Alright, I apologize to anyone I have called a moron. I don't really mean it. I am just trying to get your hackles up and get you passionate about your answers. It wasn't a Christian thing to do. So, sorry and Merry Christmas!

Mosaic rocks! It hasn't been updated in so long it must be the most secure browser ever! AND it runs on my Windows NT 3.51 workstation, also not being updated and so therefore perfect. I AM UNHACKABLE!

Also worth bearing in mind; Firefox is a browser... period. Whereas Internet Explorer is integrated into the Operating System. Should extended support really be that surprising?

I work with repairing computers for customers all the time. I find most spyware come from ActiveX on websites that should not be trusted asking you to install ActiveX to see certain content. By the way I would rather have updates all the time for a browser and fixed sooner than Microsoft's some vulnerabilities that are still open from years ago... ActiveX itself needs to be replaced. ActiveX is IE's biggest flaw and biggest security risk compared to any other hole in the software that is a risk. I have yet to see any spyware come though firefox unless you acually download an executable willingly that has spyware in it. Firefox is alot faster than IE and a lot safer. when has Microsoft ever been anywhere near safe? Never!..

Now, you show your moronic tendencies. Active X is potentially the biggest security risk. I thought you might be slightly intelligent at that point, but then the moron in you came out and you made some great sweeping statement like,

"when has Microsoft ever been anywhere near safe? Never!.."

First, use capitals to start a sentence (every once in awhile), it can make you appear to be intelligent. Second, if Microsoft was so unsafe, I dare say there would be a mass exodus to such great systems like OSX and Linux (which I use). What's that? Oh yea, some 90+% of the market uses Microsoft products.

Need for a lobotomy=1 you=0

A resent report seen on a Mc Afee web site claimed china is responsible for attacks on individual and industrial computer networks Now national security has become a concern for U.S.A, Germany and India. Firefox, therefore, will be more relevant in the future. I prefer Firefox, It seems safer than IE,as for me,a user friendly browser. Worth mentioning Russia has been accused of involvement in Cyber warfare during 2007

option 1 ...
software is a month old
holes are known by hackers
next update Tuesday next month (maybe)

option 2 ...
software is a week old
holes just discovered
next update tomorrow

you decide

I'd rather deal with firefox issues rather than active X stuff in IE. Its so easy for a new user using IE to get their system full of malware in no time.

That's an idiotic statement. most malware comes through illicit web sites or downloads, not active x. So, a "new" user can screw up in Firefox as well.

I use both. I prefer Firefox, but it crashes more than IE7.

It may be caused not by the Firefox, but by an add-on you have installed. They are coded not by professionals sometimes. Even though FF still has a few memory leaks, I find it more stable compared to IE.

Some times it has been caused by an add-on, other times not. I have equal functionality in IE7 with add-ons, but it doesn't crash as often. Now, take that with a grain of salt when I say often. I am talking crashing maybe once a month. My point was that Firefox does it and IE7 doesn't. That being said, I still prefer Firefox, but it annoys me that people go to extremes to bash Microsoft when they don't know what they are talking about. It is a follow the crowd mentality. Use your own brain!

Well, Microsoft releases patches every month for IE6 and 7. If you count the patches for IE6 you may reach the millon, and it *is* still a pile of serious garbage. IE7 improved a bit (6 years?), but still requires useless monthly (and never ending) patches, MS released too many patches for IE. Mozilla updates the minor version number when patching, Microsoft does not, so the whole story is just BS.
IE is flawed from design (as most of their software), but even more since MS integrated with the OS back in 1997, when DOJ questioned about the forced IE inclusion into windows 95. IE was not really integrated into W95 but it was into 98. Microsoft ruined even more their security scheme just to sink Netscape.

Are you trying to say that, because FireFox's version is incremented each time they fix a bug or security issue, it doesn't count?

And because Microsoft doesn't increment the version each time, they're somehow worse?

FireFox 2 is still FireFox 2, whether or not it's 2.0.0.0 or 2.0.0.5 or whatever.

"Mozilla updates the minor version number when patching, Microsoft does not, so the whole story is just BS."

That has *GOT* to be the *DUMBEST* thing I've ever read.

Just read my comment again after waking up:

The article states
"Microsoft: Firefox users in danger due to more frequent updates"

The concept is wrong from the title, but it get even worse: Microsoft actually released more patches (updates) for IE than Mozilla for FF by a large margin, only that Microsoft does not document the changes through versioning.

Betanews should monitor articles before publishing them, they should be ashamed about this one.

Got it now?

Moron. You act like Firefox doesn't need patching. They have gone from 2.0.0.8 to 2.0.0.11 in just the last few weeks.

"IE is flawed from design (as most of their software)"

Give me a break, you show your bias right there. Like Microsoft is the great deceiver that has duped the whole world into using there products. Wake up and get your head out of your as*(that's butt for you illiterates).

mo·ron [mawr-on]
–noun
1. a person who is notably stupid or lacking in good judgment.

Great, I am glad you did manage to find an autobiographic noun in the dictionary!
Maybe now you could learn to write comments without acting as fanboy, or at least giving arguments before insulting (if your brain cannot avoid it, of course)...

I like that one, but if you had read an earlier post, you would have seen that I use Firefox.

You would have also seen that I have given arguments.

