digg

Facebook Connect Join Digg About

Mozilla scoffs at vulnerability study rating IE superior to Firefox

arstechnica.com A report by Microsoft security researcher Jeff Jones has thrown down the gauntlet by releasing a report that challenges the assumption that Firefox is inherently more secure than Internet Explorer. Mozilla takes issue with Jones' methodology and Microsoft's lack of transparency.

Who dugg this? Made popular Dec 3, 2007

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

181 Comments

show profanity settings
expand all
  • metric152, on 12/03/2007, -7/+99The important thing to me is that FF doesn't allow drive by installs from websites. It might have more bugs than IE, but none of them have lead to spyware installs on my machine.
  • chris9902, on 12/03/2007, -31/+116Of course Firefox is more secure. It takes up all your computer resources so malware can't run
  • leksdraven, on 12/03/2007, -7/+75Jeff's numbers are correct. Nobody should doubt him. The point that is made in the article by Mozilla is that the numbers themselves lie. Microsoft combines several vulnerabilities into one report/update. Jeff only counts the one report. Meanwhile, Mozilla scrupulously reports every single vulnerability--even the bugs that COULD be something worse, fixed as a precaution to make Firefox even more robust. Jeff counts these as well.

    Not to mention the fact that his timeline coincidentally begins AFTER SP2 was released.

    Just saying...
  • TheAttacks, on 12/03/2007, -22/+80*tisk tisk* Microsoft must be on proud ass company. Instead of admitting someone has a better product, or trying to improve theirs, they just create FUD.
  • Dan1, on 12/03/2007, -5/+57When there is a vulnerability discovered, who responds with a patch the quickest (or a patch at all)?
  • jordanau, on 12/03/2007, -8/+55What happened is the guys used excel to calculate the bugs for Firefox and google speadsheet for IE.
    IE ended up with 850 x 77.1 = 65535 bugs and
    FF ended up with 850 x 77.1 = 100,000 bugs
  • inactive, on 12/03/2007, -9/+43He fails to mention how IE ***** blows for web design, its javascript interpretation is spotty, etc etc etc. Its the only NON standard browser in the biz.
  • skrowl, on 12/03/2007, -8/+40Memory occupied by FF can't be used by Viruses! Brilliant!
  • codyman, on 12/03/2007, -7/+39I'll take the speed (especially the new firefox 3.0 builds) and spyware near-immunity (I have used firefox ever since when it was called phoenix... yet to have received a virus / spyware from it...) over IE any day...
  • akkibaba, on 12/03/2007, -3/+35We don't want to see data by either Microsoft or by the Mozilla Foundation. We need a clean, independent study that is peer-reviewed.
  • EserVerx, on 12/03/2007, -0/+25So um... Firefox is less secure because they actually admit when something is wrong with their product? Just because Microshaft hides it's problems, it doesn't make them better.
  • Jareth86, on 12/03/2007, -2/+24The cake was a lie.
  • inactive, on 12/03/2007, -1/+19Mozilla is pretty fast.
  • NuchDog, on 12/03/2007, -4/+22The difference is that I can look at the FF code and find security holes. Despite the fact that I have no IE source to look at, there are still an abundant amount of holes.
  • VitriolAndAngst, on 12/03/2007, -1/+18Without VB Script and ActiveX -- well, THEN they might have an equal footing. But Internet Explorer is like putting a steel door on a glass room -- the fundamental problem with this assertion is ignoring the entire system.
    So, until IE removes those HUGE security holes, FireFox is more secure.
  • canthraxp, on 12/03/2007, -0/+16"A report by Microsoft security researcher Jeff Jones..."
    They lost me there.
  • frostbyt, on 12/03/2007, -4/+19IE = Support for Spyware
    FireFox = No support for spyware + adblock with auto updates

    Firefox wins.
  • davidrools, on 12/03/2007, -6/+21nice icon. it's a good representation of your impartiality and objectiveness. oh and nice sources/proof of your claims.
  • Smwbigboss, on 12/03/2007, -6/+20See also: "Get the Facts" campaign
  • Nightfall, on 12/03/2007, -0/+14I have to agree with you. No software is bug free or vulnerability free for that matter. Both browsers are tools and both very usable the way they are. So why not use either tool for the job? This coming from someone who loves Firefox, but I have had crashes and instability with both browsers that I have used them both in certain circumstances.

