jpagel |
I have been using firefox now for about 6 months compared to IE…Yes firefox is more secure, but with the release of SP2 IE become a lot more secure with the pop up blocker function, stopping the ability to auto download active x from certain websites, but then certain websites will put up that you have to install the active X to continue, the nice thing about firefox is that it will bypass that…there are already security holes in Firfox that are getting fixed with their new versions that they post up, but yes as the post above said there will be new browsers out that will fix that, unfortunately the SPAM world sucks and they will never stop, all of their machines should be be hacked and fried…
dvord2569 |
IE is too integrated into the OS. This is the primary reason it’s so insecure. Putting another web browser on might make your browsing more safe, but it doesn’t mean you should stop patching IE.
I subscribe to SANS, and every month I see a new vulnerability in Firefox. Most of them are because it has to interface with the OS and in turn could interface with IE, rather than a flaw with Firefox itself.
In the long term, Firefox could make the web security problem worse.
A. Users will quickly assume they should install Firefox and they’re safe, but that’s not true at all. We in the IT community know that, but it’s the end users who contribute more to the problems which insecure systems allow, not the systems themselves.
B. Important IE patches might be neglected, which in turn make Firefox vulnerable.
C. Firefox will have vulnerabilities. IE and Windows already have vulnerabilities. Adding Firefox increases vulnerabilities.
Microsoft needs to get hauled before court again so that a qualified programmer can explain that the web browser DOES NOT have to be tied in so closely to the OS that it cannot be removed. It’s preposterous that argument was accepted, and we’re paying for it today with all the IE vulnerabilities.
Flexo1 |
Firefox is starting to show its vulnerabilities now that more people are using it. As more use it, hackers will begin to target it. Right now I prefer Firefox, but have lately noticed the “pop-under” ads that now appear when I use it. The “pop-under” is a recent development, showing that advertisers, at least, are interested now that people are swithcing to Firefox. I think it may be a case of Firefox becoming the next “IE”.
bobkberg |
I’ve been experimenting with Firefox for the last 8-9 months, and have come to several conclusions.
1) It’s not a bad browser in and of itself, and is inherently more secure than IE, but….
2) There are many sites I’ve visited (NOT counting windows update) which use plug-ins which do not “play” well with firefox - high among these are Java enabled sites, but any application specifically written for IE is going to have trouble.
I recommend to my customers that they use firefox for casual browsing and note any problems they have - and if so, then try IE, Netscape, or Opera.
One bright note: Microsoft has “apparently” learned their lesson about blocking (or distorting) non-IE users from msn.com after the last Opera “Borking” episode… 
Bob
VietBob |
I’m not exactly unbiased, I’ve hated IE all along - when I gave in to Windows (bought a Win98 computer to replace the stable, reliable DR-DOS/DESQview/Telemate system) I immediately installed Netscape Navigator. As that began to bload and bog down, I discovered Opera, and have been a satisfied user for many years now.
That being said, I’ve installed Firefox as my alternate browser (for the occasional important site that won’t play with Opera). I’ve been using it for several months now, and while it hasn’t thrilled me enough to become my default browser, I do find that about 80% of the time I hit an Opera-antagonistic site, Firefox works. Sadly, there remain a handful of critical sites that won’t work with either.
As systems roll through my shop, I’ve started adding Firefox, setting it as the default browser (Opera isn’t enough of an IE-clone to win over people who’ve known only IE), installing the shortcut on the desktop renamed “Internet”, and removing the IE shortcut from the desktop.
Because IE is still “needed” at times, because some applications will launch IE regardless of the default browser, and because some users will change back to IE (if not actively, then when faced with the daunting “Oh, my, IE is not your default browser!!!” dialogue), it is essential that IE continue to be patched regularly.
As was pointed out above, Firefox is rapidly gaining use and will therefore be targeted increasingly by crackers and spammers, so it’s certainly not a complete solution. Still, it deals much better with malicious sites than does IE, and the Firefox interface is close enough to IE’s to pacify users weaned on the blue e… (hm, maybe I’ll change the Firefox icon to the blue e and see if they figure it out…)
Meanwhile, I’m tinkering with Slackware Linux and KDE and considering that platform for our older computers - they certainly can’t run XP, but they aren’t really ready for the scap heap yet…
-Bob
cptrelentless |
Opera is a much better browser than Firefox. It’s faster and the interface looks a hell of a lot nicer. Opera has had a built in pop-up blocker for years, it had mouse gestures, impersonation, tabbed windows etc and I don’t see anything truly useful that Firefox brings to the table.