Great, a blind moron. The worst kind.

shut the **** up

That's either:

shut the f*** up or,
shut the h*** up.

Which is it?

Either way, no, but I am glad you had something to add to the conversation. It must be refreshing to come out from under your rock and practice your language skills.

By the way, that should be "Shut the **** up."

It would seem Microsoft is a prisoner of the past

most of the vulnerability s come from javascript activex and popups disable both. Pretty sad this day and age you can still take down a fairly big website with ddos even. FF still blows ie away.

"'So, according to its original schedule, Firefox 3.0 was scheduled to ship in November 2007, which meant Firefox 2.0 support would end in May 2002,' he writes."

Surely that must be an error.

I think, we should be looking at IE vs FF from many angles. First, which is most important to me, is FUNCTIONALITY and ease of use. I consider IE being the follower here. Mozilla introduced tabbed browsing first. I am using add-ins, which make FF unbeatable in comparison to IE. I could not find anything similar that can be used with IE. When it comes to deployment, I find Firefox installation/uninstallation much cleaner. It leaves a smaller footprint and does not integrate into the OS like IE does making the system less vulnerable to system-level attacks because of it.
Plus, when I download FF, I always get the latest version, and I don't have to download and install patches after the browser is installed, like in the case with IE. From the time IE is installed to the time it is patched the browser remains open to the attacks that the patch have not been applied yet.
Shorter update periods mean more proactive approach to fixing problems to me. Shorter release periods for new versions typically mean more or better functionality. The only concern that I have is that new functionality may lead to slower overall operation. As long as Mozilla can manage it, I think, I am going to stick with FF before switching to IE.
Developers can only appreciate FF conformance to W3C standards. Switching from FF 1.0 to 1.5 and 2.0 was seamless to me. After upgrading to IE7 I found more sites "broken", when the layout changed because IE7 often renders CSS differently from IE6.
Bottom line, IMHO Jeffrey Jones tried to focus on things that would be more important to a system administrator rather than to a home user. Microsoft is playing a catch-up role and tries to mask it with statements like Jeffrey's. And, many responses in this thread confirm that.

Incorrect - with IE7, you are not left "open to attacks" once you install it.

If you install a clean version of Vista, the install process downloads updates as part of the setup process.

And if you install IE7 on Windows XP, it too downloads any applicable updates as part of the setup process.

One might pose the question - if you download FireFox and always get the newest version, exactly how are you downloading FireFox? Perhaps by using an older version?!? By your logic, you're left "open to attacks" while waiting for your download to complete.

"Incorrect - with IE7, you are not left "open to attacks" once you install it.

If you install a clean version of Vista, the install process downloads updates as part of the setup process.

And if you install IE7 on Windows XP, it too downloads any applicable updates as part of the setup process."

Actually, that's optional.

OK... So would you select "no thanks" just to prove a point? Or would you, like most people, allow it to install those updates by default?

Quit your spamming, you parasite.

Danger from updates that are, by default, automatically installed on start up and updates are being checked while browsing? Is there any real reason why anyone would have to use old versions?

Basically, you are damned if you do and damned if you dont.

Just using Linux as an example here...

I know quite a few people who have slapped Linux on machines for their parents. How many of their PC's are checked routinely to ensure they have all the updates? If you come to this site you're part of the few that actually checks this kind of stuff. Fewer people are looking out for mom and pop.

True, but i think topic was about the browser and its security? Keeping the whole computer up to date is another matter.

The way Firefox updating works, you simply cant make it any easier and simpler to the "ordinary" users. Im assuming its the same way on Linux as well. Theres no manual "checking" involved and only thing you need is to choose when to do the update, now or later, when you are asked to. If you ignore this, id say that the browser security is the least of a problem at this point.

However, ive had quite bit experience with the unexperienced when it comes to this sort of stuff so i understand what you are saying. However, on Firefox's case, you simply cant make it any easier than it already is.

Hmmmm...Ubuntu alerts users to new updates and completes the process with just a couple of clicks. I believe that includes updates for the browser. Pretty simple.

That's beside the point on Linux because there is really no perceptible active malware confronting the linux system.

Besides, that is what automatic updates is for moron. You set it up in Windows and you set it up in Linux.

"Hmmmm...Ubuntu alerts users to new updates and completes the process with just a couple of clicks. I believe that includes updates for the browser. Pretty simple."

As opposed to windows' "Do you want to restart? No? Ok, I'll ask you again in a minute."

I admire the FF community for providing feedback and responding so quickly to vulnerabilities. Plus the daily builds are not meant for the average user.

That's what I'm saying. I'm glad that Mozilla puts new releases out so frequently. It shows that they are constantly busy improving their code and take pride in what they are doing. It also shows that they care about their users. A stark contrast to a company that took oh how many years to update a browser that is leaving their customers to the mercy of spyware and hackers.

He wasn't talking about daily builds moron, he was talking about released versions. The daily builds aren't official released versions.

Why do you call everyone a moron in every ****ing post you make? Insecurities? Get a ****ing life will ya

Why do you use **** often to get your point across? Do you not know how to spell the word, or is a foul mouth a way of life?

I didn't call you a moron, but that was a slip of the keyboard. I won't make the same mistake twice. If you have something intelligent to say, that you can make an argument for, more power to you, even if I disagree, at least you are coherent.

