FireFox wanting to Update more and more...

I'm also amazed, but I'm not going to discuss this in English, waste of time.
I'm not complaining about Firefox, I use it myself and Firefox didn't have so many patches in those days as now. If the bad guys weren't so interested, there wouldn't be any patch at all.

 

Hello,

Making high quality software is not dependent on what "bad guys" want. If I were a Mozilla developer, I'd want my browser to be the best, even if no one ever wanted to exploit it.

solcroft, software cannot be perfect and must have problems - save BSD.

Correcting problems is a good thing, the more the better.

I'll give you an example:

I wrote some 15,000 lines of code in Matlab at my previous work place. This was a tool for data collection and analysis. I thought it was perfect.

But when I showed it to my audience of some 15 engineers and physicists, they started commenting on little bugs, problems, glitches, algorithm errors, etc. So I started fixing those.

I made my code better.

If no one cared or no one saw those lines of code, my product would have supposedly been bug-free, when in reality it would have been less good than it was as a final product.

The same goes for Firefox. Each update / patch is an improvement.

Mrk

 

Who ever said that patching was bad and hearing this from you is very strange.
Recently you said to me that patching Windows was unnecessary and was the same as installing M$ spyware.

Now you say that patching is very good, is it because you are in a different mood or what ?

 

Yep, I suppose you can choose to describe Firefox the way you do - a hobbyist program riddled with errors that needed fixing when it got released to the public because it was written in a slipshod manner.

On the other hand, I can name you browsers that do much better than constant leak-plugging, and updates contained more new features and fixes than security vulnerability patches.

Firefox is getting better - only because it has a long way to go and catch up.

Safest? Still waiting for you to back that up, though I have this suspicion I'll be waiting a mighty long time.

 

Hello,

Erik, patches are supposed to improve reliability, quality, security, yes. But ...

Often, MS patches come with extra features not originally included in the software, which not only supposedly improve the software - but add things you do not want and need. If MS patches were merely fixes - then I'd have no problems - but they also add a new layer of reduced control to the user.

Furthermore, I said the patches were unnecessary for YOU - with your setup that includes FD-ISR, ATI, AE, DW and so. I did not say the patches were unnecessary for everyone. And I was specifically talking in regard to the WGA spyware.

So let's not mix apples with macs.

solcroft, your way of looking at things is wrong. You cannot use the guilty until proven otherwise method. It doesn't work. Like saying Airbus 380 is less safe than Boeing 747. Until you show the number of accident one vs. another your claim is empty. But you could say A380 is the best. Until those accidents happen, you're right.

I say X program is the best. Until someone proves it is not so, my claim stands. It does not work the other way around. To say it is the worst, you have to give proof for your claims.

Therefore, my proof is the lack of your proof. Until you can show effective working proofs that Firefox is a sieve of bugs and exploits, you are merely guessing and venting your fears.

You need to provide many effective working exploits that have not been patches in order to justify your argument. Since there are none such - there have been some proofs of concept and have been all promptly patched - my claim stand.

BTW, if someone wants to use the fanboy argument - I claim the same for Opera.

But an exercise in safe computing, I invite all Firefox users who have been infected this way or that to present their cases and show how it happened. I seriously doubt people will flock and say: I just visited this site, lol, and got infected. Most of the time they will download execute and install crap but happen to have Firefox on the comp, just one in a series of random apps they happen to be using.

Mrk

 

Claiming what regarding Opera?

/C.

 

Hello,

That you won't get hit by a driveby using either of these two. And that they are uber-vastly superior to IE. And that all would-be exploits and proofs-of-concept have all been patched quickly.

And that this won't happen if you use them:
Visit a page, leave, pwned.

Mrk

 

The reason for me to choose either Opera or Firefox before IE, is for the fact that they aren´t integrated in the OS as IE which IMO is better from a security view if an exploit is detected. The reason for me to choose Opera before Firefox is my assumption that Opera is better designed/coded from a security view than Firefox. My sources for this assumption is primely Secunia and SecurityFocus.

Your assumption that either Opera or Firefox are vulnerable to drive-by infections could be challenged by the fact that it holds as long as it concerns attacks exploiting vulnerabilities in the poor designed/coded program. But since there are for example drive-by malware scripts that can be executed regardless of which browser you are using, then one may question your statement.

/C.

 

Hello,

I welcome the challenge in the best sport of professionalism, hobbyism and whatnot.

Please let's do this in two ways:

If you are not convinced in my claim: Open any hosts list, visit any 1,000 sites listed there - choose at random. See what happens. I'll tell you - absolutely nothing.

Second: try to locate a working known exploit that will defeat Firefox or Opera. Answer: I doubt you'll obtain them that quickly - or they will work for a version 1.5 for FF or 8 for Opera.

Finally, regarding the bad guys:

The more people focus their attention on your product, for better or worse, the higher the chance you will work harder to improve the product, harden the security, polish the bugs.

Think about it! Without the "bad guys" none of us would be here, talking about security. That's called evolution. Rise to the threat and overcome.