Meesha |
I’ve been using FF for quite a while now. It wasn’t because of the insecurities of IE just the fact that my little shop is not a MS everything organization. In fact, I’m almost converted to MS nothing. I have three servers - 2 are Linux/Apache/Tomcat and 1 is Win2000. I have 40 desktops - 38 Linspire and 2 Windows XP. I will say that WinXP is okay but not as good as Win2K for the desktop. And I don’t want to be committed to the MS licensing structure and upgrade/update when MS see fit. I have several proproietary applications on the two desktops/1 server Windows that do not follow the schedule of MS. The developers have not confirmed as yet that the applications to be operational on Win2003 servers. However, these, like my shop are moving to Open Source/Open Standards and we all know how MS handles this - NOT! My choice of FireFox has never let me down yet. We have been more stable, less pop-ups/pop-unders than ever with MS. Will we stay with FF? Only time will tell. But I can say this with assurity that we will never go back to MS IE/Windows due to the licensing, costs, security and proprietary nature of Windows and MS as a whole. We don’t want to go back to the days of single vendor solutions that once they have you signed up you’re stuck for a very long time - anyone remember WANG?
rageje |
I made the switch before the security issue came to light. After seeing a presentation of it capabilities, I switched because it was a better match to the way I do work. Things like tabbed browsing and an organized download function are what converted me.
As far as security and hackers, I’m sure that will happen, but the FireFox community will respond. Maybe the fact that is is a community and not a single company may work in its favor.
UncleG |
I have been using Firefox for a couple of months now and am very pleased with it, I wouldn’t say I’m a particularly heavy user though so cannot comment on which is better.
What I don’t understand however is this: One of the main benefits of the internet browser in the first place was to allow anyone the ability to access anything - to provide a universal front-end to the myriad systems, software and architecture the made up the internet. It seems ironic that we should now be discussing the merits of particular products with reference to whether they work with certain sites - am I alone in this line of thinking?
Security, I feel, will always be an issue. If enough people are using a certain product then that product sooner or later will surely become a potential target for the virus writers, hackers and even the “naturally curious”. If 35 million users switched to Firefox to avoid all of the security risks associated with IE then it’s only a matter of time before the attention of prying eyes shifts isn’t it? And the cycle starts again….
BlueKnight |
I agree with UncleG. I’ve been using Firefox off and on for quite a while. The off/on use is because there are some sites that simply don’t render properly in Firefox. Aside from that, my only other “gripe” about Firefox is that it starts up so slowly.
I’m sure Firefox will become a serious target for hackers the more popular it becomes. Let’s hope it has some longevity, the competition is good for the market. Let the users decide which browser is best, not Bill G.
DrillO |
Ihave a number of public access PCs throughout my organization, and I am beginning to switch them over to FF as I am getting tired of having to re-install windows because soem kid has gotten the things filled with all sorts of malware, addware and spyware….yes, I do use tools to combat such things.
I have been using FF myself for some months now and I really have had no trouble with at all. With the collection of tools and pluggins available for it, it suits all of my needs . I just like to have options and I find that FF is a good tool which so far has functioned as advertised.
As far as security, I too feel that the community as well as the folks at Mozilla will get a better handle on these issues as they come up. Our “friends” at the other place seem to be too busy to be all that quick.
Paul
glennp7777 |
I’ve been using Firefox since 0.7, about a bit over a year now. Usage increased as the browser improved and became my primary browser at version 0.9.
I still use IE when the ASP and VB code shows up on sites that I consider trusting.
I will NOT do business with an SSL site in IE. I trust Firefox’s security more than Microsoft’s.
If I had a choice I would take an MS Windows 2000 with the IE components removed from the kernel, do my primary surfing in Firefox and alternative surfing in IE.
All my Linux machines get Firefox!
