How can I trust Firefox?

Artykuł
12/20/2004

[Fixed issues with images; sorry]

[Removed the clear=all problem; thanks for pointing it out]

[Added a follow-up post here]

Recently, a lot of volunteers donated money to the Firefox project to pay for a two-page advert in the New York Times.

If only they had spent some of that money on improving the security of their users by, say, purchasing a VeriSign code signing certificate.

Let me explain...

One of the many criticisms of Internet Explorer is that customers are fooled into downloading spyware or adware on to their computers. This is indeed a legitimate problem, and one of the ways you can reduce the risks of getting unwanted software on your machine is to only accept digitally signed software from vendors that you trust. Every time you download a random piece of software from a random location, you're taking your chances with your PC and all the information stored on it. You wouldn't take candy from strangers, would you?

In order to help protect customers, the default install of Internet Explorer will completely block the installation of ActiveX controls that are not signed, and it will suggest that you do not install any unsigned programs that you might try to download. Of course, just because a piece of software is signed (or you have the MD5 hashes for it) doesn't mean it isn't nasty; it just provides some evidence you can use to make a trust decision about the software (in logical terms, it is a necessary but not sufficient condition for trusting software).

So what happens when a typical user decides it's time to download Firefox and enjoy the secure browsing experience that it has to offer? Well, sit back, relax, and let me take you on a journey.

First of all, I went to the advertised www.getfirefox.com, and was redirected to the real page at www.mozilla.org/products/firefox/.
From there I easily located the download link, and clicking on the it gave me the following dialog:

Download Firefox image

Hmmmm, wait a minute. I went to www.getfirefox.com, not mirror.sg.depaul.edu. I don't have any idea where that place is, and it sure makes me nervous. IE has informed me that "If you do not trust the source, do not run or save this software."

Do I really trust a bunch of kids at some random university I've never heard of? Hopefully, the average person will decide that they do not trust this web site, and they will click Cancel. No Firefox for you!

But being a brave soul (and not caring if my Virtual PC image dies a horrible death) I click Run. A few seconds later, I get the following dialog:

Picture of unsigned Firefox executable warning

What?

Not only does this software come from a completely random university server, but I have no way of checking if it is the authentic Firefox install or some maliciously altered copy. (I sure hope those 10 million people who have downloaded Firefox so far haven't all download backdoors into their system...). Since "You should only run software from publishers you trust" and since the publisher cannot be verified, I should click Don't Run (which is, thankfully, the default).

But, again, being a brave soul I click Run.

I am then greeted with this dialog:

'Picture of random setup dialog --

Oops, my network connection died. But still... that kind of unintelligible dialog doesn't do anything to make me trust the installer. Maybe this is a trojaned copy of Firefox after all?

Forging blindly ahead, I download the software again (this time coming from -- I kid you not! -- a numeric IP address, the bastion of spammers and phishers and all manner of other digital rogues) and run the installer. This time things are actually looking good:

·Installer runs fine

·I accept the defaults

·Firefox starts

·It asks if I want to make it the default browser; no thanks

·I get this dialog (seriously):

Picture of blank Message Box (not even a title bar)

Hmmm, a completely blank MessageBox. Well, OK is the default choice, so I guess I should accept that. No idea what it will do to my system though.

My confidence in this software is growing in leaps and bounds.

I decide to reboot the VPC just in case that dialog was trying to tell me something important. After rebooting, I boot up Firefox and it seems to be working fine.

I decide to install some extensions because, hey, everyone on Slashdot loves them so much. I browse to the extensions page and decide that the Amazon.com Sidebar sounds cool (I love Amazon, and Amazon loves my credit card). Clicking on the link brings up this dialog:

Picture of Firefox Extension Install dialog ">

It dutifully tells me the extension isn't signed (good), but makes the default choice Install Now (bad). This is the opposite of what Internet Explorer decided to default to when it detected unsigned code (ref: above). Now tell me again, which is the more secure browser?

(Just so I don't get inundated with comments about this, Firefox does disable the Install button for a couple of seconds when the dialog is first displayed, but by the time I had finished reading the text in the dialog it was enabled and ready to go).

Next, I want to go somewhere that uses Flash (heh, coz we all know I love Flash!). I'll try the Ocean's 12 official web site, www.oceanstwelve.net, which detects that Flash isn't installed and gives me a link to install it. Clicking on the link, I get taken to the Macromedia page, where I can download Flash. Firefox prevents me from running the executable straight away, and forces me to save it to disk. That's probably a good move for most users, although personally I tend to click Run inside IE because I know it will warn me about unsigned programs. Nevertheless, it is but a minor speed bump on the way to malware infection, as we shall see in the next step.

Once the file is saved, I can open it from the little downloads dialog that pops up. The problem is, there is no indication as to whether or not the file is digitally signed; I just get the usual "This could be a virus; do you want to run it anyway?" dialog. But without any evidence to base my trust decision on (where it came from, who the publisher was, etc.), what should I do? Of course, the right thing to do would be to delete the file and never install Flash, but I really want to install it so I guess I have to go ahead and run the thing.

What's really frightening though is that there is a "Don't ask me again" option in this dialog... which means that if you check the box you could end up running any old garbage on your system without so much as a single warning. Doesn't sound so secure to me...

So anyway, Flash installs and I can view the Ocean's 12 website OK. But now what if there's a security bug found in Flash and I want to disable it? With Internet Explorer, I can simply set the Internet Zone to "High" security mode (to block all ActiveX controls), or I could go to the Tools -> Manage Add-Ons dialog if I just wanted to disable Flash until an update was available. How do I disable Flash inside Firefox? Good question. I don't see any menu items or Tools -> Options settings, the Tools -> Extensions dialog doesn't help, and Flash isn't even listed in Add / Remove Programs.

According to Google, I have to download yet another unsigned extension to enable the blocking of Flash content. Ho-hum. The first download mirror that the page sent me to gave a 403: Forbidden error; luckily the second mirror worked OK and, once again playing digital Russian Roulette, I installed the extension and rebooted Firefox twice (yes twice) as instructed to install it. To be fair, the extension is pretty cool, but that's not the point: How do I know I didn't just install some terrible malware from a compromised web server? Who owns xmundo.net anyway, and can their admins be trusted? And what if I accidentally browsed to some site hosting a malicious Flash movie whilst trying to download the extension?

(Always remember the Ten Immutable Laws of Security, and in particular Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer any more.)

To continue my benevolent fairness, I actually think Firefox is a nice browser. It seems to render HTML without any problems, and the tabs are nice for browsing Slashdot. But just because it doesn't currently have any unpatched security vulnerabilities talked about in the press doesn't mean they don't exist (Secunia currently lists three unpatched vulnerabilities, for example).

Mozilla has had its share of security vulnerabilities in the past (just as IE has), and -- despite what the open source folk might say -- Mozilla keeps their security bugs hidden from the public (just like Microsoft does) in order to protect their customers from coming under attack by malicious users. Note that this is not a bad thing; all vendors should treat security bugs responsibly to ensure customers are not put at undue risk. It's just something you should be aware of. Just because you don't see any unpatched security bugs in Bugzilla doesn't mean they don't exist, either.

But the thing that makes me really not trust the browser is that it doesn't matter how secure the original code is if the typical usage pattern of the browser requires users to perform insecure actions.

·Installing Firefox requires downloading an unsigned binary from a random web server

·Installing unsigned extensions is the default action in the Extensions dialog

·There is no way to check the signature on downloaded program files

·There is no obvious way to turn off plug-ins once they are installed

·There is an easy way to bypass the "This might be a virus" dialog

This is what the "Secure Deployment" part of Microsoft's SD3+C campaign is all about; we design and develop secure software, but we make sure that customers can deploy it securely as well.

I personally don't care if people choose to run Firefox or Linux or any other software on their computers -- it's their computer, after all -- but we'll never get past the spyware / adware problem if people continue to think that installing unsigned code from random web sites is A Good Idea.

So, at this point in time, installing (and using) Firefox encourages exactly the sort of behaviour we are trying to steer people away from, and to me that makes it part of the problem, not the solution.

(Thanks to Mike and Robert and the other folk who gave this a once-over before posting; any errors are still mine though ;-) ).

Comments

Anonymous
December 20, 2004
well, reading this blog post in IE isn't much better - I can't see any of the images you're supposedly referencing. Maybe it's a problem with your blogging tool?
Anonymous
December 20, 2004
Can't see dialog pics.
Anonymous
December 20, 2004
I love the smell of a flame war in the morning.
Anonymous
December 20, 2004
"Note that this is not a bad thing;"

When did security by obscurity become a good thing? Someone will always find security holes and exploit them. I beleive in full disclosure and informing the users about the flaws in the software they are using.

I prefer vendors telling me about their security holes and giving me patches, rather than trying to cover things up behaving as if nothing were the matter...
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
With my previous comment out of the way (sorry, thought of this later), I do like FF for two reasons:

1. DOM explorer
2. Javascript Console
3. Better standards compliance

These three, combined, make it a DHTML/Web UI developers dream to work with.
Anonymous
December 20, 2004
Excellent article. I never thought about it when installing FF, tho I DO think about those kind of things when using IE. Go figure.

(that said, I use both for very different, specific reasons. Add tabs, opening a list of bookmarks in tabs, and put popup blocking in the IE6 on Win2K3, and I'm set)

:)

Cheers
Anonymous
December 20, 2004
If you want to make sure that you get
a clean, Mozilla approved Firefox, you
can do that: go to
http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/1.0/
(reachable via the download section on
the Firefox and Mozilla websites).
This allows you to download the Firefox
versions for you locale and OS.
And: it offers 3 ways of ensuring that
the binary you get is the one published by mozilla
- MD5 Sums of all binaries
- SHA1 Sums (if you don't trust MD5)
- GnuPG/PGP signatures for each binary;

So: you can check the validity
of your Firefox binary.

BTW: "getting a Versign Code Signing
cert" is just as safe as these solutions (It's not like a malicious
attacker can't obtain a Verisign
cert. It's not like
any end user even knows what a cert
is... so they surely can't decide
whether it's right or not).
Anonymous
December 20, 2004
Charles -- you have a buffer overflow there! You only allocated enough space for two reasons, but tried to stuff three into it ;-)
Anonymous
December 20, 2004
murphee -- thanks for the link; did the NYT ad tell people what SHA1 sums were and how to use them to verify the correctness of their download? (And if it did... did anyone understand?)
Anonymous
December 20, 2004
About that unsigned amazon toolbar pkg, I had nothing but trouble getting firefox to recognize my signed xpi's. I've got latest tools and everything (proof, it detects the signature and works in Netscape 7), but something's amiss in FireFox-land. That's why our website will detect firefox and offer the unsigned version when we roll out...

Help or follow-up to my e-mail...

-Michael Scholz
Anonymous
December 20, 2004
Marcus -- to each his own. There are strong arguments both for and against Full Disclosure, but I think I'll stick to one controversial blog a day, thankyou very much ;-)
Anonymous
December 20, 2004
Fantastic post
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
http://forums.mozillazine.org/viewtopic.php?t=187607
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Great post Peter,

I agree completely with your assessment. The web would be a much better (and trusted) place if people learned the basic security precautions that you outline about basic application installation.

Working in infomration security for many years now, I personally don't install any unsigned plug-ins, etc. I closely review any application that isn't code signed, even those that come on CD. If the pubblisher can't be bothered with simple code signing, then where else did they take shortcuts that will compromise the application. I haven't looked at FireFox yet, but if the install is as insecure as your description, I would never install it!

I think the use of the term "security" is many times over generalized, as to be almost meaningless in some cases. If FireFox is stating they are "more secure", just what exactly does that mean, or is it just hollow marketing speak? With FireFox promoting this unsecure application installation from the get-go, you have to seriously question how well they did on the rest of the security in the application.

Based on the feedback here, and what I have read about FireFox in other places, it seems to be more a browser for "geeks" and not really for consumers. What average user needs a DOM explorer or a Javascript console? This looks like just another application built by software developers for software developers.

I agree with the comment that most people that read that advert in NYT aren't going to have a clue about verifying a digest value or even using PGP. Even among the security professionals I know, PGP is still more a novelty, opposed to an everyday trust verification tool. At least with Code Signing, there are easily accessable tools built-in to verify signatures so that one can have a level of trust in the computer. However, in the end, until the OS flat-out refuses to install any application, plug-in, etc. that is not code signed (with no ability to override), we will continue to have trust problems.

-- rcme
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
I posted about this back in July. That post was based on v0.9, IIRC, but a lot of it's still relevant.

http://mikedimmick.blogspot.com/2004/07/techworldcom-browser-rival-to-activex.html

As I recall, v1.0 now has an information bar clone which pops up when you click an XPInstall link. This allows you to select which sites you want to be able to start plug-in downloads. Unfortunately it's not single-shot like IE's.

I'm sticking with IE too. It's a known quantity. Firefox is an unknown quantity and without any form of formal prerelease testing, I don't trust it (same for any other non-trivial OSS without formal testing, like Linux).
Anonymous
December 20, 2004
If you want tabbed browsing, but dont like FireFox, try AvantBrowser (www.avantbrowser.com)

suits me just fine
Anonymous
December 20, 2004
This page doesnt even render correctly in Firefox. Half the article is scrolled way down - you wouldnt even know it is there!! what the.....
Anonymous
December 20, 2004
firefox is teh rox! sux0r

-AC
Anonymous
December 20, 2004
Heh, nice comments about security certs there, considering there was for quite some time (Still is?) a security vulnerability in IE where a malicious website owner could spoof microfts certificate. The Advisory stated the workaround was to not permanently trust microsofts certificate and try to judge installs on a case by case basis. Making them... pretty much useless. I also like the way you try to blame an unintelligble dialogue in 7-zip on firefox as well! Don't get me wrong, 7-zip is a great though often terse program, but it has NOTHING to do with firefox.
Anonymous
December 20, 2004
Microsoft's Peter Torr invites a flame war with his essay, How can I trust Firefox? He walks through the installation and configuration process with Firefox and determines that it reinforces some particularly bad habits for users. He concludes: I actually think Firefox is a nice browser. It seems to render HTML without any problems, and the tabs are nice for browsing Slashdot. But just because it doesn't currently have any unpatched security vulnerabilities talked about in the press doesn't mean they don't exist (Secunia currently lists three unpatched vulnerabilities, for example). Mozilla has had its share of security vulnerabilities in the past (just as IE has), and -- despite what the open source folk might say -- Mozilla keeps their security bugs hidden from the public (just like Microsoft does) in order to protect their customers from coming under attack by malicious users. Note that this is not a bad thing; all vendors should treat security bugs responsibly to ensure customers are not put at undue risk. It's just something you should be aware of. Just because you don't see any unpatched security bugs in Bugzilla doesn't mean they don't exist, either. But the thing that makes me really not...
Anonymous
December 20, 2004
Great post.

http://www.msfn.org/comments.php?shownews=11134
Anonymous
December 20, 2004
I spend most of my time in the Computer Industry removing spyware/adware from home users and business users who don't understand anything about security. That is the way the industry is. THE ABSOLUTE most effective solution i have found to date, is to disable internet explorer, install Firefox, install Spyware Blaster, Install Spybot Search and Destroy (tea timer).

Since performing these actions on hundreds of clients computers i have not had ONE (Not even a little one) of those clients ever have a problem with spyware/adware.

Btw, didn't your mother teach you to always save to disk instead of running files from the online location! tut tut!
Anonymous
December 20, 2004
GDawg: This page doesnt even render correctly in Firefox. Half the article is scrolled way down - you wouldnt even know it is there!! what the.....

http://validator.w3.org/check?verbose=1&uri=http%3A//blogs.msdn.com/ptorr/archive/2004/12/20/327511.aspx
Anonymous
December 20, 2004
The war of operating systems' security is restarted; the war of browsers' security is restarted; the war of security seen as lines of codes is also restarted; There is the situation in the last days; there are some of my toughts on the subject; take this post as a trackback:
http://radio.weblogs.com/0140770/2004/12/20.html
Anonymous
December 20, 2004
Well I certainly don't miss the automagically changed home page, unrequested added toolbars, flurry of popups, and self installed spyware that I was plagued with when I used IE. Microsoft has had 9 years to prove whether they know how to handle network security correctly (I figure MS didn't really have a networked machine until August 1995) and have thus far failed. I'm quite willing to give Mozilla the next 9 years to prove themselves one way or another.

Yeah - I know - "Wait until the next version. It'll be awesome. Honest." (c) 1972-2005 Microsoft, Inc.
Anonymous
December 20, 2004
Flame on!
Anonymous
December 20, 2004
How do I trust Verisign? I mean I seem to recall quite a few stolen keys being released in the past. You want security. Use a VM like you did. Don't allow the user to install anything. Without doing a su or RunAs. Oh wait I forgot.....Windows XP wants you to be Administrator by default.
Anonymous
December 20, 2004
Congratulations, you just started a flamewar. >:(
Anonymous
December 20, 2004
this guy obviously does not understand that if one approaches something from a very narrow convoluted worldview people are instantly going to recognize that he's unsuitable to take advice from.

let's get this straight - he doesn't trust a bunch of kids at a school putting out software.
However he'll trust a bunch of execs at a major corporation.

hahahaha

your narrowmindedness is exceeded only by your narrowmindedness
Anonymous
December 20, 2004
"Firefox is an unknown quantity and without any form of formal prerelease testing, I don't trust it"

no prerelease testing? How long was it available in beta form? at least two years.
At least I know that if Firefox crashes, it won't take Windows with it.
Anonymous
December 20, 2004
As a lover of open source and a lover of Firefox, I'd like to say thanks for your helpful suggestions. I hope Firefox will take them on board.

I apologize for all the reactionaries who may mistakenly flame you.

Will Smith
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
How do I trust Verisgn?
Anonymous
December 20, 2004
if it's a choice between possibly downloading a copy of FireFox one time which may be trojaned, which i can check by comparing MD5Sum's after i download, or using IE and being infected with a new piece of spyware every 5 days, i choose to take the 1-time risk of Firefox.

and by the way, on the whole, mirrors have a very good security track record. only very few times has an application been found to be trojaned on a mirror, and checking the MD5 or PGP signature usually prevents the trojaned software from even getting installed.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Do you realise that ALL ur errors did come from all the third parties software u have installed ? Next time to be real, try on a blank install, with no buggy AV or other thing intereacting.

On code signing, Mozilla project is open source and commited in its politics too and the last thing the project will do is to invest into stupid code signing whereas the good old unix md5, sha-1 ang gpg signing are as reliable if not more ( you have 3 unique ways to check your binary ).

Take it or leave it.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
You sir, Peter Torr, are a tool! You REALLY need to take the time you spent analyzing Firefox, and do the EXACT same thing with ALL MS software prior to XP SP2. IE only gained its current level of security as a result of SP2 which has taken HOW many years to reach this level? Think about it.
Anonymous
December 20, 2004
Take a look: http://it.slashdot.org/article.pl?sid=04/12/21/0038235&tid=172&tid=154&tid=109&tid=113&tid=1
Your very own Slashdot thread...
on a side note, I wouldn't trust Verisign with a plastic spoon.
Anonymous
December 20, 2004
To run Internet Explorer, I must trust that Microsoft won't do something bad to me via their software.

To run Firefox, I must trust that the Mozilla Foundation won't do something bad to me via their software.

So far, the Mozilla Foundation has had a much better track record for bug fixes and holes than Microsoft has.
Anonymous
December 20, 2004
The solution is perfectly obvious. Entice a acquaintance to download and install everything before you; then get the binaries from he or she once you have determined everything to be safe and sound.

Everyone needs a guniea pig. A naive co-worker, gullible little brother, perhaps one of your elderly parents if you're the ungrateful type. But regardless, the result is the same: Better them than you!

In fact, I don't trust this webpage.. it's running asp.net. I'm outta here.
Anonymous
December 20, 2004
I never heard of Firefox until this blog.

I installed it and like it better than Internet Explorer now.

Thanks for the tip guys. I'll make sure to tell everyone about Firefox now.
Anonymous
December 20, 2004
4 Words - Lesser Of Two Evils

At least you have to actively choose to install things with Firefox, instead of bugs in IE allowing anyone to install things
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
How can I trust Firefox? Because it came with SUSE 9.2.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
This is some of the best FUD that I've read... Kudos!!!
Anonymous
December 20, 2004
I've used Firefox since .7 and haven't touched IE since. I've never had my computer run so smoothly since I got rid of Microsoft's web browser. You knew you could get your copy of Firefox from the source but you you already knew where you could get a illegitimate copy from somewhere else. Which you knew you wouldn't install correctly. You are not dumb, so don't act like we are. People would have more respect for Microsoft if your company would stop spreading half-truths and misconceptions.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Simple. To borrow a phrase from the X-Files, "Trust no one".

That being said, I have no reason not to trust Firefox at the moment. It's been good to me, hasn't misbehaved, and "appears" to be relatively secure.

On the other hand, Internet Explorer and Microsoft in general have abused my trust on numerous occasions - viruses, security flaw after security flaw, odd behavior / instability, etc. So despite all the Verisign certificates in the world that Microsoft might own, I will never trust IE again.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Verisign can also sign for spyware (excuse me, adware) programs, such as gator and bonzaibuddy. There is no reason to trust a program with a verisign certificate more than one without one.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Seriously, the authenticode system and signing is waste of time.

The vast majority of users don't actually care whether the thing they are downloading is signed - they are easily confused by just another technical nicety. You wouldn't believe how frequently I have to clean users machines from malicious software even when the user has a choice.

I'm sure a malicious person could put a web link which would say "click on the button to have your credit card stolen" and people would still click on it, just because they can.

Note this does not make FireFox better than IE, it just makes the whole argument spurious. The real issue is the lack of choice in any browser when things happen without user knowledge, either by bad design, or bad coding leading to exploits.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
I think a better question is how can I trust Microsoft. Just because a company pays for "signed certificates" doesn't imply they are "trustworthy" or that the products can be trusted. MS has demonstrated that very clearly.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
First of all, I went to the advertised www.getfirefox.com, and was redirected to the real page at www.mozilla.org/products/firefox/.

Funny thing when i went to http://windows.com i got redirected to
http://www.microsoft.com/windows/default.mspx

Should Microsoft also not be trusted
Anonymous
December 20, 2004
I've installed Firefox at least 20 times on friends pcs - usually after I've had to cleanup the mess from Windows XP SP1 and IE. Never once have I encountered any of the problems you describe.
Anonymous
December 20, 2004
You don't trust "ip addresses", but you trust "domain names"? Do you know that one is just a symbolic name for the other?

Do you realize that trust has very many levels, and that Microsoft's problems are at the most fundamental - that the developers and management at Microsoft are completely untrusted? Their skills at making secure software are completely untrusted and unbelieved. No matter how many times Microsoft code is signed, the signature just tells us that we can be sure that the software is insecure.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
"This page doesnt even render correctly in Firefox. Half the article is scrolled way down - you wouldnt even know it is there!! what the..... "

Are you really surprised? This is a Microsoft page. Those pages are designed exclusively for IE. Remember the MSN home page debacle with Opera a few years ago?
Anonymous
December 20, 2004
To each his own. I think you pose a lot of good arguments. However, when I originally switched to FireFox I did so because of 2 features. Tabbed browsing and Pop-up blocking.

Tabbed browsing is simply amazing, the first time I saw it I was shocked neither myself nor anyone else had thought of this sooner. It made (makes) so much sense. Right now, as I sit here, I have 4 tabs open in FireFox. To accomplish the same thing I would need 4 separate windows with IE. Being an IT person, I already have about 6 separate windows running, why do I need 4 more added to the already cluttered taskbar?

I'm not going to touch the pop-up issue, I think we all know and agree on that. Thankfully, IE6 has this (I think, haven't used IE6 much since I went to FF).

Another thing that I haven't seen mentioned. FireFox is available on a variety of platforms AND works on all of them with relatively little difference. My place of work (print shop) has quite a few Macs, as well as a few UNIX boxes that I use (2 FreeBSD boxes, one live, one development, and a laptop, also FreeBSD, sitting here right now) and no matter where I go: Windows, OSX, UNIX, Linux, FireFox looks the same everywhere. I can even share my bookmarks easily! Out of all of those, IE only works on Windows and OSX. I've tried using it on OSX and frankly there are a lot of instances where it just doesn't display things correctly. Let alone the fact it displays things DIFFERENTLY from the Windows version. What's that about?

I'm not trying to convince you of anything. You seem intelligent enough to make your own decisions; you even took the time to try FireFox. However, what I will say is that your entry, in my opinion is nothing more than obnoxious slander, and quite honestly, hypocrisy. If you were expecting FireFox to be without fault, you were one naive developer. Every program has had its faults. The big question is how long will it take the Mozilla team to rectify those mistakes? Then let's compare to how long it will take Internet Explorer to become "safe." As I see it, IE has had 6 major versions, countless minor versions, and we're still seeing bug after bug. FireFox had its first major release, and you've already condemned it.

If you want something that hits a little closer to home, let’s face the fact that after one major release FireFox has already seized up a sizable chunk of the browser market. Even if it doesn’t work right, crashes five times a day and has to have 2 service packs, you know what, it will still be ahead of Windows 98, or Windows 2000. Has 2003 had a service pack yet? It’s been out a year, I imagine it’d about due for one.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
I see, and agree, with most of what you have said about the process with Firefox, but I have a big issue with the "many criticisms of Internet Explorer".

The big criticism isn't that people are fooled into fooled into downloading spyware or adware - it's that some site have the ad/spyware install without users even knowing. There is no prompt, there is no cert auth, an ActiveX control does it for them.

Granted IE bocks these by default, but many people change their settings (not knowing what they are doing) and open themselves up for the problem(s).

There is no "fooling" going on, it's a combo of uninformed users and usability issues in the software.
Anonymous
December 20, 2004
LET THE SLASHDOTTING BEGIN !!!!!
Anonymous
December 20, 2004
there is a link on firefox website that lets you download firefox right from their servers... may be you chose a mirror. IE has got tons of problems with phishing and opening backdoors, ff doesn't. ff is better standard compliance, ie isn't. ofcourse it has many other cool features that ie doesn't. and guess what when i tried to install the software of my new HP laser printer, it said that the driver is not digitally signed which i assume is paying M$ money...
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Unlike IE it is possible to build Firefox from source.
If you are really paranoid, you can download the source, look at it, and build it yourself.
Anonymous
December 20, 2004
I know when I tell anyone to install anything I simply say "Click Next and Agree to everything." This is because even beginning to explain the significance of certificates and how to verify them as being true, valid, and factual.
For that matter, I don't think even I understand what is "Verified to be 'Right'". I didn't know Verisign made certificates for downloads. How do I know you're not making this up.
Anonymous
December 20, 2004
I'm confused Peter... I always thought that security was best accomplished by security. E.g., you would have your operation system and then applications on top of those. That way if the application is compromised, the system isn't.

How does that work while browsing with part of the Kernel? It seems that if IE is compromised, then you're Operating System is compromised. But if Windows was worth anything, then it would only allow the application to be compromised and no super user exploit would be possible.

Alex
Anonymous
December 20, 2004
"This page doesnt even render correctly in Firefox. Half the article is scrolled way down - you wouldnt even know it is there!! what the....."

Is it Firefox's fault it doesn't render a site that was desgined specifically for a standards bashing browser.
Anonymous
December 20, 2004
Let's compare versions.. IE has had 6(?) versions to get this web doohikie right and it's still chock full of holes.

FF has JUST NOW come out of beta and you're struggling to find reasons why I shouldn't trust it!

What happens when FF matures and spits out version 2 or 3? You gonna admit defeat or code something worthy for a change?
Anonymous
December 20, 2004
"we'll never get past the spyware / adware problem"

well I can't speak for the rest of you, but my spyware/adware problems ended when I installed firefox.
Anonymous
December 20, 2004
There seems to be a funny bug in IE; I hit <ctrl>-tab to open up a new tap, and nothing happens. That's the only come back I can think of.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Do you know what else comes from a "numeric IP address"?
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Funny, when the Spyware installs on my machine through IE, I never even get a dialog telling me that the source isn't trusted.
Anonymous
December 20, 2004
So, I want to know why you use a virtual PC. Eases the system crashes does it? Would be great if tools for verifying binaries were distributed as core windows packages. If that were true I wouldn't need to install cygwin to verify my checksums.
Anonymous
December 20, 2004
emerge firefox

Gets me the sources, checks the md5sum,
which came from a different and trusted mirror server from the one which hosted the source. Builds those sources into the binaries which I then run.

Do I trust the Gentoo Portage system?
Yes I do, absolutely!
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
How can I trust you?
Anonymous
December 20, 2004
I have already helped address part of the problem. I submitted a patch for signtool will allow developers to sign their extensions with a digital certificate. Signtool is part of the <a href="http://www.mozilla.org/projects/security/pki/nss/">Network Security Services</a> project. While the patch was submitted this summer the next version of NSS (3.10 which includes the patch) has yet to be released. 

My own FireFox extension is signed by my employer's code signing certificate. 
<a href="http://www.j-maxx.net/abtrans/abextension.php">
http://www.j-maxx.net/abtrans/abextension.php</a>
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Boy, after reading this I think I need to rebuild my system.. All of those unsigned driver installs are scaring me now. Who should I call to fix these?
Anonymous
December 20, 2004
obviously firefox is good becasue nobody uses it so there are no exploits made for it
Anonymous
December 20, 2004
I also deal with users in the 'wild'. The browsing policy at my company is basically up to the users, so we are at their mercy. The first question I have is the author's comment about a 'default' installation of IE6 denying ActiveX installations. Is this under XP SP2? What percentage of company, or even personal (which I imagine is far larger), PCs even have SP2 running yet? How many are even using XP? My company hasn't deployed SP2 yet because there are concerns about it breaking programs. In my experience, IE6's default behavior is to accept signed ActiveX controls. Even depsite the denial of these controls IE6 can still be hijacked and your PC compromised. The fact is that Firefox doesn't have hooks into the OS on the level that IE6 does.

Granted, running untrusted code on a computer is going to put a user at risk anyway. This is the case with either browser.

What is the difference between installing an 'untrusted' browser and installing an untrusted spyware remover? How many users have tried to fix the mess left by a malware attack by installing some piece of software that just happened to show up in a Google search? It's a fairly well known fact that 75% (or more) of the spyware removers out there contain malware or yield false positives to coerce users to install and buy their software...

Competition is a good thing. Firefox is competition to Microsoft and IE. Articles like these, finding petty problems with quality OSS software (7-zip error? That isn't firefox's error, it's another of your OSS programs causing the problem... I've seen blank confirmation dialog boxes with no text in commercial software, that also isn't a firefox problem) are just spreading the FUD. If you want to get my attention (as joe user), create two test boxes (virtual PC). PC1 is a vanilla XP SP2 install (updated, of course) with no frills, no extra software. PC2 is the same as PC1, but with Firefox installed. Now, browse around to some of the known problem/spyware websites, make sure and do this with both Virtual PCs. Then show me the results of Adaware or HijackThis after 30 minutes or so of browsing these sites. Also, reboot a couple of times just for good measure.

Trust certainly is an issue in this case. However, I think when it comes to using a Microsoft product most people do so begrudgingly. How many times do you hear someone complain or rant about a Microsoft product? Finally there is a product out there worth using, and it's making Microsoft take notice.

Sorry I don't have a blog of my own set up. Feel free to contact me at cmdrtallon@gmail.com
Anonymous
December 20, 2004
Hmmm...my comments have not been put up yet....i have posted after that too.....very interesting....

my test message to see if my posts were goin thorugh
"LET THE SLASDOTTING BEGIN!!!"
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Mozilla is better than FireFox anyway. And you can download it directly from ftp.mozilla.org. Problem solved.
Anonymous
December 20, 2004
"I'm sticking with IE too. It's a known quantity. Firefox is an unknown quantity and without any form of formal prerelease testing, I don't trust it."

yup, IE is a known quantity. specifically, known to be the one of the two biggest vectors (along with Outlook Express) of virii and other malware out there. funny how you didn't mention CERT's recommendation to use anything other than IE.

as for your comment on "formal" testing: yes, there is some merit to applying formalized software testing methodology to products, but it's not a panacea. i'm assuming that Microsoft has been conducting such "formal" testing with IE over the years, and yet, strangely, the security holes still exist. as far as i'm concerned, the admittedly ad-hoc public beta testing model used by Mozilla and Firefox generates demonstrably better results.