Many of these post are just making grand generalizations about the evil Microsoft bad guy.

This article is misrepresenting Jones comments. While I too have little confidence in Microsoft, he was simply stating that Microsoft is maintaining older versions of IE longer than Mozilla is maintaining older versions of Firefox. I doubt this really affects many people in the real world though.

The amount of times I fix peoples computers only to find they are running old versions of software amazes me. So I can see where he is coming from. The sasser virus, among others, shows that there are too many people running software with un-patched exploits. This is a browser is obviously playing with fire as is running p2p programs especially the kind with built in spyware.

Still ... It keeps me in pocket money, and it gets me hugs n kisses when its all running sweet again.

While it's true MS supports older version, it's because they have to. There are so many old version still in use which are not going to be updated. Why do you think they let IE7 to be auto updated on illegal XP's? Because the IE6 installations are still in majority and they have to keep patching it even if it's a pain in the butt for them.

He should have said: "You know we used to make so many crappy versions of IE and tied it to Windows and now we can't make people upgrade and therefore have to kepp patching all those crappy versions. But you know, I tell you it's a good thing!"

I've seen several commenters talk about Firefox's recent double update. I have a different take on it than I've seen here, so I'll jump in.

Simply put, the double update tells me that if Firefox has a problem, it will be fixed. As quickly as possible. Period.

I don't have that confidence in Microsoft, and honestly haven't had since I worked for Symantec--maker of the Norton Utilities--during the MS-DOS 6 debacle.

Stuff of nonsense. Firefox actively updates itself all the time... There are no unpatched version out there. if you get firefox you get eh latest version and it updates itself as well as all your plugins and addons for it if they are available at that time, which normally they are. unless you stupidly turn it off for some reason.

Point is if you want to build a distro with Firefox, have it ftp the latest build at install instead of keeping a old file in the install disc. problem solved.

IE7 is ok, but I hate the interface. it just plain is unfriendly and unnatural to use. Unlike Firefox, IE can not be completely uninstalled if you do not like it, so you are ALWAYS vulnerable to IE bugs. ALWAYS. If Firefox is not running or not being used. It can be uninstalled with no problem if there is a critical unpatched bug in it. But that has not happened so far as I have ever seen. Its always updated it self promptly on any major bug discovery. That alone makes it a far superior product in my book. All the useful plugins and addons and themes not withstanding, which I also love and prase all the time...

And heck I got a Firefox portable now too for my iPod so I can take my browser/bookmarks/plugins/ect... with me from now on. Thanks to Betanews for letting me find that gem. I can't live without it now...

Seems kinda rubbish.

Is this dude on dope? Who pays imbeciles like this to create this rubbish? MS? Think so...

I think somebody is afraid of Firefox3 :D

Could be, I tried it and it certainly frightened me. Took three hours to get my computer to start up again, still trying to sort out the mess it left. Sounds like you had the same problem then klavc ?

lol, i tried it everyday on my mac/linux/windows, no problem so far...

Its hard to imagine fx has anything to do with your core system. and it should be very easy to remove (installation folder, and profile folder)

It was definitely Firefox, a few others posted similar problems. Machine froze solid as soon as installation was complete. Had to unplug from mains to get anything, files messed up. Have got it sorted, but that is one beta I ain't never goin' near again. Did delete profile and anything I could find containing fox or similar.

Haven't had any problems with FF3 beta on XP or XP 64bit. Now Vista is another situation. Started the browser after installation and it froze the system within minutes. i had to hit the reset switch. However after setting FF3 to run under XP SP2 compatibility mode it has run without incident.

Mine freaked out too, system restore fixed that though :)

It was a beta, these things do happen.

I've been using it for a week with no problems at all.

Maybe those having problems just need to upgrade their hardware. ;o)

What a wack of BS this guy is.
I would take any software that gets updated and fixed regardless of who makes it over software that does not.

For Firefox at least it advises you that there is a update available and there is nothing to worry about with the install. No reboot needed.

I only wish that they would incorporate this type of updating in Mozilla SeaMonkey as that is my preference of a browser.

As for fighting over a browser, who cares as long as people develop their web pages using the standard of ANY Web Browser as per www.anybrowser dot org/campaign/

lots of fighting going on here.
the main point when talking about web browser security is that the more popular a browser becomes the more its going to be targeted. So all you can do is use a less popular browser or the browser that gets updated the most.

I'm not going to say IE is better then Firefox or vise versa but competition between companies makes for the best possible product in the end for the users. All companies will try to make the best browser possible to gain user base.

There is no competition. Every Windows based machine gets IE. The user may choose Firefox or something else as the default browser. But, IE is always there. The only real competition that has ever really existed is between MS, Apple, and other. Other being what is created by open source. Over the last several years, that differance has been blurred. You might say that Firefox is the competitor to IE, but it really isn't. If you could remove IE, then maybe. But, the only way to do that would be to remove Windows.

What I see when I read this is MS saying that their updates is what makes IE less secure....being that if they update it less, it's more secure.

I think the only way for one to have a TRUE peace of mind is simply to either use Safari 3 beta for Windows or just switch to a Mac and use Safari or Opera on a Mac and say goodbye to security problems once and for all. ^--^

Safari 3 beta... on Windows? Secure? You aren't serious, are you?

