what are the benefits of firefox?

Discussion in 'other security issues & news' started by jmonge, Jan 23, 2009.

Thread Status:
Not open for further replies.
  1. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    what about firefox 3.1 beta ?never tried ito_O any coments?thanks.
    what about the regular firefox not beta?how is it?
     
    Last edited: Jan 23, 2009
  2. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    i think the biggest improvement in the beta is its speed, its apparently a lot faster with java or somethin, not sure from experience as im not using the beta.
     
  3. demonon

    demonon Guest

  4. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    thanks
     
  5. demonon

    demonon Guest

  6. Eice

    Eice Registered Member

    Joined:
    Jan 22, 2009
    Posts:
    1,413
    Security-wise, Firefox doesn't have much of an advantage anymore; it's still there but it's no longer a deal-breaking issue. In Vista, IE7 with Protected Mode and UAC provides excellent defense against silent downloads. Firefox still has a small edge, however, with its ability to block malicious sites, and with extensions like NoScript.

    The reason you will probably want Firefox for are the features, in particular adblocking, integrated download managers, mouse gestures, weather reports in the status bar, automatic webmail checking, convenient shortcuts with sites like Gmail, Facebook, etc, and a lot of other ding dang doodles.
     
  7. Miyasashi

    Miyasashi Registered Member

    Joined:
    Dec 10, 2008
    Posts:
    62

    Don't forget that every "addon" can add more vulnerabilities to your Firefox installation ;)
     
  8. demonon

    demonon Guest

    Actually firefox has allot of advantage security-wise. IE is attached to the windows core and can directly harm your system. If you drop it's right with e.g. put it in protected mode it's already allot safer. Also most drive-by downloads target IE more often because more people use it. And just for the heck of I just want to say *Opera*. If you want all the features you mentioned in the second paragraph Opera also is a good option.
     
  9. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
  10. Eice

    Eice Registered Member

    Joined:
    Jan 22, 2009
    Posts:
    1,413
    This is one of those classic myths that need debunking every now and then. Yes, IE is part of the Windows OS, but that's irrelevant as far as security is concerned: http://blogs.msdn.com/dmassy/archive/2005/03/22/400689.aspx

    Also, it has always been possible to run IE in a restricted-rights environment (e.g. limited user account) and still have it work flawlessly. IE's poor security record was due to poor design, not because of it being "embedded" into the OS. But now that those flaws have been patched and Vista introduced UAC and Protected Mode, whatever small security shortcomings IE has compared to Firefox and Opera are usually irrelevant in everyday situations.
     
  11. demonon

    demonon Guest

    Then you and I don't have an agreement whether IE is "attached" to the OS or not. But that shouldn't be a problem, I will do some more research myself.
    I think however that getting malware with a patched system and safe surfing is practically impossible. If you really want to protect yourself from malicious codes put in to legitimate websites just run IE with lowered rights or use another browser. Either way, you are pretty safe.
     
  12. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    3.1? I'm on 3.2.

    Also, yes 3.1 was made to "catch up with chrome" speed wise. Just like all the browsers are doing. Why isn't it out yet? :/
     
  13. tlu

    tlu Guest

    Three answers:
    • http://hackademix.net/2008/12/17/opera-firefox-and-ie-security-updates-all-together-all-the-same/
    • IE is tightly integrated in Windows. A couple of other system applications (like Help and Desktop) use IE. To make this possible Microsoft extended the abilities of Javascript by creating JScript. JScript is as powerful as VBS: via FileSystemObject it can open or delete files, start applications, communicate with other processes etc. Thus, it's obvious that a security flaw affects very often many other aspects of the OS. Javascript (as used in, e.g, Firefox) is much more limited as it doesn't have a FileSystemObject and therefore no direct access to your local files. And, of course, Firefox (or any other browser) is not used for other system applications - a security flaw consequently won't affect other functionalities of the OS.
    • It's not only a matter of your OS becoming infected but also about surfing-related risks like password stealing, XSS, clickjacking, Iframe injection etc. If the figures presented here are only roughly realistic these dangers should not underestimated. Having said this, blocking any active content by default makes a lot of sense. From my point of view the Firefox extension Noscript is not only the best protection against these threats on the client side (and even unique in many respects) but also the most user-friendly. The zones concept in IE is simply unusable. Even if IE isn't a less secure browser compared to Firefox if it comes to security leaks and speed of patching, it lacks usability since a strategy of blocking everything by default and easily whitelisting only trustworthy sites can hardly be implemented in IE.
     
