Firefox has 71 Security holes

Originally posted by Moley
I've been working in IT since the 70's, I've worked on a lot of Operating Systems and if I can give advice to anyone who is responsible for buying BUSINESS computers (you know those that do real business work rather than sit in someones bedroom) it is this: forget Microsoft and get yourself a proper machine from IBM.

Do you mean that we should be browsing the Web with AS/400 machines?

IBM have been building computers since the 50's, Microsoft have been around about 10 minutes.

Its more like 0 minutes, Microsoft does not make computers...

Did you know the IBM AS/400 or (iSeries or System i or whatever they call it these days) has NEVER had a virus? yep, that's right NEVER. That's because with 50 years of experience they designed it properly from the start to be resistant to that sort of c**p.

But the first virus was written by an IBM employee, apparently.

Do yourselves a favour and stop believing all the Micro$oft advertising.

I have a better idea, stop believing all the advertisings, regardless of the company that owns the product being advertised.

Originally posted by malganis
Someone said something about Fx being open source so it's easy to hack? What did they mean by that?

To hack an open source program, the hacker has to read the code to try to find any flaw that was overlooked by the programmers and the people who review the code.

With closed source programs, like Internet Explorer, nobody outside the maker of the program has access to the code, so the flaws are more difficult to find.

And if it's being updated by thousands of programmers does it mean you have to download updates all the time? And do they have to go through the main Firefox people before it's released?

The updates made by the programmers are sent back to a central repository, where the people responsible for the development analyse the updates.

If a serious flaw was corrected, then the update is released to be downloaded by the final user (we).

If nothing really bad is found, then the release to the final users is made when they consider that they have made enough changes to justify the need of an update of the program by the final user.

Hmm i've been reading up on Firefox and it seems it has a reputation for using a lot of system memory, and has a few security vulnerabilities. Is this true?

One of the things I do not like in Firefox is the memory usage, it uses more memory than Internet Explorer, but Internet Explorer does not have "tabs" for browsing more than one page at a time.

Internet Explorer 7 Beta 3 has "tabs", but it uses more memory than Firefox, at least on Windows XP.

I like Opera, I didn't find any bug yet, and it has many things that make using it really easy.

Hrm, I could go on to correct the intial poster and their insane notions about open source, but I'll pass on that to point out that after much review on Digg its been suggested the site in question is inaccurate it its estimates. Had such a statement been issued by mozilla themselves I might put some stock in it. Open Source generally is quicker and easier to fix, as is best shown in forums software; I've reported bugs with proper documentation and seen a fix issued in less than 24 hours, I'd love to see that kind of response time from Microsoft, then maybe the RPC-DCOM bug wouldnt have permitted such a massive mess on the internet when it became part of various viruses payload.

This thread is kind of funny. maybe not in a good way but still funny


Firefox isn't bad, I think it's safer than IE because of plugins. Using NoScript I can selectively allow what sites I want to run Javascript from. Even without plugins, Firefox asks you before doing (and installing) things that IE just does automatically.

I'd love Opera but I don't like the interface much.

Firefox just got stuck in a segfault loop for me

Oh well... I just did a dist-upgrade so it was just some libraries that it didn't like. I upgraded Firefox and all is well now.

Huge load of Baloney. I have used Firefox for years and I have never had an issue. Not only that but it loads faster, loads pages faster and generally is an all round better browser.

Microsoft's IE was simply a method Microsoft used to attempt to get into the internet market, they failed dismally.

Originally posted by malganis
lol sorry guys I may sound like a n00b or whatever but i've never actually moved away from IE! And no one I know uses Linux or Firefox or Opera or any of this other stuff your talking about, though I have heard of it.

Someone care to compare a couple of them to IE, like how they're better?

cheers

Ive used all three and firefox is my favorite Using it right now as far as security Its graet i can view cookies edit them have them cleared can have it verify web pages to make sure your talking to who you think you are and when your done can have it clear everything youve done out automatically. The java editor is good. and your windows doesnt get hi jacked because firefox wont allow redirects to virus scanning sights. My friend just had that problem every time he opened IE hed get this fake message about virus scanning telling him how many viruses he had and for 29.99 you could by there program to help. I reset browser defaults message gone. then i went and downloaded firefox for him

I've been using Mozilla for the past year now. I have not once ran into a problem with it and my virus has been kept down to 1 for that whole year.(It was a virus my friend made and sent to me. Nothing serious) I am now using Apple's Safari browser. Why Safari and not IE you may ask?

Well I find that IE is a very 'unstable' program/browser. Where as Safari is a very well built program with very few flaws if any.

That's my 2 cents.

With regard to open source software being insecure because it is open-source, what tosh!

Look at all the strongest encryption algorithms we have RSA, Triple DES, BlowFish, TwoFish, AES etc

They are strong because they are open-source, the greatest cryptographers on the planet can see exactly how they work, scrutinize the algorithms and find flaws and find ways to fix them.

It is the same with open-source software, because it's open-source doesn't make it inherently less secure.

