The Register is running an article today entitled Firefox loses its shine (http://www.theregister.co.uk/2005/05/13/firefox_loses_shine/),
stating that Firefox (http://www.spreadfirefox.com)'s recent security vulnerabilities prove that it is
not more secure than Internet Explorer.  Unfortunately, I think
they've missed a few key points:

1. Mozilla (http://www.mozilla.org/) patches their security holes a lot faster than Microsoft (http://en.wikipedia.org/wiki/Microsoft).

2. We have still not seen any reported attacks on anyone's computer as a result of Firefox (http://www.spreadfirefox.com) vulnerabilities.

3. They are using quantitative analysis to contrast the two browsers,
but the number of vulnerabilities is not the issue.  It's whether
or not they get fixed.

4. In reference to point 3, the two biggest problems with Internet
Explorer that weren't fixed were a) Microsoft (http://en.wikipedia.org/wiki/Microsoft)'s Java Virtual
Machine.  A security joke that they never fixed until it died cold
and alone b) ActiveX, which Microsoft (http://en.wikipedia.org/wiki/Microsoft) still uses.  The whole point
of ActiveX is to allow programs to run and install themselves on
computers.  That is where all the spyware and adware comes from on
Internet Explorer.  What they aren't telling you is that, when
they talk about security holes, most of them are never exploited on
either browser.  The problem with Internet Explorer is not
technically a security hole at all.  It's a feature. !

5. The number one reason not to use Internet Explorer is the number one
reason that it has been so successful: it is integrated into the
operating system.  It's closed source, but heck, for all we know,
it's integrated into the Windows kernel (http://www.kernel.org/).  If you are foolish
enough to use Windows, at least don't use a browser that promotes its
insecurity as a feature and integrates the browser so tightly that a
web site can install a program and run it on your computer whenever it
wants, with administrative privileges.

So, let's not be confused.  The difference between the security
holes with Firefox (http://www.spreadfirefox.com) and Internet Explorer is that the former actively
and quickly patches their holes while the latter embraces their holes
and expects every web developer to embrace them as well.

Instead of doing the right thing we're being told that Microsoft (http://en.wikipedia.org/wiki/Microsoft)
intends to integrate Internet Explorer even further into its new OS,
Longhorn, despite the legal, ethical, and technical brouhaha that it is
certain to cause.

This entry was posted on Friday, May 13th, 2005 at 1:19 pm and is filed under Afterthought. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.