Neowin.net

Opera > IE7 > Firefox
*hides*

I CALL HUGE bull****

its nothing but that

Last sentence. "Microsoft quitely". I believe you mean "Microsoft quietly". It amazes me how many people misspell that one.

Also keep in mind that fixing vulnerabilities is a good thing. Mozilla fixes bugs much faster than MS does, thus making for less exploitable vulnerabilites. I am using IE7 right now.

Personnally I don't think one is safer then other. Security wise both are just good. Maybe IE7 is a little more secure on vista but thats it.

How about Opera?

i use for a long time firefox but have to admit that firefox is getting way more security breaks lately than IE

its the price for popular software, hackers cares to find holes on them

its now that firefox team will have to show what they made of and make a even greater software without many holes on it

Still, FireFox has better performance and more enhancements.

Well, Firefox is a newer product from a less mature company. I don't think you can say Firefox is actually more of a security risk. Even if it's purely it's lower market share, there are fewer attacks aimed at it.

"here come the trolls, watchout people, trolls coming!"


Wow... I got the impression that the blog post was a troll. Actually, it is not an impression. I have come to expect that from Microsoft. It is their Modus Operandi.

ill take the security risk. I like the way firefox will load a page up in like a second where ie7 will take like 5 seconds or more.

Yes. IE7 it is the greatest browser made by Microsoft.

But Firefox is the best browser made in the history of the internet. People, please spread the word, let the world know that Firefox is the best.

The fixes does not mean that Firefox is less secure (It means that the Firefox developers are more in touch with the community). If fact, Firefox is the most secure browser available. And it should be noted that Microsoft is the richest company in the world, and Mozilla is a non-commercial company.

Yeah and Linux is more expensive than Windows Server....

Listen I work with both browsers. My company has close relationship with Microsoft and I know for a fact that the article is bull. Use common sense go back over 3 years and look at all the fixes for I.E. and for Firefox. there is no doubt I.E. had 3 times the fixes. don't take my word for it go look at the numbers.

I've always believed what matters most is how quickly vulnerabilities are patched; because no browser will be void of vulnerabilities. Nevertheless, well done to Microsoft

Last edited by TSThomas on 30 Nov 2007 - 20:48

BREAKING: A company says that its product is better than the competition.

Coming up next: The Sky: Is It Really Blue?

I don't care much about vulnerabilities because of one small reason, I didn't have any problems because of them.

And still MS IE is a crap. Why? I think most of people already know, especially developers making or trying to make nice working Web 2.0 websites.

Duh, teh open sourse n00bs can't code for peanuts. (Wait, that's what they do!

Of course Opera isn't listed... it is faster, better, and more secure than IE and FF together.

I challenge MS to release the source code of IE - then give it a year and compare number of vulnerabilities found

Also, you can't compare the quantities of types of vulnerabilities (high/med/low) found, since both companies use a different ranking system.

And he should have mentioned response times too. Time To Patch multiplied by the Number Of Users, and then seen which browser is better; If browser A has one vuln for one month, and browser B has two vulns for 1 week, which one is more secure?

Last edited by Cryton on 30 Nov 2007 - 21:11

Something people forget, is that MS have had SEVEN attempts at IE, so that's a lot more of a refined codebase (in theory) than the less-mature firefox.

Also, there's a flipside to MS saying that they've made less fixes. Does that mean that IE has more unpatched issues than its competitors?

Microsoft does it's own testing... Microsoft quietly "leaks" out the info they find in a blog... Microsoft claims it's own software is more secure then the competitors...


Now..... that is fanboy fodder if I've ever seen it.

I believe that the title should read, "Microsoft: Fewer...", rather than "Microsoft: Less...". Nobody is perfect but this just hurts my eyes!

OMG! A company tested its own product against competitors, the report must be biased lies OMG I am so S-M-R-T.



The facts are what they are. If you still prefer another browser then that's fine. But it's not Microsoft who looks unbelievably ignorant when you dismiss facts as lies just because you have a product preference.

Not to be troll but ... Opera rulez!

great ie 7 its really more secure since its very limited, i mean cant even change the button layout, limited = more secure.

besides firefox patch their vulnerabilities very fast compared to the "monthly" patch cycle of ie.

IE7: "Currently, 37% (7 out of 19) are marked as Unpatched with the most severe being rated Moderately critical"

Firefox 2: "Currently, 22% (4 out of 18 ) are marked as Unpatched with the most severe being rated Less critical"

Opera 9: "Currently, 0% (0 out of 10) are marked as Unpatched."

