorer engines will be better.

Ummm, standards has what to do with security? I hate people who have this misconception. You can comply to every standard set and if you impliment it poorly you can still be insecure. Dont use standards in this argument as it doesnt hold any water

I personally feel that Firefox has less of a vulnerability, even if it's ActiveX alone. However, I feel that your negativity (calling Microsoft "Microsuck") brings some bias to your argument. It's a better debate if we can all be fair in our responses!

IE on XP SP2 is not vulnerable. I have no spyware. Attempts to load problem files are stopped with lots of warnings. Downloaded executables are permanently marked and when you try to run them you are warned again that files downloaded from the internet are dangerous. IE 7 will be even more secure.

What Firefox needs to do is take a year off, dump all the vintage code and rewrite Gecko with security in mind.

Even with Firefox not being a target it has more security holes than IE in the last 7 months.

Liar. I run XP SP2 with a hardware and software file wall ans still recieve about 20 spywares a week. At home i have a hardware firewall and run FF and I only get 2 if that a week from the browser. So stop saying lies just because you think everything thinks FF is perfect. Its not but its alot better then IE.

"20 spywares a week"?

Geeze. Quit saying yes when the the dialog pops up!

What dialog pop ups? Do you even own a computer?

No he rents one from blockbuster. You know they have unlimited rentals now?

Funny, I've run IE6 on XP SP2 since its release and have yet to be infected with any spyware (aside from what adaware considers some cookies, which I wouldnt categorize as spyware since, get this, adaware doesnt scan for with the Firefox or opera browsers (GO FIGURE)). That would be the ONLY "Spyware" i've received since sp2, tracking cookies. No installed aps, no exploits, nothing! Firefox is great and I have messed with it, but people who claim to get infected with 20 pieces of spyware a week? I would love to see what programs you have running on yer pc or what things you do with it because, as I've said, I have yet to see a single piece of REAL SPYWARE installed on my pc since sp2's inception. Perhaps you should stop using p2p programs or other apps that install it ;-) Thats what people seem to forget, its not just IE that allowed it in, but people who install apps from sources that use spyware/adware to obtain funding for their programming efforts.

I am not trying to support LinuxIsTheft here, he is obviously a complete moron (and I happen to be a big linux fan), just trying to show my personal experiences.

Oh yeah, btw, my brother (19) also browses several sites that would auto-install stuff on your pc just for browsing to the site, and he has even told me that he hasnt seen a single piece of spyware since sp2 :)

Please do me a fave. Turn off your computer and keep it under your bed, if I read one more comment like that I will be forced pound my head through the wall in an attempt to rid my brain of reading such utter ignorance in print.

You have a hardware firewall? Are you talking about your little POS linksys?! As for your software solution? Did you know that SP2 has a fairly useful firewall built in? And wait?? You see no dialogs in IE, hear is a suggestion. When you are able to figure out how to plug the various color coded cables back in to your computer grant me a small request, install SP2. You are having an EEOC issue. (For my less tech savvy friends (aka the idiot that wrote the article I am commenting about) EEOC is a common term for Equipment Exceeds Operators Capacity (I tend to give that title to the people who call me to come in to do something stupid like plug in a mouse or make sure there network cable is plugged in)

Mike Mancuso
A+, Network+, MCP, MCSA/MCSE: Security

Microsoft's XP Firewall is a POS.

As is the entire security scheme as built into XP SP2...

It was safe from attack for what - 10 minutes?

The only way to protect an XP system from harm without serious modifications is to unplug the network cable. Period.

You, as someone educated in the ways of MS, should know how badly the security in XP SP2 suffers - miles ahead of the original XP release, yes - but miles ahead of nowhere doesn't mean progress.

The XP SP2 firewall has never been compromised no matter what lies you read on Slashdot.

I don't read slashdot.

I also know that the Windows XP firewall has more holes in it than your average Krispy Kreme employee sees in a year.

The biggest hole?

It only stops things coming in, and that not so well. As soon as something is on your system, it doesn't even pretend to care...

The firewall in XP SP2 is actually quite a goof firewall for home use, while it is not at par with ISA it sure does get the job done.

