Is Firefox still the safest web browser?

My 2 cents are allways based on facts

http://news.slashdot.org/story/11/0...mmunity-contributor-departs-over-bug-handling

What about yours?

 

Did you care to read the follow-up?

 

Since the 2 cents are elevated to facts ...

Is "IMO" a fact?
Is "possibly" a fact?
Is "was considered a knife in the back" a fact?

Do you know that a Google staffer (La Forge) assisted Mozilla in the migration to a six-week cycle by making a presentation? It's quite obvious (IMO, and not as a fact just because I believe it) that there are those who would like to portray the Open Source movement as crumbling and full of in-fighting. Whatever.
Is "way to many bugs are open for to long" a fact or someone's opinion, mindless parroted by bloggers and people interested in rubbishing a browser they don't even use?
"Big names" ... Another fact? Especially in view of the person's claims about his status?

Enough. I don't like making posts like this.

Edit:
And I'm aware of this "big name"

 

I have no idea why you came with the presentation example, but Google assisted with more than just a presentation:

The line between "The moon is round, the moon is yellow, it must be made of Gouda cheese" and "Where there is smoke there must be fire" is sometimes hard to distinguish. When you do not like this type of posts, don't make them I would say. Some pearls are best kept for a group of insiders who know more than the ignorent masses: measured by Firefox, this makes me an ignorent outsider since I use IE9 and Chrome.

 

So those who wish to express opinions and prejudice as fact will have a clear run.

 

For me: I now understand that VASA1 had to discend to the forum to enlighten me with the correct facts.

For (those) others : be warned you won't get a clear run

 

"Gentlemen. You can't fight in here. This is the War Room!"

 

Okay seriously, Chrome/Comodo Dragon is amazing.

As soon as I start typing the address of the site, it loads automatically.

That's how it should be! Literally no waiting time!

 

I also read on the net that Comodo Dragon is a stripped down version of Chrome and does not allow add-ons so that users will experience a safer and more private surfing experience.

 

i was firefox user but now a chrome user as i feel there is not much difference between the two in security however chrome is faster than firefox.

 

I've used Comodo Dragon, but the lack of extensions was a problem for me. It uses WebKit as its rendering engine, although that can include quite a few browsers these days. If I remember correctly I couldn't adblock with the Dragon, which was a security flaw for me for a start. I'm not saying you can't adblock with it, but I didn't figure it out. Something which bugged me with Maxthon (also has WebKit) as well. ABP works brilliantly in Firefox & relatively well in Chrome, so I'm happy. I rate the ability to utilise extensions to facilitate ease of use & efficiency of time more than just security issues to be honest. As long as there is a competent amount of secure measures it should suffice. Otherwise, if you're that paranoid, why even bother to surf the Net in the first place? It consistently fascinates me at what lengths people go to to secure their systems, often employing multiple programs, when IMHO a good AV, some browser protection & a healthy dose of common sense should be fine.

 

Another interesting update is this one in which Tyler writes about his first post (which slashdot was referring to):

Altogether, I would say that Tyler has a point but that the interpretation by "many outside of the triage" was questionable to put it mildly.

 

I can't tell any real difference between the two, speed wise, these days.

 

Agreed. Chrome starts a bit faster but that's it.

 

Ummm Firefox does not automatically load webpages up as soon you start typing on the address bar. That was a big plus for me.

As for Adblock, I've never really seen any difference with having it or not having it. I only really go to "safe" sites that I know are safe to begin with.

As for Tor not being an "official" extension of Chrome/Dragon, that bothers me plenty. Tor is just that great of an application.

I also think web browsers should just automatically include sandbox virtualization.

 

Oddly, on my notebook Firefox launches a bit faster than Chrome, especially on a cold start. Although I think Chrome is a tad faster in launching on my desktop. I'm looking forward to the stable release of 64 bit Firefox.

 

Well, there is the awesome bar I suppose.

How do you know that they are absolutely safe sites; ESP? Most infections are probably from infected flash adverts. I honestly couldn't envisage surfing without something like ABP. Which even works a bit in Chrome now! You can never totally tell just what the safety status of any of the scripts running on a page actually is. Which is a huge reason to run NoScript. The unavailability of NoScript on Chrome has been a long running debate on this thread.

I think that will be the next logical step.

 

Define "true sandbox". Explain with technical details and not what I will call "publicity perceptions", why Chrome's "isolation" is so better than IE9/10's one. I have some small evidence to the contrary, but I won't show it now, I'll wait for your answer.

If you can't (if you refuse to provide the explanation), we will have to agree that the next big thing to look in security when comparing Chrome and IE, is the phishing/malware filter, because that has the potential to protect the user from malicious downloaded files and fraudulent websites that employ social engineering techniques.

SmartScreen (IE's one) is vastly superior according to independent reviews and professional labs analysis. Not even talking about reputation scan, a feature that IE 9/10 has natively (just like many third-party download managers and security products from Symantec and Comodo, for example) and that still didn't arrive on Chrome.

 

I've already explained what a sandbox is. DW was just a bit confused that's all. Tons of users here have had the same exact confusion about sandboxing, I think one of my first discussions was explaining to someone that sandboxing =/= virtualization.

I can tell you why Chrome's is better than IE9's though.

IE9 allows read access. Chrome doesn't.

 

By the way, can you find a source on the claim you made earlier on IE9 running Flash at low integrity? I don't really think that's the case. I can't find anything on that.

 

Please, explain that better and explain why it matters. Provide some reference for further enlightenment.

Also explain why we should ignore all the other ways a user can end up infected and all the other measures that IE provides to prevent this, and that Chrome doesn't, and still rank Chrome in the top security spot.

 

IE9 uses integrity-based sandboxing. Absolutely powerful, Chrome uses the same thing. A low integrity object can read any integrity objects though. Chrome prevents this.

Why is this important? I feel like that much is fairly obvious. I don't want something being able to read every file on my system.

Is it a huge deal? Not really. But IMO read access should not be thought of so lightly though I certainly consider write access very dangerous as well.

You shouldn't.

You asked specifically about the sandbox so I replied specifically about the sandbox. As I've said in this very topic I consider IE9 and Chrome to be interchangeable when compared security-wise.

I think that for the most part the two are equal except that:
1) IE9 catches something like 6x as many malicious downloads
2) Chrome sandboxes Flash

Now if I felt that someone was more in danger of socially engineered malware attacks than Flash exploits I'd give them IE9. If I felt someone was not the type to have socially engineered malware attacks I'd give them Chrome.

 

I knew that confusion, I don't usually make it. I edited the post a bit to better reflect it.

 

Not sure if I used PE correctly to get this info, but it looks like Flash runs at medium integrity. Using IE9 x64 with latest Flash 11.0.1.152

 

When Chrome 15 comes out I hope there's another study about socially engineered malware. I believe 15 will have the new experimental phishing heuristics.