Within hours of release, there were already a handful of 0-day exploits available.

apple is like a amateur kid in windows market, their safari 3b can't handle 8 years old windows virus. its absolutely dangerous to use apple product for windows.

Yeah, and Apple has a bad habit of waiting several months to patch their apps, which are almost all based on open source projects. This has been a problem several times already just with their web browser, based on the Webkit open-source project, which is used on their iPhone as well. In fact, it's funny that he would use Apple in the same sentence as security, cause Apple is terrible when it comes to that.

"So, according to its original schedule, Firefox 3.0 was scheduled to ship in November 2007, which meant Firefox 2.0 support would end in May 2002,"

I had no idea that May 2002 was 6 months from November 2007. This guy is a retard.

well the one thing he doesn't mentioned that should of been mentioned,

and that is, when internet explorer breaks, it's very difficult to fix, reinstalling never works, uninstalling is out of the question, because it can't be uninstalled (because of explorer.exe), and removing the damages causing internet explorer to fail is near impossible,

where as if firefox is broke, all one has to do is uninstall it, delete the folder it was installed to, and reinstall, and job done browser working again,

the above article speaks about security, but nothing more, he doesn't seem to mention what plagues internet explorer the most, and that is, the integration between explorer and (it's added module) internet explorer, as long as these are integrated, windows is always at risk of damage, no matter what happens to firefox, the fact remains 99% of the time, windows itself is safe,

internet explorer is getting better, but when it does go wrong, fixing this browser is very difficult and has been since it's creation, and even if the user does get IE reinstalled the problems usually remain,

i also couldn't help noticing underneath the picture above it says's "Microsoft's Security Strategy Director Jeffrey Jones"
this concerns me somewhat, a article coming from such a source gives me a lot of pause.

one last thing to mention, is the fact that the day will come when MS will have to cede to a 3rd party browser being better, a company that is faced with dealing with an entire OS cannot compete with a company devoted to a single program, which leads onto this point, when MS releases a update for windows that addresses it's browser, a lot of compatibility tests has to be done before hand, because if MS screws up, then millions of PC's around the world could boot up with out a desktop, (Explorer.exe),

where as a 3rd party company designing a browser does not have this trouble, even if they screw up, worst case is the browser does not start, then all the user has to do is use IE, to download a updated version of that browser in question, and browser is fixed, no worries, MS does not have this luxury,

MS does not like loosing, and that has always been there strength, but also there downfall, i know for a fact that one day, a 3rd party browser will have more users then IE, i'm not saying FIREFOX, i'm just saying a browser that is not IE, the fact is, will MS accept this, and appreciate the fact that this is OK, and understandable for logical reasons, the fact that they have the most popular operating system on the planet should be all that matters,

Also:
Almost all IE patches, all versions, require a reboot of the Operating system. This, in my opinion, is amongst the worst travesties in software design to exist in the 21st century. Microsoft has promised again and again this would stop, that fewer patches would require reboots, and it *never* ceases. Even Vista and Server 2003 require reboots more often than not when security patches are released. Seriously, this is 2007, why aren't operating systems built around this very, very inconvenient aspect?

Try Linux. Unlike Microsoft, Linux has moved to the 21st century.

While it's true that Linux doesn't require restarts near as often as windows, but Linux also still shows its command line roots occasionally. In a world where the ignorant masses are in control of a PC this is unacceptable. Sorry to say but even with all the progress made these past few years Linux is still for admins and enthusiasts(tweakers..geeks...what ever you want to call them).

You forget the upside of the command line.

Anyone can type in a few lines of code in from a tutorial, but the GUI method isn't always as straight forward.

I've had dozens of the people I did Windows tech support for go "Start button? Where's that? Or I haven't got a menu with that option - no - it's just not there!", when I know for a fact they weren't looking in the right place or just didn't even want to try and solve their own problems.

By that criteria Windows wouldn't have been considered ready for the desktop either.

Besides, I use linux and I *rarely* go anywhere near the command line these days. It's certainly not what I would call a requirement anymore. You could pretty much stay on the desktop all the time now if you wanted to.

Also you can thank Firefox for IE7. Those IE development guys would still be in cryogenic suspension if MS hadn't thought - "We'd better update IE6 - people are actually beginning to use this Firefox thing after all".

Hmm my windows very rarely requires a reboot after updates.
It USED to be really bad with requiring resets several times a month but almost certainly not the case these days.

Right... You think that somebody who can't find the Start button is going to have great success "typing in a few lines of code" into a command prompt?

Are you serious?!?

"You could pretty much stay on the desktop all the time now if you wanted to."

Again... For average Joe (who seems to have misplaced his Start Button), you can ONLY offer a desktop-experience at all times.

Using the Microsoft's Security Strategy Director's logic, frequent updates to an antivirus program, to address new viruses, trojans, or worms, would also make one's computer less secure.

Fortunately, logic doesn't agree with this argument. I doubt he believes his own argument.

Anti-virus programs are designed to protect you against Trojans, worms and new viruses and as a result need to be updated daily, a browser is for browsing and should only need the occasional tweak, not as in the case of Foxy two tweaks a week. However if it continues to require a patch a day, perhaps you could do like Windows and have patch Tuesday just for your browser, what do you think ? Wednesday for Windows and Tuesday for FireFox, looks like you are going to need your own special day the way things are going.