I don’t have too much time, as I am late for work, but I suggest you check out this article on TechNet. It will give you an in-depth overview on how ICF helps to protect the computer.

http://www.microsoft.com...tain/sp2netwk.mspx#EEAA

I will try to come back on later and defend ICF a bit more, lol, but till then ill have to let TechNet do it for me.

Ohh yea, I did not get a chance to mention this, lol I am going to be so late.

That comment is just blatantly false in every possible way, read the article on tech net to expand your knowledge.

"It only stops things coming in, and that not so well. As soon as something is on your system, it doesn't even pretend to care..."

Why do you think it says (There is a program attempting to access the internet or open a port, do you want to let it?)

Well I am going to work, ill check back later.

Mike Mancuso
A+, Network+, MCP, MCSA/MCSE: Security

I put "" around the comment I was talking about, it could have looked like I said that uneducated comment

Also, one of the main features in SP2 was that it blocked both INCOMING and OUTGOING ports. You can read that on any site that details sp2's feature set

The simple fact it, there are always more flaws being regularly found in IE as other people aside from MS are finding flaws more and more. MS have found very few of the IE flaws and try they're best to keep them quiet to the general public, but when someone exploits the truth, they have to face facts and partially admit huge flaws, such as the huge JPEG scandal. These are real huge issues, that MS are developing coninously in this way, on such core feature of IE, and its deeply flawed.

The fact is Firefox is far from this, and that cant be denied. Any arrogant IE supporter can say all they want but these are the fundamental facts.

Any flaws have been far more minor, found by Mozilla themselves, and fixed far quicker than 80% of IE flaws, which they had to be told about. When were Mozilla last on the news with such serious security flaws such as the JPEG opening scandal in IE?

All of this from a huge giant such as Microsoft, a company with more money than the bank can handle, and they;

1) Don't realse there developing flaws when they doing them
2) Dont test to find them
3) Have to be told about them in the most public shaming way to actually get them to take action, otherwise they'd do nothing
4) It then still takes far too long to fix the problems.

On ten machines on different operating systems with IE, I ran anti spyware, security programs such as Ad Aware, Spybot, Spython, and more. There were never any less than 10 problems of spyware or other on the machines.

I loaded these computers with Firefox, being used by the same people, young, old, novice, experienced, and there were never any more than 1 spyware or other issue found.

These kinds of tests regularly proove what is plain to see. IE being linked to the Operating System of course opens the Operating System to attack, and have known many machines to be corrupted in exactly that way. It's ludacrous suggesting it isnt a problem, it is in the OS so MS can maintin market share easier, the court case out ruling MS on this is proof of that.

Add the fact Firefox does not use Active X, which is accountable for many security flaws in IE, and that IE is more well known therefore hacked more, I cannot be denied Firefox is more secure. The question is if it can maintain that as market share continues to grow. And with those basics on Firefox already said, and Mozilla's track record compared to a company that did nothing for for years, its sensible to say Mozilla are a much better bet, by far. This is apparent when google, Dell, Internet Service Providers, bit sites, US agencies, and others are all supporting Mozilla Firefox.

All of this said, and Mozilla Firefox have a spotlight on them with the growth of Firefox, and every flaw is jumped on and exploited, especially by Microsoft. Thats coming from the company who tries to keep any flaw of IE under wraps unless they have to do something about it.

MS did not seriously update IE for FOUR YEARS! FOUR YEARS! This alone is scandalous and has led to all this. That is proof they stop developing in security and features when they feel theres no need. They now decide to develop IE seriously again only now there's competition, only they are 4 years behind. That was four years of counting money, and working out how to make more, that Mozilla spent developing secure, feature full, innovative software, for the simple passion and drive of producing good, quality software. A far better incentive than making money.

There's some real arrogance coming into play which serves no place in a decent, honest, fair, open debate. If you've already made your mind up without knowing the facts, willing to listen to opinions and facts you don't know of, then take your attitude elsewhere. Can't say fairer than that. If your not willing to budge on your opinion one bit on such a huge topic of 2 browsers, then that pretty much is arrogance so leave your comments to yourself, and believe what you want if it makes you happy. But don't pretend to know SP2 is fixing the whole issue without really knowing the overall widespread effects, which of course you dont know. Ask IE, if you pay them enough they may tell you of another 1, 2, maybe 20 flaws they no about but arent fixing. Its probably a patch for on of their JPEG patches.

