Book Me For A Speech

My Writing and Ranting

Press Room

Good Books

« Microcosmographia Academica: One Of The Greatest Books On Organizational Politics | Main | Orville Wright Did Not Have A Pilot's License »

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

George Dinwiddie

@Jonathan, keep in mind that those numbers cover only security holes that have been publicly acknowledged. It also does not relect the length of time a security hole is in existence before being fixed (yes, Firefox generally releases a fix more quickly than IE) or the consequences of a security hole (if you look through the list of Firefox security patches, you'll find quite a few that will crash the browser, but no allow remote access to information on your computer). So while the reasoning given by Bob Sutton is, as you say, not conclusive, it's still good advice.

I would suggest also adding the NoScript (http://noscript.net/) plugin to FireFox. By allowing YOU to control which active content runs on your computer and which does not, you reduce your exposure to malevolent web pages even more.

Sam Thornton

The newly released Google Chrome browser is another alternative. Plus it's faster and has a smaller footprint. http://tools.google.com/chrome

help with dissertation

Blogs are good for every one where we get lots of information for any topics nice job keep it up !!!

Bobsutton

Jonathan,

I wanted to get a perspective from Mozilla on the security issue, as your email surprised me because I read at least two articles today suggesting that people not use IE now and switch to something else.

I asked Asa Dotzler from Firefox for a reaction to your note, and here is what he wrote:

Security is a complex topic made even less digestible by the desire for simple explanations and catchy headlines. As we've been saying for quite some time, browser vulnerability is not just a bug counting exercise. What matters is the real risk to users and when you start talking about user risk, Mozilla and many others in the industry think that the best possible metric is "how many days is a user vulnerable to real attacks on the web."

When you use this kind of measure, you see that there's a big difference between flaws discovered in a product which _could_ be exploited and the flaws in a product which _are_ being exploited. Microsoft recognizes this distinction and that's why they've been so public about this problem even before they have a fix for it.

What we have with this I.E. situation is a known vulnerability in the software that is currently being exploited and through which millions of users (according to Microsoft) have already been compromised in just a few short days.

You can read more about this here: https://developer.mozilla.org/devnews/index.php/2006/09/26/better-metrics-for-security-understanding-the-symantec-internet-security-threat-report/

P.S. See his blog for more information:

http://weblogs.mozillazine.org/asa/

Stop Smoking

...and that is only on top of all the endless troubles upgrading to IE7 has given a lot of people. On to Firefox!

Jonathan Kamens

Bob,

It is my understanding that more security holes have been found in Firefox than in Internet Explorer.

Now, it may be that this is because the source code for Firefox is openly available and the code for IE is not, and if hackers could get their hands on IE source they'd find as many bugs if not more.

However, there's no way to know that for certain, so I'm not sure it's terribly prudent to tell people to switch to Firefox for better security.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.

Your Information

(Name is required. Email address will not be displayed with the comment.)

Asshole Survival

Scaling Up

Good Boss Bad Boss

No Asshole Rule

Hard Facts

Weird Ideas

Knowing -Doing Gap

The No Asshole Rule:Articles and Stories