-Dave
Anonymous
December 20, 2004
The question should be, how can I trust Windows XP when it can get rooted within 4 minutes of getting connected to the Internet?
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Oh, Peter... How quickly you <a href="http://www.microsoft.com/technet/security/bulletin/MS01-017.mspx">forget</a>.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Die Microsoft! Die a horrible and painful death by a thousand throw-ups and homosapien bacteria that digests you from the inside out! Mwahahaha!
Anonymous
December 20, 2004
You mean you can't trust firefox because it downloads from some "random" university server? Then what do you say to The Fedora Project, Open Office, or any other open source program that uses university servers? The reason a university server is used is because the project is not funded through a major corporation like Internet Explorer is. The servers are generously donated to the project and are all approved by the leader of the firefox project. I'm sorry if they dont have billions of dollars like Microsoft does to run servers for a program being downloaded 500,000 times a day. But hey if you don't like Firefox then uninstall it and don't use it. Believe me I would do that with Internet Explorer if I could.
Anonymous
December 20, 2004
You must be out of your gourd. I was a die hard MS user until just a few short years ago. I have designed and implimented 3000 seat windows XP deployments across an enterprise. I have been MCSE certified since early in the NT 4.0 days. I have to tell you that ever since I switched my parents to Firefox, I have NOT HAD A SINGLE PHONECALL from them saying they get these annoying popups. This was well over a year ago.MS has no clue and whichever boss of your put you up to writing this "scare" article should be shipped to Faluja and forced to shout I am an American. Repeatedly.

Some of your points are BARELY valid, but the chances of Firefox be comprimised are about as remote as IE not having another 5 security patches in the next few months.

In otherword it ain't gonna happen.

Mike
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
There is no IE for Linux (yet). Maybe if they ported IE to Linux we'd have a browser war on a different front.

Wait - no we won't.

Of course, that's assuming MS would even be able to port code that they seem to have no control over.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Let's see. Firefox version 1.0, IE version 6.01 (or some such). And five 'features' missing. Not bad.
Anonymous
December 20, 2004
You're scared of downloading software from DePaul University's FireFox mirror but you trust IE?

WOW, we know who feeds you!
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
While there is no reason to flame - Firefox is hands-down better than IE. I didn't have any of the problems you described. I have never suffered spyware/malware since installing. Verigsign costs money but OSS devs donate their time - why would I make them pay for something to validate something they are giving away already? That would be a slap in the face.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
<Quote>
Alex
"This page doesnt even render correctly in Firefox. Half the article is scrolled way down - you wouldnt even know it is there!! what the....."

Is it Firefox's fault it doesn't render a site that was desgined specifically for a standards bashing browser.
</Quote>

in reply to this the problem was put in on purpose. if you scroll in the html you will find which will cause the text beneith it to go below the end of the side menu. If you change this to simply the page will display without the gap. You might want to notice that the site is also not designed for anything other than IE.
Anonymous
December 20, 2004
Bill Gates: Peter, what sort of sycophant are you !!

Peter: What sort of sycophant would you like me to be ?
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
"But just because it doesn't currently have any unpatched security vulnerabilities talked about in the press doesn't mean they don't exist (Secunia currently lists three unpatched vulnerabilities, for example)."

Have you checked out IE lately?

http://secunia.com/product/11/

Compare IE and FF which would you rather use?
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
way to flame a good product. nothing like the ms pr wagon at work.

fortunately, we preinstall firefox/thunderbird for our users at work, so they are not presented with such issues. :)
Anonymous
December 20, 2004
As a former rhetoric major, I must confess that this invective made for a most entertanining, though utterly unconvincing, read.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The Problem isn't Firefox or Internet Explorer, it's Windows itself. The security model is flawed from it's very foundation. None of the problems noted above exist in the Linux version of the browser. Linux is gaining ground on the desktop every day. It's only a matter of time before it makes M$ obsolete.
Anonymous
December 20, 2004
A few points.

Firstly, as pointed out by lots of people, your blog doesn't render well in Firefox. And no wonder - I ran the page through the W3C HTML validator (http://validator.w3.org), and its full of errors - specifically, you've got closing DIV and SPAN tags that don't match opening ones. No wonder it doesn't render well - did you specifically design the page to render properly in IE and not Firefox ? I'm sure I could write a page that does the opposite. I don't, I try to stick to web standards as much as possible (ie. standards published by W3C, not by MS).

Re. downloading Firefox from "some random university" - hey, I've browsed through the Microsoft website in the past to download software, and have been referred to weird-looking places where the software resides (places that, at first sight, bear no relationship to Microsoft).

As for the problems you experienced while installing Firefox (dialog boxes with no text, etc.), all I can say is that I've installed the program at least a dozen times in the past, and the install hasn't missed a beat. Maybe your problems were caused by spyware that got installed on your PC while you were using IE ? :-)

As for the advantages of only installing digitally-signed software, that's been attacked by others on this blog, so I won't even bother.

I can't believe that people actually USE IE to surf the web. I've seen so many PC's chokked full of spyware and stuff, as a result. I'll re-iterate a point made by other posters - install Firefox, and your chances of getting hit by spyware go from highly likely to virually nil.

I take your point that the way Firefox works tends to make non-technical users do things that are not best security practice. Firefox has just reached version 1.0, and is therefore still a relatively new piece of software. But, finally here, let me make the following two predictions:

1) six months from now, the usability issues you raise will have been addressed my the Firefox developers (thanks to articles written by good people like yourself), and Firefox will be a secure product, in both technical and usability terms

2) six months from now, surfing the Internet using IE will still be as dangerous as walking into a minefield wearing a blindfold.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Normal disclaimers apply. I am not responsible for anything, and neither is Microsoft.
--
US antitrust lawsuits say differently...
Anonymous
December 20, 2004
Code signing seems like a good idea on the surface, but there are a number of issues with it:

It uses a central authority to sign all the keys. Of course, if this authority were compromised, the damage would be higher than if there were no code signing; at least then people would understand that they should be careful! Further, central authorities seem to make technical and security decisions on the basis of popularity, leading to using known insecure solutions like MS Windows and IIS. This raises the liklihood of a compromise.

Secondly, code signing is mostly useful in situations where the end user is prevented from being able to check what they are running directly. If you don't have (and can't get) the source code, there is no reason to think you're safe. Widely available source code is the best defense against compromise; code signing is a second-rate attempt to patch this real problem with a centralized, marketing-centric pseudo-solution.

Finally, no matter what software an end user installs, it should not be able to trash his computer or other software. Only an administrator (perhaps the same user, after jumping through the authentication hoops) should be able to make changes that could break the system, eat up all the resources, or cause many of the problems that malicious software is supposed to cause. Instead of asking people over and over whether they "trust" the host they're downloading from (and who can say? Do you know the admin of every webserver you visit?), the system should simply ask them for an administrative password if the action to be taken by the software could be detrimental to the system. Then, instead of warning people not to accept software from "sources" they don't trust, which only causes paranoia, responsible OS vendors could say, "Never type in your administrative password unless you decided to do something that would require it; software that you are installing should almost never need it."
Anonymous
December 20, 2004
Verisign Code Signing Cert = $400
Not a lot of cash, if you ask me
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Microsoft bashing firefox? You don't say!

You haven't even made a good case, I've never seen your "errors" so you obviously have some issues with your VM that you need to sort out (which I'm guessing is microsoft?), and you can check the authenticity of a release by getting it from the horses mouth if you want. There's absolutely no need to buy a verisign certificate, what a waste of money.

A bunch of kids at a university? Wake up would you, it's just a mirror.

This article is a joke.
Anonymous
December 20, 2004
Peter,
Great post!

( http://weblogs.asp.net/ptorr/archive/2004/12/20/327511.aspx#327636 )
Anonymous
December 20, 2004
Work IT. People bring their computers to me all the time, infected with all kinds of spyware. Many of them have teenaged kids who will download anything they can get their hands on. Get rid of spyware, install Firefox, remove all IE icons, they dont know the difference. The internet is the internet. No more spyware, no more complaints. If Firefox can defend itself against the dozens of teenagers I have pitted it against, I see nothing wrong with that.
Anonymous
December 20, 2004
"This page doesnt even render correctly in Firefox."

Maybe because it has 92 W3C HTML validation warnings. IE does handle poorly-written web pages better than Firefox.
Anonymous
December 20, 2004
PGP
MD5
SHA1

You could have used any of those, or even all three. You work for one of the top software companies in the world and you don't know how to get a checksum or check a PGP signature?

Geez... standards in Redmond must be slipping...
Anonymous
December 20, 2004
GRC to MS: "warning, your code is higly insecure"
Secunia to MS: "warning, your code is higly insecure"
Eeye to MS: "warning, your code is higly insecure"
etc.
Consumer: "help! I'm infested with spyware and 5 viruses are currently deleting all my data!"
Microsoft: "Gee wiz, indeed. And seems like those guys working on MacOS/Linux/FreeBSD/etc. are outcoding us on every side! Better do something..."
Microsoft after SP2: "Wow! For the first time in our company's history our programmers seem to have actually written decent code! We must be an AUTHORITY on security now! Let's go criticise other people's stuff!" :)
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Peter

I'm sure your boss is very impressed with your defense of IE. Your promotion and bonus check are on the way... er... yeah.
Anonymous
December 20, 2004
Never write a critique of bugs in a piece of software's installation process when you are running the software under Virtual PC.

That's all I have to say.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Internet Explorer is a browser that is riddled with many inherent flaws and problems which microsoft WILL NOT FIX, because they want to make money instead of actually making a quality product...

Firefox is much, much better at security and has awesome features such as tabbed browsing and a little talked about feature - when you select a phrase or word, and right click , there is an option to search the internet for it. This is the kind of features and innovative ideas the Mozilla team thinks of. And not to mention, the fix the bugs found unlike Microsoft.

I like firefox and use it all the time, even now ;)

/.
Anonymous
December 20, 2004
What a pathetic shot in the dark. If this is the best arguement you've got against Firefox then M$ might as well pack up shop and close it's door. You've all sat on your laurels long enough to allow an open source solution get it's foot in the door (5% browser market share) and pretty soon your other over-priced products (Office specifically and later on Windows) will go the same way (due to OpenOffice and Linux, etc.).
Anonymous
December 20, 2004
Peter,
Great article. I'm an avid Firefox user b/c its so convenient and I trust the underlying code base more, but this article does an excellent job at pointing out ALL of the security aspects I take for granted b/c I'm a knowledgeable user.

Its disappointing that the previous commenters missed your point completely - that a "typical" user must make alot of insecure actions. Knowledgable users like us have exponentially better instinct as to what is trusted and what isn't.

In order to help make things more secure, we need to change people's behaviors, not just tell them to use another browser.

<rant>
Its VERY disappointing that my fellow Slashdotters don't seem to get any of that.
</rant>
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
What I don't like about this article is that all of these "problems" were around long before IE added their security measures to SP2, and is attempting to make it seem like Firefox is unsafe because it does not include the safety features MS integrated only a few months ago. These are't vital security measures we're talking about, I don't need my web browser to tell me if something I'm downloading is safe or not, I have the common sense necessary to figure this out myself. I understand that some people may lack that, but wouldn't it be better for those people to learn how to distinguish this sort of thing for themselves than it would be to hold their hand and let them remain ignorant?
Anonymous
December 20, 2004
Boo! What's this censorship bullpoop! Tell me what a police state looks like, this is what a police state looks like! I'm burning my copy of XP in effigy right now! Die!!!
Anonymous
December 20, 2004
The big difference is, Mozilla will never eat anti-spyware companies and charge users for the fixes they should do themselves - yeah i know this was not even sarcastic, it's really a joke on Ms, but hey, Ms has always been obvious. (obviously bad)
Anonymous
December 20, 2004
of such is the kingdom of Micro... i mean heaven.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Another point that hasn't been raised yet is an issue I recently experienced on my XP Service Pack 2 equipped computer. That is, I visited a website (gametrailers.com at the behest of one of my co-op students, who was intent on showing me movies of the latest version of half-life) and was greeted with the information bar. Internet Explorer had blocked a pop-up. I welcomed this, as I hate pop-ups. But what's this? A pop-up window appeared anyway, containing an iframe pointing to gator.com. I was then asked to restart my computer. After extensive analysis I found that indeed nothing had been installed on my computer, and nothing in the registry was changed. However it led me to continue using Firefox. I've been attempting to switch to Internet Explorer because I like the way it "feels". It has a certain flow to it when I'm using it that I just can't reproduce with other browsers. I have all the latest patches, service pack 2, and I'm using Internet Explorer's default security setting for the Internet zone, and I'm still subject to serious incursions. Yes, it's a serious incursion even though no software was installed. The purpose of the popup blocker is to block popups. Not only did it not do this, it allowed the only popup that could do the most potential damage to my computer. I want to use Internet Explorer. I like it better. But I don't want to look over my shoulder every time I do.
Anonymous
December 20, 2004
Your parinoia might have more ground if this product weren't already successfully in use by plenty of customers. Me being one of them. You also seem to be having a number of problems that the average user doesn't experience. Security issues also aren't the only reason people choose to use Firefox. No matter what browser you choose, common sense can protect you from most of the problems hovering around the internet. Firefox is simply a better browser all around.
Anonymous
December 20, 2004
"Normal disclaimers apply. I am not responsible for anything, and neither is Microsoft." Yeah, we know.
Anonymous
December 20, 2004
Code signing isn't the end-all, be-all. You raise some valid points about there needing to be a method for ensuring the validity of the Firefox executable. However, the emphasis on Verisign code signing certificates seems to forget Microsoft's own experience with these beauties: <a target="_new" href="http://news.com.com/2100-1001-254586.html?legacy=cnet">http://news.com.com/2100-1001-254586.html?legacy=cnet</a> It also neglects the fact that many people downloading Firefox have completely lost trust in IE. Right or wrong, that trust was lost due to BAD EXPERIENCES with IE. Thus, no one CARES what IE complains about because it isn't a trusted source. Think of it like the compulsive liar you are leaving telling you "you can't trust him! Trust me!" -Charles
Anonymous
December 20, 2004
How can I trust Microsoft?
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
www.Apple.com
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
This article has to be a joke. If not, where can I snag a job for spreading such lies?
Anonymous
December 20, 2004
Why did XP down default to RUN and not SAVE?

Is that "safe usage"?

But then if you did save it, you could have checked the MD5sum instead of just trusting the site.

Boy, you have BAD internet skills.
Anonymous
December 20, 2004
It may be fair comment to say that the Mozilla Team should clean up their download security measures but look past this and you'll find a far superior product to IE. On 2 clean computers run IE on 1 and Firefox on the other for a week of regular us, then sweep it with a program like AdAware for Spyware and see which browsers better.IE is buggy and full of holes whilst Firefox, if not perfect, is a lot closer to perfect than IE has or will ever be.
Anonymous
December 20, 2004
Okay. You can't trust FireFox before installing it, and you can't trust IE after installing it. Go fig.
Anonymous
December 20, 2004
It all comes down to computer literacy. The more people know about spyware and adware, the less they will have to worry about browsers "protecting" them. Firefox still rules.
Anonymous
December 20, 2004
All those features you're blahhhing about are new to SP2, so if you were looking at IE a few months ago what ground would you have to stand on?
Anonymous
December 20, 2004
Dude, was that really Will Smith?
Anonymous
December 20, 2004
Good artical, I use firefox because well, I get less adware and spyware on firefox then IE, the kind of adware that don't give you nice dialog boxes allowing you to say, no I don't want that.... Its better then IE, but not flawless.. Thats for pointing out some ways it can be made better
Anonymous
December 20, 2004
I wrote up my response to this article on my weblog. Here is the link to it: http://jmweirick.blogspot.com/2004/12/why-i-trust-firefox.html
Anonymous
December 20, 2004
I trust Firefox because I trust MD5. I always check the sources I compile with the MD5 key, and - since collisions are rare - I trust it.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
This is what the "Secure Deployment" part of Microsoft's SD3+C campaign is all about; we design and develop secure software, but we make sure that customers can deploy it securely as well.

1) Only on new hardware... So no help for Win98 Users.
2) Only after buying a new copy of the OS, can't transfer an OEM version.
3) Default to RUN and not SAVE on downloads of EXE. (Shown by his own snap shots!)
Anonymous
December 20, 2004
How can we trust IE. I never downloaded it, it was just on my computer. I'd like to see the source code of anything installed.
Anonymous
December 20, 2004
Too easy, tools->options

Go to "Downloads" section.
Click "Plug-Ins"
Untick the plug-in you want disabled.

Menus are in different locations for Linux version (edit->preferences, then proceed as usual).
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
I used to use IE - and my laptop was always full of adware/spyware. This spyware was being installed without my knowledge - no dialog boxes came up to warn me that this spyware was being installed or if it is signed or unsigned. Should I trust that ?

After reading about it on slashdot, I switched to Firefox - my computer has now been spyware free forever. I never have unexpected processes running. Life is good, again. I've even removed all the anti-spyware software I had.

I can't decide if you're so cut off from reality in M$oft Land or if you're just trying to impress your manager by taking a shot at FireFox. Maybe you keep installing fresh images on your development boxes, so that cleans out your spyware ... the rest of us aren't that lucky.

Also, I do have a favor to ask, can you please remove the code that stops me from uninstalling IE ? I know numerous people who would love this "feature".

cheers,
rouble
Anonymous
December 20, 2004
Metro - Firefox - 2004
Retro - IE - 2001
Anonymous
December 20, 2004
Well, this is just really shallow. I mean you are complaining about things that are:
a) Installation related (could be the OS's problem)
b) Not security related
c) Completely irrelevant

Default options are never good enough. Some like it this way and some prefer it that way.

By using such hilariously ridiculous arguments, you weaken your case.

And all this coming from a person that refuses to switch to any other browser simply because I just love the way IE does things. All things! I know how to use security zones and I have only had problems with spyware once. Once I took care of that, I haven't had any problems.
Anonymous
December 20, 2004
I can speak from experience that firefox is a hundred times more secure than IE. Not only is it less vulnerable to the copious of buffer overflow and other attacks, is that it is much more intuitive than other closed source system(not to mention that bug fixes are thousands of times faster). Also, Peter, if you can't figure out how to disable a plug-in then you are more illiterate(sp?) than I gave you credit for. Check out www.getfirefox.com and www.hackermedia.com!

Nyx
Anonymous
December 20, 2004
how can i trust microsoft? honestly, what makes a multinational corporation more trustworthy than a bunch of open source free-software programmers? tell me, please, i'm dying to know why making a lot of money means 'integrity'.
Anonymous
December 20, 2004
The reason why you most likely were downloading from an .EDU site, was the fact that bandwidth isn't free, and the Mozilla Foundation survives off of donations... Ever heard of Mirrors? Ever heard of MD5 to verify integrity of files? Oh wait, you use Windows -ONLY-, I guess you haven't!

Lets think about this for a moment too... If I install a bad ActiveX file (equivalent to a FireFox Extension as far as portability). I could have my entire Machine hi-jacked. But from what I've seen, if I were to install a bad FireFox Extension, it would merely hi-jack just the browser, not much else. FireFox limits it's features to itself (trapped in a sandbox).

What's worse, losing just a 'browser', or losing your entire Machine, possibly saved passwords and banking information (if you use other Microsoft products)? That's a tough one, lets do lunch and compare notes!
Anonymous
December 20, 2004
If people can't figure out who to trust, or understand the risk, then that is nobody's fault but their own. Firefox is free, and comes with no warranty. If it did, I could understand the requirement of digital signing. It is the user's responsibility to understand the risk and deal with it apropriately. Freedom comes with responsibility. If they want to live under the software dictatorship, then they can keep paying to do so, and remain ignorant to the technology they use.

The security in firefox is that it is not intregrated into the OS so deeply that uninstalling it is impossible. Another pro is that it doesn't install anything without prompting. And the browser IS open source, so if someone wants to make known a bug in the code, they can. And they can patch it if they want to. Any submitted patch can be examined by ANYONE.

You can't argue that IE is the root of all spyware problems due to it's inefficient design and integration.
Anonymous
December 20, 2004
Well, my parents and in-laws, both sets are fairly unsaavy computer users. Not geeks at all. I've had to remove around 70 pieces of spyware and viruses from their PCs at least twice while they were running IE. The last time, I installed FireFox. Admittedly, I wondered if they would be able to handle a browser that, yeah, might be a little less average user friendly, but I didn't want to waste any more of my life removing viruses and spyware. Since I installed it (and Thunderbird, as well) they have had no instances of spyware or viruses. Go figure. I'd say, 70 million points for Firefox for saving me hours of fixing their PC, and Microsoft needs to go back and rethink its design practices.
Anonymous
December 20, 2004
You know, I never rely on ANY ms warning about security from Ie. If microsoft spent as much time hardening their browser as they do bloating it out with all kinds of cryptic security warnings then maybe it would be semi-trustworthy. MS hiding behind a shield of "security" is laughable. IE is the problem, and MS still has NO SOLUTION.
Anonymous
December 20, 2004
Ever heard of MD5?

[The MD5 algorithm] takes as input a message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input. It is conjectured that it is computationally infeasible to produce two messages having the same message digest, or to produce any message having a given prespecified target message digest. The MD5 algorithm is intended for digital signature applications, where a large file must be "compressed" in a secure manner before being encrypted with a private (secret) key under a public-key cryptosystem such as RSA.

This is how security and integrity of firefox is maintained -- md5.

To learn even more about how to use it in linux type man md5sum, wait, do they even have Unix based machines in Redmond?
Anonymous
December 20, 2004
The simple fact is that I'd much rather trust an open source application where the code is public and subject to scrutinty then a closed source browser known to be riddled with many bugs and security holes, some which still aren't patched to this day. Yes firefox asks you if you want to install software/plugins which is minor security risk to novices. Compare this to internet explorer where you can get code run on your machine simply by visiting a malicious website.
Anonymous
December 20, 2004
thank you!
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Perhaps Microsoft should be a little less concerned over the security of Mozilla's software and be a little more concerned about the security of their own.
Anonymous
December 20, 2004
I am allowing all comments that aren't completely full of swear-words, but I have to go home and eat something now, so there will be a delay in your comment appearing...
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Although you do present some problems with the naming of the mirrors, and a small glitch in the installer dialog (even though i never had that problem) I still believe it does not outweigh all the security flaws found in i.e.
Anonymous
December 20, 2004
Before I say anything else, I will mention that there are some perfectly valid points here, and I can understand both sides of the argument. However, I tend to prefer open-source for so many reasons - it just fits me better. Right now I use Slackware Linux (www.slackware.com) and think it's the best ever created.

Microsoft is horribly insecure, I won't deny it. I only keep my copy of Windows installed so I can play "The Sims," and even then I'm hoping ReactOS (www.reactos.com) will eventually mature enough to support it.

Open-source is done by the people, for the people, instead of by a company, for money. If you don't trust open-source, I don't think you can really trust anything.

By the way, this page renders just fine on my laptop in Galeon (http://galeon.sf.net) which is Mozilla-based.
Anonymous
December 20, 2004

Do you trust these "enthusiasts"? I know that a lot of them are well educated, Phd wielding, CS gurus. But I also know that there are a bunch of incompetent/untrustworthy individuals as well.

Sort of like the programming staff at Microsoft, huh?

Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Wow, My confidence in MicroSoft Software has increased substantially.

Can I get my IE6sp2 for my Windows 2000 customers today? No, wait, I have to purchase a Windows XP licence and install that. I rather the easiest option of installing Firefox than forking more cash over to MicroSoft and then downloading 200+ megs of signed Updates. 1 unsigned update vs 200+ megs of signed updates, who do I trust?
Anonymous
December 20, 2004
Why don't you write about all the flaws and months it takes MS to fix them as opposed to the days it takes the mozilla team? I know, because your site could not support the bandwidth for your frivolous nitpicking.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Some of the points mentioned in the post are true. I guess that these worries will be taken care of and make a better Firefox. And nah no chance of switching back to Internet Explorer.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
But by using Firefox. I am downloading something and installing that in my machine. But What about firefox. But with IE without my knowledge everthing happens. Everyday i am coming out with some Toolbars some new processes running in machine.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
How can I trust Internet Explorer? Internet Explorer will install signed binaries from adware companies behind my back using unfixed flaws in the browser.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Great article. Its amazing how folks jump on the anythings better than IE bandwagon without looking into the details. FF is good, IE is good. Its a subjective choice, but to claim Firefox is the all together most secure browser is well ...very slashdot.
Anonymous
December 20, 2004
Your comments are disingenuous. Many of the spyware installs DON'T inform you that they are installing themselves but utilize security flaws in IE and install themselves without user intervention.

That the best comeback you have a against firefox--code signing?

Only a MS flunky would focus one a problem that even MS hasn't even solved.
Anonymous
December 20, 2004
Has everyone noticed that when Microsoft can't compete they begin blasting FUD with both barrels? This has to be the most stupid complaint that MS-FUD generators have come up with to date.

Get a life MS - and you might want to use Firefox to do it!!
Anonymous
December 20, 2004
<a href="http://dll.nu/?e=20">Trackback</a>
Anonymous
December 20, 2004
to Jon_K check out this slashdot article : about the MD5 being 'broken'

http://developers.slashdot.org/article.pl?sid=04/12/07/2019244&tid=93&tid=172&tid=8
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
If this FUD is intended to scare people from switching to FireFox, I believe it will be counterproductive because the more the FUD is debunked and facts are openly discussed (IE scaring insecurity for example), the more people will know that FireFox exists, try it and find it superior to IE.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004

It's good to see the microsoft marketing machine adopting new ways of pushing bad software. Afterall, it's not about the software most of the time, its about the marketing.

Those of us that know better will ignore this kind of uninformed and devicive rubbish.
Anonymous
December 20, 2004
it is very sure firefox can be trusted then IE... this is my point....before this with IE there are always adware although i never browse & save from unknown website... but with firefox (3 month already)...i am running without any adware program....and just for you info i am totally remove IE from my WinXP
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
I wonder if a non-profit organization can sue for reasons of slander/libel in the U.S. I guess not, since there are no actual monetary damages.
Anonymous
December 20, 2004
As you can see, Mozilla.org redirects you to a trusted mirror when you click on the Download link.
Despite the UI designs of Firefox are considered unsafe, the software framework is secure.
Unlike Internet Explorer, which has a considered safe UI, but an easy-to-exploit engine with lots of security holes discovered constantly.
And, comparing Firefox's installer is pointless. Internet Explorer comes bundled with Windows, so Internet Explorer doesn't need a installer.
To be more precise, bundling Internet Explorer with Windows is as bad as unsigned plugins without suggestions. Users have no idea that the Windows installer will also install Internet Explorer with Windows.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
To Quote you:(Always remember the Ten Immutable Laws of Security, and in particular Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer any more.)
Isn't that the Microsoft Business plan?
Anonymous
December 20, 2004
If you want to do some good in the world, get IE standards compliant posthaste. I look at the security issue as a good way to get end users to start using what ends up being a superior browser from my standpoint as a developer.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
he is running a Mac after all
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
I can't decide if you're so cut off from reality in M$oft Land or if you're just trying to impress your manager by taking a shot at FireFox

Dude, you're not paranoid enough. His boss asks him to put up a troll, they collect the responses and bingo! They have a list of missing features and things to fix for IE 7.

It's dirt cheap market research.

Repeat after me: "I love Internet Exploder just the way it is!" and hope they don't notice that it's Firefox you're posting with.
Anonymous
December 20, 2004
I am so glad you pointed out the dangerous threats of "numerical IPs". hahaha.
Is this load of MS FUD the best you could come up with?
This is ridiculous, and will not work on any reasoning, rational computer user.
Gee, I wonder why MS is pushing a purchased certificate system as an attack on free OSS.
One day, MS may try to operate with some dignity, but with blogs like this, and that dodgy TCO report, they are losing more and more respect.
Shame on you.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Lots of talk about 'trust' here...

Personally I put no trust in this article as the author can't even write standards compliant HTML.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
(Always remember the Ten Immutable Laws of Security, and in particular Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer any more.)

you're right... how did I ever let myself get "persuaded" into running anything (from) MS?
Anonymous
December 20, 2004
NOTE: In my comments, I don't specifically name FireFox (rather calling it Mozilla), but I think the focus is there despite my screwups.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
There is a known issue with Microsoft Virtual PC causing blank dialogs in specific cases. Restarting the VM solves the problem. I haven't seen it appear in the MS Knowledgebase yet.
Anonymous
December 20, 2004
I would like to thank you for that very enlightening article. It seems that the liberal media vies to take control of the Internet by replacing corporate browsers with their "free" and "open" browsers, along with their so-called "standards", which are a mess compared to the privately-developed standards which have made (and still continue to make) Internet Explorer the dominant browser in the market. A market share over 90% isn't a monopoly, it's a sign of success.

The Libertarian Party is right behind Microsoft to stop the deceit behind these government-imposed economic policies. If you would like to learn more about me, please visit my blog: http://votebadnarik.blogsite.org/
Anonymous
December 20, 2004
Well "ptorr", you did the first step, you tryied Firefox.

Some issues about Firefox you said can be solved using an OS you can trust. The others(if you still think are issues) you can solve by yourself or request to firefox coders if you aren't competent to do by yourself.

Well, i have a sugestion for you: start your test again and look to the good things of Firefox compared to IE, it'll be more much productive for you. But please, use a decent OS.

BTW, what you do at MS?
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
you're sucha tool.....perfect exapmle of why i wouldnt trust using software from a company that has workers with your mindset and lackluster facts. You should have researched a bit more thoroughly before blogging away your ignorance.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
What a wonderful piece of comical MS propaganda. Thanks, I need the laugh.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Interesting article, some points I agree with (unsigned plugins, insecure defaults). However, I've found in the worste case scenario, that you can delete your entire Firefox profile (in your Documents and Settings dir for that particular user), and remedy nearly all issues.

As a side-note, I'm happy to see you using 7-zip (another of my favorite Open Source apps for Windows).

Flaming aside, there are faults to FF, it's still my preferred browser though.
Anonymous
December 20, 2004
I have been using FF for some time and love it. I trust it much more than IE. But even if security and 'features' were perfectly on par between the two browsers I would still use FF. Why? Light years ahead on standards compliance. Why do I care about standards compliance? Because I design websites. There are tons of great things I could be doing with CSS but can't because IE butchers them. Please fix IE and make it compliant. Having to design for IE is stifling and painful. There is so much more I could show off on the web but IE is holding me back. It's like making a professional painter use crayons.
Anonymous
December 20, 2004
I'd like to point out that this argument against Firefox is completely null and void.

Remember folks, Internet Explorer is the browser that Microsoft suggests you manually type URLs into the address bar to avoid URL-spoofing and a whole myriad of other exploits.

Reference: http://support.microsoft.com/?id=833786
Quote: "The most effective step that you can take to help protect yourself from malicious hyperlinks is not to click them. Rather, type the URL of your intended destination in the address bar yourself. By manually typing the URL in the address bar, you can verify the information that Internet Explorer uses to access the destination Web site. To do so, type the URL in the Address bar, and then press ENTER."

Alternatively, if you're so worried about where you get your Firefox executable from, do the following:

1. Download anything Firefox-related ONLY from mozilla.org and other affiliated sites (such as mozdev.org)

2. In regard to extensions, Firefox 1.0 (by default) comes with no URLs pre-added into the "trusted sites for installing extensions." My suggestion is to do a reality check on the extensions (by reading the comments) and only install extensions from sites related to mozilla.org as I stated above.

The title of this entry should be relabeled: "How can I not trust Firefox?"