Cheers!
elangeland |
Aside from a few brief periods, back when MS was actually innovative with IE and during the Netscape 6 fiasco, when I mostly used IE, I have been a Mosaic, Netscape, Mozilla, or Firefox user since 1994. I only use IE when a site won’t work in Firefox.
With the new Firefox-based Netscape also supporting the IE engine, it will take quite a bit to ever get me to switch to IE again.
dfng2002 |
I will continue to use what works, if the hackers continue to target Micrsoft because of their code policies then I will have no choice but to use Firefox. Simple enough, too bad so many are wasting talent on destruction rather than making something new that will be better than MS. The compitition would drive Microsoft back to a better platform to compete.
Enough said!
ramheka |
Hi there
I do not believe that anything that connects to the net is secure. IE vs FF is the same story as windows vs Linux. but I do believe one system is as secure as the knowledge of the person installed it. I use both FF and IE, the problem with systems getting infected by worms and getting hijacked is due to the user surfing habits, Say when you install Linux once done you are not prompted to login as a super user where windows it the otherway around.
so it is almost safe to browse using IE not as a super user on well patched system.
once the popularity of FF superceeds IE it will face the same challenges. so understanding IE will saves time at understanding FF and deal with what is comming as security issues in FF are increasing. a small java aplet can lock you out of FF and crash it so what next
nerdking |
Whoever (or is it ‘whomever’, could never get that staright) — or whatever — is the “darling” of the masses at any given time will be the object of attack, it’s just a given. While it’s true that MS has become lax and complacent due to its success and dominence, any program (OS, Browser, DB, etc.) will have vulnerabilities no matter how tight the code is.
That said, it is incumbent upon the user to be vigilent as they surf, to be knowledgable about where they go and what they do. This is not a “set it and forget it” type of activity.
Bottom line, it’s the end-user who is responsible for their own security.
TedRizzi |
Any systems administrator that manages an active directory domain,should with out question choose IE. not because IE is better, that pretty much is a personal choice. but because IE’s behavior can be controled throug Group Policies. That alone makes it much more secure than FireFox in that environment.Connection settings, proxy settings most every setting in IE can be manuplated and enforced via group policies. this not only makes IE more secure in the corporate environment, but makes managing and securing the Browser a lot easier than having to visit every machine, to configure the browser.
gdevianne |
Hello,
I have been using Firefox for its capabilities before the security issues. Then, I installed it on my user’s pc for security and the number of spyware/malware/… dropped considerably.
I personally prefer Firefox for an ethical issue: Microsoft is doing IE to make profits, Firefox is making it for its users and I am a user, not a wallet.
This attitude ties us to a product that might NOT evolve for the user’s good. MS has proved to make improvements only in proprietary directions.
I support Firefox because it puts IE back into “competition” and oblige them to listen at what users want and I give both browsers to my users.
TomLiotta |
I’d used Netscape from the beginning, resorting to IE _only_ when absolutely required (by a few idiotic sites or when required by employers). Recently, I’ve been shifting to Firefox except on a couple PCs that access Netscape’s mail through their proprietary interface.
Since IE is generally available even when I don’t want it, as long as I keep up with Microsoft’s security updates, I can temporarily switch to IE in the future event that Firefox becomes significantly unsafe. When the Firefox patches are available, I’ll switch back.
Multiple browsers has always seemed reasonable to me.
jaicee |
I’ve been using Firefox since the betas and have been very pleased with it. It runs better and seems to be more secure. I’ve only encountered a few websites that it would not work with and none of those were so important that i couldn’t go elsewhere for the info.
The only thing i use IE for is Windows Update unless i absolutely have to access a site that is written stictly for IE.
In my opinion, it’s not the browser (or any other application) that’s the problem. It’s the operating system it’s running on. If the OS is secure, so are the apps.
The company i work at uses an IBM iSeries for its core applications. There is no such thing as a virus and there have been no successful hacks. I know you can’t run this OS on a PC, but that doesn’t change the fact that security belongs in the operating system.
Maybe Linux or another OS will prove to be better on the desktop (or as a server). Microsoft just doesn’t know how to build an OS. At the very least, they certainly don’t have their priorities straight.
ebtctg |
Let me say that I work with Firefox as a default browser and IE on a daily based.