People are aloud to make a decision as to what browser they use. I always used IE and regularly picked up bad crap from it, even when executing caution. Simple fact is user caution isnt enough, and there more we rely on that, the worse the software gets, to the point its riddled with flaws.

Many arent even sure of the browser choices available. But for Mozilla Firefox to have near on 50 million users, approaching 10% market share, a browser that people have to make a choice to download, this bringing IE below 90% market share, then the numbers speak for themselves and do not lie.

The 10 computers I did this test on;
8 were on XP, 6 of which SP2.
Yes SP2 is a big improvement, and spyware, malware and other net picked up problems were around 30% less with SP2 on IE! Not good enough.

It was stil, for both, far far less still using Firefox! Don't argue with results. The numbers of firefox are climbing for this reason, and you cant stop it. Get over it. Stick with IE if you want, its your choice, but you cant take that choice away from someone else. Especially when you cannot know that IE is getting significantly better. Even if it is, many are right to believe not developing a browser in any serios way for FOUR YEARS, and only doing so when real competition arrives, is simply not acceptable, and evidence enough for them not to trust this product again. There fine to make that judgement, and no one can stand there and say they no it wont happen again, or its ok to not develop a browser for four years, it isnt, and theres little evidence to trust IE unless theres something in it for them. Proof is starting to work again only when there share falls.

The test was done on a variance of average web users. A child of 10 who shouldnt need a lesson on active X and whether to say yes, no, cancel to which box. Same goes for the 65 year old person I got to do the test on win 98, they're never gona learn why they should say yes, no or whatever to pop up boxes, thats even WHEN they do pop up. Which many problems on IE are as discussed silent, you only pick them up from doing maintenance, which is another thing sadly people arent educated about, arent doing, and shouldnt have to do to the increasingly necessary degree.

People both novice, intermediate, and experienced levels all had less spyware, malware, overall problems using Firefox. This is apperant again in the continuous growth of Firefox. Are those millions of people wrong? Get real and accept the fact not everyone will hold your opinion that MS IE SP2 is just fine, it ISNT. Plus, those pre SP2, or on older operating systems, they will recieve fewer if not no IE updates. Firefox updates for all operating systems, pc, mac, linux.

In any case any pop up boxes in IE if your lucky and on the right OS and SP, are not doing the job. There should either be pop up boxes for every security problem IE picks up, or not at all. The fact it MAY tell you 2 out of 10 problems, which is useless when clever silent spyware, malware is often far worse for a computer.

If pop up boxes are too so great and every child, oap, novice user should learn about active X and why they have to be careful, (not IE themselves instead) then at current rates people would be clicking boxes all day. Even if that happened its further proof IE as a browser, is just not built properly and is deeply flawed. Think of the millions who opened up JPEGs and had problems, you expect them to be careful about opening bitmaps too, just incase another flaw is found there in IE there?

Its ridiculous. The job of making software safe to use for all people, is 95% the job of the software developer, and IE have it at 50% them, and 50% the user. Well millions who don't know any better arent equiped to execute such proper caution online, shouldnt have to, and as a result are picking up untold crap on there computers, at best.

that's funny... maybe that's how it's supposed to work, but it doesn't.

Worst firewall available.

I could build a better firewall out of cheetos.

That's a common misconception, and it's Microsoft's fault. What the Windows Firewall in SP-2 actually does is allow you to specify which applications may accept incoming connections. It doesn't allow you to prevent outbound connections, per se.

http://www.microsoft.com...proviewpoint071404.mspx

"There is this idea that market share alone will make you have more vulnerabilities," Baker said. "It is not relational at all."

Gee... That's mastery in twisting the argument for sure. Of course, it will not make you have more vulnerabilities, it just means that there will be far more people out there willing and trying to find and exploit whatever vulnerability you have.

It's definitely not with that kind of spin that the FFundamentalists will gain any credibility - at least as far as I'm concerned.

