Firefox... was it ever all THAT secure?

[Nick]

A thought has just occured to me since Firefox has now updated itself yet again... One of the reasons I switched to it ws for the tabbed browsing which makes doing my job soooo much easier, but the other was becuase on almost a weekly basis you'd hear about yet another security flaw in IE.

Now it's becoming a regular thing that FF has a security flaw too, after being much vaunted over how much more secure it is than IE.

I'm just wondering if FF wasn't as secure as everyone ASSUMED it was... perhaps it just seemed better as hackers weren't paying it much attention, knowing that the majority of surfers were using IE, so they piad that the most attention.

Perhaps the reason that FF is being updated more frequently is becuase those same hackers have realised that more and more people are using FF and now they've turned their attention to that? Perhaps FF has always been just as vulnerable as IE but we all thought it was safer purely because no-one had bothered to take advantage of any vulnerabilities?

Hmmm?

[Dougal]

The thing you have to remember is that IE has had years more development put into it.

FF was originally designed to see what could be done with OSS. But when they realised that there was a market for browsers and after a couple of years of development it came out.

Most security flaws are in IE too, but FF gets them updated quick

[Kezzer]

The great thing about FireFox is that it's OSS. This means that it's not just the developers that find a fix the flaws, it's the community, and with a browser as popular as that,the community are always chipping in to help make it a better browser. On the otherhand, IE is closed source and still contains bugs which haven't been fixed for a long time as well as many bugs that probably haven't been found because it's not OSS.

Just because IE is MS based software, it doesn't mean it's good. Afterall, IE's development team is very small.

[Gordy]

Its more secure in that, when bugs are found they are fixed not left to wait for 6months. If that means a bundle more upgrades so be it

[XA04]

I'm with as Gordy said.

It's becoming more popular so more bugs/vulnerbilities are obviously going to be found, but when they are you can expect a patch/fix ASAP, where as with Microsoft you have to wait a long time. (Actually, recently they have been doing monthly updates in a big bunch, which is better than before, but still not AS good).

Plus I like Firefox's features much more.

[këö¬t]

Software can never be 100% secure. All you can do is patch it as often as possible, and thanks to Mozilla's open source and community nature the patches come out very frequently. Also given the fact that Firefox is not integrated with the shell in the way Internet Explorer is, intrusions won't make it far.

Even the autopilot on an airliner is full of bugs. Planes don't fall out of the sky because every measure is taken to minimize the effect of bugs, such as continually checking the software, and having several programs coded by different teams performing the tasks by vote. If one of the programs disagrees with the others, every program goes back and tries again.

[Dougal]

If you want to see software bugs you should have seen the Air Traffic Control Systems.

I have all the logs in my drawer and I can't see every mistake being perfectly corrected.

[shiato storm]

swings and round-a-bouts really,
when it came out firefox snuck into everyone's computers whilst the hackers where taking down IE all the time. now FF is one of the most widely used browsers its as though its become a victim of its own success having become a target to hackers. and since the number of hackers getting at ff some are bound to get through (think of infinite number of monkeys)...so its not realy that surprising. Hackers are able to get into any program and when there's enough doing it no doubt share their break throughs to the next guy and so on...nothing is really that safe its just what they pay attention to. if opera was more popular that would come under attack.
maybe FF is doing MS a favour drawing fire away from IE?...

[scotty6435]

FF is still intrinsically more secure than IE, it's just that now people are working on hacking it and a lot of IE users are like 'ner ner ner ner ner' increasing the hype.

[Pirate Pete]

so long as firefox stays without pop ups im a happy bunny

i format about ever month anyway so i dont really care about bugs...

Pete

[Steve]

The 'trouble' with FF is that because of its open source nature any bugs are going to be publicised in one way or another. However, luckily fixes tend to be pushed out quickly, which is handy given the demanding security phreaks out there .

I'd say there's no disputing that Firefox is more secure than IE, if only based on the speed at which they fix a flaw when it is discovered. There are just two points for concern.

The first point is plugins. Recently the popular greasemonkey DHTML plugin had a huge security flaw discovered in it. It's not just Firefox security we need to worry about; we need to be careful what plugins we use.

The second issue is updating - having to download FF every time it is updated is a PITA, however that will be fixed in version 1.5, when patches can be applied instead of full downloads.

[Dougal]

Java and Javascript both have major security flaws,hence why I have it disabled in FF unless I know the source of the code is reliable.

I haven't seen and update to these in a while.

[mike_w]

As mentioned, Firefox's problems are sorted out more quickly than Internet Explorer's. Once we get the patch system in 1.5, it will be a lot easier to keep up to date. However, you must remember that just having a secure internet browser won't save you from viruses and spyware - you should have all the Windows updates you need, a firewall and, best of all, general common sense on what sites you visit and the software you install.

Even if Firefox turns out to be just as insecure as Internet Explorer, it still has those extra features, such as tabbed browsing and hundreds of handy plugins (I personally use the DOM Inspector and the Web Developer - makes HTML editing that much easier).

[shiato storm]

general common sense on what sites you visit and the software you install

...to be honest people that do that sort of deserve it...no?

[Stoo]

btw firefox 1.0.6 is out now..