    IMHO, there is too much of the fanboy attitude going around as of late. It has become as strong as a religion at times. If you dont subscribe to that OS or method of thinking, then you are going to burn in hell. From the general attitude that religion is bunk around here, that kind of attitude surprises me. I would think more and more people around here would be more open minded when it comes to a choice of OS or browser. Instead, its like the crusades all over again, which is a tragedy. As someone who uses both Ubuntu and Windows XP, I see great promise in both of these products. Same goes with Firefox and IE. Both have distinct advantages and disadvantages. So why not just use both and get the best of both worlds instead of chastizing people who choose to use only one. Or, for that matter, claim you are using the best and everyone else is a moron.

    Its a retarded method of thinking.
  • tmpuser, on 12/03/2007, -2/+15In the words of Maddox... Here comes the clue train! Too bad the last stop is you. This isn't about fanboyism. It's about Microsoft trying to pass off an apples-to-oranges comparison as a legit study. When Firefox's dev team encounters a bug or vulnerability, they count it the same way as if the vulnerability were reported by a security researcher or by the media. Microsoft, on the other hand, only counts bugs and vulnerabilities that get caught as "fixed." Therefore, Microsoft has far more bugs than they report; they just keep quiet about them. Firefox devs announce ALL bugs they fix, including ones no one but the developers know about.
    This was all mentioned in the article, by the way. Or did you just come to troll? (If so, your troll-fu is weak indeed!)
  • bebopredux, on 12/03/2007, -1/+13"Microsoft’s Trustworthy Computing group"

    Yeah, right.
  • CrackyJSquirrel, on 12/03/2007, -1/+13Regardless of security problems.. Because all software is going to have them. You have to ask, which browser is better at finding, fixing and updating the problems they encounter? As well, firefox is just better because they actually know what being standards compliant is, while microsoft likes to think they are the standard and does what they feel like.

  • trogdoor, on 12/03/2007, -2/+14I think you should look more at the comment someone makes rather than their icon to try to determine their objectiveness... then again I may be a little biased ;)
  • chris9902, on 12/03/2007, -0/+12oh come on dude I was just having a laugh. We all know FF uses a lot of memory but FF3 looks to plug a lot of those holes (giggity)
  • OddTSi, on 12/03/2007, -28/+39Well, here's a question for everyone that's going to make a knee-jerk anti-MS post: are they really wrong and can you prove it? I've seen this story posted on several sites and the response from the anti-MS people is always the same but no one provides any proof that the data has been doctored. Apparently the data was gathered from publicly available sources, so if people are so sure MS is lying why doesn't someone else tally up the data and post the real results?

    I'm not being an MS fanboy, I'm just saying that there tends to be a lot of negativity towards MS whether warranted or not and usually it's just a matter of opinion. In this case it's a matter of publicly available facts, so instead of just jumping on the bandwagon post some proof (if it exists) that MS is lying.
  • chrisu, on 12/03/2007, -3/+14Maybe MS should make IE open source the same as firefox, then we'll see how many defects are found
  • Beakerz, on 12/03/2007, -0/+11Yeah, when i downloaded firefox (back in 2004 i believe) i had no idea about the addons.... the addons just made it that much better :D
  • natenovs, on 12/03/2007, -2/+12thats the silliest thing i've ever heard.
  • annoia, on 12/03/2007, -0/+10The similarity is that you don't look at either of the two products' codes...
  • VitriolAndAngst, on 12/03/2007, -10/+20To be fair, IE is built into the OS so it's pretty hard to find out what resources it uses.
  • astrotrain, on 12/03/2007, -0/+10"Jeffrey Jones, a researcher and the Security Strategy Director at Microsoft’s Trustworthy Computing group."