Except she was clear, concise, and correct. She was forthright and honest about her perceptions. This is more than Microsoft has ever been. (ed. there are certainly honest people at Microsoft, but the spin they approve for release is very rarely)

Nothing in the world gives more credibility than that.

Anyone who considers anything coming from Microsoft credible is looking at the world through rose coloured glasses with blinders on. MS is a marketing company that markets products to make huge profit - anything else is secondary. They've always been that way, and likely always will be.

Explains why they keep getting sued and keep losing or settling...

"Market Share ALONE" (Emphasis added)

He's not saying it has NOTHING to do with Market share, but pointing out that FF has security built in that he believes would make it more secure if put on the same vast firing line IE is on.

Yes, Increased market share means increased pressure, but not necessarily increased vulnerability. IE's main gaping hole is ActiveX. FF will not even let a site install so much as a plugin/extension without first forcing the user to allow that site and then by having to accept each individual installation attempt. ActiveX has no such restraints, it's all or nothing.

As I have said before, show me someone, anyone who's gotten a rootkit through FF and I'll consider reconsidering. Till then, I will stick to excusive use of FF and will suggest others do the same. Sticking with IE at this point (pre-IE7)is asking for trouble, pure and simple.

ActiveX, believe it or not, is not out to destroy the world.

The plugins that are installed using ActiveX that YOU, THE USER, click YES and I AGREE to are what cause the destruction of your PC's security and performance, but even that doesn't bring about the end of the world.

You (and others like you) should not be such doom-sayers just because you're too incompetent to say NO once in a while. Junkware is like a drug-- JUST SAY NO. I promise... it will be OK.

Maxthon is a piece of junk... well, it's cluttered and confusing for anyone other than a tech geek, and it uses a gutless rendering engine that people seem to be clinging to like a childhood blanket full of holes.

and I know how to immunize my own system, as should everyone else here (real users don't even know what a beta IS, let along visit betanews.)

"Because IE is part of the operating system it must be exposing OS functionality to the web."

Even I could not have said this any better or made the point any more clear.

Have you ever written a program before?

writing/

Most of the comments written here seem to be written without any background knowledge. First I would like to say that I use both Internet Explorer and Firefox on a daily basis. I find that both of these browsers provide there own advantages. Neither of the browsers is nor will ever be completely free of exploitable holes.

First of all the argument that Internet Explorer is "less secure" because of ActiveX is not true. ActiveX was designed so that a full blown application could be run within the browser. Internet Explorer allows exactly this and it is a misconception that it is a "hole". This is a very powerful feature, but it can be abused. Many people who are inexperienced with internet technology accept or always allow ActiveX controls. This is a human vulnerability. ActiveX controls should be treated the same as downloading an EXE from the web and executing it on your computer. If you choose to always allow ActiveX controls it becomes a problem because any website you visit can execute malicious code on your system. However, if you choose to disable or say no to ActiveX controls from sites you do not trust, you will be at no risk. ActiveX is a feature that many companies take advantage of to run remote applications w/o a full installation. Although I believe they should only be used if it is absolutely impossible to do it any other way. Microsoft could however make the ActiveX controls more secure by default running them in a limited user account, as most people use their computers as a full administrator (effectively granting the ActiveX control full administrator rights). This is being done in IE 7 (at least that was implied). In SP2 Microsoft has done pretty well though by providing multiple warnings before executing ActiveX controls on not trusted sites. Firefox in this area has both an advantage and disadvantage. The disadvantage is that websites or intranet sites are not able to provide powerful full applications within pages w/o a full installation, while the advantage is there is not a human risk as this abusable feature is not available.

The argument regarding OS integration is true to some degree, but not really. Firefox has just as much access to the OS as Internet Explorer. They are both executables and both run in the same user account. Both browsers have the same privileges as the user they are logged into. The only reason Internet Explorer is more "vulnerable" is ActiveX controls (which as stated above are a human vulnerability). Internet Explorer is part of Explorer and other "Windows" components, but that does not give it more access rights in any way. In fact as I said before, IE7 may be designed to run in an isolated user account making it effectively a lot more secure than Firefox.

Because IE has more human vulnerability I do believe that Firefox is definitely the choice if you are inexperienced w/ the internet.

