Is Firefox really safer?

Discussion in 'other security issues & news' started by solcroft, Nov 27, 2007.

Thread Status:
Not open for further replies.
  1. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    I was just parsing through the release notes for the new Firefox version, when I noticed Mozilla had built up quite a list of security vulnerabilities itself.

    http://www.mozilla.org/projects/security/known-vulnerabilities.html

    With the amount of people discarding IE in favor of Firefox as part of their security setup, I'm beginning to wonder how wise this really is, especially since I haven't heard of any new vulnerabilities for IE for quite a while now. With Automatic Updates turned on, it seems that IE7 provides comparable security to Firefox - many good ol' classic exploits that triggered the IE scare are long gone and don't work anymore - while guaranteeing website compatibility.

    I use Opera myself while installing Firefox to my friends. I'm not particularly inclined to suggest they switch back to IE yet, but I'll have much more reservations about recommending Firefox from now on.

    Thoughts?
     
  2. Xenophobe

    Xenophobe Registered Member

    Joined:
    May 26, 2007
    Posts:
    174
    No, Firefox isn't much safer than Internet Explorer (And it's slower.)
     
  3. Rickk

    Rickk Registered Member

    Joined:
    Jan 9, 2007
    Posts:
    49
    Isn't Firefox faster (while being as safe or probably safer) than IE while surfing on most sites?
    That already is a big plus imo.

    On my machines, ebay and Yahoo, MSN, are definitely slower to respond with IE.
     
  4. Xenophobe

    Xenophobe Registered Member

    Joined:
    May 26, 2007
    Posts:
    174
    No, Firefox has higher requirements. I think that says enough.
     
  5. dNor

    dNor Registered Member

    Joined:
    Oct 3, 2007
    Posts:
    212
    Location:
    Irvine, CA, USA
    Not using Active-X is the primary "security benefit".

    IE has never run faster than Firefox on any machine I've used it on, and most likely never will.
     
  6. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Firefox runs ActiveX too. The Mozilla people just call it "extensions".
     
  7. Xenophobe

    Xenophobe Registered Member

    Joined:
    May 26, 2007
    Posts:
    174
    Internet Explorer runs faster for me (I use Opera);
    so I guess it varies?
     
  8. dNor

    dNor Registered Member

    Joined:
    Oct 3, 2007
    Posts:
    212
    Location:
    Irvine, CA, USA
    Adding functionally with a plugin can't get much different than running ActiveX by default, which was my point in terms of security benefits.

    Opera definitely runs the fastest on my machines. :)
     
  9. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    It must've been a while since you last used IE, because that's not how it works anymore since quite some time ago.
     
  10. dNor

    dNor Registered Member

    Joined:
    Oct 3, 2007
    Posts:
    212
    Location:
    Irvine, CA, USA
    Trust me, I wish that were the case. ;)

    ActiveX is prevailent in IE7. Asking for permission on an unsigned control doesn't equate to "not running." When you handle clients who click on just about anything, you realize the annoyace options can cause.
     
  11. Xenophobe

    Xenophobe Registered Member

    Joined:
    May 26, 2007
    Posts:
    174
    Same for me. :cool:
     
  12. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    If you have clients, I trust you can easily configure system policies to block ActiveX. Not to mention that this behavior you describe is not fundamentally different from (and hence not any more dangerous than) Firefox's extensions.

    Also, I'm talking about home users, if it helps...
     
  13. dNor

    dNor Registered Member

    Joined:
    Oct 3, 2007
    Posts:
    212
    Location:
    Irvine, CA, USA
    As with most networks, it's not always that easy. Some require ActiveX, which is why they have permissions.

    Like I said, not supporting something at all and having to visit a website to install a plugin is quiet different than having the technology built in. Such a difference that Firefox is allowed nearly network-wide while IE7 requires different permissions as I mentioned.

    ActiveX was my only point. Firefox has security vulnerabilities left and right and "safer", while a passable term, is sketchy.
     