LALALALALALALALALALALALALALALALALALA

We're not listening

Two new patches in two days don't look good for Foxy. It may update when a fix is ready, the problem is when they are working on that fix, or don't even know it needs fixing that the bad guys swoop. The more you lot praise your little browser the more folks are going to use it, and the more interested are you going to be to the Russian Mafia. I.E.7 with a goodly load of decent security will do the job and as the guy tells it you are becoming a little too risky to trust. I'm with him on this ,I've dumped your precious browser, Opera for a backup just in case and I.E.7 as the work horse.

So... what you're saying is that your "workhorse" is of four to five times more interest to the Russian mafia than Firefox?

Think I'll stick with FF.

Besides I don't see MS IE for Linux coming out anytime soon... ;-)

fwiw, here are some blog posts that give the Mozilla perspective on this issue:

Damned Lies and Microsoft Security Marketing
by Paul Kim, Mozilla Marketing
http://www.numenity.org/...soft-security-marketing/

Critical Vulerability in Microsoft Metrics
by Window Snyder, Mozilla Security
http://blog.mozilla.com/...ty-in-microsoft-metrics/

Apples, Oranges and the Truth
by Mike Schroepfer, Mozilla Engineering
http://weblogs.mozillazi...ic_which_suits_you.html

Counting Still Easy, Critical Thinking Still Surprisingly Hard
by Mike Shaver, Mozilla Evangelism
http://shaver.off.net/di...still-surprisingly-hard/

You guys just don't get it. Firefox (Mozilla) is always building new browsers, version 1 was on mozilla 4 engine which IE6 and IE7 is still run on. Firefox version 2 is run on mozilla 5 /gecko 1.8.1.10 which is a whole new engine and requires all new security's which we get update for frequently just like windows does from Microsoft. Version 3 Firefox or more correctly Minefield is a new rebuild of mozilla 5/gecko 19b2 what it is right now, but again started from base line and rebuilt. Unlike Microsoft where we all know is the use old technology spiced up, add some flare and bloated code and you end up with IE7. You can snap and grip but this is all true. These are reasons why firefox seems to have security problems, but you have to know these mostly are new one not old ones. As for the memory leak issue, look at windows temp folder in the user files some of you have never cleaned that, it never cleans itself and continues to grow and grow (being a computer tech) I have seen it! and cleaned it. The largest yet 4.2 gigs !!! temp files... USE CCLEANER it works.

The only thing I use IE for is to update Microsoft.

"Version 1 was on mozilla 4 engine which IE6 and IE7 is still run on."

OK - apart from extremely poor grammar, you are a complete retard.

You don't *actually* believe that Internet Explorer has anything to do with the Mozilla engine, do you?!?

The user-agent that IE spits out contains the words "Mozilla Compatible" - means about as much as Apple saying that Mac OS X is "compatible" with anything...

"You don't *actually* believe that Internet Explorer has anything to do with the Mozilla engine, do you?!?"

Well, he does seem to think memory leaks have something to do files on hard drives...

Wow, this guy reminds me of the Iraqi Minister of Information during the Gulf War that kept going on camera and issuing press releases stating that the "American infidels are being soundly beaten and will soon be destroyed" the whole time US tanks were rolling closer and closer to Bagdad. He kept going with that same "victory" story right up right until the moment the US troops rolled into the downtown area and he had to go into hiding with Sadam.

Amazing the lies you can convince yourself of if you tell the lie often enough, isn't it? Well, telling them more frequently and more loudly unfortunately doesn't make them more true.

This is just sad.

Hats off to MikeTechno. Nothing to add (except he was the minister of disinformation).

Pinocchio is laughing at this pile of horse manure. Microsoft has refused to see they have jumped the shark. Vista proved that. Not to mention IE7, WMP 11 and the other disasters coming out from Washington State.

More people uses the software the more bugs found and hence more bug fixes. Firefox shares have increased dramatically and I am from Sri Lanka over slow connection where Firefox Rocks and internet explorer sucks let it be with IE 7 or IE 6. After all they are providing hassle free upgrades so we don't need to care too much about this guy's statement. After all frequent updates also mean that the developers are working hard so there are frequent updates. Although I have IE 7 I use Firefox for almost all my work. One good thing about IE is that it does support multilingual domains other than that firefox rocks.

Firefox automatically updates you to the latest version so how could it be vulnerable?? wtf?

How could anyone even be using an older version??
Nice try at saying IE7 is better than Firefox but I don't think anyone would believe it.

I think he's referring to major version changes not automatically updating. IIRC 1.5.x won't auto update to 2.x, and 2.x probably won't auto update to 3.x. You'd have to manually download the new version if you want it.

And I guess basically Microsoft is trying to make themselves look GOOD for pushing unneeded feature and eye-candy-laden updates like IE7 onto users?

The article also fails to address lack of Windows 2000 and earlier support for IE7. They are still vulnerable and can't update! Really the only way they can be secure is to switch browsers.

To be fair, Firefox 3 will drop support for Windows 9x.

We do offer major upgrades through the automated update facility. However, it is not forced, it an an "upgrade offer".

Most users opt-in to upgrade, and today 95% of Firefox users are on the current 2.x release.

He does make some points that make sense but only from a biased Microsoft viewpoint.