Myself, using both IE and Firefox, I have never gotten ANY spyware or viruses. I never have found a need for AntiSpyware software except to verify that I in fact had no spyware. This is just done by being aware of what not to allow (such as ActiveX controls on non-trusted websites) and being aware on how-to detect falsification (such as fake window ads). Also it is necessary to be extremely cautious when visiting high risk websites such as Warez sites. In addition it is just a matter of being on top of updates etc.

So in conclusion my recommendation is if you are inexperienced w/ the internet you should use either:
1) Use Firefox
OR
2) Use IE w/ ActiveX controls disabled.

For those who are experienced it is probably ok to enable ActiveX w/ Prompt. Other than that it is purely opinion of the user experience each browser provides which should determine which browser to use, not the security hype.

In all cases I recommend enabling automatic updates for Windows (and if using Firefox checks for FF updates often).

Both are susceptible the exploitation and vulnerability, (Firefox increasily because of its increased popularity). The fact that a 1990 bug was not discovered until Mozilla's Firefox's recent popularity proves that vulnerabilities will be discovered quicker as popularity gains.

I may sound like an avid Microsoft supporter, but the fact is I use much open source software in addition to Microsoft/proprietary software: Fedora Linux, MusikCube, FileZilla, 7Zip, Firefox etc. I also develop open source software in my free time.

Please feel free to disagree on anything I have said, I have an open view on the subject, and myself have not decided on which browser I like better than the other.

Also for those who are looking for a powerful browser that is IE based you may want to try Maxathon. If you prefer it, Firefox is also an incredible feature filled browser (not bloated though). Other options include Opera, Netscape / Mozilla Suite, etc.

All I can say is this, that is the best post I have ever seen from an open source supporter. I wish all users could be as open minded as you, most here as so anti-microsoft it makes me sick, they feel that their choice of software is the holy grail and all must agree or they are wrong. Again man, if you were a preacher, i'd give you my 15% tithe a week :) AMEN!

Well if we all lived in the perfect world where we had and used intelligence at all times your statements are true.

Unfortunately it does't work that way. ANY idiot can surf the internet with the purchase of a computer and a ISP. There is no test involved to insure that you understand the rules.

At least we require a licenses and testing to drive a car, and we still have problems with fools.

Again, great defense, take you what? 10 seconds to come up with it? Try proving your statements.

I don't buy this "human vulnerability" excuse for a minute.

You're saying MS makes a potentially dangerous technology and it's the user's fault if he doesn't take steps to turn it off? I thought Windows was all about non-technical people being able to use the computer, yet you seem to repeatedly blame the user by expecting him to understand the potential dangers of something completely abstract.

ActiveX was a kludge to try and get away with what Java had pulled off (mostly successfully), but without so much effort on MS's part. Just like with every other application they make, MS's approach to making it more "useful" is to incorporate it into the the operating system, giving it access to everything the OS can do and only afterwards go back and correct one-by-one all the countless ways it could be abused.

And somehow this is the user's fault? Get real.

One last point:

How could a "1990 vulnerability" be discovered in a codebase that only dates to the late 90's?

The Mozilla team recognizes that the browser is not, and should not be, a client-machine application development enviroment, but an instrument for retrieving and displaying content, or possibly for running applications remotely. This is the fundamental flaw in much of the thinking about the Web once it caught on big, and one to which MS succumbed in its Internet frenzy of the mid-to-late 90's.

You want proof? How about the whole basis for the existence of Windows in the first place: to make computers usable for non-technical people.

I don't know if they changed things since sp2 but when I used internet explorer there were times when Active X components were automatically installed and other times I had to pick yes or no. Two times when Active X components were installed I got viruses and the first time it happened I ended up having to reinstall my operating system.

I finally went away from internet explorer when I started into trying to keep spyware/adware off my computer but everytime I used internet explorer I would get tons of spyware/adware. Right now I am using Opera 8 Beta 3 as my browser, Antivirus Personal Edition for antivirus, ZoneAlarm for firewall, along with Adaware and Spybot for adware/spyware removal.

How my computer is setup currently I haven't had one virus and no spyware/adware for at least a couple of months now.

PS. Once wine is good enough so that I can play my games I will be abandoning windows forever and going over to Linux.