Is Firefox really safer?

Firefox with no script & add block beats opera in being the safest browser.
That what I think.

 

You can disable script in Opera, with no add-ons.

But seriously, I think Opera is more secure because of its obscurity. As FF became more popular it became more of a focus of attacks, and the same would happen if Opera had 10-20% (doubt that'll happen) of the market.

 

Agree, but if the folks behind FF doesn´t patch its vulnerabilities then it will become a security riskware.

In Opera you can disable script, sound and .gif/.svg animation by default and then adapt and save the settings for each website you visit more often.

/C.

 

I totally agree.

 

Hello,

Yes, it is safer.

How many people got owned by a drive-by while browsing through Firefox? The answer is: 0.

The number of security vulnerabilities - that were fixed, I might add - means nothing, for several reasons:

1. Open source, means more people will be hunting for problems and trying to fix them.
2. Fixed, means they were found and plugged.

In that regard, software with no found vulnerabilities is:
- either very very secure
- has some, but have not been found / published / fixed

What you should be looking at is how many vulnerabilities a program has that have not been fixed, their severity and the time to patch. And in THIS regard, the patches are pushed quickly, leaving no room to 0-day exploits and such.

Offtopic, Firefox is nicer, faster, and has 10E53 extensions to make it do all but shine your shoes. Let's not forget Noscript ...

I agree with Rmus that the choice is irrelevant if you know what you do, but since most people don't, the choice means very much.

Mrk

 

Quick note- Opera seems faster, then firefox, IE was never on this league on any criteria you choose. Go ahead and use it it's not my problem, just don't say it's better, never was.
That's not to say they're flawless (FF and Opera). Everything has its problems. And when it's open source/ free software (FF), problems are not hidden under the rug. To the extreme, in Debian social contract

It's a great browser and a good choice (forgetting XSS), but don't do it based on that website, trust me.

Agree. I don't base my security on any browser, although i try to secure it. Even if i still used IE, i think the chance of being hit would be pretty remote since i don't depend only on patches.

 

How do you know that? What´s the source for your statement?

Since security is the topic of this thread, I would say that Opera is to prefer before Firefox today in regard of:

1. Unpatched vulnerabilities
2. Severity of the vulnerabilities
3. Timeframe from publishing the vulnerabilities to patching it

If you are using a limited user approach or a sandbox HIPS (DW, GW etc), then it doesn´t matter so much which one to use.

/C.

 

Hello,

The source of my statement is 2.5-3 years of watching hijack logs in a variety of forums, helping people I know. That's my source. You may disbelieve it or discredit it - or not.

Try it yourself. Download any hosts list, choose 100 sites at random. Go there with default IE6/7, then Firefox - on two different systems / images. Then, google for hack, crack, pron etc, try another 100 random sites. See what happens. After that, scan with whatever if you need. You'll get your answers.

Mrk

 

Some points:

- As Firefox gets increasingly popular, more vulnerabilities will be found, as it will be targeted more often. Only natural. But it is naïve to think that this argument is the only one and that Firefox will become like IE and full of holes. The open-source nature of the browser makes - in theory, at least - for more extensive testing, better coding, faster detection of bugs/breaches and faster correction of those flaws.
So far, Firefox staff has been faster than M$ at fixing bugs/flaws. And there have been less vulnerabilities found than in IE.

- Firefox has the advantage of having several extensions that can significantly increase browser security and privacy. For example: NoScript, AdblockPlus, the several cookie control extensions, the Dr.Web link scanner extension, etc... No equivalent exists in IE for this.
Firefox also has the big advantage of not being embeded in the OS. Many systems have been screwed up by this feature of IE.

- Security aside, and although there are a ton of worthless, redundant extensions, there are also some that allow things like download of embeded videos (these are in fact not needed, as there are webpages specializing in that), integration with anonymizing proxys and many more things... IE does not have this range of possibilities.

- Rmus makes a good point, of course. If a user has a properly configured system and knows what he/she is doing and where he/she is going (which seldom happens), choice of browser will be less important.

- A Sandbox HIPS like Defensewall is becoming an important consideration, for whichever browser you choose.

- With that said, IE has seen improvements in version 7, and one of the reasons is surely the pressure caused by the increasing popularity of Opera, Firefox, and other browsers.