Very interesting.

...yet, Firefox still better than IE7.

IE may be safer (assuming that this report is correct)... but even if it is safer it still render sites properly, something that a web designer needs

ok...good for microsoft making IE7 not suck as much, but im still staying with firefox.

i dont see why people are getting upset about it, i doubt anyone is going to stop using firefox because microsoft says theres is better.
the report is probly flawed anyway.

A few things:

How does this guy normalize the severity of the security flaws? The same high rated flaw in Firefox might be considered a low rated flaw in IE7.

With that in mind, his argument would be stronger if he could specify vulnerabilities present in Firefox and not in IE7 that would compromise the average end-user's PC, not some drone computer running security analytics.

Where's the fancy diagram outlining average release times for security fixes? That'd be a great comparison if Jeff Jones's wasn't eating out of Bill Gates's hand.

I certainly don't care about security at this point.

I was a Netscape user in the early 90s. Then Netscape sat on their asses and did nothing to improve it, and when they finally did, they made it worse. So came along IE. And it was a better browser than Netscape and eventually killed it. Then MS did nothing to improve IE for quite a long time. How long were we using IE6? So then came along Firefox, and it was better than IE6. So I switched to Firefox. Now I can't live without the Firefox plugins, so much that I don't even care how secure IE7 is compared to Firefox. Plus being a cross platform user between Windows, Macs, and Linux, I get one Firefox browser that's consistent on all platforms. Sorry MS, you'll have to wait till the firefox team sit on their ass and do nothing to improve Firefox, then maybe I'll consider an alternative browser. Don't hold your breath though.

Firefox is open source, so anybody can audit the code. IE7 is not...and judging from it's codebase (based on NCSA Mosaic), it is way older/innefficient/bug prone.

Uhh, Secunia disagrees...

IE 7 -- 19 security issues, 37% of those still unpatched: http://secunia.com/product/12366/
Firefox 2 -- 18 security issues, 22% of those still unpatched: http://secunia.com/product/12434/

The most criticial unpatched flaw is also worse in IE 7 than Firefox, at moderately criticial.


What, but does that mean that they have more open issues in IE than Firefox? I mean, you can take that information as both a problem for IE and not.

It's not interesting how many bugs are FIXED. The interesting part is how many are OPEN.

In other news... Firefox 2.0.0.11 released @ www.getfirefox.com with its misc fixes, take that IE!

There doing something right now because i got the download and install popup, checked here and filehippo and there wasnt a mirror or entry in for it yet ^_^

I still llike Firefox, and I use sandboxie to sandbox my web browser when I browse the net, so the security vulnerabilities really aren't a concern to me

One thing is though, IE 7 has DEP built in to it and you can turn it on. Firefox doesn't. I think that if you were to test firefox vs IE 7 w/ DEP turned on, you would find IE 7 more secure. I currently am using IE 7 and love it. There have been a couple of times where I have gone to a site that I didn't completely trust on accident and the built-in ie DEP closed it.

Who cares....I'm still using Firefox.

Truth hurts - deal with it. IE7 >>>>>>>>>>>>>>>>>>>> Firefox.

how about the huge vulnerability called ActiveX?

this can account for more than 2000 vulnerabilities Firefox has lol

Do you really think IE 7 would even had been developed if it hadn't been firefox? I mean, they said they had no plans to come out with a new version of IE until all of a sudden Firefox started to gain ground. They knew they had to do something and all of a sudden IE7 development started to poppup. Firefox has helped jump start the entire browser wars. Which ever one is better, i think its up to the user. But at least we have a choice now days.

I realize that IE7 made Internet Explorer much safer, but to get a comparison about the two web browsers, download and install spywareblaster. Then download the updates and apply them and look about what it protects you against or stops from being installed under the IE section and then the Firefox section.



Last edited by warwagon on 01 Dec 2007 - 02:24

That just proves Mozilla is faster and more responsive when it comes to acknowledging and fixing problems than Microsoft is. There's an entire community of coders who actively work at resolving known Firefox issues in concert with Mozilla. Can't really say the same for IE.


Operative word is "lower"
As in, "lower than before", not "lower than the competition."
Silly Microsoft, tricks are for kids. If you're going to claim that your product has fewer reported vulnerabilities (both fixed and unfixed) than the competition, it helps if your company doesn't have a pattern of ignoring and discounting reports of said vulnerabilities.