    Never use Microsoft, Security, and Trustworthy in the same sentence, unless you want a killer joke (aka Monty Python reference).
  • bitspace, on 12/03/2007, -6/+16It's a reputation Microsoft have earned. Nobody takes them seriously because for sooooo many years they've produced nothing but buggy insecure garbage.
  • chaoswings, on 12/03/2007, -2/+11Well if you load it up with add ons of course firefox will be slow....and the same goes for IE. Also what kind of a PC are you running? I see far too many times people complaining that their PC's are slow in the mean time they have 100 files on their desktop and 20 programs running in the system tray that they never use.
    I don't make a case for security but rather that the add ons are far better then what's on IE at least for MY needs. In the end it's all down to which you find easier for you to use.
  • DiggLive, on 12/03/2007, -9/+18IE 7 doesn't let software install automatically. Protected mode on Vista is even better than IE 7 on XP.

    All the crap about Internet Explorer and Windows being horrible stems from the popularity of Windows 98 through Windows XP before SP2. I only use IE 7 on an XP SP2 machine, only using the Windows Firewall. Occasional run of KAV 7, and it never finds anything.

    Case in point, Windows isn't as bad as it used to be. They've done a lot of things to improve the security of their OS and browser. Failing to the differences between IE 6 and 7 make you look completely retarded.
  • inactive, on 12/03/2007, -3/+12Doesn't matter. This study is biased based on the fact someone from MICROSOFT MADE IT.
  • konforce, on 12/03/2007, -3/+12This may be correct, but until someone recalculates Microsoft numbers, we don't really know. Would the difference be enough to bridge the gap? If you really want to defend Firefox, then you've got to run the numbers to see.

    But personally, I view security from a different angle: which product / platform has the fewest exploited vulnerabilities? I realize obscurity and apathy aren't defenses, but I'd rather be more safe in practice than in theory.
  • inactive, on 12/03/2007, -2/+10Yep, makes my job easier.
  • inactive, on 12/03/2007, -5/+13You failed to mention what the ***** that has to do with the study.
  • grapesofbaath, on 12/03/2007, -3/+11All I know is I went from tons of pop-ups and a trojan or virus at least once a month with IE, to no unwanted pop-ups at all with Firefox's AdblockPlus and only one trojan in two years.
    And that is all the evidence I need.
  • astrotrain, on 12/03/2007, -1/+9Thanks... you should start a cell phone text service.."Joke of the Day", you seem to know some good ones like above.
  • coldpockets, on 12/03/2007, -5/+13Why not refute his point rather than just digg him down? I don't see anything wrong with it, the browser has very limited access to the system, controlled by the OS. Certainly some hyperbole, but clearly a point that wasn't addressed in the post he was replying to.

    This is the attitude that really hurts the OSS community. Unwillingness to acknowledge faults in their own products and learn from the competition. Quick knee jerk reactions that MS is always doing the wrong thing don't help anyone.
  • rolosworld, on 12/03/2007, -1/+9ok, but Murphy's law states that your FF crashed just after submitting your comment.
  • N00F, on 12/03/2007, -10/+17Too often has IE (6.x and 7.x) crashed on me, leaving me frustrated. I have been using FF for years now and I have YET to have it crash even once.
  • astrotrain, on 12/03/2007, -0/+7They put exlax in the cake from what I understand that prevented the programmers from coding for a few days while they were on the john.
  • Onyxblaze, on 12/04/2007, -0/+7you deserved it
  • gudnbluts, on 12/03/2007, -0/+7Correction, the most advanced, powerful and secure browser that still can't handle CSS Level 2.
  • credence, on 12/03/2007, -0/+7see also: Massive Black, Inc ( http://massiveblack.com/mbNew/frontpage.html ) and their semi-witty logo.
  • TeagueSterling, on 12/03/2007, -3/+10It isn't related to the study at all, but designing for IE is such a pain just seeing the name makes you want to complain about it.
  • inactive, on 12/03/2007, -2/+9great sarcasm
  • Fetching more discussions...
    Show 51 - 100 of 182 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.