As for it's easier to find security vulnerabilities in open-source to closed source, again this is a bit misleading. If you are knowledgeable enough with code and how to find and exploit potential vulnerabilities, such as buffer overflows which can be used to execute arbitrary code or just perform DoS attacks etc, then whether or not it's closed or open source will make little difference. You can still invoke a crash via the overflow, you can still, if you have a copy of the program locally, examine things like stacks and core-dumps to see what is happening in memory and use that information to write proof-of-exploit code.

Security through obscurity rarely works for any substantial period of time.

However, having said all that, just because software is open-source doesn't mean it is secure.. There's lots of open-source software out there which could have glaring faults in it, just no-one has bothered to look or analyse the code.

Security vulnerabilities come from bugs in code written by developers, many of whom have, sadly, no background in writing secure code. Decisions to ship are made by directors and managers not developers and you try explaining to a director of a company that you want to put the release date back because of a potential vulnerability that they don't, and don't want to, understand.

Finally, when it comes to browser security, a lot of people could make themselves a lot more secure by simply upgrading to the latest version of the browser you are using. In fact, you should make sure you have the latest version of ALL software on your machine.

have been using FF for years too now, and I am running FF 3.0

the 1.5.0.6 version mentioned by the OP is quite old so I don't think it's that leaking anymore.

Funny that Firefox has a thread going. I was thinking about starting one with this site in mind.

This site seems to give my Firefox v3.0 fits. The advertisements trying to add content to my computer have now gone away after the site managers did some stuff. Thank you very much.

Now my Firefox just likes to crash on this site only. Haven't figured out why yet, and have reported problem to Firefox. But it is only this site I run into problems with. I may visit several dozen sites a day with a possibility of several hundred pages total. Why only here?

I use this computer and a laptop, both with Firefox and yet it is only this computer with issues. We have 4 other computers with Firefox running and between wife and kids, hundreds if not not thousands of sites and they report no problems or crashes.

Just curious if anyone else is having a Firefox v3.0 crash issue.

When firefox was first introduced there were no so many users, most of the hackers then targeted IE since ninety-something percent of the population was using it. But now a substantial amount of people use firefox so it's only natural that it gets targeted by more hackers.

Anyway it works for me. way better than IE IMHO.

Originally posted by malganis
Someone said something about Fx being open source so it's easy to hack? What did they mean by that? And if it's being updated by thousands of programmers does it mean you have to download updates all the time? And do they have to go through the main Firefox people before it's released?

I've just got a new laptop for uni so I might download Firefox for that.

Thanks

Just open a tab and type "about:config" without the quote tags and you will be taken to the Firefox Configuration page. From there, anything can be changed. Try that in IE!
I have used Firefox on my Linux box for years now, and although the early ones has massive memory leaks, it runs good all the time now. I am using version 2.0.0.14 right now, and love every minute of my sessions. I have tried the new 3.0 version, but am waiting for the extension writers to catch up before I install it.

i'll take anything over IE any day. i use FF mainly, but been following this:

Google Chrome
news.zdnet.co.uk...

not sure you guys heard about google chrome.
haven't tried it yet, waiting for a stable release, but the benchmarks look good.

Gah my login isn't working.

Anyway, Google Chrome, I wouldn't touch anything Google makes with a barge pole. I class all output from Google as spyware. I like some of the ideas they are putting into Chrome, having each tab as a seperate process would be a nice feature in firefox if its made to work.

I don't like how Google Chrome installs an auto-updater though, the browser may be open source but the updater isn't. Even after removing the browser the updater remains until it decides it should be un-installed.. Tut tut Google!

Firefox has my loyalty it's a good browser the extensions are very useful compared to Internet Explorer it's a lot less vulnerable to spyware and other nastys.

As for Google chrome I don't see any need for it Google makes most of their revenue from ad's I believe so it does make sense for them to do this.
I don't think their motivations are that noble and wouldn't be surprised if it's used for data mining and ad targeting.

I actually use two browsers depending on whether I boot into Windows or Linux
on Linux I actually prefer Epiphany over Firefox/Swiftfox no windows port of it though but think firefox light and you will probably get the gist of it.

Basicly all Browsers have bugs and vulnerabilitys though likes someone already said keep up to date is about the best you can do.
I rate Firefox over the others on Windows though I've never liked the feel of Opera but that's personal taste and I admit it's a fine browser to.

Originally posted by halfmask
I use firefox. But, my on friend really knows computer software. He said he found a really bad bug in Fire Fox. He said he noticed that Fire Fox corrodes space on the hard drive or something like that. He said over time it eats up some space. (a few megabites). Other then that he says it is great. Hope they fix that soon.

Thats because he probably did not go into tools and change his settings to delete temporary internet files and cookies when he logs off the browser. After a while it will build up in the cache and just like IE will bog down your PC eating up space.

I've been using FF for a couple of years now. When I was using IE, my computer had become almost useless. I have dial-up and all the crap that bombarded my computer would bring to a halt. One night my popup blocker stopped over 1800 popups. Since I started using FF, I have not had any problems. It loads up so much faster and just doesn't give any problems and I LOVE the tabs. The ONLY way I use IE now is if something requires it.