This is just another sorry excuse by Microsoft to gain back however many users they lost as a result of Firefox. You should take anything this company says by a grain of salt.
Anonymous
December 20, 2004
Verisign. The same people who brought you sitefinder(tm) when the domains didn't exist.
Anonymous
December 20, 2004
On a side note, I hope this page/site's design looks better when fed to MSHTML than when run through Gecko. But I guess if you're bashing a product that's superior in terms of security, you might as well insinuate that its interpretation of HTML is flawed as well. Great job. Really.
Anonymous
December 20, 2004
The fact that IE can allow an attacker to steal my beloved .NET passport and all of the sensative data within by using one or two simple lines of javascript makes me feel WAY safer than when Firefox 'makes' me download a naughty non-Verisign approved binary. (please see http://shiflett.org/articles/passport-hacking-revisited) I mean serisouly, look at the potential for damage to my beloved computer if I get the wrong one! I'd much rather be the subject of a malicious credit card harvester. Thanks so much Microsoft!.......for not making my hardrive sound like a yeti!
Anonymous
December 20, 2004
the most unsecure and unstable plugin in my IE did come with a "CERTIFICATE"!!!!
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
I don't think anybody do trust Firefox or Linux or any other open source apps distributed over the net. Firefox users who think they are safer would definitely understand what they are doing when they got hit with malicious software. Let them suffer and see the value behind IE. They will better understand whom to trust, after they realize that firefox folks do not care about their security in the first place.

I use firefox btw, but I trust Microsoft and IE more than I trust mozilla, and I think IE is definitely more secure than Firefox.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
This website doesn't display properly in Firefox...but does in IE.

Feel like making a standards-compliant browser? Please?

And why in your VPC? Isn't Windows good enough for you?
Anonymous
December 20, 2004
Hahahahahahaha...

So your the person they use when they want to know if its idiot proof...
Anonymous
December 20, 2004
And so at last the beast fell and the unbelievers rejoiced. But all was not lost, for from the ash rose a great bird. The bird gazed down upon the unbelievers and cast fire and thunder upon them. For the beast had been reborn with its strength renewed, and the followers of Mammon cowered in horror.
Anonymous
December 20, 2004
I find it even more interesting that he failed to mention that you have to force-enable the XPI installer to allow sites to install anything to Firefox.

But that's just me.

I tend to notice funny things like that.
Anonymous
December 20, 2004
How can I trust Internet Explorer. The only problem you pointed out with firefox is flaws in obtaining it (which you probably initiated by cancelling the download early). After obtaining a good copy of firefox can you point out as many problems as with internet explorer? I think not...
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
I'm curious... If you didn't trust the first site you went to, why didn't you look for one that you COULD trust? With the number of people who offer the file, couldn't you just search on it or try a site that you knew like download.com. If I recall correctly, the site gets certified, not the download.

It's a mistake to point out an imperfect feature and use it to demean the entire body of work. Especially if this problem is easily avoided. Pointing out some of the flaws is appreciated, but the rest of the tone sounds a lot like MS manufactured FUD.

I've defended both MS and Linux against FUD from their opponents... (all you need to do is check my website for confirmation of this) This is the kind of stuff that I defend against.

PLEASE PLEASE PLEASE remember that there are actually people out there who know what they are talking about on both sides. This kind of FUD just inflames people and distracts them from the real problem: there are script kiddies and code degenerates out there to defend against.
Anonymous
December 20, 2004
"In order to help protect customers, the default install of Internet Explorer will completely block the installation of ActiveX controls that are not signed"

its a good thing gator and other spyware are signed then, since they can be installed automatically for you.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
How can i trust microsoft?

I take just a quick look into the past of the Microsoft monopoly and i ask myslef.. why do i trust this company.....

Oh wait.. I don't..

I never will..
Anonymous
December 20, 2004
You are a moron. windowsupdate.com has been backdoored forever. Copies of Microsoft Windows being exported from the United States gets backdoored by *********** working for *****, yeah like the versions being sent to *****.
Anonymous
December 20, 2004
Optimism :
I think the author of this article wrote the article with a definite objective. I think he thought , this way he would get better feedback about IE and then MS will improve upon it and make it better.
...............<pause>
...............<pause>
...............<pause>
...............<pause>
ROFL :))
Man i cracked myself up :p
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
this dude is a loser. He is jsut mad the LINUX is the future. He and and M$ are just scared and this si a simple little tackict to get stupid people to listen
Anonymous
December 20, 2004
Firefox is a better browser than Internet Explorer. There is no competition. Wake up and see the light. Get over Internet Explorer. And I'm not a Linux lover. I just know what is better for me. And that is Firefox.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Techindepth.com | The Latest In Technology
Anonymous
December 20, 2004
How can I trust Firefox? 
Simple, quit your job and be honest.
Anonymous
December 20, 2004
This is the typical chum that MS likes to throw out to confuse the issue of IE insecurity. Typical.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Hahahahahahahahaha
Don't tell me you actually believe your own question !
What did they do ? Pay you to post this ?

What sort of a moron are you Torr.....

Live with IE. You deserve it :)
Anonymous
December 20, 2004
You really need to reinstall your Virtual PC's OS. You have far more problems, probably caused by internet explorer than can be solved by firefox.

It's a classic case of removing the board from your eye before you point out the splinter in another's
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Who to trust indeed?

I trust nothing, but must use something.

IE. For sites that require a non-standards-compliant browser.

FF. Everything else.

When I must use windows I choose to use W2K. M$ tells me that because I'm a tightwad and won't fork out for ex-pee I must have a 3 year old browser.

I don't think so.

BTW, W2K3 isn't scheduled for release for another 296 years. Can we get it right? It's W2.003E+3 people
Anonymous
December 20, 2004
Recently we started using EPM in our office (top-level decision - no comments!). Naturally, it won't support any browser other than IE.

Reason???

I started IE, typed in the server URL and... within few minutes the server logged me in without asking anything to me!

No questions, no comments and it got my domain login information without me knowing it???

Which other browser in the world will let MS server app do that?

Pretty secure isn't it?
Anonymous
December 20, 2004
Comments are moderated... I wish you do it for the software that you release too!
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The very fact that some nobody from m$ wants to invite trust into a discussion is laughable. That's all that needs to be said.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
As the author claims that IE will inform you about each and every small thing and then ask you if you what you want to do. IE egenerally swamps the user with so many messages and question that the user stops reading all the warnings starts clinking 'OK' or 'Install now'
Anonymous
December 20, 2004
Lack of signing from an alturistic organisation Vs. Malicious and incompetent business practises of a monopolistic company who, even with security as a focus and billions of dollars cash can't secure their software.

I think i'll stick with the unsigned installer thanks, its a small risk compared to running IE in the wilds of the internet.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
A totally biased way of viewing things. Hey "Dodo", remove your MSN(TM) glasses and live again.
Anonymous
December 20, 2004
I think that you've raised some valid points. Having said that...I still think that just about anything else is better than internet explorer. It's not that IE couldn't be saved, but MS hasn't so much as lifted a finger to try to update it in what 3 years? Not until SP2 did they make any noticeable changes.
Anonymous
December 20, 2004
This little bit of text at the top explains it all!!!! "Normal disclaimers apply. I am not responsible for anything, and neither is Micro$oft." with that in mind ill take FF ty.
Anonymous
December 20, 2004
Impressive! I finally realized something! Microsoft's security problem is that they are too busy finding problems with the competition, and not focusing on their own products! Somehow I have the feeling you will be the first of many MS supports fighting as they are backed into a corner by superior, open source products.
Anonymous
December 20, 2004
I like my Fireforx. I doubt anyone could proudly say they like IE with much fervor.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Oh man, this is fantastic, a total backfire !!!!

What was supposed to be a thinly-disguised FUD attack on Firefox has now turned into a drubbing and the sort of free publicity Peter's MS bosses must be furious about !

I note that the vast majority of replies here are along the lines of "You're talking c**p Peter, get a clue" and praising the competition !

I wonder how long it'll be before this thread is "unavailable for technical reasons"?

I briefly looked at Firefox when it was about 0.7 I think? After all this hooplah I have now downloaded and installed Firefox 1.0 (with no problems at all thank you very much Peter!) and I'm loving it.

Here's another user converted.

Keep up the good work FireFox !
Anonymous
December 20, 2004
Apparantly, someone here doesn't know what a university is. Apparantly, someone here can't tell the difference between a student's personal page and the university's site sponsored page. Apparantly, someone here is totally ignorant.

Depaul 4 Life!
Anonymous
December 20, 2004
I agree with peter h. well said.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Great article mate.

I thought about all these things too when I fired up the firefox.

I am now using it mainly because of tabed browsing and some other small featured which IE could really benifit from.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Peter Torr of Microsoft attacks <a href="http://www.mozilla.org/products/firefox/" class="bb-url" target="_blank">Firefox</a> over, would you beleive, security issues...
In Peters blog post threadlinked above he talks mainly from a poin
Anonymous
December 20, 2004
You know that the windows platform you are using has coding from open source mostly Unix variants...
Microsoft programs on an open source OS...
So if they use open source to program then it is clear that THEY TRUST open source and if THEY TRUST open source to make programs you use then why should you not trust open source? Surely every program has flaws and surely everything is secure to a certain point... However it ends up to how much YOU are willing to trust which companie... Are you ready to sacrifice some time to learn more about something to use it properly and to make it more secure for yourself and others or are you just going to sit here and critises other programs because you are pre-judice/stereotypical? In the end it ends up being the consumer making a final choice to what s/he would install off the net and so it should be them who should be vigilant. it should not be companies that tell you what to trust it should be your own decisions... Afterall... in this world how do you know who to trust? or what is the right thing to do? It's guts and experience... They say you should try everything three times, once to get ove rthe fear of doing it, a second time to learn how to do it and a third to see if you like it or not... That's My 2 cents
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
I think your observations are superficial and of academic nature. Your main point is that Firefox isn't signed using your favourite signing technology. If you're that paranoid, relying on signatures alone isn't sufficient anyway. You have to know where the source came from, who wrote it, who reviewed it, who compiled it, who signed it.

Which do you trust more? A binary which you compiled yourself from sources you checked yourself using an open hashing algorithm? Or a binary you received from a multinational company signed by another multinational company using a proprietary hashing algorithm?
Anonymous
December 20, 2004
And apparently (note the spelling carefully) someone is making my alma mater look ridiculous (you didn't misspell that word, but it's a tricky one, remember it for later) by being cocky about said university when he/she can't spell apparently correctly.
Anonymous
December 20, 2004
HAHAHAHA!! This is really funny. I'm happy that I don't ever have to use IE again.
Anonymous
December 20, 2004
Hahahaha... have you ever heard of any university?
Anonymous
December 20, 2004
Oops! I forgot to point you towards this:

http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/1.0rc2/KEY
http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/1.0rc2/MD5SUMS
http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/1.0rc2/SHA1SUMS

Cheers!
Anonymous
December 20, 2004
While installing all these extensions from "anywhere on the web," it was failed to mention that you have to have the option in web preferences "Allow websites to install software" to be enabled (which it is by default), AND the server you are downloading from has to be in this list as well. This means that extensions from anywhere on the web CAN NOT be installed by default contrary to your report. This means you lied, and seriously buddy, lying just harms your credibility. Not that you cared about it in the first place. </me points to the obvious bias> Truly a shame, you otherwise would have made a very important valid point.
Anonymous
December 20, 2004
Well, you sir, are really dumb.
Feel free to see my opinion here:
http://www.refrozen.com/new/newer/content.php?a=wsn&i=9
Anonymous
December 20, 2004
I just loved this.

Really.

I feel that this blog has been written to provide fodder for a FUD campaign.

So basically Firefox has a certificates issue while installing it and plug-ins. OK. This corresponds to 0% of the security problems that I personnally had or heard of. I go to the mozilla web site and I trust them to check on their handful on mirrors.

My issue is not with installation being unsafe, but with USE being unsafe.

My issues have been whith invisible redirects, endless popup loops, Outlook Express viruses. Firefox + Thunderbird solve all those problems for me (though Opera remains my browser of choice as it does all of the above + mouse gestures).

Anyway, I also install my friend's machines. They'll never have to worry about installs... but WILL go to every ungodly site on the web... so my choice is obvious.

I Hope you're paid well... they're getting your mind and soul for it, apparently.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
thx for this great article . now i'm gonna bdl firefox .
Anonymous
December 20, 2004
This article is completely garbage..........

I dont think the security of a browser is in any way affected by the installation process. The security flaw of IE means it's ability to run mal/spy-ware without any of my consent.

Maybe this 'default' button stuffs are correct, but the design problem of IE is that: whenever IE fails something, it implies the fail of the OS. IE's close coupling with the OS make Microsoft fails.

Agree?
Anonymous
December 20, 2004
Running IE is like driving a car with the hood welded shut; you don't really know what's going on inside. While running Firefox on Linux, I know exactly what processes are running and what network connections are being made. Don't trust Firefox? Then try Konqueror, Opera, Mozilla, Dillo, Lynx, BrowseX or Safari. The only one I'm afraid to use for online transactions is IE.
Anonymous
December 20, 2004
I love firefox!
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
It would be nice if every company used certificates....many don't. Of course that does not stop windows from happily downloading and installing programs if someone clicks on a link in a web page or email.

Microsoft is trying to over-engineer their security and are failing at it so very badly.

One of the simplest things MS could do to help prevent the spread of viri is simply having the OS require the users password for ALL installs. Be it programs, browser plug-ins, drivers or whatever. This would put a stop to programs that get installed without the users knowledge.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Instead of spending an exorbitant amount of money on a Verisign certificate, Mozilla Corporations rewards people with money for finding critical security problems in their products. If you ask me, that's a much better use of money.
If Microsoft gave out a few hundred dollars everytime someone found a critical security problem, they would be broke, which is more than they deserve.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Hey Pete, after reading the comments I just thought I'd add:

YOU GOT SERVED!!!!!!!!!!
Anonymous
December 20, 2004
>> Firefox does disable the Install button for a couple of seconds when the dialog is first displayed, but by the time I had finished reading the text in the dialog it was enabled and ready to go. <<

That's the whole point Users are conditioned (largely by MS products) to just click Ok to whatever dialog pops up so they can get on with whatever they wanted to do. The pause prevents this, meaning most people will read the text. Worked great in your case.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
One question comes to mind after reading this..how much extra does Microsoft pay you?
Anonymous
December 20, 2004
Yeah, i'm supposed to trust a webpage running on a technology that, according to its own homepage, has a major security vulnerability? RIGHT....
Luzer!
Anonymous
December 20, 2004
In case you haven't figured it out yet, the blank dialog is caused by Mcafee's buffer overflow protection. It is a known bug. Call them up and they'll send you the patch. It's what we had to do because it was messing with our VB.NET programs at work. You might want to try placing your blame in the right spot next time.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
I find it somewhat ridiculous that it takes an employee of a competing company running Virtual PC to point out these flaws. If it hasn't been mentioned before, I don't believe I or anyone I know have had any errors other than the ones specified bye Internet Explorer (which can be easily explained because why would Microsoft want you downloading a competing Internet Browser?). The flaw then is probably in teh software known as Virtual PC that if I am not wrong is owned by Microsoft, showing two flaws already on their part not FireFox's. next we have to look at the fact that anyone who has rated the browser finds it superior in several aspects due largely to the fact that it deals with what consumers want. Don't get me wrong IE does that too...3 months ofter FireFox does. Also, the whole bit concerning the "untrusted download mirrors"...Well the problem here lies in the fact that unlike microsoft, Firefox is not owned by a multibillion dollar corporation and has to rely on other trusted sites to release it software to the masses (Also, if you were linked from a trusted site why can't you trust where you are linked to). Basically, this is another attempt to try and push the unimportant issues of the Firefox browser because of the fear of its superiority. And I am pretty sure this blog entry was probably done in firefox due to the fact that IE probably crashed a few times while our friend here was trying to post it :)
Anonymous
December 20, 2004
Hi. My name is Dan. I live under a rock. What is this depaul university? And what is 'firefox'?

Will you please tell me.

Oh and you might be able to tell me why my computer is all slow and pop up ads keep coming up.
Anonymous
December 20, 2004
I trust FireFox because thus far the organization that provides has proven itself to have a very credible track record in providing me more secure and better functioning software than its competitors.

It's been decades since I keep up with the technology enough to know if Microsoft's pretty shield icon or FireFox's obscure SHA-whatever are better technical solutions.

But Microsoft's pretty shield icon, as warm and fuzzy a sheild feels, is tainted by the decades of reckless disregard for my computers security shown by it's organization - while Firefox's is backed by a responsiveness nearly unmatched in responding to problems as soon as they're reported and solutions known.
Anonymous
December 20, 2004
Well, it seems to me that Gator, Bonzi Buddy and all sorts of other spyware is signed software. I guess that I should just trust you and download this spyware to my comptuer since it is spyware. I sure am glad that this is all straight now.

Hey buddy, make sure that what you are saying makes sense before posting in a section that is associated with your company. It reflects poorly on them and just makes me think lesser of them (not that it is possible).

Oh, another thing, if you are going to claim to know so much about web browsers and things of that nature, try to keep the number of errors in your code to under 71.
http://validator.w3.org/check?verbose=1&uri=http%3A//blogs.msdn.com/ptorr/archive/2004/12/20/327511.aspx
Anonymous
December 20, 2004
Let's see... Trust Firefox or trust a browser from a perjuring, convicted monopolist that has proven to be insecure. Tough choice.
Anonymous
December 20, 2004
This article only goes to show that M$ is definitely worried.

The King is dead, long live the King.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
If the department of homeland security cannot trust IE now how can I?

Of course most of the problems are foundation related. If you build a house on a poor foundation the house will be compromised. Get a great foundation for your house, give Red Hat a call they can help you.
Anonymous
December 20, 2004
I work in a computer repair/system builder store. Most problems that people bring in machines for are spyware/adware and/or pop-ups, and most of it comes from Internet Explorer. They get anywhere from 300 to 1800 Ad-Aware hits on patched SP2 machines with only one user, and my machine at home with SP1 and several users(none using IE) got 9 tracking cookies on the last scan. Firefox consistently proves itself more able to guard against malicious software and websites, while IE breakm our customers computers.
Anonymous
December 20, 2004
Indeed, don't trust Firefox in combination with Windows.
Used in combination with Linux is more secure anyway.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Setting up any new Windows computer I eventually get to that loathsome, frustrating, and down right scary step: opening IE. I have to do it. I have no Firefox CD with me.

As I open IE I get the Fear in the pit of my stomach. The moment it is up I start hitting the Stop button early and often, but my effort are in vain. I see MSN displayed on the screen, and I know that means I have a few fresh pieces of Malware. That would be the absolute low point of the experience.

From there I simply type in mozilla.org and grab Firefox.

But it isn't quite over yet, you see as it downloads I sit and I ponder what IE could be doing to it. IE could modify it, and Windows could fake the MD5, and no one would ever be the wiser. I worry all the way through the download, and when I finaly run it I feel somewhat unfufilled--my shiney new copy of Firefox has been tainted by the touch of a untrusted program.

Signing a binary is a poor replacement for public source.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
get a life man...
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Someone say this page isn't rendered correctly with Firefox. This true. And what I know is W3C website isn't correctly rendered with IE. How can I trust this site more than W3C site? See here:
http://www.w3.org/Style/CSS/
I just wonder when will IE have CSS position:fixed implemented (not to mention a lot other properties)
Anonymous
December 20, 2004
I typed http://207.46.144.222 in my browser and it loaded up a microsoft page ?!??!!??!?!

WHATS GOING ON !!!!!!?

Have I been hacked ?
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Maybe with MS04-038 ? MS04-40 ?....
Maybe because it's unable to support standards ?
Maybe because it's made by a company that know the meaning of security since... 2 years ?

No, I can't and I will not trust it.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The talk about the commentary about Firefox called How Can I Trust Firefox? is raising an interesting question about security. The idea about SSL certificates signed by Verisign protecting people from malicious software is a piece to the puzzle but...
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Oi fudu...!!!

This is a free peice of software that woops ie.

IE needs a new version now, not in a year or two or they will find good old word of mouth will prevail!!

Google have there own version coming, i wonder if that is going to signed!!
Anonymous
December 20, 2004
it all depends on the user. if the user is ignorant, he'll do stupid things no matter which browser he uses. on the other hand, if the user knows to make educated decisions, it doesn't matter which browser he uses
Anonymous
December 20, 2004
Perhaps you don't need to trust Firefox.
I don't care if you do or don't, if you don't want to be a part of it then don't.
As for the ad in the paper, it wasn't intended for you ok!
So please just turn around and crawl back into your cubicle and go play with some lego or with some visual studio.
There is nothing to see here.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Bonzibuddy uses IE, so you should too.

Bonzibuddy says "Don't do drugs."
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
...except that they appear to have, as usual, completely failed to step outside themselves when analysing something.

So in lieu of being able to welcome them as overlords, I'd like to thank Peter for providing a focus around which to collect such a handy and complete compendium of responses to IE-based FUD.

"Thank you, Peter!" (-:
Anonymous
December 20, 2004
I think Microsoft should use this blog as customer feedbacks and go back and fit IE.
Anonymous
December 20, 2004
It's real simple. I had 113 spyware programs installed in a week using IE. I had 1 installed after switching to Firefox for a week. Since I uninstalled IE 3 weeks ago, that number has been 0.
Anonymous
December 20, 2004
How to trust Firef0x!?
by running it 0n yo0r Mandrake b0x, sux0r!
Anonymous
December 20, 2004
well, you use windows and care about "bunch of kids at some random university I've never heard of?" ;-P
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
But wait a minute?! I thought that Firefox/ Mozilla wasn't a threat in the first place? I mean... you do have over 95% of the browser market share, right?
Anonymous
December 20, 2004
Anyway I trust it more than any M$ program. At least I can remove Firefox from my system if I don't like it, ever tried that with IE??
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
You can always tell a good product by the users.. Intelligent people use Firefox, lazy people who no nothing about computers use IE... hope i haven't been infected with spyware for writing this..i have to run micorosft at work.
Anonymous
December 20, 2004
F.U.D.

This article illustrates Microsoft's tactics of spreading fear, uncertainty and doubt rather than competing on technical and social merit.

As he mentions Slashdot, here is the link to the discussion of this article on that site which comprehensively debunks his FUD.

http://it.slashdot.org/article.pl?sid=04/12/21/0038235&tid=172&tid=154&tid=109&tid=113&tid=1
Anonymous
December 20, 2004
It works just fine for me under Linux, Sun, HPUX and my windows 2000 server doesn't bother me with signing stuff.. my antivirus and spyware removal save me from installing most malware.
Anonymous
December 20, 2004
Wow, almost 1000 comments in less than 6 hours! Many eyes offer lessons in everything from html error detection to English grammar. Fascinating, but I have to go to bed.
Anonymous
December 20, 2004
I must say I am honestly surprised; I, for one, never thought I'd live to see the day when a site appeared supporting IE OVER FIREFOX. Then again, human stupidity is infinite.
Anonymous
December 20, 2004
If there is something about FireFox you don't like. Go into the source code and change it.
-Rob
PS don't forget to submit your changes, so we all can take advantage of a more secure FireFox
Anonymous
December 20, 2004
Alex > I think the first step would be to validate the HTML before the CSS.

<a href="http://validator.w3.org/check?uri=http%3A%2F%2Fblogs.msdn.com%2Fptorr%2Farchive%2F2004%2F12%2F20%2F327511.aspx">http://validator.w3.org/check?uri=http%3A%2F%2Fblogs.msdn.com%2Fptorr%2Farchive%2F2004%2F12%2F20%2F327511.aspx</a>

71 errors... what a shame.
Anonymous
December 20, 2004
Is this guy really serious? Just come to check my PC what IE did for it? Go check my Mom's PC or my sisters. After "removing" (=hiding) IE from them there has not been a single time I've seen them that they didn't thank me for making their computer so much better (and for them that's also security).
Btw, there's some problem with the HTML on this web page.
Anonymous
December 20, 2004
I have never had any security related problems with mozilla/firefox, but plenty with IE.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
FUD FUD FUD

Those that know are running from IE in droves. With IE I would hear weekly from my parents and siblings about the computer being messed up and slow. Over Thanksgiving cleaned out the spyware/adware locked down IE so the only site it could visit was WindowsUpdate then put Firefox, Thunderbird, & AVG on the computer and now my family only calls to say hello and chat.

Viva la Open Source ! ! ! !
Anonymous
December 20, 2004
AHAHAHAAAHAHAHAHHAHA HAHA HAAHAHAAHAAA HOOHOOO AHAHA AH AHA AHAHAHAAAHHHAAAAAAA!! HOHOHO HAAAHHAHHAAH HEHE HEE HEE AHAHAHA AHAHAHAAAHAHAHAHHAHA HAHA HAAHAHAAHAAA HOOHOOO AHAHA AH AHA AHAHAHAAAHHHAAAAAAA!! HAAHAHAAHAAA HOOHOOO AHAHA AH AHA AHAHAHAAAHHHAAAAAAA HOHOHO HAAAHHAHHAAH HEHE HEE HEE AHAHAHA AHAHAHAAAHAHAHAHHAH!! A AHA AAAAA!!

I disagree.
Anonymous
December 20, 2004
If anyone is wondering why this article has received so much more attention than its poor content deserves - its because of Slashdot http://it.slashdot.org/article.pl?sid=04/12/21/0038235&tid=172&tid=154&tid=109&tid=113&tid=1
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
You make quite a valid point with regards to FF and checking digital signatures.

That said, such measures are taken in IE and still spyware and worse are very common problems for IUE users, so the situation might not be as straightforward as you try to present it here.

A very big issue here is that users simply get way too many questions that barely make sense to them, but from which they know that clicking no/cancel will result in something not working. This has created a horde of users who will automatically click ok without thought, and that is an even more dangerous situation.

You seem to also have missed the fact that while many extentions may not be signed, you can only download and install them from pre-approved sources.

Last but not least, the biggest problem with IE is that there have always been ways to bypass all the checks, and anyone who ever got gator/claria/whatever on their machine without ANY questions from IE whatsoever knows what I am talking about there.
Anonymous
December 20, 2004
If you need true sucurity for a large or specialist rollout then compile everything from source and distribute it from your in house servers. Can somebody point me at the source for IE so I can do this ?
Anonymous
December 20, 2004
Note that signing code doesn't make you safe from everything.

See the linked advisories,
"What steps could I follow to prevent the control from being silently re-introduced onto my system?
The simplest way is to make sure you have no trusted publishers, including Microsoft."
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Are we all forgetting that a couple of years back Verisign issued code signing certificates for "Microsoft Corporation" to non microsoft employees? So even this is not enough. See http://www.nwfusion.com/news/2001/0322vsign.html

(or google for verisign microsoft bogus)
Anonymous
December 20, 2004
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQBBj/LbJMSPgG0ezQcRAkdjAJ0TjSrX3/Ao/PpvLlYSphiPPX+rsQCeOqcB
FMrGber5LG+ntgVTlUL6RZM=
=ttFt
-----END PGP SIGNATURE-----
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
I've been using Firefox for 3 months and I love it. It works very well and the extensions are great. I've recommended it to all my friends and they love it as well.

I'd like to know how I'm supposed to trust a piece of closed source software like IE where I have no idea what code it contains? Especially a program with sooooo many security vulnerabilities and bugs.

No thanks I'm sticking with FireFox.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
If your claims were really true, this would be acceptable. But I see it this way; You windows ppl got the worst security imaginable, the firefox browser being ported to windows must be a sacred gift from my point of view. Add to that there are thousands of people DONATING money to tell windows users about it so they can improve their lives for FREE. All they ask in return is a little bit of appreciation. Yet you spoiled ppl go and complain about things that don't even make sense! Unbelievable. Well, if they were true it would be a different story, but then you'd have to report these problems to mozilla foundation instead of this pro-microsoft FUD.
Anonymous
December 20, 2004
That post is really weird. Do you really think like that? You sound like the Borg.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
"I kid you not! -- a numeric IP address"

Wow, really? A real NUMERIC IP address? Man, that's special. I always get alfabetical IP addresses...
Anonymous
December 20, 2004
four of my friends were having problems opening hotmail.com(!) and msn.com(!) in IE last month. they came to me with a problem of reading their e-mails and such in IE (again). i suggested them to try firefox. their problems solved but as an IT specialist i had to find what kinda problem was that. guess what. its impossible to find anything about a bug in a program that is proprietary until the company of that program releases the patch and explains the bug. I imagine if these friends of mine had the same or similar program with firefox or any of the open source browser there will definitely be someone that has seen the problem and inform me about the problem and maybe lead me to write a patch for that bug.

this page does not show correctly in firefox because it is NOT valid HTML 4.0 transitional you can see the errors in the following link. Firefox does not care about a website being IE compatible. only thing it cares is being valid with the World Wide Web Consortium standarts. None of the companies in the universe can forget these standarts create their own.
http://validator.w3.org/check?uri=http://blogs.msdn.com/ptorr/archive/2004/12/20/327511.aspx
Anonymous
December 20, 2004
I trust firefox because... it comes bundled with my distribution (which I trust, duh) - no seperate downloading for me :)

See,
http://packages.debian.org/unstable/web/mozilla-firefox

It isn't perfect, as you can see here (access to source, diffs and buglistings is a wonderful thing, hint, hint)

http://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=mozilla-firefox

Cryptographic certificates required for validation are also packaged,

http://packages.debian.org/unstable/misc/ca-certificates

Furthermore, firefox has sane defaults for handling extension and plugin installations (which you can also turn off completely). Depending on how far you want to take this you can download the source yourself, audit it (hahaha) and build it with a toolchain you trust (on a system you trust, etc, etc)
Anonymous
December 20, 2004
Tu perdeli bļe, stulbenis! Padomā, pirms kautko raksti!
Anonymous
December 20, 2004
Really I don't care what browser I use, as long as it does what i want/need when I want it. How many years have IT professionals lived with the bane that is IE? I for one cannot say how nice and easy FF is and have had no issues with installing any instances of this under any of my vmware images as well.

I can't trust anyone who works microsoft writing unbiased and truthful information in regards to FF considering its a good browser that has passed every test i've find it required for myself and my work.

I know enough people who work for the institution/religion that is microsoft who use FF at home because it's better and SAFER...
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Really I don't care what browser I use, as long as it does what i want/need when I want it. How many years have IT professionals lived with the bane that is IE? I for one cannot say how nice and easy FF is and have had no issues with installing any instances of this under any of my vmware images as well.

I can't trust anyone who works microsoft writing unbiased and truthful information in regards to FF considering its a good browser that has passed every test i've find it required for myself and my work.

I know enough people who work for the institution/religion that is microsoft who use FF at home because it's better and SAFER...
Anonymous
December 20, 2004
FireFox focuses on 'install now' and not on 'cancel' by potential dangerous downloads, yes. But for me, that would be a reason to choose FireFox. I decide whether I trust a download source before I click the 'download' link, not afterwards.

I bet John Average User does the same (which proves itself every time I run ad-aware on my parents' computer... :) ).

In my opinion, focussing on cancel is a good idea in theory, but bad in practice. People will just change their routine from click enter to click left arrow enter.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
the fact, that you qualify a 7-zip error a firefox error shows me, that you can't differ between applications/OS/"services" coupled so thight everything I see on your plattform.

Perhaps you make FF/IE responsible for any 404 you get ?
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
We must trust FF because we are about to start a massive client migration. So, the best browser for non MS platform is FF.
We'll complete the 3000 client migration at the end of 2005.
By AR.
Anonymous
December 20, 2004
Can you trust the piece of software that you write? I don't trust anything that I write... :) This is a matter of faith. Security is actually the best lie someone told us. You believe that you are safe, but you aren't. Even with signed controlled stuff you can sign a piece of malicious software and use some of the "social engineering" to get that software installed on your "victms" computer.