It also helps if you don't insist on comparing apples to oranges: Internet Explorer 1.0 was initially released in August of 1995. Mozilla Firefox 1.0 was initially released in November of 2004. That means that the Internet Explorer developers have had nine years more than their Firefox counterparts have had to work on their respective codebases. It also means that the Firefox developers had nine years to study and learn from what Internet Explorer did right and from what Internet Explorer did wrong.

I like mixing apples and oranges together as much as the next guy, but I limit such activity to the making of fruit salad, not statistics salad.

Last edited by Croquant on 01 Dec 2007 - 02:53

I use the browser that best suits my needs at that specific time.

IE7 and Firefox are excellent browsers and have their faults respectively. With proper security measures in place on one's system, there is very little to fear.

Education is the most effective way of patching security issues. If you know what to avoid or not to do, the browser written by the chimp next door can be safe.

People have their preferences in browsers like they do in beverages. Free choice is a wonderful thing...

Does it matter? I like Firefox, I'm not gonna switch even if it has more "vulnerabilities".


So, if we look at this another way, Mozilla fixed more vulnerabilities than Microsoft. Wow. It just says how many were fixed, not how many existed.
Edit: just read Croquant's post and he's got the same idea I was thinking at the beginning of his post.

I'd rather use IE6 than IE7 even if it was not as safe... IE7 is way too slow. It makes me lose my will to be on the computer in the first place.

i would like to see how mozilla response to this...

Hmmm.....

Some of the vulnerabilities in FireFox and/or Opera are actually vulnerabilities due to Windows components, and it's not listed under Internet Explorer's fixes.

"Microsoft has fixed 87 total vulnerabilities (across all supported versions of Internet Explorer) while Mozilla has fixed 199 vulnerabilities in supported Firefox products"

the way i see it is... even if that statement is true, as long as those vulnerabilities are fixed in a prompt time frame BEFORE there exploited then thats the bottom line

even though im a Firefox fan myself... i think anyone could have predicted (and did on this forum) that once Firefox got more popular, more flaws would be found in the browser.

even though i use Firefox full time myself... i gotta admit IE7 (or IE in general for that matter) is probably more tuned software since it's been out for ages and had LOTS of testing and tweaking over it's many many years..... everyone just likes to poke fun at it since it's the most used browser and it's a MS product. lol

Since the article tells only Microsoft's side of the story, it's only fair to go through Mozilla's response.

http://shaver.off.net/diary/2007/11/30/cou...prisingly-hard/

Maybe it's just me but Shaver makes a lot more sense than the Microsoft report..

how so? By telling the entire world about every security exploit in it's browser? Yea, that's smart thinking.

I dunno. I'm using Firefox without fearing for security (as long as I don't let it store my passwords).
I admit I'm feeling alright with IE7 too, but Firefox is just a better browser.
Not to mention that without Firefox IE would've still suck.

People need to know that many of the "IE security holes" are actually ActiveX holes. IE took the blame because it's the platform used to launch those buggy plug-ins.

I still like Opera more because it's able to handle tab sessions better than Firefox or Windows Internet Explorer.

"Jeff is saying that Mozilla’s products are less secure than Microsoft’s because Mozilla fixed more bugs. By that measure, IE4 is even more secure, because there were no security bugs fixed in that time frame; bravo to Microsoft for that!"

That just made me so happy reading that in Mozilla's response. Thanks macel for posting it.

When firefox was out, people said it wasn't more secure per se, but because it was used by fewer people therefor not being as "attractive" to hack like internet explorer. Now that there are a lot more FF users than IE7 users... there's the same thing

I thought every IE vulnerability is a feature. The more, the merrier isn't it?

Funny enough i use Opera mostly but i am often forced into IE because still a lot of sites depend on ActiveX insecurities and noncompliant scripting to work. I can't even log into my bankaccount without letting an IE ActiveX control take over command. That scares me.

Fewer, fewer . . . not "less."

Not sure what Safari is like on Windows, but I use Safari 3 with a couple of useful plugins on OS X Leopard and it's great.

I enjoy Camino as well - it's a lively project . . . a lean, clean, fast browser with some very nifty features.

IE7 is nothing but Firefox with a more natural interface (due to the fact that it takes advantage of your windows theme, where Firefox has its own theming system). They've just been adding one feature after another to IE7 that has been in Firefox for years to the point that IE7 is just a flawed, more insecure version of Firefox.

Duh! Who didn't already know this, that isn't a brain dead Firefox fanboy!!