Obscurity has nothing to do with it.

A product that does not change, evolve - cannot get better. Patches are good, very good.

Lastly, someone claimed that if FF were to grab a major slice of the market it would become swiss cheese ...

Well, my answer is very simple: Noscript. Defeats any market. It's Lynx style in one click.

Cheers,
Mrk

 

I've been writing software for over 30 years now and and come to the conclusion that for any piece of software the number of bugs can be expressed mathematically:

NUMBER OF BUGS IN TOTAL = NUMBER OF BUGS ALREADY FOUND + 1

 

Yes, that's like claiming you're the smartest, most charming person on the planet until you're proven otherwise.

You're so obviously not a law student. Ever wondered why there are laws against quack marketing? Ever wondered why people aren't allowed to sell flour pills as miracle sex drug better than Viagra and Cialis combined until they can prove that it works? And no, people not dying from eating those said pills doesn't constitute as "proof".

My evidence is the changelog, posted on the Mozilla website for all to see. I'm still waiting for yours. "Safest"? Come on, get real.

Wrong again. You're effectively saying that anyone can claim anything and it must be true until proven otherwise; this has nothing to do with guilt and innocence, this has to do with vague, empty claims with no substance to back them up. You're saying that, by the same logic, someone can proclaim himself the ruler of the world because he was preordained by some omnipotent, all-powerful cosmic deity, and the whole world needs to bow down to him until it can find evidence that this deity doesn't exist and/or this deity never gave any such order. You're just relying on nonsense, and it looks like it's working, because this nonsense is so ridiculous I'm not sure how to refute it anymore.

Or let's just put it this way so you can hopefully understand: you need to provide evidence that every other browser ever created is less secure than Firefox before your absurd claim can be taken as true, otherwise other browsers are "innocent until proven guilty".

Firefox is not a sieve of bugs and exploits? What further proof do you need other than the changelog? You rely exclusively on the fact that you haven't heard of an exploit that works - how does that prove that Firefox has no exploits, or is anything near the safest browser at all, given the list of bugs and exploits that even the developers themselves admit exist? The fact that you haven't heard of a working exploit for Firefox is perfectly compatible with the fact that Firefox is a sieve of bugs and exploits (as evidenced by the changelog), i.e. it proves nothing in favor of your standpoint, and your other argument is just a load of nonsense.

I'm still waiting. For what looks set to be a very long time.

 

Could you name a couple please? If your so inclined.

 

They are.... would probably be better if they perfected the existing version first before plowing onward to new heights....

 

Hello,

solcroft, since your argument is the changelog - and it's supposed to be a bad thin, in your opinion, I find it impossible to present any reasonable counter-argument that would convince you.

Therefore: you win. Use IE. And everything will be ok.

I'm off to download more porn through FIREFOX, as I have been doing these last many years ...

Mrk

 

It's sad that you insist on turning this into a fight where one person wins and the other loses. All I was doing was to make sure you do not continue to spread irresponsible, unverifiable and misleading comments and declare them as fact - that was all.

 

Read here the difference, and why the updates:
http://news.zdnet.co.uk/security/0,1000000189,39291344,00.htm?r=1

You have to sink in the fact that free software/ open source is something fundamentally different from closed source.

 

Open source software - anyone can obtain a copy of the source code and then manufacture something to exploit it

Closed source software - nobody can view the source code and exploits still are created.

Doesn't seem to make any difference to me.

 

You haven't read Karl Popper, have you? An interesting reading is http://en.wikipedia.org/wiki/Falsifiability

 

Interesting link. Another eye-opener is http://www.heise-security.co.uk/news/100013

 

Does this have anything to do with the issues discussed here, or did you just feel like chiming up with something without much regard to whether it's relevant at all?

An eye-opener indeed. As an early adopter of Phoenix and Firebird, I can remember the days when the developers claimed their browser was more secure because it had far less security flaws than IE. Now that this lie has been completely and utterly disproved via a scientific, statistical tally, the fanboys and developers alike are rushing the claim that there are actually numerous other bugs in IE that Microsoft never told anyone about! but so kindly informed the Mozilla team/fanbase about so they knew these bugs existed. Ingenious... an eye-opener indeed. What will they come up with next?

 

Solcroft.. far from us to try and discuss this with MS fanboys either...
Boy is this getting silly.

 

What, that anyone is even dreaming of considering the possibility that, contrary to the myths, Firefox might not be the final word in browser security?

To be fair, the claim was true back then that Phoenix/Firebird was safer. But times change, and this fact is now coming under increasing doubt. Personally I still recommend Firefox to some friends because 1) they cannot or don't know how to apply security patches for Windows/IE, and 2) they're newbies who balk at how some pages look slightly different in Opera. But that might change in the very near future.

 

Some here fervently pray at the alter of Firefox.

 

Never said that.

 

Pedro and tlu,

I found your links both interesting and helpful.

While the discussion has been interesting. I never intend this to be a winners losers match between different opinions by various participants.