Secutiry flaws on firefox? Oh, yeah, they are there for sure... Remember that we are talking about a version 1.0 of the software. What is the currnet version of internet explorer? Ah... And it still with that lot of bugs? Amazing!
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Well, since IE is signed, but it lends our computer to scumware quite readily, I guess we have to resort to gasp unsigned installers.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
So if IE and Mozilla are insecure, instead of WHINING, MAKE YOUR OWN BROWSER!!!!!!!!!!!!!!!!!!
The web standards are published, so you could make one that complied, and you would be the ONLY person with control over it and who knew about it. This is the best because you aren't gonna flame yourself about how weak, insecure, or poorly designed it is.
Anonymous
December 20, 2004
Typical reaction of Microsoft about a new product which is far better than theirs at the first version. IE is on the market since many many years and at its 6th version.

They should learn from it, instead of flaming it.
Anonymous
December 20, 2004
how can i trust microsoft? should be the real question, with anything they sell me they make sure that i can't sue them for any loss of productivity/ or anything... basically they aren't responsible for their software..

you sir are a bafoon... a stupid bafoon....
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Another interesting question is "How can I trust Microsoft?"

Considering that the company has earnt antitrust convictions on multiple continents and that senior Microsoft executives lied under oath in the US DOJ case, the answer is that no sane person can.
Anonymous
December 20, 2004
I trust firefox, I have been using mozilla for years, but I do not trust microsoft, signed or not.
Anonymous
December 20, 2004
You might want to fix your page: it's not even HTML 4.0 transitional. I think you're missing a couple of closing tags somewhere, causing it to render incorrectly on many browsers.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
This article is very biased.

It assumes Microsoft(R) tools have to be used to verify the contents. It assumes users are stupid, and have to use Microsoft tools to verify the integrity.

Firefox ONLY allows installing extensions by default if the site is signed and comes from update.mozilla.org.

I did never (since the Firefox 0.5 beta) seen the problems cited in the images of this blog.

I do not thing this article is objective. I hope more people react.
Anonymous
December 20, 2004
Like most of the computer competent people posting on this thread, your uninformed comments make me mad. Why? The hundreds of hours I have spent cleaning up friends and family computers from problems which are ultimately your (Microsoft's) fault. When I install Firefox they go away. Ask not for whom the bell tolls, for it tolls for you.
Anonymous
December 20, 2004
I have come up with a simpler answer:

the day I can install IE on a users PC and they don't have any spyware or viruses by the end of the week (ala firefox) then you have something to say - until that day your argument is pointless.
Anonymous
December 20, 2004
I just wanted to say that the author of this post has no clue what he is on about, is clearly a newby to the internet. If for one secont you thought that the people at firefox would/should give money to their enemy(microsoft) to register their software as 'microsoft approved' and that this in itself wouldnt be admitting defeat (to think anyone needs microsoft approval..???).. And another thing, in all my years of using the internet not once have i ever hit 'run' rather than save to disk! - Do you really hit run? I mean your internet temporary files directory must be huge! And if you dont know what a mirror is, you must have been on the internet for all of 5 minutes. Seriously, do yourself a favour follow the steps below:

1. Unplug computer
2. Plug yourself into the power socket
3. Your not microsoft approved!

David.
Anonymous
December 20, 2004
Not security related, but Firefox always claims to be the fastest browser. Though on my system:

- Firefox boots slower than IE
- Firefox opens websites way slower

The only reason why I use Firefox is indeed for the fact that it can prevent me from getting some viruses (like the one's hidden in fake image files). I know I shouldn't mind a slower browser if I get security in return, but then they should stop saying they're the fastest on earth.

If IE had a tabbed browsing solution and the same W3C implementions as FF, a lot of users wouldn't make the switch.
Anonymous
December 20, 2004
Hauled!

They are all hauled!

The truth is that from when use
firefox I do not have every a lot to clean up my PC
with spyware removal tool.

Facts!!!

IE go pension!
Anonymous
December 20, 2004
>>1-1000 is DQN.
Anonymous
December 20, 2004
apt-get install mozilla-firefox downloads and installs firefox directly from my trusted debian mirror ;) the problem is just win i guess :P
Anonymous
December 20, 2004
The M$ countdown has begun.

1 - they will have to open their code more and more.
2 - they'r money will be spent without efficiency
3 - they will have to use their IP to retrieve money
4 - loosing the rest of credibility
5 - the will have to take the OSS train or die.

BUT they will never renounce to FUD like this little post. Do you believe in it ? Do you trust more M$ than Mozilla (for example) ?

I don't think, so i don't fear. It's a matter of time and it's slowly exponential, hihi.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
While I agree to some points you mentioned above that make Firefox "insecure", but still I choose it over MSIE as I trust Opensource. If what you mention is indeed going to be a threat, I am sure the devs over at Mozilla are going to take that in mind and address the problems soon.

Nice post by the way.

Derrick
Happy Firefox User
Anonymous
December 20, 2004
Some MSFT developer is putting up some FUD. aka fear, uncertainty, doubt. Don't do it. If you want to start messing around we can. MSFT has 57,000 employees. Firefox has 50,000 registered users at SpreadFirefox and a wonderful, advanced user...
Anonymous
December 20, 2004
I'm left with no words. You call this a blog? you are clearly being paid to make this stuff up. It's so senseless that I can't find another explanation for so much FUD.
Here I thought blogs were for personal opinions.
Anonymous
December 20, 2004
Why should I trust a verisgn certificate?

Gator has a verisign certificate, C-dilla has a verisign certificate... Since when is verisign a guarante of spyware free, bugfree or any other type of free?
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
"The publisher could not be verified, do you want to install this spyware ?".
Now, if IE users would have answered that question correct, Microsoft wouldn't be in so much trouble. But in fact, they were never asked.
Their fault ? I don't think so.
You're suggesting that installing only verified software would be the solution, but do I have to remind of the fact that signed spyware already exists, and as some pointed out: the verification only tells you who made the software, not whether it's spyware or not.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The FUD you're spreading always reminds me to never ever stop advocating the value of open source.

Thanks you, come again.
Anonymous
December 20, 2004
How can you trust Microsoft? Just a lot of lies... as usual!
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
I am off to bed now; any more comments will have to wait until the morning to be moderated.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Go here to download IE:
https://www.microsoft.com/windows/ie/default.mspx
Check the certificate.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
well, i can
And firs of all, go 2 secunia.com and see what's happening when you use IE.

It's bormal 4 you, you work @MS.
If you were in mozilla team, you would blame ms's IE.

You cannot convince me to change my opinion.
Forefox has already over 11 milion downloads.
And this doesn't mean nothing 2 you ??

The Browser, Reloaded.

P.S.
Try to use Mozilla. It's free :)
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
IE is just as secure as Firefox. only that firefox is easily configurable.
Anonymous
December 20, 2004
your are so biased its unbelievable
Anonymous
December 20, 2004
We all just have to realize that whenever new software is developed there are going to be security issues, it is just the nature of the business.

IE was created very early on during the early childhood of the Internet and thus far has been an assimilation of many programmers and ideas. As time has gone on and Internet security has become more prevalent IE has become more secure through patches trying to secure the security holes created when IE was first developed.

Now you take Firefox, which started out with SECURITY as one of its primary goals, if not its number one goal, you are going to inherently going to have a more secure browser then on that has been assimilated over time like IE. However, with that said, this still doesn't make Firefox 100% secure either.

Addressing you statement regarded digitally signed files and extensions being unsigned etc ... It is to my best knowledge (reference: <a href="https://addons.update.mozilla.org/faq/?application=firefox">Firefox FAQ</a>) that all extensions and themes get assigned and tested by a Firefox technician. Just because Microsoft is big on digital signing doesn't mean that it is the only way to verify that the software is "good". If you trust the source, mozilla.org, for example, which you can download Firefox, extensions, and themes from Mozilla directly then there isn't a problem.

My last point is that you have to remember that Mozilla is an organization run primarily by the donations of users. It offers it products for FREE.
Anonymous
December 20, 2004
If only they had spent some of that money on improving the security of their users by, say, purchasing a VeriSign code signing certificate.

- If anything verisign should give the Mozilla foundation a certificate, it would serve as good PR for verisign too. It makes no sense to demand huge investments in certificates when you're not a huge corporation.
Anonymous
December 20, 2004
You are a complete idiot! IE is a complete piece of trash. Before you go and attack other browsers for being un-trustworthy you should take a look at the garbage Mr. Bill Gates is churning out. I'm willing to bet my house that more people have gotten terrible viruses and spyware through IE and Outlook than anything else. And I never encountered any of the supposed errors during installation that you did.

Please note that CERT apparently trusts Firefox more than IE because they reccomend using it instead of IE to prevent the spread of spyware and viruses
Anonymous
December 20, 2004
did u notice that the 'get more extensions' button is smaller then the 'uninstall' button in the extensions area. how biased can u get man.
Anonymous
December 20, 2004
no offense meant, mr torr. but i really think the points u mentioned in your post have nothing to do with whether we can or cannot trust firefox.
you can work fairly well with firfox without ever being concerned with security issues after you have installed it.

and i dearly hat ie, too. i (and millions of fellow-webdevelopers) have spent too many countless hours trying to make the simplest of websites work with ie.

darn, i'll go get a cup of coffee before i endanger anyone in this office ... we can only hope, that this post wont make anyone who doesn't know a thing about computers use ie instead of ff.

on question to you, mr torr: have you ever seriously tried ff and found it a "wors" (in any way or whatsoever) browser then ie?
Anonymous
December 20, 2004
This blog item seems to imply that:
-firefox is only for Windows
-everyone installs firefox via the mozilla.org binaries

However, many non-Windows platforms (such as most linux distributions) provide a better means than Windows to deploy software, including support for package signing and built-in file verification methods, which are the de-facto standards for installing software on those platforms.

For instance, the distribution I am using provides firefox packages, which were built from source (and the source package is publicly available and contains the original source, some patches, and the signature of the source tarball, and is itself signed by the distributors cryptographic key), and the binary packages are signed by the distribution key. The software installation tool will only install packages signed by certain cryptographic keys without warning the user. The binary package includes md5sums of every file shipped by the package, which can easily be verified.

The de-facto "standard" on the Windows platform is the unsigned setup.exe ...

So, you've pointed out once again that Windows trails in security considerations.

The machine I am using now has no antivirus software, yet I don't get any spyware, I don't see any spam (thanks to Thunderbird), and I get no unwanted popups, but of course I'm not running Windows ...
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Tool.

Get FireFox from a cover CD and be done with it.
You have no clue how stuff works.
Please sto posting about stuff youd on't know a thing about in the future.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
I've been hitting off with IE for years now, and have not encountered any problems, ever.

I can't stand the extra clutter of another web browser on my computer either.
Anonymous
December 20, 2004

i trust people who make a something for free cause they care
not cause they where paid to "care".
Anonymous
December 20, 2004
I forgot to mention that its interesting that Microsoft won't officially say that they are worried about Firefox, but they are forcing employees to flame Mozilla. By the way Peter, I hope you enjoy moderating all these comments and I hope you feel the wrath of the Community. THE PEOPLE HAVE SPOKEN!
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Ha! Don't make me laugh i.e. more secure than Firefox? Not if you're running any OS other than XP, as <a href="http://it.slashdot.org/it/04/09/23/1411217.shtml?tid=201&tid=128&tid=109&tid=1">MS have stopped supporting IE for any other OS.</a>

At least FireFox doesn't force users to upgrade their OSes - and shell out hundreds of pounds to do so - every couple of years!
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Fix YOUR product BEFORE you berate a competitor. You have more than just browser issues to fix, you know...

/using Firefox until IE can rival it.
Anonymous
December 20, 2004
Can anybody tell me what is this Versign?
Do I only have to pay the money the selling company wants to get it?

What tests are made for securing the safety?
Are these test apropriate?
Who makes these Test? - Are they economical independed from others?
Do they have other marketing Interests then selling these Certificate?
Could these Interest conflict with a neutral view on the product which is checked?

Thats the question which are popping up in my mind.
Check these Question and trust no one. If you can answer any question (and others) to youre satisfaction, then you have found a Certificate you can trust. I have not found one I am trusting yet.
For The software:
Since no software is secure, which ways do you have to report insecurity?
Which ways does the company gives you feedback over your report?
Where can you check the true security of the software?
Is this source independent? (now you can apply the question to the certificates here too)

And the most importend:
Because Security is always just an illusion, which software can you work best, take that one.

So thats my 2cent.
bye
Peter
Anonymous
December 20, 2004
Who would you trust, a company - with signed downloads - that's known to release buggy software for the last 20 years, or an Open Source Project where everyone can point his finger to the thing to fix. And gets it fixed quickly.
Anonymous
December 20, 2004
Service Pack 2 fixes a lot of problems with IE - making it more secure and more user friendly but it is too little too late.

Why do I trust Firefox? Because if something goes wrong I know that the firefox people are going to fix it quickly. Because it displays sites the way they are supposed to be displayed and because it IS secure and it is a better browser. I am an unbiased user who switched to Firefox after a tried it out and realised these things.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
I really like your article, even as a Firefox-user. You really pointed out some serious problems with Firefox! But IE has some serious problems concerning spyware which Firefox has solved.

Mozilla.org should
- use subdomains like <supplier>.mirror.mozilla.org
- solve the problem around default-options.
- have better contracts with suppliers of plug-ins.

MS should
- solve the spyware-problem, so my friends don't have to check for spyware after having surfed the internet.
- start using official HTML and javascript instead of it's home-brew one.

What both browser have are the I-don't-want-to-read/understand-but-just-press-enter-users.
You can not ask those users to read, because they don't understand the question.
A possible solutions for that is enabling 'trusted persons' like 'msdn-technician', 'slashdot-users', 'FireFox-crew', 'MS developers', etc. When there is a messagebox there is also everybody's favourite paperclip which says "your advisor (....) chose ..... here" and some more information. Offcourse there must be a big warning when the advice changes. I think MS wants the siging in their own hands, but decentral signing might be a solution in this fast changing world.

In one year or two we have two great browsers which can compete by options and not by security.
Anonymous
December 20, 2004
You've got to be stupid to use the generic default browser your computer came with. Internet Explorer is just as good as browsing the web with Windows Explorer.
Anonymous
December 20, 2004
yes its true that firefox shoudn´t have "Don't ask me again" option for the exe files, thats a insecure because kids that download everything with all people know selecting that can lead to not knowing that exe files are runned without confirmation and can be backdoors. i like firefox, used alot from version 0.8 to 1.0 and what many ppl said is valid than looks more secure, the spyware isn´t installed like in IE (but FF doesn´t have activex), etc and FF doesnt render correctly many pages (like many php layouts) and has weak code for javascript codes (for ex links with cursor effect and text effect, in FF that links in page will not be treated like links, only show as simple text).

in IE if you disable ActiveX, IE becames spyware/malicius code free in SP2.

like i said, i was a FF user but because of many pages doesn´t work properly i was sick of using "view at ie extension" and give a try at maxthon browser. that browser is what IE should be, popup and content blocker, activex protection, etc. and of course no more pages rendered incorrectly

be webmaster fault or FF fault, many pages arent simply rendered correctly and in bug forum 70% of posts are "fix ff for x page", "x page doesnt render properly" etc, and in bugzila, the changes in FF "fixed page x", "fixed render at page y" etc.

Because of this if FF whats to supress IE has to work on that. if MS make IE like maxthon with activex protection etc or even better FF dies
Anonymous
December 20, 2004
When you say 'random' do you really think it is the correct use of the word? Maybe you should check a dictionary.
Anonymous
December 20, 2004
Hm this was interesting... Security is good to have.

What I wonder however is, do FireFox have as good JavaScript handling as IE? Or does the same scripts that work on IE crash on FireFox?

If FireFox can't handle the same scripts written for IE I would never change browser since IE have set the standard due to the amount of users it have.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Interesting points. Why don't you come Firefox developer. By my subjective point of view, it runs faster. And two minutes ago, MSIE crashed, but I didn't mind because Firefox crashes rarely.
Anonymous
December 20, 2004
I'm not sure anyone at MS or anyone involved with IE can, at least with a straight face, debate security with any other product on the market. Seriously, this comes off as typical MS FUD, and while I agree that a Verisign or Thawte certificate would be nice, I trust the FireFox (and many other OSS dev teams) as much if not more than I trust Windows Update.

I think this quote "Normal disclaimers apply. I am not responsible for anything, and neither is Microsoft." from your own web site says it all.
Anonymous
December 20, 2004
It seems you missed the biggest difference between FF and IE regarding installation of 3rd party software:

FF always asks if you want to install it and if you say "no" it accepts your "no", so it is your own choice if you run software you trust or you don't trust.

IE however has so many bugs that there are ways for an attacker to run code of his choice without any notification of you, the user. So it doesn't matter if the code is signed or not. You never will have a choice, the code is run without you even knowing.

So good luck to you all with IE and your false sense of security.
Anonymous
December 20, 2004
Microsoft Suxx & IE 2 !
Anonymous
December 20, 2004
Strange... why the comments are not for help IE?

Hmmmm I think none trust MICRO$oft...

Long life for the Open Source and Freedom...
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
only run software from someone you trust eh what about all those people who dont trust microsoft.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
looks like u got spyware mate ;)
Anonymous
December 20, 2004
"Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer any more."
I think bill gates is a "bad guy", he has persuaded me to run plenty of his programs - who owns my computer?
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
So.. I should only download files from vendors who have paid Miscrosoft to be a "Signed vendor" ? please. We both know that IE har APPALING standards compliancy, APPALING security with more holes than a fishing-net ++

As long as MS chooses to stand on the outside of W3C, and shows no interrest of fixing and updating their extremely lacking browser, blog posts like yours is nothing but funny entertainment.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Oh, im sorry, why would you want to use Firefox anyway, ur a microsoft geek
Anonymous
December 20, 2004
this best post blog ever ! me now trust only microsoft !
microsoft is tarzan me jane ... love me long time tarzan !
Anonymous
December 20, 2004
I downloaded ie_install.exe..
There was no MD5 to compare it with, but hopefully I'll be ok.

I cd to the dir
> make
make: *** No targets specified and no makefile found. Stop.
> ./configure
bash: ./configure: No such file or directory

What is wrong?
IE must be a very insecure browser since it is not possible to install it on my PC.
firefox installed very easily.

LOL OMG BBQ
Anonymous
December 20, 2004
I would cry if I had tears left... I'm buying a Mac next, enough of this nonsense already.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
First of all, there must be a FREE(as in speech) way to certificate code on ALL PLATFORMS and OSes.

Once there is such a thing, I'm sure the Mozilla devellopers will be able to adopt it.

Oh yeah... but I doubt Microsoft will implement such a thing... since they already advocate their own closed, obscure DRM format.
Anonymous
December 20, 2004
The Equivocal Ramblings of Kevin Francis » Another Microsoft Troll About Firefox
Anonymous
December 20, 2004
:: n00.be » Someone bring some marshmallows… ::
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
I agree that there are flaws in everything but... If flaws were found in FF, it wouldn't be as leathal as an IE flaw.
Anonymous
December 20, 2004
lol, you honeslty think Internet Explorer is better than firefox? MS IE has alot more security issues than firefox. Firefox looks better, loads faster and is open source (unlike MS who only want to make money from their products). Bugs are found faster and less frequent than MS IE.

Its a pity MSN Messenger doesnt allow a default browser as firefox is definetly my favorite browser.

And honestly, look how low microsoft have got. They said firefox wouldnt be a problem but realising that it is changing the browsing tool of alot of people they are suddently changing to pointing out security issues with other browsers.

Have you found any law suits to file against mozilla yet?

Maybe if you spent more time patching your own software, less people would be infected with dialers and spyware (my own friend got a £400 phone bill), where as firefox by default blocks activx unlike IE.

But, thank you, im glad you a microsoft employee have finally turned into the light side and have dedicated your time into finding minor flaws in open source software. Maybe you could earn yourself a few extra bucks by helping find real security issues.
Anonymous
December 20, 2004
This is Microsoft drinking their own Koolaid.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Don’t trust Firefox - Elliott Back
Anonymous
December 20, 2004
I thought the original article was very enlightening. For those that just bash without substantive content, I say, "Rather than raise your voice, reinforce your arguement". If responders are not willing to discuss the technical merits and flaws then they contributing only heat and not light.
Anonymous
December 20, 2004
still using ff and im still loving it.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Of all the dribble you described, I NEVER saw any of that on my install of firefox. My firefox install was flawless and I've installed it several times on different machine since. I've never run into the problem that you have had. Are you attempting to left-wing this?
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Have many problems with IE, each time i visit a internet cafe here, in Moldova, each time i remember the Bill name ;)
Anonymous
December 20, 2004
"But being a brave soul (and not caring if my Virtual PC image dies a horrible death) I click Run."

Well of course you didn't care. Your virtual PC was already infected with Windows and IE, why not go for a hat trick?
Anonymous
December 20, 2004
How can I trust a blogger who can't even get his images to display correctly?
Anonymous
December 20, 2004
Who would trust micro$oft after years of viruses and pain!!!
Rock on FF!!
Anonymous
December 20, 2004
Dear Mr. Torr! After reading all those replies and rejoinders, how about to refactor your article?
Anonymous
December 20, 2004
Having used both IE and FF for years, I'd have to say the choice to go for the latter is close to being a no-brainer. Even with SP2 installed, the security issues are still easily exploitable.

The issue I have with the author's assessment is that he prefers a world where MS or a third party has to verify an application in order for it to be installed or executed -- which is a huge band-aid to a fundamental design flaw in Microsoft's code foundation.

The solution is to produce an OS and applications that are not married, and leave the integration to software developers. By making Windows a platform rather than just an operation system, Microsoft was created a monster that they cannot stop in a reasonable manner. Hence, this absurd suggestion to require code signing. Back in the BBS days, running DOS and DesqviewX we did not require code signing because we downloaded and ran what we needed -- not what our browser/website/OS decided we needed. Granted, there was a certain level of trust involved in the process, but we accepted this and moved on.

That's the difference. That's why IE is losing market share, and why it will continue to decay until these issues are addressed in an acceptable manner, rather than attempting to limit what I can do with my computer.
Anonymous
December 20, 2004
...one word for you: ¡SILLY!
xD
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Alright, first off, Mozilla is a non-profit organization. Do you really think they have time or money to get their programs (Thunderbird, Mozilla, Firefox...) signed (Which might I add is completely foolish, because it lulls users to thinking everything is safe, because even Gator can get their spyware signed.)
Secondly, the only way to make sure software is TRUELY secure is to build it from its source code, which you can't do with IE but you can with Mozilla Firefox.
Finally, you say that being signed is no indication that it is safe (Even if it still seems like it is). How can I be sure internet explorer is safe? How do I know that your employer doesn't have my credit card number, my name, my address, my e-mail, etc. ?
Anonymous
December 20, 2004
"Hmmm, a completely blank MessageBox. Well, OK is the default choice, so I guess I should accept that. No idea what it will do to my system though."

first rule of bug testing: try and repeat the conditions and see if the bug reoccours.
Anonymous
December 20, 2004
I don't trust anything.
at least when I run firefox in linux I can run it as it's own user with minimum privledges if I want. Doing that in windows would be nice, but I've not tried...I only use windows for games anyways. Meanwhile, having one common browser across all OS's is great for toting my profile along to each one.
plus, my bookmarks can be put directly online as a web page. Favorites have always been annoying to me for just this reason. In the end, I use what is not only popular, but I also choose to give myself the capabilities I want. Noone makes as many extensions for the IE browser, like ADblock and tabs...and not many make them for free for IE either. How can I choose to limit myself to a browser with a bad trackrecord, no expansion capabilities, and no flexibilty in data handling. How can live with a browser that couldn't even render pngs and CSS correctly... The world is a dangerous place, that doesn't mean you have to suffer. Nor do you have to live with blinders on, listening to only what one company says is "suggested" or "supported". Now if only we could totally replace IE with Firefox, and ditch IE completely if we choose to. I haven't used IE in a while, so perhaps some sentiments are old... feel free to update them as needed.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
I supose you have bought a license for your Windows, and so you think IE is better, just use it!!
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Wikilab » Come posso fidarmi di Firefox ?
Anonymous
December 20, 2004
When did I ask microsoft to decide on a browswer for me? When did I ask microsoft to embed that browser into the OS so tightly that by doing makes the entire os more insecure? I will always use FF over IE, IE w/ SP2 finally got many of the features that have been available in FF since day 1. Seems to me as much as microsoft hates the opensource community they certainly use many of their ideas. And hey why would I open a browser that gives direct access into the OS (being a part of the OS and all). Firefox for me thank you!
Anonymous
December 20, 2004
I think the one we need to watch is Microsoft. Pretty much all of your arguments would be false if this was before xp sp2 days. The default dialog buttons and everything came with sp2, what about users running IE in a non-XP sp2 enviroment... I guess you conveniently forgot to mention this. Further more most people have no idea of what signed code is etc, for an advanced user like you or myself no matter what browser you're using you can handle what comes at you. But for the average non-technical web surfer firefox is a much better solution. Personally I feel IE's new "methods" are quite annoying.

Half of what makes firefox so much better then IE is the features, IE has gone through how many versions and has bearly added a single thing.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Wow, I checked those links about mozilla and IE vulnerabilities, and at first I was like wow, 70 for mozilla and 125 for IE, that seemed a little too close for me. Then, I strolled through the mozilla list, it seems only the first 25 or so are actually bugs, the next 50 are various vendors patch notifications for those same first 20 bugs. Way to spread the FUD, keep up the good work.
Anonymous
December 20, 2004
Peter Torr in his weblog decided to create a flame war about Firefox. Even though I'm very fond of Firefox and do recomend it over IE and other browsers, its an interesting read. Somethings are just about user stupidity but...
Anonymous
December 20, 2004
Yeah! IE must die :)
Firefox rulez!

What do you think about Opera? Or we cannot trust there too?

Dear Microsoft, you really should fix your IE before and then say about other browsers...
This "DON'T TRUST" Firefox works better than your IE a lot: it's faster, more simple and freely available!
Now I'm using Opera as my first browser, Firefox as second and ONLY IF I HAVE ANY PROBLEMS I use IE... please, make IE deinstaller! I really want to remove it... it only takes 20mb of my free space! It's not a browser - it's a joke!

What do you think about adding Firefox to Windows? :) lol
Anonymous
December 20, 2004
How do I know that I'm viewing this site, and not Hackers-R-US? This site isn't signed, so why should I trust any of it's content?
Anonymous
December 20, 2004
The question is How can I trust Microsoft ?
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
intodimensions.com » Firefox vs IE
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Funny, my copy of Firefox came in a signed package from my OS vendor.

Maybe there's something wrong with your OS.
Anonymous
December 20, 2004
Real simple: Firefox hasn't burned me yet(pun unintended). What can you say about IE?
Anonymous
December 20, 2004
Well after reading your artical..I am still way better of using FireFox.

No more spyware/malware installed at random..no more stupid pop-ups...no more ads (via adblocker)

IE Very unsicure...installs spyware.malware

flame flame flame

All the secure download option in IE are useless..do you honestly belive the REAL PEOPLE will click "Cancel" !!! boy are you a fool...most people (non-IT) will download/install anything regardless of warning.

Just think of all those smokers out there...do they care about warnings???? no

Use FireFox you know it make sense
Anonymous
December 20, 2004
I now use the DropMyRights utility to run IE as a non-administrator -- along with XP SP2's BHO disabling capability, I've had no issues with spyware or adware in IE. I think Microsoft has taken strides with SP2 to at least alert the user when something is being installed, and DropMyRights will allow you to run IE in non-admin mode. What more could you ask for (other than tabbed browsing support)?
Anonymous
December 20, 2004
Pass on my compliments to Bill when you next see him.
Anonymous
December 20, 2004
Pete would only have us trust the sites and software that Microsoft trust. I, however, prefer GPG sigs.

Again, another weak attempt to assert control over something that M$ is well behind on - good luck Pete - you're going to need it.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Wow, that was almost scary. Considering that there's checksums on the firefox website which you can use to verify your firefox installer against, this is all really just senseless babble.

Wow, the checksum isn't from verisign. gasp Does that make it any less valid? If you can download the source code, verify the checksums, then there really isn't any difference in using a verisign cert, or the plain old common sense way of doing things.

Even with a verisign cert microsoft apps are full of holes. So what does that say about verisigns certification requirements?
Anonymous
December 20, 2004
Oh.... just another thing: as many others have stated having a VeriSign certificate does not ensure that the software is not compromised... I do not know which check process is taken before releasing a certificate! And, if VeriSign demonstrates ad serious in it's work as Microsoft... it bad news for a lot of money!

And also: there is a FREE and quick way to check the authenticity of a software... checksums, be either MD5, SH1, or whatever.

The last point: the most vulnerable part of a modern OS is, as always, the user!!!
Anonymous
December 20, 2004
and how can we trust you, you little MS brainwashed dummy ?
Anonymous
December 20, 2004
The problem with spyware isn't that code lacks a digital signature, it's that people lack common sense and don't know who to trust.

The risk of a novice making a bad choice isn't mitigated much (I would argue not at all) by digital signatures.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Interesting post.
1. Mozilla doesn't have billions of dollars like microsoft to have their own datacenter, so they rely on universeties to mirror their downloads. There's nothing wrong with that. If Mozilla links to them, it means they trust them. That's enough for me.
2. The extensions are linked to from Mozillas extention page. If they linked to them, it means they trust them. Other people have tried them.
3. "Renders HTML without any problems"?? Firefox renders HTML and CSS 10x better than IE ever could.
4. Sidenote. I used IE for 2 years. I ran spybot at the end and had incredible amounts of spyware. It was aweful. After a year of firefox the only thing I have now is some tracking cookies.
Anonymous
December 20, 2004
you sure did manage to reinforce the idea that m$ employees are as clueless as thier sw.

best of luck to you and ie.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
You are a tool. IE has caused me so much greif, how can I trust IE?
Anonymous
December 20, 2004
engrish mickey fickey... engrish
Anonymous
December 20, 2004
Why I don't trust Microsoft:
http://deb.opera.com/howcome/2003/2/msn/
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
I wonder if you have ever done phone support for Microsoft. If you have then you should know why people are so frustrated with Windows XP and IE.

The people here who are responding KNOW how to use a computer and know how to protect it and get rid of spyware and other sorts of malware.

Wasn't it a while ago there was a massive security flaw where hackers can spoof a certificate and infect a user's computer? Sure it was, and also wasn't Windows update also infected where when a person didn't know their computer was infected was brought to a rogue site when updating Windows XP when clicking on Windows Update from the Start Menu or from IE?

The problem is here is that MSFT thinks that its OS is secure even with SP2, not saying Linux and Mac don't have its problems but do you really know how many people are aware of Windows Update? If they were, explain why MSFT was hounded with tons of calls for Sasser infections back in summer.

XPSP2 is a step in the right direction IF the computer user had knowledge of updates and knowledge of Windows XP. I'm pretty sure tons of people who call XP support call about removing malware because IE doesn't stop it at all. I've used FF for months and guess what? No spyware! Shocking huh? So shocking that MSFT is going to add Spyware tools in the next version of Windows..... That's just great plan, it will be outdated already. I wonder if Mac IE 5.2.4 is going to be released with Apple's Tiger as well, highly doubt it since it has been what 3+ years since MSFT stopped updating it. But then again malware affects Windows+IE users and not Mac+IE users.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
I'm still waiting for the conclusion where we find out all the bad things that happened to the system because of FireFox. Did the machine explode shortly after installing FireFox, keeping you from telling us about it? You really shouldn't post all of these possible ill effects without telling us exactly how many of them you actually encountered. Thanks.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Cathode 1 » How can I trust Firefox?
Anonymous
December 20, 2004
With its excellent lobbing links to the US Government, one would assume favours go both ways. How can I trust Microsoft not to be extension of the US' ultimate Spyware?
Anonymous
December 20, 2004
Their are MD5 hashes on the firefox webpage, this gives your article the value of null unless your trying to say we shouldnt trust the firefox ppl which in such case I must say you need to think about removing all software from your computer. You could also read the open source code and compile your own but of course that was not mentioned.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The original poster has identified some shortcomings of Firefox which he has substantiated with screenshot evidence. Why not take criticism in good stride and strive to improve on some of the weak areas he mentioned instead of flaming the blog or saying how FireFox rOx, pwnz, rulez etc..?