One major flaw is that most Firefox users download the browser and install it while IE comes with Windows. Therefore, IE users are more likely not upgrade where Firefox users are and thereby more secure.

I try to give Microsoft the benefit of the doubt sometimes, but they usually disappoint me severely.

This guy is just stupid.

Shock, surprise: Microsoft's "Security Strategy Director" says his company's product is less vulnerable.

Unfortunately, it sometimes appears this type of announcement is the bulk of MS' security strategy.

Announcing frequent automatic updates for the browser is, "a problem for home-based browser users" is a great strategy...IF you want to say your own software, with less frequent security fixes, is better. The announcement is a brilliant business decision. Some people will probably believe it.

Most ridiculous crock of sh*t I have read in quite a while. Not the part about IE being more "secure" then FF, but the reasons given for it. "Because it is updated less". This sounds like MS sponsored propagandian garbajjee to me.

Oh btw, FF is superior in every respect but load-time to IE Period. And with this new quad-core here, I don't notice it AT ALL. load times are literally identical now as far as I'm concerned.

As for IE security... pfwahah! That active-x garbage will always be a show-stopper for IE. And now "silverlight"? Get ready for another barrage of crap before a few dosen patches come out for the final version of THAT thing.

Firefox 2 has had 11 patches, Firefox 1.5 had a similar number. Should we count the IE6/7 patches?

Also load times are affected by addons and such. For a fair test, you'd have to measure both Firefox and IE running without any custom themes, extensions, or toolbars.

You'll be happy to hear Firefox 3 has greatly improved speed over Firefox 2.

Speaking of Silverlight, I never got that to work. I installed it and the Expression page tells me I don't have it installed. I use the installer again and it stops on a screen telling me to restart my browser. I still get the "you don't have Silverlight installed" prompt and the Silverlight installer is still sitting there looking stupid, with no way to close it. I had to kill the process. I hate Windows Installer.

Read his report before you judge him harshly, that's my only advice. The betanews reporter seems a bit subjective in his journalism regarding the interpretation of the report, which really only claims (in my opinion) that FF has more vulnerabilities to fix over the same time period as IE over the years....and it's not really a claim, the figures and numbers are there (unless ofcourse they're made up, which I doubt since this guy actually has some real security experience). It's approx. 9 pages if you ignore the 'about/appendix/etc' but it's...interesting.

Good comment over at ZDNET:

One line says it all.
The most telling, and understated line in the whole post.

The study did not take into account silent (undocumented) patches.

Mozilla doesn't get silent patches. When some thing's wrong in Firefox, the world knows about it. MS gets to continue to hold the cards close to their vest, in their pockets and up their sleeves. It's not a poker game if things aren't equal, and things aren't equal.

http://talkback.zdnet.co...geID=769553&start=0

I didn't read that in the pdf file and that reporter over at ZD hasn't posted a snippet or link to the source. So I posted a comment on his blog, maybe I'll get a response clarifying if and why undocumented patches are not counted for IE - because if that's the case then that is VERY sneaky.

And what about permanent updates of XP and Vista?
I wonder in all cases what's the real meaning of the words "secutity updates". Does it always mean security for the user, or is it rather security for commercial interests even against the product stability?

I am afraid you need to read the news from other sources as well. The guy is not moron because he didn't say "Firefox users in danger due to more frequent updates". The news is reported by someone who either dislikes Microsoft or likes Firefox too much.

The guy said: In the last 3 years we released less patches for IE. But he also said: There were less vulnerabilities reported for IE than for Firefox.

And the author of this article interpreted as: Firefox users in danger due to more frequent updates

I agree it's a pretty convoluted interpretation.

you guys probably dont wanna hear this but why not use Opera which has ZERO vulnerabilities...

Ssssssssssssh.

It has fewer vulnerabilities but it doesn't have "ZERO vulnerabilities".

What do you think 9.21,22,23,24 were? I known at least 2 were security updates.

at least until it gains greater standing in the browser world.

All software has vulnerabilities. To state otherwise is ignorant.

Ah, the obligatory Opera fanboy makes an appearance..

You mean they haven't FOUND any yet. This doesn't mean there aren't any there.

This probably is indicative of it's very low user base percentage. Everyone is targeting IE and Firefox. Firefox was exactly the same way before people started using it.

Mac OS X and Linux are the same way. IIRC we're starting to see mainstream viruses and such for them though.

There is no way to tell a product is bug free. The only time you can know for sure if it is or not is when you actually find a bug.

He surely has no chances to stand against a whole firefox fanboys thread...

Wait, Microsoft is telling people more or less to steer away from Firefox due to more frequent updates???

This coming from a company that has a Website Specifically to Update their OS: (http://www.windowsupdate.com).

I'll take the once in a while few MB update from Firefox, then the 300MB Service Pack of s*** that should have been fixed before it got RTM and put on the shelf as the next Windows.

(RTM = Released to Manufacturing - Generally comes after a BETA)

Are you a moron? I bet you are. How could you compare an OS with a browser? You sound like that numb nut politician from last year made the new by trying to banned MS from release Windows UNLESS it's bug free.

You have to admit, it would have saved a lot of misery if Vista had never shipped.

Who said anything about being perfect. I can compare and OS to a Browser, after all, MS is.