My first wish was to have only one browser activ. The I start to encounter problems du to the integrattion of all components of Windows system. Some sites doesn’t work properly with Firefox.
-My experience is that Firefox is nice and easy to stop popup, empeach javascript to be runned etc. Much more easy that IE. This doesn’t mean that Fx is more secure that IE.
-My second wish was to balance memory consumption but it seems that both browser have the same rate of memory use.
-Then for some work I consider Firefox as the most usefull and convenient and for other IE seems more efficient.
longshanks |
I use FF for personal surfing, but the CD Roms we create ship with IE6sp1 and ask the user to install it if not already present . We do this BECAUSE it integrates so deeply with the OS and we utilis certain core features (like being able to call print preview and print format from only selective parts of the CD Rom and ActiveX calls to 3D viewers etc). Strangely everything else (Database, SMTP engine and so on) we use is Open Source. Personally I would like to use FF on the CD Rom as it is far superior in its CSS implementation but it is those all important OS tie ins that swing it.
Now if the end user OS of choice was something simple to install and use and was other that Windows (anyone remember BeOS? - I loved that OS) I’d be very happy.
secGeek |
To answer your first question, I have switched to Firefox at home and have advised family and friends to do likewise. I have also and continue to seek this change at work but of course, there is workplace politics involved and the jury is still out. There is an unfounded concern that some software might break if we change.
Your second question is fairly easy for me to answer. No. The reason for this answer is that no matter how prevalent Firefox becomes it will not have the tie-ins to the OS that IE has. IE is a fairly good product and it would be interesting to see a totally stand-alone version. What makes IE so dangerous is that it is part of the Microsoft Operating system and has Active-X components. Remove those and I would have to re-examine my position, but until then Firefox is always going to be the more secure choice.
Firefox will have attacks, and the Microsoft groupies will make the most of it but in the end Firefox is inherently a more secure product just because I can uninstall it.
Peace
jimcusson |
At home I use FireFox almost exclusively and have not had any problems loading websites. As FF becomes more popular with users, so will it become more popular (as a target) for attackes. This is why “security by obscurity” is not effective :>. The real test will come when FF is a regular target. Will the Open Source folks be able to reliably patch their programs faster than the commercial programs get patched? I think we already got a taste of that last month when Fire Fox got patched before IE did.
sobhunv |
Hi All,
In fact Firefox, according to my experience, has been a secure Web Browser..But some how during the past 10 days i ve experienced some pop-ups in the site which was normally “pop-up-blocked” by FF. However I prefer FF than IExplorer..but this can make a great difference for Developers using Javascripts..since most of the codes won’t work..so be carefull with the codes that u write..especially if you want to secure Jscript Codes also..
Cheers
Sanjeev
dalejanus |
While the rate of new users switching to FF is high, it will slow down. Most home users will be content to use whatever is on their computers. The microsoft monopoly will never go away.
Business users can be ‘forced’ to use whatever the company wants to use.
We have always used Netscape for browsing and email. We like tabbed browsing and pop up blocking. The users get used to an email interface and don’t want to change. We have IE, FF (and thunderbird), and netscape installed on all computers, but most use netscape 7.2 for browsing. Few use FF.
While FF is likely more secure now because of small market share, that is likely to change.
IE and windows will likely always be unsecure, and that is just so irritating. Like web sites that require IE.
The amount of effort needed to keep windows patched is high, and the fact that IE is part of windows and must be patched is irritating as well. I would rather get rid of IE completely, but I realize that will not happen. I am satisfied that my users do not use IE.
Juvencio |
Well, you can count me with the people slowing down the move to FF: after several months using it in both w2k and xp, I returned to ie.
TomLiotta |
Minor added note… One of the biggest items with using FF effectively has been keeping current with JVMs. It seems that as soon as a new release is available from Sun, I hit sites that require new features in your JVM. Somewhat irritating, but…
With MS’s switch in how JVMs are supported by Windows, I suspect we’ll see the same issue with IE as more time goes by.
Also, since IE has been falling behind in features as well as compliance with new standards, I’m finding far fewer sites that _require_ IE. In fact, I’m not sure I’ve run across one this year.