The fact that some of you experience no problems does not mean the guy's lying or trolling, no need to fill in with wild conspiracy theories on how o'Bill is planning a slander campaign rite?
Anonymous
December 20, 2004
"Unlike IE, Firefox is done by people who want to be proud of their work. Proud of what they created - unlike Microsoft where people are proud of what they destroyed."

I can't imagine anyone working for 9 hours a day on a product and not being proud of it. There seem to be a lot of opinions from programmers here who haven't worked in large teams on projects with business requirements and budgets. Code as you go hobbyists, a nice pass time no doubt but not something you pay the rent with.
Anonymous
December 20, 2004
i work for a major automotive company. And i am a mcse and i have been migrating all 4,000 desktops here to firefox. why....? because with firefox we dont get spyware and now that we are moving to thunderbird for email.......... we dont get virii why do i trust firefox? because our systems are now spyware free :)
Anonymous
December 20, 2004
How do I know that a billion dollar corporation has my best interests at heart? Well, truth is they don't. Why would I want to use a product from a mega corp when I can get better quality, better security, better functionality from an open-source community product? I said bye to IE a long time ago and am not planning on EVER coming back.
Anonymous
December 20, 2004
Check out this link:

http://secunia.com/internet_explorer_cross-site_scripting_vulnerability_test/

Try it in IE first and then in FF. You can talk about how unsecure FF is all you want, but the fact is that there are similar issues with IE that there are with FF. That link shows how you can be spoofed in IE, but it doesn't work in FF. If you look around that website, there are many exploits in IE that have NOT been fixed or patched.

My point? Yes FF is going to have problems just like IE. I am banking that the community process is going to respond more quickly than Microsoft in fixing those problems.

In the meantime, FF is just hands down a better browser.

My $.02
Anonymous
December 20, 2004
the only reason that you dont like firefox is because it is the first browser that people prefer to use over IE. As for not knowing the URL you know aswell as me that you can forge URL's and e-mail domains as easy as 1-2-3. I think yuo should back down from firefox as it is a browser made by the people for the people. Now i am not one of there microsoft haters (im an MCSA in win2k) but somtimes you have to learn to let go and see that sombody else has done a better job even if there are a couple of bugs that need ironing out. We already hav IE 6.0 but only firefox 1.0 for the amount of time that both have had in development i think firefox comes out on top, especily without the vast resouces that microsoft can pour into its projects. As for the secutrity warnings selecting things for accept as default this is because its user base does not need to be watched every step of the way or nannied while surfing the internet. They arnt first time users that dont know what malware is or not to click on that .vbs file in thier e-mail. They are people that know what they want, and they want a streamlined browser that is immune (at the moment anyway) to some of the problems of IE and its spam.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Wow, this was a pretty bad article. :p At least most of the comments here are worth reading. ;) Personally, I use Opera over FF anyway. FF is nice, but it's to big and bulky for my liking. Though if it was just IE and FF, I'd happily chose FF over IE any day of the week, and twice on Sunday. This site does not display correctly for two reasons, first off is it is not standards compliant, which others have pointed out. The 2nd reason, which ties back to that is ASP.net (which this site uses) has an option for the "target browser". That option can be set to IE or Netscape and unless you know about that option it will be set to IE. -- Since this is a blog, it most likely cannot be changed by the blog's owner. ASP.net was never meant to be a multiplatform / browser compliant language. It was created by, designed for, and accepted by Microsoft. BTW, who is the guy that wrote this anyway? How do I know he can be trusted? o.O
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
For me it was simple, there are for more exploits for IE, than firefox, therefore in order to protect my mother's PC I installed firefox for her. I've been doing this for 20+ years. It's becuase of me my mother can switch disks in the desktop's BIOS, (freaked me out the first time she did that :) "I am your mother..." Then I installed addblock and a few others, and thunderbird, etc. It's a breeze, I don't car about code signing I tell them to avoid installing anything and delete attachements. As I imagine most geeks who fillial tech support do to.
Anonymous
December 20, 2004
Unfortunately, IE is also not signed by a company that I trust.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Ok, so you convinced me. I should be running IE. Where can I get the Linux version? What? I have to run Windows? I thought you were concerned about security?
Anonymous
December 20, 2004
the writer of this article is feared either by the "Dark Unsigned Path" created by microsoft or just another IE fanboy article writer :D
Anonymous
December 20, 2004
I think the real question is: How can I trust IE?
Anonymous
December 20, 2004
You want to know how to trust FF? Download the source code, read it, tailor it to your need if you want, compile it, run it, and enjoy! A Verisign certified signed copy of IE still does nt include source code, so you trust a certificate, not a code...
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
We are supposed to trust Microsofts signed software. Please see the following CERT advisory from 2001 <a target="_new" href="http://www.cert.org/advisories/CA-2001-04.html">http://www.cert.org/advisories/CA-2001-04.html</a> Overview On January 29 and 30, 2001, VeriSign, Inc. issued two certificates to an individual fraudulently claiming to be an employee of Microsoft Corporation. Any code signed by these certificates will appear to be legitimately signed by Microsoft when, in fact, it is not. Although users who try to run code signed with these certificates will generally be presented with a warning dialog, there will not be any obvious reason to believe that the certificate is not authentic.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Browser wars, Darwinism, and the SlashDot effect.
Anonymous
December 20, 2004
INTELLIGENCE - thats all it takes to keep your computer from being compromised.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Psh, Firefox pwnz IE... Full Stop.
Anonymous
December 20, 2004
IE on some sites will not ask to install because of IE's security holes those sites will install programs in the background and you will never have known are being installed. One reason microsoft is making strides to make everyone believe that non microsoft products are unsafe is for one reason only MONOPOLY. I think I should have a choice and microsoft hates that. I would rather use OS/2 warp than keep using a windows OS, which I am stuck with at work, which is why i dont use windows at home. btw which drama school did you attend because you are the most talented thespian I have ever come across. I think you are destined for an academy award for your portrayal of a concerned security advisor for microsoft.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Who cares about VeriSign certificates? The Internet isn't run by them, and who really pays attention to them anyways? In all my years of browsing the net, I have never come accross a site that I have actually needed to view said certificate. I think what this whole debate boils down to is that Microsoft can't admit defeat when it's starring them right in the face. Clearly, Firefox is a better browser; it's faster at rendering pages, adheres to web standards, supports extentions, supports plugins, and most of all, is safe and secure. Take what this man said as you will, but you shouln't pass judgement on something for only one flaw. Sure, Firefox has it's flaws, but Internet Explorer has many, many more.
Anonymous
December 20, 2004
I would say it comes down to this: Firefox and IE have much the same features. The GUIs are different but the core functionality remains the same. But with Firefox only used by 5-10% of the web population, which browser will malicious code writers still target? IE, of course. But then, as more users flock to Firefox to escape IE vulnerabilities and exploits, more malicious code writers will begin finding more exploits in Firefox. I wouldn't say IE is any less secure than Firefox (it may or may not be, hard to say for sure), it's just whomever is on "top" is the one with the most eyes on them. Which is probably why Windows OS has the most exploits, due to the fact that 95%+ of all desktop users prefer it. As soon as a new "King of the hill" takes over, they will be the leader of security vulnerabilities.
Anonymous
December 20, 2004
Out of interest, have MS recovered the 2 certificates for signing apps that verisign gave out to Joe Random under the Microsoft name ? ;-)
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Sorry if this is redundant, but it seems to me that many of the spyware packages are digitally "signed", so that's abosolutely no guarantee of safety. I personally avoid applications that only work with IE at all costs. Sometimes unavoidable. Also, if you're so lazy you can't be bothered to code for standards-compliant browsers, I have to wonder if security was any more than an afterthought.
Anonymous
December 20, 2004
This is funny.
Anonymous
December 20, 2004
Folks like me would trust IE if some of problems with IE would work. Little things like deleting Temporary Internet Files on Exit, turn off on enable etc...
Anonymous
December 20, 2004
hi, right now, i guess, many m$ people r thinking how to attract user back to use IE. one undeniable fact is, ff would grow into a more better shape in long run. (provided that they don't add flashy stuffs) and i guess the problem is with os, not ie. i guess to extend the company (m$) life cycle, it might be better for m$ to create a new department to start with a new OS, new kernel, new interface, new navigation system, new browser, redesign filesystem, totally from stracth. (no compatibility with previous OS) (not flashy OS) but real and perfect OS, that should be bill gates greatest dream in life, i supposed. at least he leaves something great and could be proud of on earth after he died. try build a clickless mouse navigation operating system :)
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
I read your commentary about Firefox and decided to try it. I really love it. Finally, a decent web browser for Windows.
Anonymous
December 20, 2004
The reason IE is so insecure is because it acts as a direct link to your computer (a shell account acctually). This means that you are running the internet directly through your computer. Allowing who knows what from who know where to install on your computer. For this reason Any internet browser is more secure than IE simply becuse they do not allow direct access to your computer.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
It so happens that I run the mirror that you mentioned (mirror.sg.depaul.edu). What I recommend you do is take a look into the rest of the open source world and learn about digital signature verification and how mirors actually work. Once you do they, you'll feel a bit more clueful.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Competition is the best way to learn and grow. Both should step it up, but there is not question of which one is safer now. Firefox is safe and as mentioned before it won't take Windows with it. Also, how can you not trust college age kids or just plainly college kids? As I seem to recall most of the young college kids started the computer world on the track that it is now. I can name quite a few companies that were started by 20s-30s age kids.
Anonymous
December 20, 2004
So, whine about it?
Anonymous
December 20, 2004
It's this simple: 1. I run a 150 person company's IT shop. We had Explorer and Outputlook. We were always fighting viruses. McAffee and M$ were always a day behind the latest infestations. 2. About a year ago, I replaced Outlook and Explorer with Firfox and Thunderbird. No more viruses. NO MORE VIRUSES! Do you get it? You can make all the arguments you want, but you'll never convince me or my CFO to go back.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 20, 2004
Firefox isn't the issue - the issue is microsoft. its control of the industry is clearly holding back progress on all fronts. as for trust you should stick with the mad ballmer's motto "all thats matters is to stomp out competion and then we don;t need to worry about the gravy train coming to end"
Anonymous
December 20, 2004
Seems that the biggest difference is that this post - good in a bunch of ways - will result in change. Change is good.
Anonymous
December 20, 2004
I love Firefox. And i love this article. It helps the Firefox makers stay sharp. I know why Peter works bij Microsoft. He is Dumm and IGnorant. For the latest and Hootest Mozilla news visit mij site
Anonymous
December 20, 2004
Is IE digitally signed? Not that I know of. Do I have the option to refuse to install it if I don't trust it? Not if I want to run Windows. Why exactly should I trust IE, considering that I can't choose to get rid of it unless I also get rid of Windows? Digital certificates are no substitute for a well-tuned sense of paranoia on the user's part.
Anonymous
December 20, 2004
By downloading it and using it instead of IE. After 5 minutes, you'll know why you changed to firefox...
Anonymous
December 20, 2004
nc
Anonymous
December 20, 2004
There must be something wrong with your computer (it seems to me that there is always some problems with windows on my computer). I have installed Firefox on quite some computers lately, and none of those problems you mentioned occured. Firefox is running fine, and for now it behaves much better than IE. Just has to mention: IE has stopped working on several computers - anyone have any idea why? I thought it were integrated in the OS so it could be more stable… Luckily i could just install Firefox, and it worked nicely, but IE could be useful on misbehaving websites.
Anonymous
December 20, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
I am much more pleased with IE then Firefox. Firefox is simply not for me. End of story
Anonymous
December 21, 2004
The biggest UI flaws with your installation experience appear to be in 7-Zip, a third-party program completely unrelated to either Internet Explorer or Firefox. The overwhelming majority of novice computer users are using WinZip or Windows XP's built-in zip handling. There is no way to protect a user intent on installing software from a questionable source. But Firefox makes it at least difficult - you can't automatically run an executible. That couple second wait meant that you read the dialog, unlike IE, where you just click 'n' go. And the extra click requires intent. You can't have an accidental installation of a binary from Firefox like you can from a fully patched Internet Explorer 6 on Windows XP SP2 with Medium Security (the only level that lets you use the web normally). Then you talk of 'rebooting' Firefox. Correction. You restarted Firefox. Internet Explorer requires a reboot of the Windows operating system to apply the patch. Firefox requires that you restart your browser. The difference on my machine is about a full minute.
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
At least at Mozilla provides MD5 checksum with their builds, that's more than you will find at Microsoft!
Anonymous
December 21, 2004
Good article I agree, but you talk say, "Do I really trust a bunch of kids at some random university I've never heard of?" Depaul University in Chicago is one of the largest and toughest schools in the city. You've never heard of it? Next to University of Chicago it's probably the toughest school to get into and study at. It's not like it's cornell Iowa or anything.
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
hey u microsoft geeks have been workin on the IE browser ever since windows 95 and what u have offered is not as good as wat 'a bunch of kids at some random university I've never heard of' came up wit in a few yrs
so pls speak with some action instead of just running ur mouth and tryin to make some good skill look bad.
i feel sorry for u
Anonymous
December 21, 2004
BTW, I did not read your blog because of it's title that shows you are not to bright.
Anonymous
December 21, 2004
I have been using pre-release Firefox since version 0.4. I had none of those troubles you describe. Even as I type this (through IE) I notice 2 unwanted toolbars have been added to IE that I will have to remove. That has not ever happened to my Firefox install. That being said, your concerns are valid, and you should in fact, do what you can to be sure what you are installing is legitimate.
Anonymous
December 21, 2004
it looks like you are using IE for too long time, Since switching for FF about a year ago, I don't have to worry about 80% of the problems you cited.

you need a vacation far way from redmond
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
How can one be sure that the machine at Microsoft upon which the code was built and signed is not infected? After all, it is most likely a Windows machine.
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
Defaults don't really mean anything, unless you are using they keyboard's ENTER key to select things. Only power users do this, who presumably know what they are doing. People that are in danger don't even know what a default is, and are using the mouse to select Yes/No (choosing YES 100% of the time). So there.
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
IE is more laggy :|
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
let the war begin!!!
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
I'm at work and using the latest IE on XP, funny that your blog doesn't lay-out properly ;) but your bashing FF. I recommend FF to everyone that doesn't want to worry about security (as much) when surfing the web. I replaced IE and OE with FF and Thunderbird and I have not had a single security issue for almost 9 months, on my primary PC that my wife (a technophobe) and both share for general use. I speak from experience and I don't belive I'll ever switch back.
Anonymous
December 21, 2004
There wasn't enough enphasis on spyware. I think that the spyware problem is a lot worse than digital signing. Besides it would be easy to make a fake java script digital signing page. I think that Firefox (although I use Mozilla) is as safe as any other browser and even without the digital signing, I believe it is safer than IE.
Anonymous
December 21, 2004
I have a great way to secure the web.

gopher.
Anonymous
December 21, 2004
Never heard of DePaul University?
Anonymous
December 21, 2004
well, a better question: how can we trust MS?? they take money right out off us and give us garbage.. i'd rather trust a college kid than MS.
chandrasekaran.sriram@gmail.com
Anonymous
December 21, 2004
This whole issue of not being able to trust the download (either the file itself or the source site) of Firefox is a valid point but, quite frankly, is nevertheless a red herring.

The issue of IE having signatures equally so.

How often does your average web user download files which are not signed? IMHO all the time.

How often are these downloaded applications installed even though they are unsigned? All the time?

When is a security feature not a security feature?
When no-one uses it.

Your point is valid enough - more could be done to ensure users are getting a bona fide copy of Firefox; however this point brings very little to the issues of the security of Firefox vs. IE.

IMHO it sounds more like an attempt to spread FUD and scare people off installing the software themselves.
Anonymous
December 21, 2004
well, a better question: how can we trust MS?? they take money right out off us and give us garbage.. i'd rather trust a college kid than MS. chandrasekaran.sriram@gmail.com
Anonymous
December 21, 2004
Hey man, maybe you don't trust OpenSource development model, maybe you don't trust firefox, or mozilla organization, but the fact is only one: most of free softwares, made by clever developers, uses MD5 and PGP signatures. This is sufficient to garant security of a package (like firefox).

If you are a luser and don't know how to protect yourself it's not my problem. You can do as you wish, (even download a software from cambodia's mirror instead the firefox's ftp server) but you cannot say it's firefox's fault.

Ah, a last personal comment: a secure browser don't mean ideot-proof browser. FireFox isn't idiot-proof, but it's secure. Internet Exploder isn't either.

See Ya
Anonymous
December 21, 2004
Why are you guys even posting to this guy, it doesn't even matter and it's giving this petty argument unwanted attention.
Anonymous
December 21, 2004
It's feature issue for me. I love the tabbed browsing feature in Firefox, and using IE, which does not have that feature, is simply painful now.
Anonymous
December 21, 2004
You are focusing on one of many factors that go into deciding which browser to use. For me, the fact that your images do not display on Safari, Firefox and Omniweb (yes, all on the mac) and do show on IE is more of a reason to turn my back on all things Microsoft.

MS tends to generate code, as your blog tool does, that makes it difficult or impossible for a non-IE browser to render properly. Why would I support this Orwellian society?
Anonymous
December 21, 2004
Develop a decent product instead of coming up with piecemeal critcisms of a product which has already outshone IE in every way possible.
Or you could simply fall back on just about the only thing Mircrosoft knows how to do well: emgage in anticompetitive practices to bully firefox out of the market.

Now i see why Microsoft's strategy for the next version of Windows is to have internet browsing intrinsically linked with all the other functions of the operating system, it makes destroying firefox much easier.
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
If you can't trust a download, purchase a CD. It is a lot cheaper than purchasing a signature. Was that so hard?
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
Brainwashed? Insecure? Don't worry about Firefox, it's not for you. Don't talk about it, you'll just confuse yourself.

Compile the code or shut the f$%^ up.

Krash Crew (Master Ching)
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
An "insecure" executable from mozilla.org does not scare me nearly as much as a "secure, signed" executable from microsoft.com. Clean off a few dozen friends/family computers from bloated spyware laced internet exploder instances and perhaps the tune will change.
Anonymous
December 21, 2004
This is a case of the newly-converted preaching to the congregation.
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
IE is inherently insecure due to proprietary technologies like ActiveX and the Windows monopoly that drives its adoption.

A monoculture in the computer using world offers more bad than good. Diversity is key to a more secure computing environment. Once Microsoft loses its dominance of the desktop, security will improve because hackers (computer vandals) will have to be more creative when addressing their malice to a more diverse culture than a monoculture we are dealing with now. Of course the truth behind Windows insecurity is the fact that it's flawed by design and is almost impossible to remedy overnight. Furthermore, no one wants to be forced to use a single solution from a single vendor, so Microsoft and its solutions have become a likely target because of monopoly (stranglehold of the market) issues rather than popularity issues.

Firefox gives computer users freedom and choice along with quality that outshines Internet Explorer more ways than one.

Just because IE has built-in proprietary technologies (not sanctioned by W3C) and covers up bad html coding practices does not make IE better than other web browsers.
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
IE is inherently insecure due to proprietary technologies like ActiveX and the Windows monopoly that drives its adoption.

A monoculture in the computer using world offers more bad than good. Diversity is key to a more secure computing environment. Once Microsoft loses its dominance of the desktop, security will improve because hackers (computer vandals) will have to be more creative when addressing their malice to a more diverse culture than a monoculture we are dealing with now. Of course the truth behind Windows insecurity is the fact that it's flawed by design and is almost impossible to remedy overnight. Furthermore, no one wants to be forced to use a single solution from a single vendor, so Microsoft and its solutions have become a likely target because of monopoly (stranglehold of the market) issues rather than popularity issues.

Firefox gives computer users freedom and choice along with quality that outshines Internet Explorer more ways than one.

Just because IE has built-in proprietary technologies (not sanctioned by W3C) and covers up bad html coding practices does not make IE better than other web browsers.
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
If you were installing M$ IE from Firefox, I wonder how you'd answer the question about installing software only from sources you trust??
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
Maybe Mozilla Foundation could use <a href=http://secunia.com/advisories/13482/>this unpatched ActiveX/DHTML vulnerability in IE6</a> to hide the actual address of a mirror.

My .02$
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
I had alot to say, but it looks like "wing" already said it all. But to reiderate the main point: Digitally signing stuff doesn't do anything but give idiots a warm fuzzy feeling. Just because there is a signature on something doesn't mean it's ok. There is usually a signature at the bottom of forged checks, and a signature on a credit card slip for a stolen credit card. It doesn't stop anything, so please stop try to spread propoganda about that being the solution to everything. Alot of your other points are valid concerns and should be considered, but that one point is the biggest tall tale that is being told.

My final point is that here at my office we have one computer which is shared among many workers and for about 4 years of its life was riddled with spyware/malware. I would clean it once a week with everything from spy-bot to ad-aware to hijackthis (the latter being my favorite by the way) and stuff still kept appearing. About 6 mos ago I went in and locked out the use of IE, deleted all desktop shortcuts and start menu icons and closed down permission to the program files folder for IE so that noone could use it then installed FireFox with the IE name under it on the desktop and an IE icon on the shortcut. I noticed two things: 1)Only about 1/4 of the users noticed that it wasn't IE (many of the ones who did noticed said they liked it better) and 2)I haven't found a bit of spyware/malware on the computer since then.

You may have some valid security concerns about FireFox, and it may become more vulnerable as it gets more popular, but for now it beats IE hands down in all departments. DO I TRUST FIREFOX???? WITHOUT A DOUBT!!!!!
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
This opinion seems terribly naive. It blames the users, and requires that they understand the Verisign infrastructure before they can use the Internet.

As has been pointed out, hashes have been provided that provide the same security as Verisign.

I'd suggest an experiment: pick a random sampling of users, half with IE, half with Firefox, and see which group has more security problems after a month (including legal but unwanted and intrusive adware).

I personally have no doubt of the outcome if the experiment were performed next week, or even next year.

On top of the (admittedly anecdotal, until research is performed) higher security, Firefox supports more advanced web standards like SVG, CSS, true XHTML, data: URLs, and more: http://channel9.msdn.com/wiki/default.aspx/Channel9.InternetExplorerStandardsSupport .
Anonymous
December 21, 2004
I think the stats are showing which browser users are starting to think is better and that users are willing to risk downloading an unsigned installer program for a more secure browser. The stats show that Mozilla browsers have gained 13% of the browser market this year and that IE 5 & 6 have dropped 12.4%. I started using Firefox, once called Firebird, a long time ago and hope I never have to go back to IE.
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
lol.. this article is funny...
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
HAHAHA...

I found out what his major problem was. WINDOWS!
Anything is potentialy unstable and insecure when you are within an insecure environment!

Switch to Linux and have no fear of viruses and spyware.
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
So pathetic
Anonymous
December 21, 2004
Opera > Firefox > IE

GET OVER IT ALREADY!
Anonymous
December 21, 2004
Let me get this straight - I'm supposed to listen to someone who can't even put images into his own blog entries?

"[Fixed issues with images; sorry]"

Uh, no. They're still broken, just like your argument.
Anonymous
December 21, 2004
HOW CAN I TRUST YOU?
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
Some clarification: hashes can be retrieved from mozilla.org for verification purposes. Or, you could simply download the file from multiple mirrors and compare them. This would certainly mitigate the risk of a single mirror incursion. Is this any harder than expecting users to understand and trust digital signatures? I really don't know.

Maybe just getting the file via BitTorrent would provide the same mitigation, with fewer steps than either of the other methods.

You must understand the frustration people have over what, to many outside Redmond, appears to be a sudden and uncharacteristic paranoia oriented toward a competing product.

If this mode of thought were pervasive throughout Microsoft, auto-installs of malicious/unwanted ActiveX controls would never have been the basis of a reprehensible and distinctly profitable business model that continues to flourish, almost entirely through IE, despite SP2.
Anonymous
December 21, 2004
Firefox downloads are avaleble at the main website.
If your off going to some random site and downloading thats just asking for problems.

Plus, I've used both IE and FF at one... doing it now.

Each has their uses...

But, being part of an open source community and having strong reputable people working on it and downloading it from the servers thats hosting it.

Why Verisign... 'THAT' version of it.
When they update... it becomes a waste of money.

This article is saying everything is bad.
Look a Unv Server... It 'MUST' have Malware 'cause I have never heard of it.
You make assumptions way to easly.
Learn to accept the alternatives, mostly... your product is weak in its own aspect and your fighting it with words... no show of proof.
But what you can do if you dont do things right.

Please note:
Only download Firefox from its website.
Source Forge wont allow anykinda of Mal Software on its network. (It'll be gone as soon as its found)
Open Source has a strong community

PS:
I'm using Windows XP SP2 as I am typing this, and I am all for open source.
Anonymous
December 21, 2004
There IS a way to turn plug-ins on and off in Firefox. Tools --> Options --> Downloads --> Plug-ins. Get it right.
Anonymous
December 21, 2004
An interesting blog about security in Firefox. Not the security in code, but that of "protecting users against themselves". 
My answer to this is: True, firefox needs better signatures etc. But that will not solve the issue. People will click "o
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
Ja, der er jo n
Anonymous
December 21, 2004
Is anyone else reminded of Mohammed Saeed al-Sahaf, AKA "Baghdad Bob"?

"Firefox is not safe, I promise you this. They say you can verify the binary with MD5 and SHA1, but I believe in neither of these heathen algorithms. Verisign is the true path, as our glorious leaders have shown us the way to the security that we enjoy every day. They are as a snake in the desert! I can assure you, there are no Firefox users in Redmond! Your faith to Microsoft, we will not be tempted!"
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
Oh man! Not sure how much credibility you had before publishing this 'article' but you sure lost it all in the one go. What a pile of un-informed rubbish.
Anonymous
December 21, 2004
IE is inherently insecure due to proprietary technologies like ActiveX and the Windows monopoly that drives its adoption. A monoculture in the computer using world offers more bad than good. Diversity is key to a more secure computing environment. Once Microsoft loses its dominance of the desktop, security will improve because hackers (computer vandals) will have to be more creative when addressing their malice to a more diverse culture than a monoculture we are dealing with now. Of course the truth behind Windows insecurity is the fact that it's flawed by design and is almost impossible to remedy overnight. Furthermore, no one wants to be forced to use a single solution from a single vendor, so Microsoft and its solutions have become a likely target because of monopoly (stranglehold of the market) issues rather than popularity issues. Firefox gives computer users freedom and choice along with quality that outshines Internet Explorer more ways than one. Just because IE has built-in proprietary technologies (not sanctioned by W3C) and covers up bad html coding practices does not make IE better than other web browsers.
Anonymous
December 21, 2004
Only o microsofter could say something like that.

I'm sure that Microsoft will stole functions, the tab navigation and many more intelligent stuffs from Firefox and others browsers, just like did with windows.

A mess.
Anonymous
December 21, 2004
Dude, you just had nothing better to do. IE tends to get all the virusses, and security holes... why not Firefox ? Because it is better !

Microsoft just can't stand having competition ... !
Anonymous
December 21, 2004
Question.

How many of you people have actually been hacked. I mean come on. Sure, it's great to be safe, but I think alot of you are being paranoid. I have had FF for a long time and never had a problem.
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
More than trust to any Microsoft products! Our car YUGO and Microsoft WINDOWS are same. "Traffic" destroy both:)
Yugo not good for drive on roads and Windows and Internet Explorer are not good for surf!
Anonymous
December 21, 2004
can anybody read/bookmark Peters rss newsfeed indicated in my browser??? ;-)
Anonymous
December 21, 2004
HAHAHAHAHAHAHAHA!!!!!!

Sir, you are a deluded MS shill! This post is hilarious!
Anonymous
December 21, 2004
Peter Torr's arguments about Firefox suggest a broader issue -- the need for open source advocates to think more broadly about the user experience, starting with how users think about and actually pursue acquisition of the software.
Anonymous
December 21, 2004
I'm confused! IE is fine, firefox is dangerous, users are to blame. Why am I seeing more people who just click on a website and get funny things happen to their computers after that and are asking me to remove the offending stuff? It's costing many hours, worst still I'm not getting paid for my efforts.
I think I get it now, I'll advise them not to switch on their PC's when connected to their ISP and if they do, don't visit any websites, definitely advise against installing firefox and call me whenever they have problems. may be I should turn this into a business opportunity.
Thank You Microsoft.
Anonymous
December 21, 2004
Someone went out of their way to make Firefox malfunction during the install for this story. I've converted all my friends and family to Firefox over the last year and you know how many problems they have using Firefox? None. It's also nice to do spyware scans on my system now and to not see a dozen things come up because Internet Explorer let sites have free reign over my PC. Get Firefox now and never look back. Internet Explorer is going down for the count. Microsoft is just too stupid to let a bad product die without a last ditch effort to crush a good product.
Anonymous
December 21, 2004
I agree with Xabora.

FireFox is good. I have been using it since 0.9.
I see no problem with IE but I like Firefox because it has tabbed window so i can view multiple websites.
Download manager. It doesn't allow ActiveX control which is very good and safe. I like open source applications.

Its all the media which makes IE look bad as it has lot of security holes moreover Microsoft has stopped updating the IE User interface or add features to it.
I am pretty sure people will tend to move on to a better alternative which serves them what they want.

In the begining everyone(which includes me) liked IE and now people like FireFox not sure what they will like tommorrow or the day after.

final Note: Browser selection depends on each individual and more importantly how safe is that browser. IE or FireFox or Opera or any other browser all have security holes. Lesser the security holes then more people will tend to use that browser( like FireFox for now).
Anonymous
December 21, 2004
LAST POST!
Anonymous
December 21, 2004
How can Microsoft sell Windows with so many flaws?
Anonymous
December 21, 2004
This is the most feable excuse for an essay I have ever had the displeasure to read.

One fair point out of 1752 words is a joke.
Anonymous
December 21, 2004
How can I trust Microsoft?
Anonymous
December 21, 2004
How can Microsoft sell Windows with so many flaws?
Anonymous
December 21, 2004
How can M$ sell Windows XP and 2003 with so many flaws?
Anonymous
December 21, 2004
This is a reply to a blog posting by Peter Torr. The post, along with many comments including this one can be found <a href="<a target="_new" href="http://blogs.msdn.com/ptorr/archive/2004/12/20/327511.aspx">here</a>">http://blogs.msdn.com/ptorr/archive/2004/12/20/327511.aspx">here</a></a>. --- Hello, I have read away for about an hour and a half now, looking through this article, the comments, the links, everything and I just wish to draw some conclusions as to the facts stated above, not only Peter Torr but from the people who replied as well. This is a reply, and as a reply I am going to base my claims on the claims of Peter Torr, and I will borrow some ideas from the other people who have answered on the blog. Here's what PT said: <ul> <li>Recently, a lot of volunteers <a style="text-decoration: none;" href="<a target="_new" href="http://www.mozilla.org/foundation/donate.html"><span">http://www.mozilla.org/foundation/donate.html"><span</a> class="Hyperlink" style="">donated money</a> to the <a style="text-decoration: none;" href="<a target="_new" href="<a target="_new" href="http://www.mozilla.org/products/firefox/"><span">http://www.mozilla.org/products/firefox/"><span</a>"><a">http://www.mozilla.org/products/firefox/"><span">http://www.mozilla.org/products/firefox/"><span</a>"><a target="_new" href="http://www.mozilla.org/products/firefox/"><span">http://www.mozilla.org/products/firefox/"><span</a></a>">http://www.mozilla.org/products/firefox/"><span">http://www.mozilla.org/products/firefox/"><span</a></a> class="Hyperlink" style="">Firefox project</a> to pay for a <a href="<a target="_new" href="<a target="_new" href="<a target="_new" href="http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a>"><a">http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a>"><a">http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a>"><a">http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a>"><a">http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a>"><a">http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a>"><a">http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a>"><a">http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a>"><a">http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a>"><a">http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a>"><a">http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a>"><a">http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a>"><a">http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a>"><a">http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a>"><a">http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a>"><a">http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a>"><a">http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a>"><a">http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a>"><a">http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a>"><a">http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a>"><a">http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a>"><a">http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a>"><a">http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a>"><a">http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a>"><a">http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a>"><a">http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a>"><a">http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a>"><a">http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a>"><a">http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a>"><a">http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a>"><a">http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a>"><a">http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a>"><a target="_new" href="http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a></a>"><a">http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a></a>"><a">http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a></a>"><a">http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a></a>"><a target="_new" href="<a target="_new" href="http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a>"><a">http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a>"><a">http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a>"><a">http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a>"><a">http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a>"><a">http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a>"><a">http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a>"><a">http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a>"><a">http://www.spreadfirefox.com/?q=node/view/8769"><span">http://www.spreadfirefox.com/?q=node/view/8769"><span</a>"><a">http://www.spreadfirefox.com/?q=node/view/8769&quo

Anonymous
December 21, 2004
The comment has been removed

Anonymous
December 21, 2004
your main points are around downloading firefox and installing them...well, if you are developer with so much "concern", go get the codebase and compile your own firefox. how come we have such a huge problem with spyware if everybody followed the instructions which came with IE.