Bottom line, Windows XP in it's life has had close to 300+ Patches. Think of it like you car. You buy a new car today and over the course of 5 years, you have had to take it in for service every other Tuesday and total fixes have been over 300. To a car, most would refer to it as a Lemon.

It is in Microsoft's nature to release their products when for the most part they still need a lot of work / Band-aids.

Ack, another car analogy.

A car doesn't necessarily come with bugs. Software does.

Your car (If you are old enough to drive) never had a repair / defect?

All software comes with a bug / glitch somewhere. XP has had 300+ Bug Fixes... Firefox 2.0 has had 11.

My point, would you rather have something that you had to fix 300+ times or 11?

I am old enough to drive. Your arguement sounds like a case of apples and orange (no pun intended at first). A vehicle doesn't come with the amount of bugs/defects that the average piece of software has. There are also less opportunies to exploit defects in an automobile than in software.

I would rather fix something the less amount of times; however, I don't want to be left vulnerable due to someone wanting to keep the number of patches down. "I'm sorry that your system is toast. However, you'll be glad to know that we only patched 4 times."

I hope you're not trying to compare XP with Firefox. One is an operating system, the other a web browser.

Oh, I feel so skeered...

Fark you JJ. IE7 sucks donk deek

FF release fix so often, yet, they still can't fix the memory leak problem. Have FF open for a hour, and it use like 150meg

The problem is we can't really tell whose fault this is...

Is it the browser caching 100mb of files? This would be a good, efficient use of memory if true. This means your sites will load quicker since images and stylesheets and such are already loaded into memory. After all, there's no point in having free memory... it's not being used for anything, making it useless!

It could also be a bad extension. You can't blame Mozilla for that. It could very well be a common extension that many people use!

Or to be fair it could be Mozilla's fault.

Regardless, Mozilla has worked hard to find and plug memory leaks. Firefox 3 has over 300 memory leaks fixed so far... and it's only just entered beta.

Here's another thing - I've used Firefox since 0.8 (Phoenix?) and I've never experienced these "memory leaks" people keep talking about.

Sure it can use a bit if I have 20 tabs open with lots of data in them, but I'd expect that.

Perhaps I should install a "memory leak" extension so I can join in with the complaints too? ;-)

He's a retard. Not patching known bugs means that they are sitting ducks. If someone was sniping me, I would be moving, not sitting around.

He (or anyone else) can't know the total number of bugs in a piece of software. Without that piece of information, a product that has patched 200 bugs might actually be more secure than one with 500 patched bugs. You just wouldn't know it. However, all things considered, the more bugs patched, the better. It is disengenius to claim that a product is safer just because no one felt like patching it.

Those who hang on for as long as possible will of course find themselves with unsupported software. I'm glad I don't have to support Windows 3.x (or older) and that I only know a few people with Windows 95/98.

Well ehhh, let's be honest.

FF3 won't be an "old school" version number jump where the software was almost completely redesigned or rewritten, but today don't expect that anymore because it's just an old tradition.

Version number changes tend to be from medium-weighted changes, to even the most trivial and stupid things just like new icons for the program of always.

However, most of FF3 changes are UNDER THE HOOD so the user is not gonna be able to experience them "in your face" all the time while just bormal browsing. I would recommend going to the fox's home and read about the CHANGELOG of the project.

My personal opinion on Beta1: found it VERY slow to start and sadly to browse too, and pales even more when i compare it to such speedy performance Opera 9.5 beta gives me.

My two cents. t h a r t i s t

Post v2.0: typos fixed. changelog added.

I recently saw a blog post where Mozilla is going over some new UI looks for the final Firefox 3 main window. Looks nice. Surprised me though, since I would have expected any such features to be implemented BEFORE the beta...

How stupid is this logic. I've read some dumb comments in my life, but this takes the cheese. Because its updated more, it is more dangerous. I guess i should go back to my 1997 version of Norton Anti virus, because as we all know now, these dag nammitt new programs are dangerous!!!

That was not his point, moron. His emphasis was on discontinued support for older versions.

Moron, moron...

Dumb s***. The point was that the updates highlight the security problems of the previous version and unless you keep up with the latest version, you're wide open to someone taking advantage of the exploits, especially as the code can be compared to see exactly what has changed.

When you've got 2 updates in as many weeks, people tend not to have had chance to get updated from the previous versions before the new code and are therefore more vulnerable.

Oh, that was good. You gotta do better than that.

my advice to you ppl... want a secure browser??? use a less popular one!!!

This is the most sense anyone has spoken on here in a very long time.

Safari for Windows! Yay!

Lynx FTW!

You have got to be joking! That thing had so many 0 day exploits I couldn't count them on my two hands...

Well... it does meet the criteria of being less popular... :)

*Whispers* It's still in Beta.

...Not that the final will change anything, but

*Whispers* It's still in Beta.

I was joking. I've used up my sarcasm tags, you can't have any more!

It's also a very, very dangerous assumption:
http://en.wikipedia.org/wiki/Witty_worm

I use PuTTY. >_>

Firefox just release 2.0.0.11 what a coincidence.

At least M$ is not discriminating, this guy is clearly retarded, and they still gave him a job. LOL

LOL Fantastic take on the matter!!!

I guess you would know, moron.

Oh, so I take it you're in the M$ special person program??? Do they let you use sharp pencils or do you get crayons?

That was good. I like that one.

