Electricmonk

Ferry Boender

Programmer, DevOpper, Open Source enthusiast.

Blog

Firefox VS IE: barf!

Sunday, December 11th, 2005

I’m getting a little bit sick of all the Firefox VS IE bullshit floating around the Internet. Firefox has been boosted as the more secure browser by various open source advocates and groups. Lots of other people seem to love to hate the people that hate IE; lately they’ve been claiming things like “Firefox has had more security advisories than IE in the last [year, month, week, days, minutes], so it must be just as insecure or even worse!”

What these people fail to realise is that the number of security advisories are not an indication of the security of a product. If you don’t have the IQ to extract meaningful facts from statistics, please shut up. Just because security flaws where found in Firefox does not make it a less secure browser. In fact, finding flaws is one of the idea’s behind Open Source software.. we’re supposed to find the flaws so we can fix them BEFORE they become a security problem.

When discussing the security of a certain product, please keep the following in mind:

  • How many actual exploits for the bug are in the wild? (i.e. actually being used against users
  • What’s the impact of the bug
  • What’s the impact of the exploit?
  • Do not blame security problems in third-party products on the product it was based on. (PHP IS NOT INSECURE!)
  • What are the definition being used? Is a critical flaw in Firefox the same as a critical flaw in IE?
  • Consider that not all known flaws in a product are reveiled. Closed source companies would rather keep security flaws quiet if there’s no exploit in the wild. Open Source products would rather quietly fix the flaw and make a tiny little note about it in the changelog.
  • A denial-of-service attack is not a security problem!
  • Take a look at the target demographics for the product. People using Firefox are usually more computer-savvy than IE users and are therefor less likely to get a virus.

So. Is Firefox more secure than IE? I’m not even gonna awnser that. There are just too many variables to consider to make any useful statement. Anybody that does otherwise shouldn’t be trusted because they obviously don’t understand what they’re talking about.

If you, however, were to ask me about the security of Outlook….

The text of all posts on this blog, unless specificly mentioned otherwise, are licensed under this license.