July 6, 2008

more reasons to switch to firefox

Still more reasons to avoid Internet Explorer.

Another great post by Michael Horowitz over at his Defensive Computing blog on cnet, explains how Microsoft's failures around software update and Firefox's successes there really ought to get you onto Firefox if you're not already.

It's pretty basic reasoning. If you take it as given that all complex software has bugs (and browsers are some of the most complex consumer software available,) and all complex, network-connected software has security flaws, then there are basically only two measures that really matter when you're trying to stay safe using a web browser. The first is how hard does the software vendor work to find and fix those flaws. The second is how quickly and effectively can the software vendor get an update in place on your machine.

With Firefox, you can actually see how much work is done finding and fixing flaws. You really can't say that about any of the other vendors -- Microsoft, Apple, and Opera only disclose the flaws found by third-party security researchers so you really have no idea whether or not they're even trying to find flaws in their own software. I sure hope they are, but it's their policy not to say anything about this in public so there's really no way to know for sure.

With Firefox, you get updates as soon as they're developed and tested, thanks to our amazing, and demonstrably superior update system. The system quickly and quietly downloads the update in the background, not interrupting your work by being smart about only downloading when the connection isn't under heavy use. Then it prompts you to restart, and after a quick restart that restores all your work, (including your open tabs and and even that blog post you were in the middle of typing,) you're running on the new secure version.

With Microsoft, you have to wait on their "Patch Tuesday" which could be a month away, depending on when the software flaw surfaced. Even then, they may not include fixes for publicly known security vulnerabilities. Not only that, but the I.E. fix often comes with a load of other Windows fixes that usually requires a full OS reboot. Co-mingling I.E. with the rest of Windows was a big mistake and this is just one of the ways in which that mistake surfaces to harm users.

With Apple, who knows. It seems kind of random when they push out updates and when they do, you have to be especially careful not to accidentally install unwanted new software that came with the malware-like update system. With apple, the update mechanism is not just about keeping you safe and secure, it's about pushing their other products on you. Advertising and security are basically the same priority for them, even when they're in the middle of a critical security fire-drill. This mixing of security and advertising is pretty horrible behavior and shouldn't be tolerated by anyone. Making users less comfortable with security updates is irresponsible behavior and does harm to the entire industry and to all computer users.

And with Opera, if they're not misleading users about security updates, you only get a notification but no actual update. To get an "update" you visit their website, download an entirely new version of Opera, maybe(?) uninstall your old version, and then install the new version. With all that hassle, it's no wonder so few of their users stay up to date and secure. It's absolutely unconscionable for a software vendor to distribute a browser in this era of rampant malware without a real software update system in place. It's irresponsible, bordering on negligence.

Mozilla puts security first and our update system and our security process were designed to keep users safe with as much transparency and as little hassle as possible. With Microsoft, Apple, and Opera, it's mostly opaque, rarely timely, overly complex, very disruptive, sometimes flat out misleading, and you don't always get what you asked for or what you need to be safe online.

The results of this are pretty obvious and it didn't take a serious study on the topic for most thinking people to realize that Firefox users would be more up to date and so less at risk than users of alternative browsers.

Firefox Update: one more reason to switch to Firefox.

Posted by asa at 7:34 PM