Here goes this moron s*** again.

To be honest, IE7 has done a tremendous job of being better than IE6 in every area, especially security, and yes it is true that Firefox has had a very rough November in terms of security.

At this point, however, I see no reasons to *hate* either browser. They're both faster than any previous versions, they're more standards compliant than previous releases, and they're both very user friendly.

The bottom line is that users should use what they are the most comfortable with using, or at a minimum whatever the sites they visit the most expect. For me, that is still Firefox primarily with IETab and full IE sessions as needed.

Being better than IE6 is not a great accomplishment. ;)

In spanish, we say: "Tienen miedo (they're scary)". God, Firefox is a better browser. This is the only way that IE "could look better" than Firefox.

In Spanish we also say "Mierda del torro" (bullsh*t), moron.

I suggest a new word of the day, MORON.

Holy sh*t, they let this hobo play director of security strategy?

So because the monthly security updates for MSIE from Windows Updates are not labelled as different versions, MSIE is allowed to claim that they have a longer lifecycle per version? That's ridiculous.

"So, according to its original schedule, Firefox 3.0 was scheduled to ship in November 2007, which meant Firefox 2.0 support would end in May 2002," 2008 perhaps?

And the world moves on. What would you rather have? An up to date browser that supplants many of the features of a $400 OS and $400 Office system, or an OS that asks you to confirm what you just did. every. time. you. do. something.

I couldn't say it any better myself

lol

Since when does a browser 'supplement' an OS? I don't see any browser performing most of an OS's duty. A browser is a browser.

It's amazing how many people read articles differently.

"...but shorter lifecycles mean more people may still be running an unsupported version and be exposed."

Nice spin - very nice use of the word "may". I also like the "found and fixed" stuff.

this guy is retarded

agreed. I mean, just look at him

What a pertinent comment,moron. I am sure there are those who would look at you and say "I flush bigger than this."

A somewhat tortuous argument. I somewhat suspect that the people who are concerned about updating IE are the people who have built it into their corporate software environment and who have to spend months testing new versions before updates are applied. Firefox is just a web browser and can be updated without any worries. Or am I missing something?

Umm... does IE download your update in the background the same day it's released and then install no matter what, the next time you restart the browser?

No?

You can't even pretend to believe in this argument if you look at the way Firefox handles updates.

Anyone still using Firefox 2.0.0.9?

Anyone?

Eh, already at .11

:D

Freeware projects always seem to have faster release cycles, and it might go to show that they aren't as thorough, but I have faith in Mozilla. I said it was too soon to release FF3 in November like they originally planned, and I think early next year is STILL to early.

Meanwhile, those of us who are plenty happy with v2 are left in the dust...Only the most minute updates...

I agree that early next year is still too early for FF3. I think they realized they were rushing though, and I'm sure it will be "delayed" again.

Meanwhile, those of us who are plenty happy with v2 are left in the dust...Only the most minute updates...

Isn't that they way it's supposed to be on the same version? The only reason you should release a sub-version update is for bug-fixes, security, and performance enhancements.

Any new features should go in the next version, like FF3 =)

Yeah, Jeffrey Jones! LOL

FF3 sounds like v2.5 so far, which I'm happy about - I love the increased speed and all, but don't see anything BIG that would distinguish it from v2.0.x. If they add in the new UI elements, that would be a cheap way to dress up the fact that it's a major revision code-wise but not for the end user.

FF3 better be damn good. I want to be as excited about it as I was v2...more than that.

For me, the BIG thing of FF3 is the zoom feature. I have been running Opera, because both IE and FF are impossible to view on a monitor running 1600x1200. IE has a very limited font size increase, and FF2 even with PageZoom and TextZoom extensions does not display right on ill formed web pages.
FF3 zooms the whole page, and so far (running beta 1 since it came out) all pages display correctly at any zoom factor. That one feature is worth the price of admission...

*Whispers* You're asking the wrong type of people in here.

It can, moron.

I can almost buy into his claim, they are rushing development quite fast, and could most certainly do more work to perfecting FF2. Heck, I would settle with a v2.5, but that's how they go with planning nowadays, enough striking features that they make a v3, but I think they could do much more for version 2, really. It's around 1.5 years for each fresh revision of Firefox if they continue at this rate, but Microsoft's 6 years is ridiculous. 6 years of the crap that IE6 was all for IE7 to be a total crap pile.

"Mozilla found and fixed 56 vulnerabilities for Firefox 2.0 (13 of them rated "high"), while Microsoft found and fixed 17"

Yeah, and if they had a user system for reporting security faults, and if they listened to Secunia, they would see the dozens more holes IE7 has.

You make the mistake of assuming that Secunia has a clue about, well, anything.

"Yeah, and if they had a user system for reporting security faults, and if they listened to Secunia, they would see the dozens more holes IE7 has. "

...just the same as Firefox.

The important point to see here is that fixing more vulnerabilities can be spun either a good way or a bad way. When spun a bad way, you can claim that product is worse quality. When spun a good way, you can say that your bug fixing team is faster, more efficient, and are better at finding and fixing even smaller problems and pushing the fixes out to the users who need them. And at the end of the day, THEY are the ones with a more secure product.

Its probably never occured to anyone that Microsoft may not want hackers and the like to know what the vulnerabilities are thats why they keep the updates "secret?"