I'd rather have a browser under active heavy development, that is constantly striving to keep on top of the real web standard specifications, rather than ones they're just making up, than an effectively development dead system.

Active development makes it almost certain to have more flaws than an application that never changes bar patching discovered holes.

Last edited by yakumo on 02 Dec 2007 - 15:53

Shaver delievers a devastating rebuttal. Oh, wait, actually he didn't even read the report. The report compares unfixed vulnerabilities in IE7 and FF as well as fixed, Shaver's argument is that FF actually has fewer bugs but fixes more, you can see this is false if you look at the unfixed vulnerabilties section of Jeff's report. But facts have never bothered the anti-MS types, so why should they start now. Shaver also has the nerve to sugguest MS should be embarassed, but his post is so obviously embarassingly wrong it's hard to overstate it.

And posting "I like FF anyways" crap is so lame, I mean the argument is about security, changing the subject to avoid admitting defeat is typical of this crowd, as everyone has seen for years now. If you don't have anything to add about security of the browsers, you're just trolling, have fun but I and other educated people are ignoring you.

To summarize the report because the FF fanboys refuse to read it (or read it properly and thoroughly):

IE has less fixed vulnerabilities than FF, for similar products timelines (IE7 vs FF2, etc.).
IE has less unfixed vulnerabiltiies (the type Shaver pretended weren't in the report or else he just did not read it, that undermine his whole argument) than FF.

Not in the report that's relevant to the argument:
IE7 in Vista runs in sandboxed protected mode by default, so none of it's vulnerabilities could be exploited even if you were unpatched (isn't that something? - if you don't want this type of security and choose not to upgrade, that's YOUR problem, it's a choice and many people are taking advantage of it.)

Conclusion:
IE is more secure than FF. This has nothing to do with whether your favorite plug-in is available for IE or not, this is to counter the general perception that FF fanboys artificially generate by spamming truly clever little comments over and over to forums, like that IE is "swiss cheese", etc. If you like FF better than IE, fine, knock your self out, but know that your flat out wrong security arguments against IE have become less effective because of researched, documented studies. FF will just have to compete on merrits rather than slashdot/digg style one-liners about IE security. Terrible, I know.

Last edited by J_R_G on 02 Dec 2007 - 16:40

Hahaha, oh, I do love these types of reports.

Imagine Microsoft finding their product to be superior to their rivals, in their own study no less! Why, there's no bias there at all! Cigarette companies constantly put out reports about how smoking was safe for your health (and in the past, even beneficial!. How could anyone possibly doubt these types of studies? It's mind boggling, absurd, ridiculous to do so!

This just in: My in-depth study of the Internet has determined, in my latest report, that A Clockwork Lime is the greatest human being to ever have been born to this Earth in every conceivable way, shape, and form! It's a report, so that makes it official. No denying that one.

ok everyone to lay this nonsense to rest and to those who asked for a website PLEASE READ THIS.



http://freewebsoftwarereviews.blogspot.com/

This kind of "news", being clearly a part of the Microsoft disinformation strategy, makes me wonder if Neowin authors are paid by Microsoft.

So what do we have here? A statement that IE7 has less vulnerabilities than Firefox, that actually doesn't mean anything but tries to lead the reader to a quick and false conclusion (being "IE7 is more secure than Firefox", which is a typical disinformation technique. Please don't get fooled.

First, I think one word has been forgotten here: reported vulnerabilities. What about all the hidden ones that have yet to be found? Please compare apples with apples and don't forget that Firefox is an open source project while IE7 is a proprietary, closed source one. Of course it is much more easy to find and report vulnerabilities in an open source project, where the public has full access to the source code and to a bug tracking system! Actually, the Mozilla foundation encourages you to do so, while Microsoft tries to hide the bugs and vulnerabilities as long as possible. If you want to compare closed source to closed source, then compare IE7 to Opera.

Secondly, it isn't specified if the reported vulnerabilities are "critical" or just minor. This is purely subjective. What's really important regarding security is: how much time does it take to fix a vulnerability once it has been reported, and how many vulnerabilities have actually been exploited, and for how long?

And I didn't even mention the fact that IE7 has tons of rendering and javascript bugs waiting to be fixed or that its standards support is just pathetic. Because these are not vulnerabilities, Microsoft isn't moving a finger to fix them.

Firefox is more secure than Internet Explorer. Security is better measured by the time when vulnerabilities are kept unpatched. Check this out.