Anonymous
December 21, 2004
Your mum!

Anonymous
December 21, 2004
How can I trust Firefox? Hmmm. Good question but the funny thing is even if they are unsigned and we dont know any thing about them. We still trust them more then mircosoft. Why is that you ask. Because we know Microsoft.

Anonymous
December 21, 2004
The comment has been removed

Anonymous
December 21, 2004
Odd, this page renders fine in my Firefox installation...

Anonymous
December 21, 2004
I'M NOT SORRY FOR THE WRITER OF THIS PIECE.

I'M VERY SORRY FOR THE PEOPLE WHO PUT TIME IN READING AND/OR REPLYING TO THIS USELESS BLOG. ANY I MEAN ANYTHING ELSE WOULD'VE BEEN BETTER THAN LOOSING TIME READING THIS NONSENS

Anonymous
December 21, 2004
Quote: "I decide to reboot the VPC just in case"'' - Hehe funny how rebooting seems to fix everything in Windows.

Anonymous
December 21, 2004
The comment has been removed

Anonymous
December 21, 2004
How can I trust evolutionism?

Anonymous
December 21, 2004
??????????????? » ??????????????????????

Anonymous
December 21, 2004
How can you trust firefox if your brain is a vegetable?

Anonymous
December 21, 2004
You can't.

Anonymous
December 21, 2004
não tem vergonha na cara??? Quando o sr. e a microsoft tiverem competência para fazer algo realmente seguro, aí sim... cale sua boca pois esse navegador é muito mais seguro que a porcaria do IE...
Quando o IE for melhor (nunca será mesmo) talvez possa ser falado algo contra os outros... enquanto isso, fique na sua!!!

Em english (inglês)

it does not have shame in the face? When Mr. and the Microsoft will have ability to make something really safe, yes... silence its mouth there therefore this navigator are much more safe who the nastiness of the IE... When the IE will be better (never he will be same) perhaps can be said something against the others... while this, is in its!

Anonymous
December 21, 2004
blog :: morgamic.com

Anonymous
December 21, 2004
The comment has been removed

Anonymous
December 21, 2004
dam microsoft propaganda, IE BUGSPLORER is the worst navigator, mozilla rules!!!!!!!!

and thats it.

Anonymous
December 21, 2004
at the very least, FF is free. Spyware used to be a big problem for me until I wised up and started using Opera. That is an excellent program, but I got tired of the stupid advertisements (didn't really want to buy it), so I got the free version of Opera, otherwise known as Firefox. Can you say no more spyware?

Anonymous
December 21, 2004
The comment has been removed

Anonymous
December 21, 2004
Yeah, umm, I've used Microsoft for years, since I've been on the net, and it's provided a great user experience and tons of protection. The fact of the matter is, there is no perfect browser, but polls and facts show that Internet Explorer is the favored browser. Firefox is like Kerry, people only voted for it because they hated the opposition. If you don't like IE, make a better browser, but please don't rely on the shaky grounds of firefox for support, because they will crumble before your feet touch them.

Anonymous
December 21, 2004
The comment has been removed

Anonymous
December 21, 2004
Interesting points. There are a number of zealots from both sides (ie / ms) and you do make a good point regarding user issues. I wondered why my machine isn't plagued by virii and strange garbage while my peers (less technical) have so many issues... I guess this answers it. Alas, many users really don't pay any attention to the dialogues, IE or FF aside, I believe the solution is through better education on security (make it harder for users to be stupid) not necessarily just through one way of blocking a user or another...

Anonymous
December 21, 2004
I received a phone call from an end user the conversation went a little something like this. (names have been changed for user protection)

Bob: Hi is this the tech support department

Me: Yes it is whose speaking?

Bob: It's Bob from XYZ

Me: Hi Bob what's wrong?

Bob: I'm a remote user approximately 1600 km's (1000 miles) away from you basically I was browsing a website It wasn't anything bad I promise and now I've got this xxxtoolbar and the start page is slotch.com

Me: Slotch.com not again! Look we'll try fixing it remotely... Hmmmm your connection is rather slow I can't get a connection to you and your ping is horrible. I can't do anything for you remotely your system is being torn to shreds. You will have to send it up here by courier.

Cut a long story short this users history was free of anything immoral or illegal we also did a disaster recovery scan to ensure he hadn't deleted anything. This poor bloke was using IE his system was compromised due to default settings with in IE 6 broswer. Because he dialed up to the internet via a 56k and wasn't online long enough to download all of SP2 his IE was compromised again within 2 days of it being sent out to him after it was fixed. Yes this was due to shoddy workmanship by one of my juniors.

However it is besides the point IE until recently has been compromisable at the proverbial flick of a switch by anyone running a website. With everything I've experienced so far Firefox has not had such issues IE has. Until Firefox starts getting demolished and users start complaining about that Firefox will be my flagship browser

Anonymous
December 21, 2004
I have been using firefox for over a year now, even when it was in pre-realease, my School has converted to Firefox, this page displays properly. Just to prove how successful Firefox is even netscape have based their new browser on it.

Paul

Anonymous
December 21, 2004
Please, ask for the spywares maker what the best browser...
Anyone have your point of view.
This is your point of view.
You trust in a "thing" that you cannot view what there are inside.
How you can says "ie is secure" if you cannot view what there are inside?
Do you think portability? Yes! FireFox Rocks! Better, Mozilla Rocks!
The knowlegde must be free...
Think about this, guy...

Anonymous
December 21, 2004
I saved a poor, abandoned IBM Aptiva from the side of the road once. I installed Windows 2000, because I primarily wanted to play Grim Fandango on it, and the existing Win 98 install was mangled.

Giving IE the benefit of the doubt, I went to a few websites I trust. You know, things like Google, Windows Update, Hotmail even. Closing the Window to check my email, I got a gigantic pop up that had enlarged itself to outside the edges of the screen. I control-alt-deleted it away.

I was shocked to find that I had accumulated, in my fifteen minutes of browsing, no less than four adware programs. I didn't willingly download anything, and nothing asked my persmission to install.

I decided I should Firefox after all. I did, got it running with no problems at all, besides IE complaining that it wasn't the default browser anymore. Since then I've had no problems.

You're trying to stoke the coals of distrust in most novice users, but I think the software speaks for itself. IE allowed adware, Firefox did not. Regardless of either of our opinions, that's what happened, and that's why I trust Firefox.

Anonymous
December 21, 2004
So, I had this great-functioning windows computer with an external firewire drive, you just eject it and take it home and plug it in there, and bring it back the next morning.

Then, I download and install a Windows Update from the microsoft.com website. Everything is completely in order, after rebooting a zillion times of course.

But then, I click on the "eject drive" button that always before let me know I can remove the drive.

This time, though, I immediately got the black screen of death-and-restart! No more trusting Microsoft!!!!

Anonymous
December 21, 2004
Oh, im just kiddin... Firefox is the best browser in the world... =)

Anonymous
December 21, 2004
The comment has been removed

Anonymous
December 21, 2004
Using Firefox was like a breath of fresh air: no pop-ups, no malware, no clean-up hassles. The security protections are simply top-notch. My only beef is when I surf over to play games on Yahoo, the browser becomes flickery. Not a deal breaker, just a nuisance. Everything else in comparison with IE is superior, so what's not to like? I am personally grateful that there's a browser that cares more about protecting me than its pride.

Anonymous
December 21, 2004
That's the best you can do?

I laugh in your eyes.

Anonymous
December 21, 2004
yes

Anonymous
December 21, 2004
The comment has been removed

Anonymous
December 21, 2004
O Firefox é muito melhor que o explorer, se você instalar o Adblock nunca mais ira navegar com o explorer!

Anonymous
December 21, 2004
The comment has been removed

Anonymous
December 21, 2004
The FF have problems? Obvious he do, but the difference is that we can fix it and not be waiting that the M$ for the "right moment" to solve it.

Anonymous
December 21, 2004
The comment has been removed

Anonymous
December 21, 2004
traslate from italian:
Micorsoft è RIDICOLA!
Meno polemiche e piu sviluppo

Anonymous
December 21, 2004
Well, it's a nice try: "come to mommy, you can trust MS and IE. You sure don't want to trust the other guys".

Sorry, not buying it. I don't choose software based on "trust". Deciding points are how reliable, how easy to use, how consistent it is.

After years of IE I'm ready to try anything else, and Firefox is a good alternative. If MS wants me to go back to IE, they better come up with a better version. Possibly one that works also on Linux and Unix? But please, don't ask me to "trust" your application.

BTW, one must have some guts to put IE and "trust" in the same sentence.

Anonymous
December 21, 2004
The comment has been removed

Anonymous
December 21, 2004
and i quote:
"Forging blindly ahead, I download the software again (this time coming from -- I kid you not! -- a numeric IP address, the bastion of spammers and phishers and all manner of other digital rogues) and run the installer."

you're afraid of a numeric IP address?
how did you get a job working with computers?

Anonymous
December 21, 2004
The comment has been removed

Anonymous
December 21, 2004
Whoa !

I must say I'm impressed : You just entered the Security Team and your first try is a flamewar and carefully written FUD. I thought higher of the technical staff.

You're competent (at least with Windows), you've proved it. And I can't believe you do believe in what you wrote. So why such a post ?
for training ? or most probably for fun ?

Djian, an IE/Opera/Firefox user.

Anonymous
December 21, 2004
The comment has been removed

Anonymous
December 21, 2004
Peter Torr (Microsoft) writes about some of the issues he ran into while installing Firefox 1.0. Most of them are complaints about the installer and unsigned controls (such as ActiveX), where Microsoft is famous for. Granted, this should be taken...

Anonymous
December 21, 2004
The comment has been removed

Anonymous
December 21, 2004
Tag

Anonymous
December 21, 2004
The comment has been removed

Anonymous
December 21, 2004
Microsoft SUCKZZZZZZZZ!!!!!!!!!!!!!!!!

Anonymous
December 21, 2004
With the part of my brain that handles trust.

Anonymous
December 21, 2004
The comment has been removed

Anonymous
December 21, 2004
With the part of my brain that handles trust.

Anonymous
December 21, 2004
Can you guys see IE is the only web browser worth using?
Don't ask, just trust Microsoft.
They will do you right as aways.

FireFox? What a silly name.

Why will anyone use a version 1.0 product rather than a proven version 6 IE with patches for all known issues?

Microsoft is the way!

Anonymous
December 21, 2004
The comment has been removed

Anonymous
December 21, 2004
This is pretty hilarious. You're suggesting that Firefox is less dependable than IE because of things in the installation (that don't pertain to Firefox itself at all, just your particular source), and because the default choice accepts extensions?

You mention three unpatched security advisories as noted by Secunia, but conspicuously fail to mention the 74 advisories concerning the most recent version of IE, 20 of which are unpatched. 20 vs. 3. How can I trust IE?

The fact of the matter is, IE has long been an inadequate browser, and now that solid alternatives are becoming popular, they're trying to catch up (pop-up blocking was only added in SP2!?). Suggesting IE is in any way a better browser than Firefox is ludicrous.

Outside of Microsoft, IE is the antithetical standard for web browsers, and that's a title it's earned.

Anonymous
December 21, 2004
Instead of assuming that your end users are security experts as Microsoft does, perhaps we should design software that mitigates security risks as Microsoft does not.

Anonymous
December 21, 2004
I bellieve in the aliens.I bellieve in the Micro$oft.OK!Santa Claus is here!

Anonymous
December 21, 2004
The comment has been removed

Anonymous
December 21, 2004
In response to "How can I trust Firefox?". Here is a couple thoughts. First of all, those "random servers" are offical mirrors. Since Mozilla doesn't have a multibillion dollar budget like Microsft, they have members of the community (generally universities)...

Anonymous
December 21, 2004
I lived (brouse) through 1999-2004 on my win mashine. And you know what? I had viruses only twice (once through msn messanger, another through local connect with infected mashine). I NEVER HAD a BAD experience. I wonder why. After a minute thought I recall that I have been using Netscape-Mozilla-Firefox-Thunderbird from 1999. How enlightening.

Anonymous
December 21, 2004
The comment has been removed

Anonymous
December 21, 2004
How can I trust Windows? I found no answer so I switched to Linux :-)

I did an "apt-get install firefox" and everything is fine - no problems at all, maybe it's because of the OS :-)

Merry X-Mas!

Anonymous
December 21, 2004
Microsoft's Peter Torr invites a flame war with his essay, <a href="http://blogs.msdn.com/ptorr/archive/2004/12/20/327511.aspx">How can I trust Firefox?</a> He walks through the installation and configuration process with Firefox and determines that it

Anonymous
December 21, 2004
What more he annoys me and that the deep Microsoft not makes modifications in the IE and when they somebody makes it criticizes.

I use FireFox, and i like.

Anonymous
December 21, 2004
The comment has been removed

Anonymous
December 21, 2004
Here's a question:

How can anything be trusted?
How can I trust Internet Explorer for that matter? Just because it comes default with Windows isn't a enough good reason. To look at the bigger picture, how can I trust Windows? Microsoft? Mainstream isn't always safe.

Btw, I'm using Windows XP, just asking some questions here...

Anonymous
December 21, 2004
The comment has been removed

Anonymous
December 21, 2004
Executable signing is browser dependent. There is no standard. They are not compatible either.

The current major signing formats are: IE (identicode), Netscape, and Sun Java.

Certificates don't work with redirection to mirror sites.

Anonymous
December 21, 2004
Olha,o Firefox é um ótimo navegador, bem ao contrario do IE, mas como a Microsft domina tudo fazer oque.

Anonymous
December 21, 2004
The comment has been removed

Anonymous
December 21, 2004
vão todos vcs tomarem no cú porrrraa

Anonymous
December 21, 2004
The comment has been removed

Anonymous
December 21, 2004
Ok if you ask ME firefox outweigh IE by 999999999% and your just an idiot, IE is m$'s was of making money you fool. You are just an idiot who doesn't know how to program, MAKE YOU OWN EXTENSIONS, and btw FF is open-source so you can change anything you don't feel "safe" about. stop ragging on good programs and rag on something with alot of holes like Windows. pCe 10023I2

Anonymous
December 21, 2004
The comment has been removed

Anonymous
December 21, 2004
There is one huge difference between the two:
IExplore.exe is a stub for Explorer.exe. Explorer.exe is your Shell. You manages your files with it, it is your desktop (which is why when it crashes, your desktop disappears). If you disable it using the "Set program access and defaults", don't worry, just do a WINDOWS-E. Once you are looking at your My Computer, just type a URL into the address bar. Explorer IExplores! YEY! Just try to disable it! Forget uninstalling it, that requires a format of the HD and replace with OTHER OS.

and this is the "Web browser" people are trying to compare to Firefox. They are not even the same species.

Anonymous
December 21, 2004
First he questions the authenticity of the location where the software is downloaded from, based on IE's advice. Sort of a conflict of interest, no? In addition to that, he fails to mention that the link was authenticated by getfirefox.com as being legit.

You'll notice he criticises the random errors while doing the install, but never details that its to be expected since he's [i][b]running the install over a virtual machine[/b][/i].

He criticises the plugin installer for by default having the choice to install the plugin on "yes". He's a hypocrite: so does IE with ActiveX-installed plugins. In fact, FF's is alot safer since it forces you to wait 3 seconds before even being [i]able[/i] to press "yes", in addition to giving you a warning that the material could be unsafe (which MS does not).

He bashes Firefox on the above infraction, and yet hypocritically bashes Firefox for not allowing executables to be run by default, which IE does.

Anonymous
December 21, 2004
Can any Firefox user explain why this Yahoo login page is considered secure?

https://login.yahoo.com/

In Firefox > Right-click on page > select "View Page Info" > goto "Media" tab

Q: How many protocols do you see listed in the Address list?
A: HTTP and HTTPS

Now, why didn't Firefox inform the user that they're viewing both secure and unsecure content (from different servers, nonetheless)?
Anonymous
December 21, 2004
The fact tha tyou have 7-Zip installed on your PC and it gives you an error cannot realistically be attributed to Firefox in any way, shape or form. 7-Zip is its own program. I don't have it on my 2 PC's and I got no such error when I installed Firefox on either one of them. I also did not get the "blank dialog" nor have I heard of anyone else having that until now.

In all, I'd say you've got some serious issues on your PC that won't be addressed by any web browser install.
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
You don't have to.
blogs.msdn.com ruined it for me, and I skipped the article.
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004

I like FireFox. I helped pay for the news article. I find it interesting that people are suprised that a bunch of hackers could make such a wonderful product. I also do not buy the argument that it is only safer because less people use it. Microsoft should feel fortunate that they have so much of the market testing their code every day. If they actually took advantage of that and improved their product they would have a nice browser. Instead they do nothing with it for 3 plus years. Folks, in the year 2004 Microsoft gives us the product of what it means to do nothing for three plus years. So, why are we surprised it is such an aging, security ridden dinosaur? I mean for cripes sake Bill, show us you care even a little. Its not like you do not have the means to fix it! Either way my wife is happy with her Mac, and I love Ubuntu Linux so even if Bill did fix IE, I still wouldn't use it. Because of FireFox I do not have to...I have a choice! Heck I might even browse in Safari tommorrow, then Konquerer the day after that, maybe Opera just for kicks... Hey, fans of IE, do you know what choice means? I doubt it and that is sad :(.
Anonymous
December 21, 2004
I was pointed towards a blog today and I found it a pretty good read. Peter Torr is basically laying...
Anonymous
December 21, 2004
I'm not here to bash MicroSoft; however, I can honestly say that my computer is much faster and cleaner (not to mention, more fun!) since making Firefox my default browser.

And if it was your intention to sway people away from Firefox, I'd say it had the reverse effect. You really should post an article bashing Firefox each week--it's good for a few laughs and a lot of downloads.
Anonymous
December 21, 2004
Ping Back来自：www.donews.net
Anonymous
December 21, 2004
HAHAHA shoot yourself in the eye.
Anonymous
December 21, 2004
Don: Actually, Firefox uses a runtime version of 7-Zip during installation. (The files in the installer are compressed with 7-zip compression as it's more effective than normal zip, and presumably also because it's open source). You get that error if the download is corrupted or interrupted somehow and the installer has a problem extracting the 7-zipped files. If your download was fine you don't see anything to indicate 7-zip's presence. There is no problem with the author's 'system'; if you'd read the article more closely you'd have noticed he was installing on a vanilla Virtual PC environment.
Anonymous
December 21, 2004
Who cares? If it works better then I'm happy. I'll deal with my own security.
Anonymous
December 21, 2004
How can you trust Firefox? By letting Bill Gates use it. Or, he is already using it, isn't he?
Anonymous
December 21, 2004
Firefox is the wave of the future, MS never cared about their IE untill Netscape became the big dog in town, now that Netscape has been vanquished MS moves onto their next target, Firefox.

So we are going to get pages and pages of techno-geek-babble, blah.. blah.. Firefox bad.. Firefox bad...

You know what, make IE better... Period.
Anonymous
December 21, 2004
i have to say that this is probably the most pathetic anti-firefox blog post/article i've read... EVER! this is posted in jest, right?! please... don't make me laugh any harder than what i already am... pffttt... nice work m$... really low.
Anonymous
December 21, 2004
Fatal Time Deficit Syndrome » Insecurity cuts both ways.
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
How can you trust Microsoft?

Oh... you work for them... duh?

I guess I would defend the company that pays my bills too! Except, I would never work for M$!
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
Hi

Whatever the case might be...I got this new browser here.....I downloaded it....started using....its JUST PERFECT.
No need to bother people who keep complaining against OSS. ;-)

Cheers
Yogi
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
hmm.. boohoc..

With the amount of spyware IE lets in, downloading FF from ANY location can only be better/more safe :P
Anonymous
December 21, 2004
For those 10 million other users, things went great. I don't know what's wrong with your system, but getting blank messageboxes where 10 million others don't isn't normal.
Anonymous
December 21, 2004
SO how can I trust you?
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
If MicroSoft thinks it's browser is so good, I challenge to pay the VeriSign fees for Mozilla.
Anonymous
December 21, 2004
If MicroSoft thinks it's browser is so good, I challenge MS to pay the VeriSign fees for Mozilla.
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
it doesn't think it's secure
my lock is showing unlocked and flashing
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
Seriously, try a test like this about Opera. I'm sure you won't have any problems. The only problem is that it costs to not have a little ad in the upper corner.

But what is that compared to the hundreds of dollars you pay for IE and Winblows?

I'm sure FF will have more problems when more people start to use it. Opera is the most secure browser so far, I think.

By the way, wait for the release of Opera 7.6 before you test it!
Anonymous
December 21, 2004
I use FireFox, but I would just as easily use IE in some cases... Firefox gives me weid issues sometimes, and it makes me sign in EVERY time I go to sites, even though I have it set to remember me... instead of signing me in, it puts my info in and I still have to click OK, and wait for it to load again, etc. The tabbed browsing and the built in popup blocker and googlebar/anything you want bar are things that I really like about Firefox, but I for one can definitely see both sides. Neither are perfect.
Anonymous
December 21, 2004
Parts of what is said here is true but the rest is pure bad faith... Why would I trust Firefox more than IE? Just look at these vulnerability reports: http://secunia.com/product/11/ (IE) and http://secunia.com/product/4227/ (Firefox). 29 open vulnerabilities vs 4... Mhm... Let me think... Which browser will I use?
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
get rid of ur sp2 or m$ win Xp will help u alot!

u just an idiot!
Anonymous
December 21, 2004
The main reason i like FF
is htat if you code improperly, it will show it
but in ie, it just tries to show the page, with no errors, that only good when you code in Frontpage or publisher, come seriously, if people code like that they are asking for it them selves, but none the less, everyone should try to view they page in FF. just so see how not to code,
Anonymous
December 21, 2004
Mozilla won: microsoft is afraid of the Firefox threat. If the challenger was not a threat, there would be no reason to attack him. The truth is that FF is no more a threat: he is the winner.

"millions of users choose IE" seems so stupid now! With FF people actually have the choice and see that IE is poor and badly designed. Instead of trying to find FF weaknesses, work on your code!!! Remember: competition is stimulating, isn't it?

PS: if windows does not work well, don't wait for the next expensive release that won't run on your PC, get Linux!
Anonymous
December 21, 2004
You are the dumbest person i've seen! LOL :p
Anonymous
December 21, 2004
To be honest, I use Firefox at home, and love it, maybe its not as secure as ie (although my 2nd pc with IE on is full of spyware/adware).

Maybe useability should not be prevalant over security, but that is something that can be worked on by the open source community.

Which brings me to my main point, a lot of people using the firebadger and donating to the mozilla cause are doing it to support the open source community, something you obviously won't want to do.... would put you out of a job after all :)
Anonymous
December 21, 2004
Mouahahahah Excellent joke !
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
much of the motivation behind open source software is the desire to further our knowledge and provide quality tools; in contrast, microsoft puts money ahead of everything else, quality only matters if it generates a profit.
microsoft does produce many decent products, but has never shown me that it can be trusted. the large amount of known bugs in software releases lets me know that quality falls behind profit everytime.
with most open source software, there is a rapport between developers and users - I can know, and trust the developers, with microsoft, this is not possible.
Anonymous
December 21, 2004
Easy - run it under Lunux
Anonymous
December 21, 2004
You can't .. . ever .. .
Anonymous
December 21, 2004
IE should be removed from windows installation :)
Anonymous
December 21, 2004
Are you serious about what you're telling over there? Signing does NOT guarentee security!

I feel like this is either a malicious provocation attempt a la "I love this browser" of his colleague, or this guy has no idea about security.
Anonymous
December 21, 2004
We are all people of free will, are we not?? Freedom of speech can also mean actions, if you dont want to trust it dont, duh...
Anonymous
December 21, 2004
Use a real browser based on IE. DEEPNET EXPLORER RULES
http://www.deepnetexplorer.com/
Anonymous
December 21, 2004
But of course your biased since you work for Microsoft, and besides if you really wanted to know if it was from Mozilla you could have ran a CRC check on the file.
Anonymous
December 21, 2004
windows users bickering over the best way to survive without getting their pc fried by simply browsing the internet...

seriously. just borrow a mac for one week. or one day. just watch, look, listen, try to understand...

sigh....
Anonymous
December 21, 2004
Thanks for your comments, Torr. Every kind of help to make Firefox even better is welcome. But if u´r trying to convince me to use IE again, don´t make me laugh!
Somebody knows if there is any community in Orkut like "Let´s make Firefox perfect?"
FF rules. Hope you use too.

See ya!
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
Mmmkay maybe it's just me but what if you've put the time you put in this article into actually diving in the IE code to fix some of those bugs? Just thinking here.
Anonymous
December 21, 2004
How can I trust Firefox? Simple: Stop using Windows.
Anonymous
December 21, 2004
You are so right!
Windows as an OS is so unsafe that the browser you use does not matter at all.

"One OS to fool them all
One browser to find them
One email client to bring them all
And through security holes, blind them..."
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
Simple...
When your browser crash, he don't take windows with him...
Maybe...remove and reinstall the browser solve the problem...Dawn! I forgot, i can't uninstall IE..

Huahuahuahuahuahua!!!
Anonymous
December 21, 2004
oh serio ? soh uso MSIE porque nunca deu problema comigo.
Anonymous
December 21, 2004
Pra mim o firefox é um otimo navegador, um dos melhores que ja usei , se nao o melhor. Pra mim voces ficam arrumando defeitos nos programas de codigo aberto para ver se seu crescente uso diminui, mas isso nao adianta muito. Em vez de criticar os programas de codigo aberto voces deveriam cuidar mais do IE porque esse sim é um pessimo navegador, vive mais dando erro do que funcionando corretamente.
Anonymous
December 21, 2004
O que que esse kra quer falar do firefox, é o melhor navegador que ja usei , em vez do kra ir cuidar do IE que é um lixo, cheio de bugs, vem criticar os outros programas de codigo aberto, va criar vergonha na kra e faça um navegador de verdade.
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
Wrong question.

After reading this, I became completely fed up with the sheer fraud of the post. I have used Netscape (and now Firefox) to avoid problems with ie (and compuserve to avoid Outlook), conceding Microsoft its monopoly position with the operating system. Now my thinking has shifted: if Microsoft can be so clueless and deceitful, maybe I should make the effort to get them out of my PC completely, and change operating systems.

You think its a big deal to Microsoft when a lot of people shift away on the browser? What is it going to be when a lot of people go away on the operating system?

Microsoft tread lightly: don't annoy people so much that they'll make the effort to change operating systems. A few years ago I thought it preposterous to think some other operating system could displace Windows. Now I'm not so sure.

Only sheer stupidity by Microsoft can cause them to lose their position in operating systems. This post demonstrates that stupidity.
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
Porque tanto medo da MS? Talvez reconhece que o IE esta perdendo mercado por se vulnerável a tantos problemas e não consegue resolver. Porque apresentaram o MSN 7.0 Beta no Firefox? Esta apelando porque?
Anonymous
December 21, 2004
Microsoft is a sore loser.

Quality is what counts, not quantity.

FireFox is the better browser.

In a world without walls and fences, who needs Windows and Gates?
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
ive never run into any problems uve faced. and just for the record, mozilla has md5 hashes on their ftp server (why i got my copy, not from some random university site) that can insure file integrity. secondly, downloading extensions is blocked for all sites except update.mozilla.org. and if thats the official company website, why would u possibly think that clicking a link on there would be a modified version? u sir r a fool. or a microsoft lacky. but then again, theyre the same thing.
Anonymous
December 21, 2004
Just how many ppl out of your expected audience are using IE6 SP2.

Its only available in WinXP Sp2 of later. Debatable to whether its available in Win2k Sp5 - to be released I hope.

Many people still use older systems, 98, ME, 2k. Even XP Sp1 or dare I say it, strait XP.

The IE Supplied with these systems does not have the security features that you are claiming that IE has. Also, to get update to the lastest IE that they can support - not sp2 thanks to a decision that microsoft has made, takes about 60MB for a offline install. Firefox is 5MB.

That is what most people will care about, not the unsigned publisher. People ignore that warning all the time in IE to.
Anonymous
December 21, 2004
I think the points of your article, as summed up in the end are fine and valid ones.

What I really, really don't care for, though, is your delivery. There are so many snide remarks in your article that I almost missed the point.

I think it's a pity that you took a good and valid couple of points and turned made them into a petty little load of FUD.
Being from microsoft as you are, I think being petty is the last thing you can afford to do in a debate like this, so please cut out the snide remarks in the future.
They make you look really bad.
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
Well, I don't use Firefox, IE is very good and I belive in these messages in instalation of Firefox.

Theo's
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
Someone wrote this:
" 3. Do not use IE except when absolutely necessary to download your intial copy of Firefox.
Posted @ 12/20/2004 2:06 PM "

And I haven't listened...
Yes, my mistake, I used IE to do the Windows Update, now my system is filled up with some spywares...
Luckly, it appears only on the IE, my FF is still safe.

Anyway...
Tks for the advice.
I realy think that someone who read this replyed this to the FF guys.
It will surely help them with their next release.
Anonymous
December 21, 2004
Go to: www.bikersnet.com.br !!!
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
What a bad luck fall on you :)
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
Whoever wrote this paper is a loser.
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 21, 2004
Congratulations - a masterpiece of spin. IE is better because you can be absolutely sure the version you have downloaded is the official, bug-ridden disaster it claims to be. I need to lie down.
Anonymous
December 21, 2004
The comment has been removed
Anonymous
December 22, 2004
Microsoftttttt is very suxxxx !!! Death M$ !!!
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 22, 2004
Ping Back来自：www.donews.net
Anonymous
December 22, 2004
duh... in next 12 or 24 months "M$ int. expl." has totally defeated by firefox like as "iis" has been defeated by apache. Go work and make a good code... ;-)
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 22, 2004
Ping Back来自：www.donews.net
Anonymous
December 22, 2004
You raise some valid points, but regarding the extensions being unsigned, I can't help but think you've missed a fundamental aspect of open source software.

Also forgive me for the accusation, but the fact that you've encountered so many problems - and that your "network connection just died" - makes me wonder if you were going out of your way to trip the program up.

Still though you're right, those error messages should be cleaned up. I don't know if you can trust any browser 100% but Firefox comes far closer to that mark than anything else I've used.
Anonymous
December 22, 2004
Ridiculous many levels. And if you're so worried about security, why aren't you a Mac user?
Anonymous
December 22, 2004
I are out of your mind.
Please reboot yourself.
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 22, 2004
SURELLY. Firefox need improve, but Firefox is better than IE. Only IE6 packed with SP2 has meet secure standards. Most of users are using previous versions (i.e. IE 6 SP1). In other hand, why you install Firefox using "Virtual PC". Be a "brave soul" and install it directly on your windows installation. Sincerelly, I'm used to be IE user for many years. For now I'm more comfortable with Firefox. If Firefox improves just a little bit, IE will fall to down. For now, Firefox is my choice.
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 22, 2004
Don't use Firefox. Use IE with our "researchware" that is digitally signed so you'll feel confident that we will collect your personal data safely.
Anonymous
December 22, 2004
Don't use Firefox. Use IE with our "researchware" that is digitally signed so you'll feel confident that we will collect your personal data safely.
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 22, 2004
You definitely have a point here and I share your concerns.
One thing I would like to add: I have been using Firefox (and its precursors) for about a year now and it is years ahead of Internet Explorer.
Anonymous
December 22, 2004
And you think that doing FireFox in a Virtual PC is going to work correctly? The guy who made the review is a bit stupid. It's like if I complaine because MacOS X didn't work correctly on my emulated G5 in my PC. It's full of sh¡t.
Anonymous
December 22, 2004
Funny is, that most of the opinnions that agree with this post, are from people connected to M$. Just a remark.

