Ditch IE

You know it has been a bad week for Microsoft when a part of the Federal government (in this case, the Department of Homeland Security) recommends that users dump Internet Explorer and use an alternative browser due to increasing security concerns.

I know I wrote about it recently, but if your looking for an alternative browser, give Mozilla Firefox 0.9.1 a shot. You won’t be disappointed and your chances of security problems greatly diminish, although understand even Mozilla products have security problems from time to time (just not as many and not as bad as IE).

4 thoughts on “Ditch IE”

  1. Mozilla did not fix a criticial security problem for 2 years. A bug filed 2 years ago warned Mozilla developers about executing any protocol handlers without checking whether they are ok or not. IE is not suspectible to the problem. You can access to that bug through eweek’s news related to mozilla security problem. The Mozilla developers argued that it is not their job to check if the handlers are secure or not. Mozilla developers ignored the problem until the same problem reappeared on a security mailing list. They quickly fixed the problem without proper testing whatsoever, thus reducing the reliability of mozilla as a future platform. Later on some mozilla advocates attempted to blame Microsoft, whose browser does not have the same problem. However mozilla developers admitted that it is their problem to differentiate between local zone and internet zone. I think it is really not a good idea to commit to Mozilla for the long term. Clearly Mozilla developers do not care about security as much as Microsoft cares. Later on some nonserious people attempted to discredit microsoft by claiming that Microsoft’s own programs have the same problem, but as in every anti-Microsoft accusations they hide important points. In this case, they blame Microsoft for executing shell for the local zone apps, for example they say that it shouldn’t let the local user to execute shell from the local hard disk. In Mozilla’s case the problem was that it lets any web server to execute shell. People better should stick with IE, clearly it is still the most reliable and secure browser. We don’t know how many other bugs are ignored by Mozilla developers.

  2. Mozilla developers ignored the problem until the same problem reappeared on a security mailing list. They quickly fixed the problem without proper testing whatsoever, thus reducing the reliability of mozilla as a future platform. Later on some mozilla advocates attempted to blame Microsoft, whose browser does not have the same problem.

    When faced with a security vulnerability, I want the makers of my web browsers to fix the problem as quickly as possible, before my computer is compromised. Since you trust eWeek, you might want to read these two articles by Larry Seltzer. In IE vs. Mozilla on the Shell Hole—Whose Bug Is It?, he states, “In discussions with representatives of the Mozilla Foundation, they conceded this indeed was a bug and didn’t try to foist the blame on to Microsoft.” He also notes that Internet Explorer in pre-Service Pack 2 versions of Windows (and since Service Pack 2 is still pre-release, I must assume that you are not using it, Daniel, since it “has not undergone proper testing”), albeit in a lesser fashion than Mozilla.

    People better should stick with IE, clearly it is still the most reliable and secure browser. We don’t know how many other bugs are ignored by Mozilla developers.

    This assertion is almost laughable. Considering that Internet Explorer vulnerabilities are often actively exploited before a patch appears, claiming that Internet Explorer is the most secure browser is ridiculous. One piece of evidence was Unpatched IE security holes, which purpose should be self-evident. Unfortunately for the purposes of this discussion, the author removed the site late last year in response to Microsoft changing its policies in dealing with exploit researchers and concerns that the site was being used by malware authors. I just found this site, however, with the same purpose.

    Obviously, Microsoft benefits if people take the non-action of “sticking with IE.” For Mozilla developers, success means gaining new users. Since a major part of Mozilla’s marketing has been as a safer alternative to Internet Explorer, it is extremely important that they concern themselves with security, especially as their user population in more technically adept than that of Internet Explorer, and is more likely to switch to another browser if Mozilla is proven unsecure.

    Finally, the Mozilla code is open-source, which allows for security researchers to look at the code, which could allow them to pinpoint their vulnerability searching. This also eases testing, as an error that might break functionality (as you seem to claim the shell vulnerability could, which either betrays your lack of knowledge about the vulnerability, or your wish to besmirch Mozilla) would be caught more easily.

    When there is a critical bug in Mozilla, the developers quickly develop and release a fix in order to ensure that their browser is safe. Microsoft, on the other hand, always initially (before a patch is ready) suggests disabling ActiveX and scripting, which makes their browser more secure, but virtually unusable.

    I hope this (long) entry comes out okay; Chris’ site looks like it was built for comments much shorter than this.

Comments are closed.