Just some ideas.

 

With all respect, but that doesn´t say anything that Firefox, in its default setup, is invulnerable to drive-by infections of malware binaries. You can harden IE as well as FF by disabling script functionality for both, and what you have left are the vulnerabilities of "poor" design/coding. In that respect there´s no difference between any browser/software, and the only reliable sources are those that intentionally measure these issues scientifically.

/C.

 

Hello,

I claimed something. And I even bothered to suggest a methodology of testing / disproving my claim. If after visiting 200 random sites - expected and known to contain all sorts of thingies - you get drive-by hit in IE and you don't get drive-by in Firefox, then it kind of proves my point, doesn't it?

Besides, let's put the hardening aside. 99% of all users worldwide run on default settings on everything. This is the real test. Let's take the Wilders geeks out of equation here.

What happens when Joe Averagowsky takes onto the net, using Firefox 2.0.0.10 default versus IE6/7 default?

It is up to you whether to run the above test or not.

Mrk

 

I mean no disrespect whatsoever, but this is the mentality that black (and some grey) hats love! Zero? Try thousands and maybe millions. It doesn't matter what browser you use.

This thread reminds me of all the M$ vs. *nix, M$ vs. Novell, M$ vs. Apple, Symantec vs. McAfee, etc. etc. debates that have raged on for years. The problem is not the browser, operating system, firewall, anti-virus, etc. The problem is the person.

 

Well it´s not hard to figure out what will happen when browsing on compromised sites in default mode with script, java etc. enabled...
Besides, I don´t know why you challenge me to do your random surfing test, since it was you yourself that proclaimed the following:

I suggest you do your test yourself.

/C.

 

Hello,
I know the answer.
Comfy, mentality of gray / black / purple hats ... please.
It does matter what browser you use and it does matter what OS you use. But if you believe in the uber-fatalistic approach "it doesn't matter, the system / matrix / bad guys will pwn us" then you need to reassess the overall concept of computing. NIX is not Windows.
Mrk

 

No it´s not, but this thread deal with security issues regarding different browsers used on a Windows platform, thence the impact of malware binaries designed for Windows, not *nix.

/C.

 

No quibble here with this observation, and another opportunity to encourage everyone to "Adopt a user."

We all know of family relations, neighbors, acquaintances, who can "use some help" in learning safe computing.

Why not, during this holiday season, instead of purchasing a gift for such a person, volunteer to help her/him in developing a safe computer strategy?


----
rich

 

Hello,

I'm doing that all the time, helping people. Already converted 7 people I know to Firefox just the last month, plus 2 personal Linux converts ... May not be what you had in mind, but it's a way.

Cerxes, the reply regarding OS was to Comfy's post. PS, I believe I have visited more than 10,000 different adult sites in my life, and they all assuaged my eyes without hurting il mio compo.

Mrk

 

My browser security is layered, so I'm not worried :
1. Firefox fails, then security extensions will save me.
2. Security extensions fail, then DefenseWall will save me.
3. DefenseWall fails, then boot-to-restore will save me.
4. Boot-to-restore fails, then a clean archive will save me.
5. Clean archive fails, then a clean image will save me.
6. Clean image fails, then a Zero Tool + clean image will save me.
Most users don't even have 6 layers and I didn't even use my brain yet.

 

Hello,
What about earthquake, power outages, water spilled onto the comp, dog kicking the comp off the table?
Mrk

 

Thanks. I knew I forgot something.

 

That's because a majority of these exploits specifically target Internet Explorer.

In another 2 years when everyone is using Firefox, the tables will slowly turn.

Hardening the Internet and Local Machine zone will make any IE setup rock solid.

 

On one of the forums I admin on there is a scrolling script that shows the last ten post's. No matter the settings Firefox allows the script. Opera stops it. I have noticed several instances where FF allows things that Opera stops by default. I will stick with Opera and just have FF as a back up.

 

Running under vista 64 with IE in protected mode (and HautseSecure) lookes like a safer solution.

 

Hello,
bigc, please pm me that ...?
Mrk

 

Right, but it's nice to know that your browser isn't a piece of Swiss cheese. If I whitelist content with NoScript, I know that my security setup won't be triggered.

NoScript does this much more elegantly and you also get protection against XSS.