Regarding the errors i never seen any, and i used and installed a lot of firefox's in many computers. I think the problem is like most of the times about 0,5mts away from the computer.

Firefox is excellent, people i know that had a lot of problems with spyware, and malware. Got them completly resolved after starting to use firefox. Is not a simple problem about a download location or certification that stops the people from using it.

so, YES you can trust Firefox.
And be carefull don't be fired for using software that's not from M$.
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 22, 2004
Firefox 4ever!!!
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 22, 2004
pilniigaakais bulshits. nahujam tev kautkaads ljevijs 7-zip ? tev blje probleemas nah raru lietot ? un nepis bobi varoni, novaac servisa paku un viss buss kedaa... izklausaas ka aizstaavu FIREFOX... skuju anna.. dirsaa jums to lapsu.. nerullee vinja!
Anonymous
December 22, 2004
As a Firefox user, it's really too bad that most of the "die-hards" don't get the point here. It's not a question of which is a better browser (because --clearly-- that is no contest to FF) but rather an evaluation of the USER EXPERIENCE for the download.

Microsoft has always focused on the experience, and these comments are pretty well founded. Firefox is TOO difficult to install and does raise questions. Comments like the browser isn't for newbies is short-sighted.

Laughing off these shortfalls (which can be overcome, folks) is equally short-sighted. It's all about first impressions. Like it or not, it's better to be attractive & articulate (or, in software terms, offer a great UI & be easy to understand). Firefox, as much as I like it, doesn't do enough.

Yeah, there are reason to explain it (like working on the product, duh), but the installer needs work.

If Firefox succeeds beyond core internet users, it will be because the USER EXPERIENCE is the best out there.
Anonymous
December 22, 2004
Haven't seen those dialog boxes....
Anonymous
December 22, 2004
can i trust to this blog?

------------------------
Mozilla Firefox 1.x

Vendor: Mozilla Organization
Product Affected By:
4 Secunia Advisories

------------------------

------------------------
Microsoft Internet Explorer 6

Vendor: Microsoft
Product Affected By: 74 Secunia Advisories
------------------------

maybe allready posted, but i don't have enough time to read al the comments
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 22, 2004
O Firefox, é o melhor navegador que ja usei , acabou com aquele monte de janelas pop-ups que enchem o saco, em vez de criticar os outros programas de codigo aberto, va criar vergonha na kra e fazer um SP3 do XP.
Anonymous
December 22, 2004
This look is pretty insightful, and brings up many legitimate concerns about Firefox.

However, Microsoft should really be focused on why they have lost 10 million customers to Firefox, if it is so poor from a security perspective.

In my mind, I would rather take all those chances that you mention for a single install than take a chance every time I load a web page with IE.

Statistically (and internet security is all about statistics), I am much better off going with Firefox.

If this lesson is ignored, Microsoft will lose much more market share in the future.
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 22, 2004
Ever since the day I started to use Firefox I haven't got any kind of malware or spyware on my computer. When I used IE (till 2 months ago) I had to use Ad-Aware and Spybot weekly to remove about 5 malware programs each time...

Personally Peter, I think you've written a nice joke. Thanks for making me laugh...
Anonymous
December 22, 2004
At least Firefox doesn't give the users the false impression that "Signed" = "Trustworthy".

Also, I don't think firefox extensions can do as much damage as IE ActiveX controls if only because Firefox is not intergrated into IE.
Anonymous
December 22, 2004
For the record "I Love Firefox" For the Record "Everyone I talk to is trying Firefox" that out of the...
Anonymous
December 22, 2004
While he's busy whining about downloading software from ghasp an IP address(!), did anyone notice how Microsoft has no rdns on any of its internet facing hosts?

Does this individual not realize that behind every hostname/domainname is an IP address? If he's an MCSE, that explains alot too...

But hey, we're Microsoft, do as we say, not as we do!
Anonymous
December 22, 2004
I saw a comment earlier about how Secunia security says that Mozilla has ALOT less advisories than IE.

Tell me this: HOW CAN YOU POSSIBLY COMPARE SOMETHING THAT'S BEEN OUT FOR MORE THAN 10 YEARS TO SOMETHING THAT'S NOT EVEN BEEN OUT A YEAR?!?!?!?
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 22, 2004
.. and how you compare a product that has been 10 years and is so insecure with a baby browser release? it is not suppose that a mature product "must have" fewer vulnerabilities if it has been many years of development a many years in the market?
Anonymous
December 22, 2004
I like how you point out Firefox's four Secunia advisories when IE 6 has 74.
Anonymous
December 22, 2004
Excellent post! Hopefully Firefox can remedy some issues mentioned in your article soon.
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 22, 2004
I'm careful when using any software package regardless of the claims.(for or against) I switched to Firefox simply because it's a better product. Booya.
Anonymous
December 22, 2004
This is such a red herring. Why are you comparing obtaining software from a known source vs. random unwanted software being acquired stealthily by a mere visit to a web page?
Anonymous
December 22, 2004
w00t
Anonymous
December 22, 2004
Zealots = no critical thinking. Y'all gotta learn you some ARQ!
Anonymous
December 22, 2004
how can i trust IE with dozens of security leaks and a this harakiri-style active-x rubbish?!

http://secunia.com/product/11/ ...there's nothing more to say!
Anonymous
December 22, 2004
Mozilla has arrived! Microsoft employee Peter Torr has started a flame war in his own blog today. How can I trust Firefox? For the second month in a row online usage tracking statistics from a variety of sources show a...
Anonymous
December 22, 2004
Firefox kicks IE off the road
nuff said!
Anonymous
December 22, 2004
Selam,

Bence IE yerine güvenle kullanılabilir. Eksik yönleri de yok değil hani. CSP desteği maalesef yok, smart kart üzerindeki sertifikalara nasıl ulaşabilrim?
Anonymous
December 22, 2004
Ma pigliatevelo in terculer voi e internet expler
Anonymous
December 22, 2004
Well, what about the sh*t that got distributed by windows update when it got hacked and users installed something that was not signed by microsoft. I guess Microsoft people are getting nervous by the fact that for the first time in years they have another serious browser competitor.

Greetz,

Tim
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 22, 2004
How the heck can ANYONE even consider feeling safe running anythng from M$ Corp in the first place thats what completely confuses me i have to admit
Anonymous
December 22, 2004
I think Ivan told almost everything firefox is...
and I think the "author" and others, must study hard about IE security, because...
Anonymous
December 22, 2004
Hey,
You have to seriously consider FF is now version 1.0 and IE is in their grandpa days. you have done good things by noticing some errors to the FF developers and ofcourse it will correct at March scheduled version 2.0.

**FireFox is the best
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 22, 2004
Hey,
You have to seriously consider FF is now version 1.0 and IE is in their grandpa days. you have done good things by noticing some errors to the FF developers and ofcourse it will correct at March scheduled version 2.0.

**FireFox is the best
Anonymous
December 22, 2004
firefox écrase de loin la bouse microsoftienne en terme de navigation et de respect des standards web et c'est tout ce qui compte, on s'en tape d'une soi-disant polémique sur l'authenticité de l'application téléchargée... post inutile mais alors inutile de chez inutile !
Anonymous
December 22, 2004
Well, reading all the comments and seeing my personal experience with both browsers, Id like just to inform that FF is pretty better than IE, security holes both will have, but stupid security holes like IE, Im sure that FF wont have.
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 22, 2004
This sounds a bit like people who prefer Fords over GMs, for no particular reason, except that they do.
Anonymous
December 22, 2004
I realize Iam a few days late here and I'm not one to speak badly of ours. BUT dude your just out there.

You get the goof of the year award.
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 22, 2004
Another MS blurb.

Come on! You guys should create a church and steal money with this kind of talk.

So are you "fantastic" guys afraid of a bunch of kids?

Why?
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 22, 2004
My Cat's breath smells like cat food..
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 22, 2004
I have a question for the author of this post:

How can you trust a piece of software which has critical updates published almost every week (and even if it is published, it's about a month too late)?

P.S. Yes, i'm referring to IE.
Anonymous
December 22, 2004
how can i trust your biased opinion?
Anonymous
December 22, 2004
Simple, don't be an idiot and run AntiViri on Downloads.
I've seen signed viri too.
Anonymous
December 22, 2004
lol microsoft lol
Anonymous
December 22, 2004
my xbox is broken,can you guys fix it?
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 22, 2004
All this from a person who works for a company who has passed off a file handler as a real operating system. Coming up next is a remake of the old idea of the IBM AS/400 operationg system (Longhorn). So much for innovation. Go ahead, sell the average user just what they don't need or understand.

I have better things to do with my money than purchase new hardware and software every 2 years.

It's simple, the comments that come out of MS are all about MS. MS doesn't care about me so I don't care about MS. We don't need $100 pc's or new pc's. We need software that is compatible, unbundled, and affordable.
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 22, 2004
Dear MR.Cheezwiz,

I like my tab browsing.....

It seems like there has been enough buzz to catch your eye. Congrats to mozilla who we all thought was dead.

It's too bad the road map has taken microsoft to a place of poor planing and unacceptable code. At least now all the support from MS will be as bad as it's software.

Lets not get started on secure computing the microsoft way :)
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 22, 2004
Why do you use a VPC to run Firefox? I mean, really, do you use it to run Windows on top of it? I just don't understand. If you are afraid of loosing data or something, why do you use Windows? Why do you download Firefox with IE? You could get it with some ftp client.
I wouldn't even run IE in a VPC if I had valuable information on my PC.
Well, actually, I run Linux at home so I don't care :p

Get a life, trol.
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 22, 2004
I feel that Firefox is superior to IE. The features, the speed, the feel, and the look, all stack in Mozilla's favor when trying to compare apples to IE.

Firefox will take off further, as it has been and will continue to do. Mozilla is free, and therefore some university will host the download files. Would you rather pay for the download because it came from "make-you-feel-safe.url.download.Mozilla.org"?

I'll be using Firefox on win32, as long as I keep using win32.
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 22, 2004
The Browser You Can Trust!
Anonymous
December 22, 2004
I am going on holiday so I won't be able to moderate them. I will let them through when I get back.

Thanks for taking the time to post (and more thanks if you actually read the article first! :-) ).

Happy Holidays
Anonymous
December 22, 2004
You show limited knownledge on how file downloading works...

Fisrt you are scared because the Firefox website redirected you to a .edu domain. I am sure because of the heavy load Firefox has to get some universities to offload the traffic. I am sure if you get a piece of software from the offical site it should be safe 99% of the time.

Next you mentioned the "7.zip" error, I hope that you do know 7 zip is a file compression / decompression software and many software are package this way. Could it be that you are messing around with Virtual PC?

Next you said you got redirected again and got more scared because you see IP address, and you said spammers and hacker operate on IP address. At this point, I really think many be you should go back to 1st year CS course. All machines on the Internet use IP addresses, but you don't seems to know what they are and relate them to hackers for some reasons.

At this point I stopped reading, I assumed the rest will be just a waste of my time.
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 22, 2004
fufufufufufufufufufufufu
Anonymous
December 22, 2004
I run Linux. How can I get/install this Internet Explorer thing you say is better?
Anonymous
December 22, 2004
HAHAHHAHAHHHAHAHAHAHA this is a joke right? I think I get it...

No firefox = no windows at all for me
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 22, 2004
Yeah, I used to use IE, until all the spyware and popups and unneeded and ridiciulous security warnings clogged up my screen to the point where I couldn't use it. It'd ask me if I trust MICROSOFT ITSELF if I tried to download something OFFICIAL!

Now I moved to firefox where I haven't had ONE security problem, ONE spyware problem or ONE popup. Thanks, microsoft
Anonymous
December 22, 2004
Whenever you want to install an extension to FF, you first have to click on the bar that pops up at the top of the screen and make a decision as whether or not you want to allow this site to install activeX files onto your computer. the default there is "cancel". you seemed to have forgotten that part.
Anonymous
December 22, 2004
hey, i downloaded firefox and nothing of written here happened to me. just download it from a site that i did.
if i wrote all the troubles that happened to me with the microsoft software, your hard disk would crash.
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 22, 2004
Although I use Firefox and trust it more than IE, i think you've got a point here...
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 22, 2004
As I read your article together with ALL the comments posted afterwards, I ponder if you're just unaware of the faults of your own computer system or you're just really REALLY biased.

I have used IE for the past 6 years of my computer enlightened life. I have been like a religious zealot whenever updates to IE were brought out by Microsoft. I have stuck with IE even when my friends were convincing me that Netscape was better. Now, after being educated in computers through my computer science course, I switched to FireFox. After all the anguish over security holes and downloading 29 MB of updates to IE everytime there's a new version which "supposedly" is better, I have had enough. IE will never be secure. Even my professor broadcasts that to us everytime we discuss security. A tight integration with the OS often leads to a big problem in security. Although I can't explain deeper here, what I know from both personal knowledge and from others' opinion about the subject is that FireFox will always be WAY MORE SECURE than the browser that can't be separated from the OS.
Anonymous
December 22, 2004
I Smell Fear..
Anonymous
December 22, 2004
In my blog I wrote a "How to ensure you have the appropriate Firefox code - Step by step" guide, I think the average user is able to verify if he/she has the clean Firefox code or not.
Anonymous
December 22, 2004
simple, get rid of windows and run it under gnu/linux with normal user credentials.

if you get any viruses that way, i'll pay for the damage :P

george,
still waiting for security in windows, still hoping it will come with winfs
Anonymous
December 22, 2004
I think, IE will progress against Mozilla,but i prefer Mozilla because it's very safe,so IE dont.
Anonymous
December 22, 2004
that web page is such a laugh
it just shows how ignorant and blindly partial microsofts workers can get

keep surfing on IE, you deserve it. but please don't pretend to test-drive anything that deals with internet, you don't seem experienced enough to do so
Anonymous
December 22, 2004
"Trust is not transitive. If I trust you and you trust Bob, that doesn't mean that I trust Bob."

By this logic digital signatures are worthless too.

How do I decide who to trust? For digital signatures to work I have to at least trust Verisign to have carried out sufficient checks prior to signing a certificate given to Microsoft or Mozilla.

Let me re-phrase your statement. "If I trust Verisign and Verisign trust Mozilla, that doesn't mean I have to trust Mozilla".

The vast majority of users don't understand what a digital signature is and it is more likely to provide a false sense of security. "Oh it's digitally signed it must be safe" is not the mindset we want to encourage.

Digital signatures will only offer some re-assurance that the file has not been modified since it was signed.

FInally, I must congratulate you for all your efforts on making Firefox so difficult an experience. If yours was a typical experience Firefox wouldn't be so popular. I have certainly never seen any of the problems you have demonstrated and from other comments they appear related to other applications than Firefox and as such they prove nothing.

I'm not a Zealot on either side of this argument but I find propaganda of this kind totally unconstructive trolling.
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 22, 2004
Just to say that i have installed firefox like 100
hundred times, never sean once your problems.

It is a bit strange you get them, and you are working for Crosoft...

How can you fool people like that?
Anonymous
December 22, 2004
Voce está com inveja, porque o Firefox é mil vezes melhor que o IE, você fala dos plugins do Firefox: que tem que baixa o que quiser, mas é melhor baixar plugins do que ter que fazer atualizações no Windows Update "todos os dias"
Anonymous
December 22, 2004
Voce está com inveja, porque o Firefox é mil vezes melhor que o IE, você fala dos plugins do Firefox: que tem que baixa o que quiser, mas é melhor baixar plugins do que ter que fazer atualizações no Windows Update "todos os dias"
Anonymous
December 22, 2004
The post is good. But you forgot one thing...

FireFox = almost good

Internet Explorer + FIX + FIX + FIX + FIX + FIX + FIX + FIX + FIX + FIX + FIX + FIX = almost good

The winner is .... you decide.
Anonymous
December 22, 2004
Are you going to blame McD's when you get lardy? Shift the blame, flip the flop.

http://secunia.com/product/4227/

vs

http://secunia.com/product/11/

It's not difficult to decide who to trust.
Anonymous
December 22, 2004
<pt-BR>

Se o FF fosse ruim não estaria preocupando gente da "Microsoff"... 

Prefiro baixar os fontes no repositorio, dar a famosa triade:
./configure
make
make install

E ser feliz em meu Slackware.

</pt-BR>
Anonymous
December 22, 2004
BA-BA-CA!
Anonymous
December 22, 2004
Um why would you download firefox from a random server, when you can get it right at the mozilla.org web site? Seems to me that you may already have malware on your system as well seeing what happened to you when installing some of these files. You should use spybot and ad-aware. Just my 2 cents.
Anonymous
December 22, 2004
How can I trust a guy whose site's url is : blogs.msdn.com blah blah images' url is http://torrboy.members.winisp.net./... do I know winisp.net ?
Is it a confident site ?
I'm scared !
But luckily I have Firefox so no risk of spy/mal/adware :)
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 22, 2004
Lately, I've read several interesting blog posts and news articles on the differences between open source and traditional closed-source commercial software. To mention three firestarters, here are some articles that led to me posting this: The Luxury of Ignorance by...
Anonymous
December 22, 2004
Your article is pathetic.
Anonymous
December 22, 2004
No comments!
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 22, 2004

Note: I use MS software, and design software for MS operating systems; I also use FireFox as my default browser, and recently switched from Outlook to Thunderbird.

------------

"Trust" is not the be-all and the end-all for all people. For many people, the answer to the question, "how can I trust [blank]?" is, "I have no intention whatsoever of -ever- trusting [blank]."

It's very good if you can trust the people you deal with, but in the real (non-computer) world, we deal with people we don't trust all the time. A recent poll indicated that used car salesmen and lawyers are the two least trusted professions; but we enter into contracts with them often.

Trust is a beneficial attribute in transactions, but hardly essential. If trust were necessary, many people would have to quit dealing with Microsoft.

In addition to verifying identity (which is the only purpose of digital signatures) trust requires:

1) Faith in the good intentions of the other person. For many people, this immediately disqualifies Microsoft. Microsoft's posture in many of the lawsuits against it does not inspire confidence in their good intentions.

2) Faith in the ability of the other person to competently follow through on their side of the bargain. Microsoft's history of security problems, their responses to those problems, and the apparent lack of control over various design decisions by development teams which violate accepted security standards is seen by many people as sufficient evidence to disqualify MS in this area as well.

3) Faith in the good judgment of the other person. Many people feel that MS has not shown good judgment in the past, or good judgment at this time.

Code signing is a good thing, but as others have pointed out, it is not absolutely essential; there are other verification methods, such as MD5 hashes and PGP signatures. Code signing also addresses only -one- facet of verification; namely that the code originated with company [blank]. It tells you -nothing- about the potential defects in the code.
Anonymous
December 22, 2004
Your essay makes a huge assumption: that Microsoft can be "trusted". We obviously have very different ideas of "trustworthy", you and I. Of course, I routinely go around helping people get rid of the viruses, spyware, and adware that have been enabled by Microsoft's products - I suppose you do not. I have yet to experience or hear of an end user have problems from "trusting" Firefox. Score: Microsoft/IE: -1,000,000,000. Firefox: 0. Thanks for the advice, but I think I'll go with Firefox until the score gets a little closer.

Peter Yellman
Anonymous
December 22, 2004
The comment has been removed
Anonymous
December 23, 2004
The comment has been removed
Anonymous
December 23, 2004
That's funny how since I am using Firefox, Spywares, Malwares and others are not looming anymore through, say, iFrames ! M$ People, you are sometimes making me so laugh... Thanks for that !

But thanks to MozFoundation for re-inventing the Web Surfing...
Anonymous
December 23, 2004
What an ill-informed piece of tripe.... Next time, do your research.
Anonymous
December 23, 2004
I think it all comes down to this:

You can't have absolute trust in anything you encounter on the Web.

--- CHAS
Anonymous
December 23, 2004
Of course Microsoft IE always tells you not to trust anything not signed.

Would you tell a customer that a Competitions product was safe? Heck NO!
Anonymous
December 23, 2004
I'm not sure how a signature from the company that hijacked the internet http://www.icann.org/topics/wildcard-history.html makes you feel any safer. What verisign did was on the same level as spyware.
Anonymous
December 23, 2004
Firefox allows you do download the source code and compile your own copy. If anyone truly, deeply cared about "trust" they could, in theory, evaluate the entire source code, then compile the binary for themselves.

That's a leg up on IE, I would have to say. The truth is in the code, and IE's code is behind closed doors.
Anonymous
December 23, 2004
Hi i have been using Firefox for wrouind 2 months and yesterday my firefox locked up so i had to restart my computer. when i went back to firefox ALL my bookmarks were gone. i went to the FF Forums were i recieved very poor support. I woudl not recomend Firefox to anyone if you at risk of lossing your boomarks
Anonymous
December 23, 2004
What a big piece of FUD...

But hey ! that's normal. We are on a MS site.

I really LOVE MS FUD: it proves they (MS) feel that the situation is getting bad for them and they have no real argument.

Please, Peter, do come up with value for us rather than spreading FUD. You will be on the right way for recovery.

FHW.
Anonymous
December 23, 2004
Mdr, super le discours du pro crosoft, c'est bien marrant tout cela mais ca prouve une fois de plus que chez microsoft au lieu de bosser sur vos soft tout buger, vous critiquer les autres
lamentable
Anonymous
December 23, 2004
Seeing that this is an MSDN blog, I find it difficult to find this post credible. It would be similar to Steve Jobs writing a critique of Longhorn.
Anonymous
December 23, 2004
The comment has been removed
Anonymous
December 23, 2004
First thing I noticed was the images you posted here were of the new Win XP Service Pack 2.
Microsoft put out Sevice Pack 2 before they realy had a chance to test it properly.
I had so many problem with Service Pack 2 that I reformated my computer and went back to Service Pack 1.
I have used every version of mozilla browser and never had any problems.
I currently have the newest firefox and still no problems.
I would say that the Service Pack 2 was Microsofts aproach to keeping everything Microsoft, in the sense that so many people are having problems with their 3rd party programs.
I think the developers at Microsoft lack the real skills like the open source developers.
Thanks, Micro$haft for giving us the $haft with your new service pack 2.
Anonymous
December 23, 2004
Anyway, Firefox is safer than IE, compare the sources if you don't belive :) ooops, i can't access IE's source, so how can i trust in it? Does Microsoft take the responsibility of any damages caused by spywares, malwares, etc.? Does Microsoft take full warranty?
Anonymous
December 23, 2004
The comment has been removed
Anonymous
December 23, 2004
Firefox has been a breath of fresh air to me. I use to get hammered with spy and adware. Not anymore. Also firefox functionality can be extended via extensions.

Firefox has also put much effort into support web standards which is a big plus in my book.

Microsoft has not had a major update to IE in years. I think they have there work cut out.
Anonymous
December 23, 2004
BloggerJacks » To Trust Or Not To Trust!
Anonymous
December 23, 2004
Personnally, I have downloaded Firefox from a well-knwon ftp server, and I do trust it :
http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/1.0/win32/

I think a zip version is quite better than an installer, which can do whatever it wants during the install process.

About the extensions, I think we can trust the following adress :
http://ftp.mozilla.org/pub/mozilla.org/extensions/
Anonymous
December 23, 2004
The comment has been removed
Anonymous
December 23, 2004
die MICRO$OFT, die!
OpenSource ownz!
Anonymous
December 23, 2004
The comment has been removed
Anonymous
December 23, 2004
Interesting. Here I am, viewing this site in FireFox, and it is displaying correctly. Whereas when I viewed it in IE earlier, it didn't.

In fairness:

1. I'm using a different machine

2. The first machine had "large fonts" turned on in the display

3. This machine uses small fonts

4. It displays correctly in IE as well on this machine

In other words, the reason why it doesn't display correctly for others using FireFox is like user/configuration error.

Both machines W2K Pro and IE6, both fully patched.
Anonymous
December 23, 2004
So how is it that if you visit one site in internet explorer with service pack 2 it still manages to install a few activex controlls and some icons on your desktop and some registry keys no problem. Very secure. Firefox doesn't let it happen. Oh, and this page doesn't validate. Don't support IE, you only end up going backwards
Anonymous
December 23, 2004
Good night. My comment is: Anyone use the browser that more like. If you like to use a insequre browser, so use. If you like to use a browser that block all pop-up windows, so use. The Microsoft never left me bad with the software and dont go start now. The software of Microsoft is very good. Internet Explorer is a browser that have some years but with Windows XP Service Pack 2 is more safe. But i think if Microsoft release a new browser, the Firefox will disapear. Well, that's all. Bye.
Anonymous
December 23, 2004
This post just confirms that MS people its downloading, testing, and helping to make a better FIREFOX.

Thanks for the advices, Mozilla foundation will take care of them. But im afraid that make a post of IE problems can take a whole blog instead a post.
Anonymous
December 23, 2004
"How can I trust Firefox?"

<flame> Is that a question? </flame>

I am not saying one browser IS better than another.

Perhaps, another question may be

"How can I trust MSIE?"
Anonymous
December 23, 2004
Hello everybody, first of all I must say that I don't use FF but I do use the Suite.
There are many reasons that made me change to Suite:
1.- Why does Microsoft puts a soft that I don't want in my computer??? How can I put it out?
2.- IE has much more bugs than Suite and those of Suite (it also has) are mended really faster that those that happens to IE.
3.- I want to know what's goin on on my computer and not to use soft that is completely unchekable... and if BIlly (that friend of your's) is behind a secret organization to steal my data?
4.- The community that Suite users form is really big and usefull... try it.
Bye... and use really web browsers.... It's on you.
Anonymous
December 23, 2004
The comment has been removed
Anonymous
December 23, 2004
You said: "But being a brave soul (and not caring if my Virtual PC image dies a horrible death) I click Run. "

Virtual PC? you must be on a mac machine...

So if you like Ms so much why are you then running a Mac?
Anonymous
December 23, 2004
The comment has been removed
Anonymous
December 23, 2004
People like you should not be allowed to use the internet.
Anonymous
December 23, 2004
first off why is 7-zip opening an exe? maybe your computer has been infiltrated with spyware from using IE. ;-)

or it could just be SP2 :-P
Anonymous
December 23, 2004
The comment has been removed
Anonymous
December 23, 2004
Most people don't dl firefox for security, they dl it because IE is a poor made peice of garbage. Maybe you should do research learn more about what your insulting instead of being a biased critic who doesn't know whats he is talking about.
Anonymous
December 23, 2004
gardas manyamis bi olaya deginmisin daktir eddim ha gercekden simdi,ne diiim abey gozume girdin ha
Anonymous
December 23, 2004
Everything described in the artiocle id fully unreproducible except ledaing me to a mirror server, which is the right thing. Besides, if you to to that FTP-server in you IE, you will read:

This archive is located in Chicago, Illinois, and is provided by
the Computer Security Response Team at DePaul University. All
transfers are logged; if you do not agree with this policy please
disconnect now. See /info/README.ftp for more information or contact
for issues with this archive.

So how can you tell people you have no idea, whta that server is? You must be lying, man.
Anonymous
December 23, 2004
heh! not knowing if it's a problem with your download, compression program, and some bug from another software really makes me think; Should I trust this guy's writings?

do your homework before blabbering!
Anonymous
December 23, 2004
The comment has been removed
Anonymous
December 23, 2004
The comment has been removed
Anonymous
December 23, 2004
The comment has been removed
Anonymous
December 23, 2004
To me and everyone I know, Firefox browser is the best option in the internet. IE was droped forever, just like what will happen with the private softwares in the future. If you have not used it yet, please try, what are you loosing for trying? I´m sure you will never want IE infecting your machine again. Try it at www.spreadfirefox.com
Anonymous
December 23, 2004
the blank ok/cancel message is clearly photoshopped, the stamp tool'ed out icon and window caption is quite obvious if you zoom on the pic. or just max out gamma in photoshop on the pic and see for yourself :) and those aren't mere jpeg compression artifacts.
Anonymous
December 23, 2004
The comment has been removed
Anonymous
December 23, 2004
You were talking about Secunia having listed the vulnerabilities. So really go to their website and check:

-internet explorer 6 : 74 highly critical advisories
http://secunia.com/product/11/

-mozilla firefox 1.0 : 4 moderately critical advisories
http://secunia.com/product/4227/

that's all you need for a clear cut comparison.

moreover: how many downloads on microsoft.com are digitally signed?
Anonymous
December 23, 2004
I have been in the computer business for over ten years. I previously only used M$ IE, and kept up to date with updates from the M$ website on a very regular basis. However time and again, Adaware and Spybot S&D wanted to remove malware from my computer when I had not downloaded any software from any source.

I have been using Firefox for about 12 months now and have not had one instance of spyware or adware infecting my computer since installing it. My children have a separate computer which used to use only IE and on a recent check there were 64 instances of spyware on their system.

Since installing Firefox also on their system, it is now clean and remains that way. None of my installations of FF have had the problems that you claim to have experienced. They have all gone like clockwork and I will never use IE again (except for Windows Updates), and if I could do that on FF I would.

Firefox has proved that it deserves my trust because of the way that IT WORKS!!!

M$: Learn a lesson from this!!!
Anonymous
December 23, 2004
Mozilla Firefox no, YES MOZILLA 1.7, no FIREFOX, FIREFOX SUXXXXX, MOZILLA 1.7 very ROXXXXX, IE is very suxxxx, oh yeah!!!!!!
Anonymous
December 23, 2004
Unfortunately, I.E. has real FLAWS that you have failed to mentioned: just this past 2 months, there have been 3 MAJOR FLAWS deemed by microsoft 2 b released 4 the latest ver of I.E. What about firefox, none. The facts speak for itself: Firefox´s share of the browswer mrk has climbed to 5 percent while I.E. has slide.
Anonymous
December 23, 2004
I nominate your blog for best troll of the year. Look at all the people you suckered into commenting. Including me.
Anonymous
December 23, 2004
The reason so many people are experiencing problems with Mozilla products lately is all due to the new Microsoft Windows XP Service Pack 2.
SP2 will also affects the Apache server model and can cause it to stop functioning.
FACT: Service Pack 2 should be a beta release, due to the fact it is loaded with bugs.
Anonymous
December 24, 2004
this only could be from someone, who work´s for microsoft and fell scar from Firefox.

ps. Firefox the better browser i ever try
Anonymous
December 24, 2004
Firefox is safe more than IE and very more usefull. I don't mind where i'll download it.
IE isn't a correct browser, too much permissive!
Firefox is more clear, simply and customizable.

Everybody know the truth, Firefox is better.
Anonymous
December 24, 2004
Newbie... you don't know how to install a browser? Talk serious...
Anonymous
December 24, 2004
Simply it does not use firefox, it continues using I astonish it and safe navigator InterNet Explorer

it is good either happy with it!
Anonymous
December 24, 2004
The comment has been removed
Anonymous
December 24, 2004
The comment has been removed
Anonymous
December 24, 2004
I use Firefox for several reasons, but the main one is: it respects the standards, and this is something I like. If it was only for tabbed browsing, I'd use Avant-Browser, but it's not.

Also, a lot of people who are using IE just don't know what they are clicking on because they don't understand the warnings, and they just click the OK button because they need to in order to enable the content they want to see. I'd like to remember you that a lot of people are not using IE by choice, but because it's already included in Windows and they think they need it to go on the www.
Anonymous
December 24, 2004
I've been using FF and it's previous avian incarnations for some time, on Win 98, XP and our home network. It has never given me grief. Experience has shown us that FF is faster & safer than IE, niether I, my wife or 12 year old son would want to return to IE or OE.

