Asa Dotzler: Firefox and more

I would've liked to see how other browsers did in the test. Konqueror, Lynx, Amaya etc.

"I would've liked to see how other browsers did in the test. Konqueror, Lynx, Amaya etc."

Haha! Yeah, those clueless Amaya users are always hit with spyware ;-)\

@Asa: Wow, 1.5% certainly does sound big, at least to me. At least there is a wonderful alternative to IE out.... what's it called... RedPanda or something?

"Unfortunately, IE 6, released way back in 2001, is still the best you can get from Microsoft."

Well, people are able to download IE7. I have and tried it, didn't like it. I'm very happy with Firefox 1.5.0.1. I am trying to figure out though if the IE7 Preview can be used till it is released or do people have to go back to IE6 to make sure security fixes on patch tuesdays aren't messed up. You know, mainly the ones for the IE6 browser. Firefox isn't exactly a patched browser either, Secunia still notes 2 unpatches flaws and 1 partial fix. I really wished those would be fixed. :( While most of the vulnerabilities in IE6 come from Active Scripting support and Active X, wouldn't disabling those make IE6 safer to use?

To get even more security use Safari, Konqueror or Opera.

Konqueror also has security holes, such as the JS library overflow a few days ago. The only difference is since it's not as successful as Fx, trolls aren't as quick to scream and shout about them.

It’s amazing the $ Microsoft wants you to shell out for a new OS every couple of years but they can’t update their own browser. Talk of updating is fine for some but for those of us that want a modern browser today, we use Firefox.
I downloaded IE7 but never installed it, I deleted it. I want the best that works now, not a maybe browser. I simply don’t give a rats ass about IE7. Why risk my data.

Talking of unpatched Firefoxes, stats from my own site where ~30% of the traffic are purely Fx of all variants, about 20% of them still use Fx 1.0.7. The remainder are now mostly 1.5.0.1 users thanks to the automagic update system and I can safely say those that identify as 1.5 are probably the Gecko 1.8 branch users (towards Fx 2.0).

The Aviary branch itself is getting some work so an Fx 1.0.8 and possibly 1.0.9 before it gets EOL are likely. However, would either of these have a backport of Fx 1.5.x's automagic update so when the time comes, 1.0.x stuckists will be moved to a non-EOL Fx?

I think the last sentence in this entry is rather misleading. As far as security is concerned, the IE 6 people are using now is much different from the IE 6 released in 2001. SP2 was a major security upgrade, even if the version number didn't receive a large increment. Of course, as far as things like UI and standards support, there have certainly been more improvements to Firefox in just the last year than to Internet Explorer in the last half decade.

Really, it's quite pathetic when you notice that, of all the publicly known vulnerabilities IE users have been exposed to since the time of the Firefox 1.0 release, more than half still aren't completely fixed. Looking at Secunia's data, Internet Explorer currently has more publicly known vulnerabilities without complete fixes than Firefox has ever had in total.

(At the risk of being off-topic)

@ Ken Saunders
While I hate to be the one supporting MS, the main problem everyone seems to be having with them off late is exactly the opposite...they did want you NOT shell out $ every couple of years for a new OS. The last time they brought out a new OS was XP in 2001 (not including the server edition), the same time they brought out IE6. Their logic was that IE was integral to the OS and would only be updated with the release of Vista. Of course, the desperate rush to get out IE7 (independent of Vista) in response to Firefox has got them considerable egg on their face.

Asa, you forgot to mention a tiny detail ;-) :

"We analyzed two different browser configurations, both based on Microsoft’s Internet Explorer (IE) version 6.0, running on Windows XP without either SP1 or SP2 installed.
We deliberately chose to use unpatched versions of XP, since the majority of existing exploits attack vulnerabilities in such older system configurations. In addition, most (but not all) newly found exploits affect both patched
and unpatched systems."

How did you come across this study Asa?

It was on Slashdot.

TP, actually, I very explicitly stated that it was "unpatched" that was the major source of the problems: "The lessons here are 1. don't run an unpatched browser, 2. unpatched IE is nearly 20 times more likely to be attacked out there on the web than unpatched Firefox"

It's also the case that Firefox 1.0.6 could be considered "unpatched" since they tested with Firefox 1.0.6 in October and we'd already released Firefox 1.0.7 in September. They were running with an "unpatched" version of Firefox too :-)

- A

Whilst IE 7 Beta 2 Preview is still in development, same as keeping up to speed with the upgrades of FFX with ever incremental numbering, this version has proven stable to me.....given that MS claims it inseparable from the OS, the OS nor IE7 have crashed since the installation about end of Jan.06. So much for that IE6 comment...one who chooses can be saver.....also ASA, did those service packs not do anything since 2001? They still call it IE6 SP2 }>), but we've have innumerable monthly fixes to IE thru the OS updates or?

put two and two twogether.

1 ]3el13\/e 7h@7 /\/\1[r0$l07h \/\/1ll p@r1$h

Either you misread the study or left out vital information intentionally. The study was actually pointing out that the number of infections dropped from 1 in 67 in May 2005 to 1 in 1200 by October 2005.

And it goes to show that the reason Firefox is more secure right now is because no one is attacking it. Both browsers are equally as buggy but hackers are only paying attention to one of them for marketshare reasons.

I'm not sure if you saw this link, but this may be good to hear.
http://www.philly.com/mld/inquirer/business/technology/13573401.htm

Why cant I comment in the Camino post?