  14. AKAJohnDoe

    AKAJohnDoe Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    989
    Location:
    127.0.0.1
    You can have multiple browsers installer simultaneously. You can even use them at the same time.

    I have had IE7, Opera, Firefox, and Chrome installed before.

    I would probably not recommend jumping onto a beta of anything to evaluate the product; go for a GA stable version for that. However, why not install Firefox and play with it for a few weeks or months and see if it is for you?
     
  15. Eice

    Eice Registered Member

    Joined:
    Jan 22, 2009
    Posts:
    1,413
    "Patch Tuesday" is a problem in theory, and I can't say I know how well that translates into practise. Two points come to mind: Mozilla too has left critical Firefox flaws unpatched for extended periods of time, and there have been instances where Microsoft abandoned its usual patching schedule and issued an "out of band" patch.

    From your description, a flaw for JScript is simply a "remote arbitrary code execution" flaw - and Firefox has its fair share of those. No JScript? No problem. Exploit a flaw that allows you to drop a binary on the target system and do anything you want, regardless of whether Firefox is "embedded" into the OS or not.

    The presence of JScript in IE hardly makes it unique. In its absence, WScript and binaries do just as well. Whether a browser is "embedded" makes no difference.

    Blocking Java(script) and Flash by default and allowing only whitelisted sites to load those elements can be accomplished as well in IE. As for XSS, IE8 (currently in beta) includes an anti-XSS filter.
     
  16. AKAJohnDoe

    AKAJohnDoe Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    989
    Location:
    127.0.0.1
    Even though this link has been posted before, it is not in this thread and appears to be germane.
     
  17. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    this link is freaking cool man thanks for info:thumb:
     
  18. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Irrelevant? Myth? Microsoft might want you to believe that. Yes, IE is a poorly designed and vulnerable browser, but because of that integration with the OS, those vulnerabilities repeatedly lead to "remote code execution" problems and a "critical" rating for the vulnerability. Instead of a compromised browser, the user gets a compromised OS. The results of that integration speak for themselves.

    "But now that those flaws have been patched"
    ROFL
     
  19. Eice

    Eice Registered Member

    Joined:
    Jan 22, 2009
    Posts:
    1,413
    Employing logical fallacies may be convenient, but they're a poor way of selling your argument. IE is "integrated" into the OS, but just because it is doesn't mean that's the reason for its poor security record.

    Besides, the "embedded" concept has been repeated so often that people often fail to define what "embedded" means at all. IE is "embedded" into Windows in the sense that part of IE's rendering engine is an OLE component that Windows uses to display things like folders, the desktop, or chm help files. IE being "embedded" into the OS does not mean you are exposing your system kernel or critical services to the Internet every time you surf using IE. As I've said, IE functions perfectly even when run in a restricted rights environment. None of its components run in kernel mode, nor does it require administrative access to the OS to function. It can remain completely isolated from the OS core and not even notice it. In this sense IE is just as "embedded" into Windows as is, say, Notepad, or Paint.

    In no way am I defending IE's security track record. I'm simply saying that the fiction that IE is weak security-wise because it's somehow "integrated" into the OS has been repeated so often that it's become a trend, a quick and easy method to attack IE even though the facts don't back up that claim.
     
  20. TechOutsider

    TechOutsider Registered Member

    Joined:
    Sep 26, 2008
    Posts:
    549
    The developers make millions by including a google search bar and depeding on you to use it. That's why I don't use FF; currently IE8
     
  21. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    who cares if they make money of it? developing firefox isnt gunna be free u know, and besides the google search bar isnt even a bad thing, its convenient, and it can be used with other search engines as well. i really dont see how this is a negative.
     
  22. IceCube1010

    IceCube1010 Registered Member

    Joined:
    Apr 26, 2008
    Posts:
    963
    Location:
    Earth
    thanks! great info in that link.

    Ice
     
  23. AKAJohnDoe

    AKAJohnDoe Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    989
    Location:
    127.0.0.1
    I use Firefox and do not have a Google Search Bar.
     
  24. ambient_88

    ambient_88 Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    854
    I believe what TechOutsider meant was that the default search engine of Firefox is Google.
     
  25. demonon

    demonon Guest

    Google used to support Firefox, but now they have their own browser they slowly are giving less and less support.

    At least Mozilla isn't driven by money completely. You can easily use another search engine without one warning prompt.
    You also can't except them to run on air alone, can you?
     
Loading...
Thread Status:
Not open for further replies.