This family ranges from geek through wise user to 12 year old novice. Part of making that novice an expert is not only to educate him on the ways of the internet but to also show him what programs are safe to use. As it happens, he enjoys using FF & Thunderbird because they are straightforward as well as fast.
Anonymous
December 24, 2004
The comment has been removed
Anonymous
December 24, 2004
You said, "People should doubt the integrity of code they cannot easily verify." Like Windows, Office, IE, WMP, etc. :)
Anonymous
December 24, 2004
Well, nice post.
Somebody from Mozilla will read it and will do they best to repair that things in 2-3 months. Does have Microsoft so quick response in IE features (for end users, for developers...)? (I mean IE features, no repairing security holes).
No. Microsft don't care.
Anonymous
December 24, 2004
Ok... você diz que nunca teve problemas com o IE... IE além de ser um lixo... ñ são apenas questões de segurança e sim de qualidade... vc acha que algo q tenha 4 anos de idade com patchs e nenhuma mudanca efetiva desde o IE 4(faz mtooo tempo) satisfas o usuario?? IE sux, microsoft sux... eu n uso soh o Firefox como o Nautilus(Gnome), Mozilla, Netscape, Opera, NetPositive(BeOS)... vcs da Microsoft sempre dão uma de bonzinho pq eles pagam o pao q vcs comem...
Anonymous
December 24, 2004
limshengming.com » How can I trust Firefox
Anonymous
December 24, 2004
Firefox will beat IE anyday. Windows makes a lot of mistake like when I was installing my new 9800 pro, I got a "this device is not digitally signed"
Anonymous
December 25, 2004
Great, this IE seems to be great. Where can I download it for Linux ?
Anonymous
December 25, 2004
The comment has been removed
Anonymous
December 25, 2004
Dear Sir,

FireFox is available for Mac. There's no need to use VPC (another under-performing product from Microsoft) to run FireFox.

Regards!
Anonymous
December 25, 2004
You are completely right. Firefox is bad and insecure. I hope I dont have someone throw a brick through my window.
Anonymous
December 25, 2004
I installed FF a few weeks ago and didn't get any or those dialog erros
Anonymous
December 25, 2004
Ricardo Galli, de software libre » Certificacos, falsa sensaci?n de seguridad (y estupidez de algunos)
Anonymous
December 26, 2004
Hmmm, You mean to tell me that this is the best that you can do to scare people away from Firefox? You are pathetic - go play with your IE...
Anonymous
December 26, 2004
The comment has been removed
Anonymous
December 26, 2004
The comment has been removed
Anonymous
December 26, 2004
And about Service Pack 2 "The eternal beta", already with about 10 Patches in 3 months. Can we trust it?
Anonymous
December 26, 2004
How can I trust Microsoft?
Anonymous
December 26, 2004
The comment has been removed
Anonymous
December 26, 2004
The comment has been removed
Anonymous
December 26, 2004
The comment has been removed
Anonymous
December 26, 2004
The comment has been removed
Anonymous
December 26, 2004
I trust Firefox!!!I love Firefox!!!I want uninstall IE!!!no more patch on patch!!!
Anonymous
December 26, 2004
Linux Rox
Anonymous
December 26, 2004
The comment has been removed
Anonymous
December 26, 2004
The comment has been removed
Anonymous
December 26, 2004
The comment has been removed
Anonymous
December 26, 2004
FIREFOX IS A S****. THE SITES OPENS SO MUCH SLOWLY THAN IE. IE IS SO MUCH FASTER THAN FIREFOX. AND ABOUT SECURITY, I NEVER HAD PROBLEMS WITH IE, I KEEP MY WINDOWS UPDATED AS WELL MY ANTIVIRUS AND MY FIREWALL ALWAYS TURNED ON (POWERED BY SP2).
I prefeer to use maxthon, because it's based on ie, i just used maxthon because of the feature to navigate with tabs. just it. That's all
Anonymous
December 27, 2004
The comment has been removed
Anonymous
December 27, 2004
The comment has been removed
Anonymous
December 27, 2004
Once IE truely implements tabbed browsing and takes care of a few css bugs, I think it's a no contest: IE.
The integration with Windows is priceless
Anonymous
December 27, 2004
You can trust Firefox, even if you are an idiot, and we all know that you are one.
Anonymous
December 27, 2004
The comment has been removed
Anonymous
December 27, 2004
comedy from any browser. digital certificate up on the wall next to my bronze level swimming certificate
Anonymous
December 27, 2004
IE stopped to develop, that's while FF is going to be the future's browser.

Comparing FF to Opera, it's quite slow, but not slower than IE. And If I miss some features that I get used to in Opera, then I report it on bugzilla, and they'll be on it. Now there're some features that I get used to in FF and miss them from Opera.

I'm using free software from enthusiasts long time ago, and most of the cases it's code and quality is no worser than their commercial counterparts'.
Anonymous
December 27, 2004
There is gpg signature. You can verify it.
Anonymous
December 27, 2004
The comment has been removed
Anonymous
December 27, 2004
it's not IE nuff said
Anonymous
December 28, 2004
This smells like FUD!

Some dialer SH put their bad products on the web with right cert authenticity, so you know you lie...

...but you're only a M$ pr!
Anonymous
December 28, 2004
The comment has been removed
Anonymous
December 28, 2004
Realmente, deve ser horrivel. com tantas regras de segurança, assinatura digital. E proteções Microsoftianas e ainda sim o IE ainda é pior do que o firefox que nao tem nada disso.
Deve ser dificil confiar em um sistema assim.
Isso so mostra quao inteligentes sao os desenvolvedores, ops, programadores que nos cercam.
How can I trus In this 'Blog'?
Anonymous
December 28, 2004
People have pointed out that FF is only at version 1, but isn't it based on Netscape code?
Anonymous
December 28, 2004
The comment has been removed
Anonymous
December 28, 2004
grew up, please.
Anonymous
December 28, 2004
Is the author not slightly biased?
Anonymous
December 28, 2004
The comment has been removed
Anonymous
December 28, 2004
The comment has been removed
Anonymous
December 28, 2004
ai galera,

qto fatura a microsoft? qto fatura os caras q desenvolvem o firefox? se formos analisar por faturamento/qualidade do software, só os bugs do ie ja o detonam por si só... e olha o tamanho da microsoft...
Anonymous
December 28, 2004
The comment has been removed
Anonymous
December 28, 2004
But you have use Firefox :) This is the different!
I don't try IE on my System!
Anonymous
December 28, 2004
The comment has been removed
Anonymous
December 29, 2004
Realmente é absurdo o fato de uma instalação não checar a validade de uma chave, isso pode acarretar gravíssimo ataques ao cliente do sofware, sem contar em meios de disseminação em massa por usuários do programa, na realidade com um firewall e respectivos filtros ainda pude verificar as várias e aleatórias tentativas de conexão em busca de servidores não confiáveis.

Brasil SECURITY DEV / TEAM
Anonymous
December 29, 2004
The comment has been removed
Anonymous
December 29, 2004
The comment has been removed
Anonymous
December 29, 2004
Why Firefox? It is simple. I manage an internet cafè in my city where was installed IE on Windows XP. Users is signed as 'limited user'. Every week i need to clear systems from spyware, BOHs, Dialers and other mountains of garbage... Thank you IE.
Anonymous
December 29, 2004
The comment has been removed
Anonymous
December 29, 2004
The comment has been removed
Anonymous
December 29, 2004
<quote>
"Microsoft has to stop whining. Someone made a better browser, boo hoo you lost. (not by numbers, but by quality). Get over it."
</quote>

This is the best point in the whole article.
Anonymous
December 29, 2004
The comment has been removed
Anonymous
December 29, 2004
My browser of choice is Opera, but i do not agree with the opinions and arguments exposed by the author. Firefox is very better and secure than IE, in several arguments. A person with good English (not i) should put in Slashdot an article "How can i trust MS IE?", well-argumented.
Anonymous
December 29, 2004
The comment has been removed
Anonymous
December 30, 2004
u r really scared, arent u? :D
hope firefox'll own ur ie even with home-idiots users ;)
Anonymous
December 30, 2004
How can I trust IE?
Anonymous
December 30, 2004
Well, the fact of the matter is that Firefox is a good three years more advanced than IE. There really isn't an alternative. Microsoft hasn't done anything innovative outside of the gaming industry for years, so why should it surprise you that they can't make a decent browser?
Anonymous
December 30, 2004
I think the only reason IE gets so much grief is because it's the standard. All the malware writers aren't going to target the minority...
Anonymous
December 30, 2004
The comment has been removed
Anonymous
December 30, 2004
The comment has been removed
Anonymous
December 30, 2004
How can I trust Microsoft?

Read on MSNBC...

"The world's biggest software company said Wednesday that it would stop trying to persuade Web sites to use its Passport service, which stores consumers' credit card and other information as they surf from place to place."

http://www.msnbc.msn.com/id/6769205/

What a joke!
Anonymous
December 30, 2004
The comment has been removed
Anonymous
December 30, 2004
from ITALY....only one comment:

ROTFL!!!!!

spread firefox!!!
Anonymous
December 31, 2004
The comment has been removed
Anonymous
December 31, 2004
Firefox is open source, other programmers can see the code so there's nothing to hide. Unlike Internet Explorer: Let's make IE closed source so no one will find a bug in the source code.

Look at it this way, IE is not open source but it contains lots of critical security bugs. Although no single piece of complex software could ever be perfect and bugfree, Firefox is more trustworthy than IE.
Anonymous
December 31, 2004
The comment has been removed
Anonymous
December 31, 2004
The comment has been removed
Anonymous
December 31, 2004
The comment has been removed
Anonymous
December 31, 2004
The comment has been removed
Anonymous
January 01, 2005
My IE crashed twice while trying to browse this page -- and I'm using it just because I'm in an Internet Pub. Sorry, practical experience is always stronger than an article about security. But I could use IE on my computer if you make it more stable, more secure and MUCH, MUCH, MUCH faster. I'm not a Linux evangelist.
Anonymous
January 01, 2005
The comment has been removed
Anonymous
January 01, 2005
Well, I read your article and the replies. I've only been using Firefox as my primary browser since November. It was the default browser on my Fedora Core 3 (Linux) install. I still use Epiphany and Mozilla for some things though.

I haven't run MSWindows since about 1999 when I first installed RedHat Linux 6.2 so I guess I really don't understand all this talk about pop-ups, viruses and spyware and all that. I just never see it. The last version of MSWindows that I used was Win98.

I did buy my daughter a new computer when she was getting ready to leave for college a couple of years ago and it had WinXP installed, but she had installed Linux (Slackware) on it before she got back on her first break from school. She said WinXP was "too slow and broken." Those were her words, I never really even saw it run WinXP and can't be more specific on her complaints.

I guess all I really want to say is that MSWindows/IE are full of security holes and are losing computer-savvy users at a pretty good rate because of it.

If I were a Microsoft executive and could shore up even some of MSWindows' security holes by encouraging users to run Firefox/Thunderbird, I certainly would. The improved security just might slow the defection of their user base to Linux, the BSD's and MacOSX.
Anonymous
January 02, 2005
The comment has been removed
Anonymous
January 02, 2005
The comment has been removed
Anonymous
January 02, 2005
The comment has been removed
Anonymous
January 02, 2005
Seria muito estranho você achar que o navegador não apresente problemas, mas você esquece que todos os usuários de IE não suportam mais baixar atualizações de segurança e que a cada nova atualização ficamos na torcida para que o software não pare de funcionar.
Acredito que com todos os problemas do Fire Fox, ele é mais seguro que o IE.
Anonymous
January 02, 2005
The comment has been removed
Anonymous
January 02, 2005
I do have to thank Mr.Torr for his article.

I'm still ROTFL!
That's one of the most ridicolous attempt to make FF look bad I've ever seen.
That's truly funny! :D
Thanks, Peter!
ROTFL
Anonymous
January 02, 2005
Ok let's use IE under Windows with SP2. Is it secury? I'm sure it not. How can I trust Microsoft when a release to solve insecurity issues on user's computers (SP2) rises lots and lots of new ones. More and more every day.
It's ridiculous how you all are wondering keep people blind! tsi tsi tsi...
Anonymous
January 03, 2005
Thanks Peter Torr. If I'd any doubt about this subject now thanks to you and Microsoft I've decided to install Firefox !
The only reason to change to Firefox is your statement about Secunia advisories. Firefox has 3 of 4 advisories unpatched. At the same time I saw Internet Explorer and I'd figured that currently there are 21 of 75 unpatched. Even during this month - January 2005 there is one and the year is just beginning.
So, thank you Peter Torr and Microsoft for my new year resolution about changing to Firefox. You are doing a great job favoring your competition.
Anonymous
January 03, 2005
Better question...WHY should I trust ANYTHING on the Internet?
Anonymous
January 03, 2005
wow how smart you are. IE6 has been out for almost 4 years. lets see FF out for 3-4 months. wait a few years FF will have as many if not more.

By the way I have used OSX and linux. OSX which crashed several times, was nice but wasted my time. Linux which was OK, but was not easy to use or install.
Anonymous
January 04, 2005
Agora aqui vai em Português. Eu sei que este tipo não vai perceber nada, mas não faz mal.
Este Peter Torr é mesmo de mais:
1- É empregado da Microsoft;
2- Não tem um PC mas sim um VPC;
3- Não é que clica em "Run" em vez de "Save"?
4- Usa programas de baixa qualidade no seu VPC (Windows??!!)o que obriga a estas caixas de diálogo já muito habituais em qualquer versão do Windows;
5- Chama a atenção para as falhas de segurança no site Secunia esquecendo-se que neste existe um separador com o Internet Explorer (e o que está lá?!!);
6- Gosta muito de Sidebar's, principalmente do Amazon, o qual parece gostar muito dele, também;
7- Esquece-se que o "bad guy" do 1º mandamento inventado pela Micro$oft é o patrão dele;
8- Não sabe desligar o Flash no Firefox (ganda técnico sim senhor...);
9- Afirma que a M$ esconde os problemas de segurança do público (claro que não pode nem deve falar pelo FF);
10 - Nunca ouviu falar de programas maliciosos com o certificado da Verisign;
Em resumo para concluír - o que é que este gajo anda a fazer?
Cá para mim deve ser um dos milhares de depuradores do e-mail do patrão bill portões. Ganda tótó
Anonymous
January 04, 2005
The comment has been removed
Anonymous
January 04, 2005
Very well put Jim!
I can only trust Micro$oft in that they will release something old, rehashed, unoriginal, and then expect me to pay for it. Not to mention that in a couple of months someone will find a crucial flaw in it! Explorer and SP2 are no different. By the way, I have installed Firefox now on dozens of our company machines and I have never run in to the problems described in this site.
Micro$soft Lackeys!
Anonymous
January 04, 2005
The only signed application I have ever seen on the web (other than microsoft) was from the gator corp. I promptly canceled that download and left the online game site I was checking out, never to return.

So the trusted issue is mostly moot with me. You always have to be careful where you down load from. When you try a sample at See's Candy you are taking it from a stranger, most of us still eat it.

This post brings up important points that should be looked at. Security is mostly presentation to the masses. When the chain of links is broken right at the beginning with no hand holding or explanation you have a problem. The installer is for the masses so it should hold your hand and walk you through. ALL software developers should be aware of and follow best practices to make it easier to spot a spoof. It is the end user's responsibility to trust but verify. It is the software industries responsibility to provide the tools.

Posted & Viewed with FF
Anonymous
January 05, 2005
You are a fool to believe that IE6 has been out for about 4 years. FF has been out for 4 months. Look at the security concerts coming out for FF another on released for FF. O well FF not to secure after all, lets get rid of that
Anonymous
January 05, 2005
I've been considering switching to firefox for some time now, but haven't because ie is slightly faster on my pc.

After reading all of the replies here i've decided that firefox being ~1 second slower isn't an issue if I don't have to scan my pc with several applications a day to keep it clean.

Thanks for convincing me to use the better browser.
Anonymous
January 05, 2005
The comment has been removed
Anonymous
January 05, 2005
The comment has been removed
Anonymous
January 05, 2005
The problems you are having are because you are "running" firefox, you need to "install" it gasps.

And like a few others here, thanks goes to microsoft for helping me decide to start running firefox!
Anonymous
January 06, 2005
Se aconteceu tudo isso com seu computador, é porquê você é da Microsoft e foi premiado com isso! Você está reclamando de erros no FIrefox certo!? Agora imagina se todo mundo que tivesse erros do Internet Explorer reclamasse o mundo só seria reclamação porquê software com mais bugs que existe não tem igual aos da Microsoft!!!!

Sorry My translator is of the Microsoft!!!

hehehehehehehe

Firefox - Rediscover the Web

Internet Explorer - Reformat the PC
Anonymous
January 06, 2005
"being a brave soul"
"Forging blindly ahead"
"my benevolent fairness"

You seem quite proud of yourself... Trying to make everone believe you're kindly giving your time to test a new product...
You're rather carefully using you're time to defend your income. Even if it means fooling people. How much are you paid ?
Anonymous
January 06, 2005
http://www.pcworld.com/downloads/file_download.asp?fid=7469&fileidx=1

You can get MSIE 4.0 there if you want to do any testing
Anonymous
January 06, 2005
The comment has been removed
Anonymous
January 06, 2005
Não acho que o IE seja muito melhor do que o FF.
No geral, o FF com ctz é superior!
Abraços
Anonymous
January 06, 2005
so funny:)
Anonymous
January 06, 2005
Get a life
Anonymous
January 06, 2005
哈哈哈哈
说那么多
Anonymous
January 07, 2005
This post was very informative and REAL funny aswell cheers
Anonymous
January 07, 2005
The comment has been removed
Anonymous
January 07, 2005
I must admit that this does seem like a truly pathetic attack on firefox ...
Anonymous
January 07, 2005
The comment has been removed
Anonymous
January 08, 2005
Well, this is an old topic, but in case anyone wants to know: there is no way to sign Firefox (or Mozilla) extensions. None. You CANNOT write a signed extension. It's impossible.

Fortunately, the process for getting an extension on the Mozilla extensions list is next to impossible, so the chance of a mallicious extension being listed there is about the same as an update to a useful one getting listed in under a month or several.

Anyway, I wound up here while searching for Mozilla extension documentation, because THERE IS NONE ON THE MOZILLA SITE. You want to bash Mozilla? Might as well bash their non-existant documentation. (Actually, there is - it's something like two years or more out of date and COMPLETELY WRONG.)

No matter who you are, you have to give Microsoft credit for MSDN. I frequently wind up using MSDN's JScript documentation to figure out how to do something in Mozilla, because Mozilla's JavaScript documentation appears to point to some standard it doesn't actually use yet (?!).

I'd point to a link showing this, but I can't even find my way back to the Mozilla Web Developers guide any more through their webpage.
Anonymous
January 09, 2005
IE has been out for 53 months, it has had 1.4 security concerns a month for a little more then 2 years Firefox 1.0 has been out for about 5 months, it has has about 1 security conern a month. Seems to me that firefox is not doing so well.
Anonymous
January 09, 2005
I switched to Firefox because I got viruses through IE. Didn't have these install problems. Wish I could believe that Digial Signing will solve all problems. Need to move away from the endless Microsoft induced software upgrade cycle to getting stable products that have been well tested and do one particular function and can be left to run for several years without any upgrade or fixing. Well maybe just a yearly service like a car.
Anonymous
January 09, 2005
Izsak's Weblog » IE iba vyzer?? bezpe??ne
Anonymous
January 09, 2005
in germany we say " Wirf nicht mit einem Stein, wenn Du im Glashaus sitzt" this means something like: " Do not throw any stone, if you are sitting in a glasshouse"
Anonymous
January 09, 2005
Did someone say security?
Rinse lather repeat, it's the IE security merry go round! <http://secunia.com/advisories/12889/>

"Solution: Use another product."
Anonymous
January 10, 2005
The comment has been removed
Anonymous
January 10, 2005
Great article. I'm a fan of Firefox because of it's web standards support. I'm not saying IE isn't a great browser, but I'll definitely revert to IE when they have better 'standards' support, tabbed browsing, and some other useful features that firefox has to offer. But what I'm told is that we can't expect any of that anytime soon. :(
Anonymous
January 11, 2005
[i]Mozilla keeps their security bugs hidden from the public (just like Microsoft does)[/i]

But, under General Policies, they gone on to say;

"As noted above, information about security bugs can be held confidential for some period of time; there is no pre-determined limit on how long that time period might be. However this is offset by the fact that the person reporting a bug has visibility into the activities (if any) being taken to address the bug, and has the power to open the bug report for public scrutiny."

Guess you didn't read the whole page, huh Peter?

Bill Ford
Anonymous
January 11, 2005
The comment has been removed
Anonymous
January 11, 2005
The comment has been removed
Anonymous
January 11, 2005
Your article makes me sick.
Anonymous
January 11, 2005
The comment has been removed
Anonymous
January 11, 2005
How can I trust Microsoft, if it demands money, but don't want to be responsible for correct work of it's products?
Anonymous
January 12, 2005
The comment has been removed
Anonymous
January 13, 2005
The comment has been removed
Anonymous
January 14, 2005
The comment has been removed
Anonymous
January 14, 2005
How can I trust me ??

I can't trust me while surfing the web with IE. But with firefox... well... you know... I have control over my machine now... :-)
Anonymous
January 14, 2005
lol i agree with Jaime just because firefox is getting more popular and is by far much better than IE i think you firefox haters are acting like babies and only the noobs dont download firefox and you are all getting scared because firefox is much much better
Anonymous
January 14, 2005
The comment has been removed
Anonymous
January 14, 2005
Can't Hate MSFT when firefox keeps coming out with security problems another one reported this week that is what 6 or 7 since it was released in november.
Anonymous
January 15, 2005
The comment has been removed
Anonymous
January 16, 2005
Well, this has been interesting reading that leads me to reiterate my long standing recommendation on PC usage.

Get a MAC.
Anonymous
January 16, 2005
The comment has been removed
Anonymous
January 16, 2005
The comment has been removed
Anonymous
January 17, 2005
The comment has been removed
Anonymous
January 18, 2005
As a developer, nothing compares to firefox!!

The security "concerns" you cited pale in comparison to the countless spyware that will infect your computer using IE, even if you do have spyware detection software running.

If you want your homepage to keep changing then keep using IE!!
Anonymous
January 18, 2005
The real answer to this IE/Firefox issue couldn't have been more eloquently put...GET A MAC! Now you have no excuses with the Mac Mini.
Anonymous
January 18, 2005
Firefox may have some issues, but those compared to IE is EXTREMELY minor. Any fool using IE still recognising the flaws of it should check the facts first. And let's face it, If we were as picky as this guy when using the internet, the only place we'd consider safe is the HTML files on the hard disk.

P.S. I use Firefox, and I have no problems using it so far. The ease of use on Firefox is fabulous and I wish IE was like this. The guy who posted the blog needs to look clearer...
Anonymous
January 19, 2005
The comment has been removed
Anonymous
January 19, 2005
A Microsoft está é com medo..do firefox..o programa teve grande aceitação no mercado... 90 milhoes de downloads em poucos menos de 30 dias...
Anonymous
January 19, 2005
How can you not trust Firefox? Well, I suppose one could have their reasons but these ones are just meant to start a flamewar.
Anonymous
February 16, 2005
Ping Back来自：www.donews.net
Anonymous
February 22, 2005
How can I trust Firefox? This is the summary of an in depth look at configuring Firefox to block spyware, etc. It also compares Firefox and Internet Explorer approaches to the problem. To continue my benevolent fairness, I actually think...
Anonymous
February 27, 2005
You may recall last November, when former Encyclopaedia Britannica editor-in-chief Robert McHenry heavily criticized Wikipedia in an article entitled "The Faith-Based Encyclopedia." The article caused a good deal of controversy. Wikipedia represents the new free, open source mentality of information...
Anonymous
April 14, 2005
The comment has been removed
Anonymous
April 22, 2005
The comment has been removed
Anonymous
April 29, 2005
The comment has been removed
Anonymous
May 30, 2005
The comment has been removed
Anonymous
June 22, 2005
I see the dialogs fine, in firefox.

Valid points, but I suppose no matter what tools you give the user, how much you inform them, they are still going to make stupid choices. I have one client that I finally got to buy DeepFreeze because he kept infecting his computer with random spyware despite my best efforts to prevent him from doing so. I had him on IE, Netscape, Firefox, Opera, etc.. I had spyware removers/detectors.. everything I could think of. Though the 150$ DeepFreeze does the trick now, it was a little drastic. Overall, stupid pepople are going to continue to install these things weather we give them a blinking red sign or not. As for the rest of us, a little common sence will keep us in the green.
Anonymous
June 22, 2005
I see the dialogs fine, in firefox.

Valid points, but I suppose no matter what tools you give the user, how much you inform them, they are still going to make stupid choices. I have one client that I finally got to buy DeepFreeze because he kept infecting his computer with random spyware despite my best efforts to prevent him from doing so. I had him on IE, Netscape, Firefox, Opera, etc.. I had spyware removers/detectors.. everything I could think of. Though the 150$ DeepFreeze does the trick now, it was a little drastic. Overall, stupid pepople are going to continue to install these things weather we give them a blinking red sign or not. As for the rest of us, a little common sence will keep us in the green.
Anonymous
July 05, 2005
You want to be sure of your copy version of Firefox? Then just download and analyse the code !
Anonymous
July 07, 2005
The comment has been removed
Anonymous
July 08, 2005
My question, is what are you doing trying to open an .exe file with 7-ZIP, or any unzip program.
I was under the impression that .exe meant it was EXECUTABLE, thus rendering unessecary to use an unzip program, and when opening the EXACT SAME version, Firefox 1.0 with 7-zip, it opened perfectly.
And you later go on to say that you ran the INSTALLER, not opened it with 7-ZIP, but the INSTALLER. You are contradicting yourself.
You can also install a malicious file in IE by clicking run, the same way you can in Firefox.
And, only extensions from Mozilla.org are defaulted to Install Now.

Do some reasearch you idiot. Microsoft has enormous security holes that have remained unpatched for months before work on patching them even began. I have literally updated one computer in the morning, only to go on 2 hours later and find that there are like 5 more IE updates to download, not counting the over 35 updates need per computer at my place of work, a computer repair business, where we routinely reformat systems and reinstall and update them, using the same version of windows as the previous secratary accidentally ordered 1000 instead of 100 units of XP profesional service pack one from the supplier.
Anonymous
July 14, 2005
The comment has been removed
Anonymous
July 17, 2005

Sorry no comments have been getting through lately. They are all moderated by default,...
Anonymous
August 24, 2005
The comment has been removed
Anonymous
August 24, 2005
The comment has been removed
Anonymous
September 08, 2005
The comment has been removed
Anonymous
September 11, 2005
Does Firefox work with the classic application BCS?
Anonymous
December 03, 2005
Firefox 1.5 is available now, the first major upgrade to Firefox since 1.0 shipped just over a year ago. Firefox 1.5 is the result of the contributions of thousands of volunteers from around the world. 1.5 is a midpoint on our track to our next release 2.0 - which will contain significant improvements to the user interface. The focus in 1.5 has been on developing various underlying sections of the application to provide a better overall user experience. We did not originally intend it to take this long, but you know how software is, and we wanted to get you the best software possible.

http://www.downloadfirefox.net
Anonymous
January 12, 2006
I hate Firefox zealots who bleat on about how spyware will jump out at you from every corner of the net if you so much as think about surfing with Internet Explorer. I've got four words for you:

Your. Mileage. May. Vary.

Nearly seven years it's been for me, and not a peep of a serious spyware infestation. No system-crashing viruses, no nothing. I've switched to Firefox so that I can say that I've tried both sides of the coin, and so far I'm liking it - but I like to use it in tandem with IE, not exclusively. For all their combined faults, they work well together.
Anonymous
January 25, 2006
Q. Do I really trust a bunch of kids at some random university I've never heard of?

A. Oh yes, we have used IE 6.0.We found that it is better to trust a bunch of kids rather than a mega maamoth monster of a company and get viruses and worms on to our computers.

How much did Bill pay you to write this.
Anonymous
January 27, 2006
Forget Firefox & IE

Get Opera.

So few people use it its one of the most secure browsers out there. You can even turn off javascript.
Anonymous
January 29, 2006
The comment has been removed
Anonymous
February 24, 2006
Bah! Foolish Microsoft sour grapes!

Don't throw stones in glass houses is the saying that comes to mind.

Firefox seems to be stirring the ants nest up. Go Mozilla!
Anonymous
March 07, 2006
Something in favor to Microsoft: That is a really BIG company and have the resources to crush almost anybody.

The Good thing about Mozilla is that the product is almost indestructible because is grown by volunteers.

Regards

---------------------
Andres Berger

Now you can Browse the net with safety
http://www.bethefinest.com/firefox
Anonymous
March 27, 2006
Have fun trusting a program that just had 3 major security holes ripped in them... without patches... meanwhile... I'll use Firefox, with tabs, with all security patches (not that theres many because its OPEN SOURCE), and the hundreds of cool extensions...

but hey... IE says Microsoft on it.

I /would/ try to convince you to switch, but quite frankly, the firefox... I mean... smart... community doesn't need any idiots.
Anonymous
March 29, 2006
because IE often crashes with OS :-(
i switched using Mozilla(Mozilla 0.8, that was long ago, 2001) and stopped using IE, then my win2k alives long long time :-)
Anonymous
April 16, 2006
The comment has been removed
Anonymous
April 27, 2006
firefox ROCKS!!
Anonymous
May 06, 2006
The comment has been removed
Anonymous
May 10, 2006
firefox Rocks the World , bcoz they provide the tools which help us very much.
thanks
http://www.scripts4freedownload.com
Anonymous
June 21, 2006
IE is infamous for its security flaus.

FF is known for having very few and quickly issuing patches when they are discovered.

You're the first person i've ever heard saying they don't trust FF. Why don't you trust a website trusted my millions?
Anonymous
June 24, 2006
Better late than never i guess.
Simply put, your of download and installation assessment of FireFox is biased and flawed. You go so far as to place blame where none exist. I have been building PC's using the Internet since 1994 and have always used Netscape until FireFox 1.5. IE has always been unreliable and lagging behind in Internet technology. IE is so bad that Microsoft had to integrate IE into the OS to force people to use it. Nuff said.
Webmaster bytepowered.org
Anonymous
June 30, 2006
PingBack from http://www.domain.kefi.org/wordpress/2006/06/30/fanboyism/
Anonymous
July 06, 2006
The comment has been removed
Anonymous
July 16, 2006
Can you trust your computer?
http://www.gnu.org/philosophy/can-you-trust.html
Anonymous
August 18, 2006
I HATE FIREFOX!
INTERNET EXPLORER RULES!!!!!!!
Anonymous
August 25, 2006
PingBack from http://archu.wordpress.com/2005/01/23/firefox-vs-ie/
Anonymous
October 27, 2006
PingBack from http://tonirecio.wordpress.com/2004/12/20/%c2%bfes-firefox-realmente-tan-seguro-como-algunos-afirman/
Anonymous
April 22, 2007
PingBack from http://geekpractitioners.net/index.php/2007/04/22/secure-downloading/
Anonymous
May 31, 2007
PingBack from http://www.jasonmacpherson.com/news-worthy/
Anonymous
November 04, 2007
PingBack from http://blog.charlescarroll.com/chazblog/?p=462
Anonymous
December 01, 2017
I don't trust Firefox either. They were "sponsored" for too long by Google (NSA). Anyone would've sub come under the pressure of such interests, blackmail and bribery (stick or carrot) let alone a team of young hippies...Before their 49.x version, after deleting all those "exotic" URLs (about a dozen) from the about:config , Firefox will still. Well, not anymore! Starting with 49.x versions, if it can't communicate (behind your back) with its boss, it will refuse to even open.There are no safe browsers !

Udostępnij za pośrednictwem

How can I trust Firefox?

Comments

Dodatkowe zasoby