I have no idea why anyone would switch from FF to IE any more unless guidelines for installing FF weren’t followed in the first place. In WinXP, I use FF exclusively.
MennoT |
Firefox is definitely less insecure than IE. Even though we’ve seen a few vulnerabilities in FF lately, they were fixed at a pace that is unthinkable in the MS world. If a site is not compliant with FF, it’s usually a matter of deviating from the standards, so it is the site that is to blame. Fortunately, it doesn’t happen too often that sites deviate that much from the standards that FF cannot deal with it.
I have some concerns about FF’s future, however. Vulnerabilities often have to do with complexity and with the desire to offer ever more nice features. This is where Microsoft went wrong and FF seems to go the same way, with its plugins and add-ons. We don’t need that! Also, I believe that almost any website could perfectly do with HTML alone. ‘Active’ things that can be started by untrusted externals are always a risk.
MennoT
Maclanachu |
I include FF as part of the default install on all our new pcs (3-5 a month) Users use whichever they prefer. Have noticed that it perfroms better and whenever we have some problem with IE just switching to FF makes it go away. We have a company Intranet here so browsers are used a lot. increasingly use it myself but there are a few pages with Java or is it ASP that don’t quite work with it. Love the tabbed browsing.
If u really want to scrub IE out of the OS use NLite <a href="http://www.nliteos.com/" rel="nofollow">http://www.nliteos.com/</a> Great for striping all the crap out of ur 2k and XP builds. Don’t have to worry about patching something that isn’t there!
Sapient |
I tested FF looking for an alternative to IE and found there are many things FF does not do in displaying web pages. It has issues with ASP, Java and especially CSS style sheets. Nothing worse than hitting a page where none of the style sheet information is displayed and the page is difficult to read. In today’s world of a dynamic Internet and the usage of Flash and many other add-ons, IE is the developer’s main target for delivery.
Would love an alternative to IE.
amitrajit |
I have been using FF/TB for quite some time now and it’s my default browser. I have also introduced it to my University Library where hundreds of people use it every day on both Windows and Sun-ray clients. This in turn has prompted many of them to install it in their home machines. The best thing is I have almost total control over what it can and cannot do. It’s true that many IE/ActiveX targetted sites donot work well with IE but there is an extension where from within FF you can view IE links. As it has become more popular spammers are increasingly targetting it but it still remains quite stable and far far more pleasant to work with than IE. It’s smaller footprint makes it much faster too.
Security management, Tech support, Hardware, Servers, Desktops, Windows XP, Emerging technologies, Windows, Security, Application security, Exchange, Instant Messaging, Encryption, Database, secure coding, Management, Administration, Architecture/Design, Documentation, Features/Functionality, Installation, Service and support, Outsourcing, Product evaluation, Vendors, @Stake/Symantec, AppSec, Caymas, CipherTrust, KavaDo, Magnifire, NGS Software, Ounce Labs, SPI Dynamics, Teros, Watchfire, Identity & Access Management, Digital certificates, Single Signon, provisioning, Security tokens, Biometrics, Aladdin Knowledge Systems, Computer Associates, Courion, Entrust, IBM/Tivoli, Imprivata, M-Tech, Maxware, Microsoft Windows, Netegrity, Novell, Passlogix, RSA Security, Thor, VeriSign, Waveset/Sun Micro, Intrusion management, IDS/IPS management, Host-based IDS/IPS, IDS vs IPS, Network-based IDS/IPS, Outsourcing/Managed services, Cisco, Cylant, Enterasys Networks, Internet Security Systems, Juniper, Network Associates, NFR Security, Sana Security, Snort/Sourcefire, StillSecure, Symantec, Tripwire, VSecure, Managed security services, Service contracts, Service evaluation, Security Program Management, Compliance, Risk management, CRM, Policies, Disaster Recovery, Product/Service evaluation, Addamark, ArcSight, Bindview, BMC, e-Security, GuardedNet, Intellitactics, NetForensics, NetIQ, TruSecure, Platform Security, vulnerability management, patching, configuration, PEN testing, VPN, Vulnerability Assessment & Audit, DataCenter, Desktop management applications
Hello,
0