  14. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    I don't know how secure Firefox is Out Of the Box, but it has the advantage that you can add some extensions to increase it's security, like NoScript.
    I saw this page on somebody's signature (www.firefoxmyths.com), where they say that Firefox isn't safer and isn't faster than IE.

    I don't know if you can trust what is stated at that page, I still use Firefox because I like it better, and I like extensions.... as for security, NoScript+Linux+safeSurfing will do it for me.
     
  15. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,741
    Location:
    New York City
    If you're a malware write and want to get the most 'bang for your buck' you'll target IE. That doesn't mean FireFox is safer. Only that less people use FireFox than IE.
     
  16. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    You can't install the plugins you need and configure IE to block installation of new ones? That's news to me.

    Extensions is "built in" into Firefox the same way ActiveX is "built in" into IE. From a practical viewpoint, there's no difference between the two, except for the malware author who has to sniff what browser you're using to correctly serve you an xpi extension or ActiveX plugin.
     
  17. dNor

    dNor Registered Member

    Joined:
    Oct 3, 2007
    Posts:
    212
    Location:
    Irvine, CA, USA
    With IE? Sure. This also has nothing to do with our network, as that wouldn't solve anything. Rest assured our network's security is doing well, with both IE7 and Firefox. ;)


    ActiveX isn't built in to Firefox, nor officially supported. This is touted as one of the security benefits. Security vulnerabilities where a website or program attempts to load an ActiveX extension into Firefox and then execute it wasn't my point. Disagreeing with the inclusion of it or not wasn't my point either, nor was my network security. Just pointed out what Mozilla says. :)

    http://support.mozilla.com/kb/ActiveX would be a great read.
     
  18. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Looks like we're not talking the same point. My point was that despite Firefox not supporting ActiveX, it supports extensions, which can be exploited just the same way as ActiveX.
     
  19. dNor

    dNor Registered Member

    Joined:
    Oct 3, 2007
    Posts:
    212
    Location:
    Irvine, CA, USA
    NPAPI vs. ActiveX would be different than what I'm discussing. Pardon my apparent misunderstanding.

    Mozilla's take on NPAPI is interesting and reliant on mozilla.org, which still has security vulnerabilities. As I said, Firefox has its own mess, only ActiveX isn't one of them and Mozilla likes to point it out. Firefox's usage of NPAPI would still be "safer" than IE's inherent ActiveX, although "safer" is again a gray shade.

    Work and Roboform are the only things causing me to use Firefox in the first place. :)
     
  20. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Thanks for that page. I'm recommending Opera from now on.
     
  21. dNor

    dNor Registered Member

    Joined:
    Oct 3, 2007
    Posts:
    212
    Location:
    Irvine, CA, USA
  22. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    If one has a sound security strategy and user policies in place, the choice of browser is irrelevant.


    ----
    rich
     
  23. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I use Firefox, because I like it, not because it isn't safe or safe or safer.
    I like my Forecastfox extension alot more than my NoScript extension.

    DefenseWall HIPS or any other similar software (like Sandboxie) is supposed to stop anything bad, caused by Firefox. If DW fails to do so, my boot-to-restore will fix it.
     
    Last edited: Nov 28, 2007
  24. chaos16

    chaos16 Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,004
    I use Firefox coz i really like it.

    Though i always thought Operqa was the most secure then Firefox and then IE.

    I was always thought Firefox was more secure than IE.


    Firefox is more up to date than IE.
     
  25. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    One day Opera will look like a Swiss cheese and will need as many patches as Firefox does. Three years ago Firefox was the safest browser, nothing could touch it and now they have to patch Firefox regularly to close its holes.
    History repeats itself, so Opera is the next target, than another browser and another browser. That's why I keep Firefox, because changing from one browser to another is useless.
    Besides that, Firefox is a browser, not a security software.
     
Loading...
Thread Status:
Not open for further replies.