Firefox rated most vulnerable web browser

In a report that will surely start internet fires all over the world Secunia is reporting that Firefox is the most vulnerable web browser that is widely adopted on the market today.

"This year, Secunia published advisories for the four most widely used web browsers: Internet Explorer (IE), Safari, Opera, and Mozilla Firefox. 31 vulnerabilities were reported for Internet Explorer (IE 5.x, 6.x, and 7), including those publicly disclosed prior to vendor patch as well as those included in Microsoft Security Bulletins. Safari and Opera each had 32 and 30 vulnerabilities, whereas 115 vulnerabilities were registered for Firefox in 2008."


(warning link is a PDF)


The vulnerabilities measures areas of a browser that requires a patch to fix a hole that could be exploited by a malicious user to take sensitive data from the end user.

It's an interesting contrast to the idea that people assumed that Firefox was the most web secure browser. According to this review Opera appears to be the safest but Microsoft and Apple's web browsers are not far behind.

Does this mean that you should switch your browser out of fear? Not so, the study does leave out the human element that the best defense is an educated user. If you are aware of what you are doing online and don't download bonzi buddy you are one step closer to a safer web experience.

Update: Mozilla have responded to the report and you can read their response here. Interestingly it appears Mozilla discloses all security issues whereas other vendors tend to keep them secret which would explain the big number differences.

Report a problem with article
Previous Story

Microsoft announces key Office 2010 details

Next Story

Neowin Exclusive: Lets talk some Zune HD specs

139 Comments

Commenting is disabled on this article.

Mozilla reports all of Firefox's bugs, including the small ones, therefore their number is higher compared to the other browsers, as IE and others only report bigger ones. RTA.

Its funny how the firefox/anti-ms zealots in this thread are arguing what people with a few brain cells always knew;
No browser is inherently secure or flawless; it's the browsing habits that determine security.

Debunking a flawed report doesn't imply thinking that firefox is flawless, nor does it mean you are a zealot

Good thing I'm using IE8! Just joking, though I do plan on using IE8.

This shows that even some of the most coolest browsers, aren't always as secure as you think...

Obviously, MS has really improved IE security.

Just a quick thought.

Just curious and think clearly before you read it on digg or Neowin or other news site about this little question.

Before today Has anyone else heard of "Secunia?" when they released this report?
or the other one that stated last year that firefox was the top of the Vulnerable list (Bit-9)
see this post

http://www.neowin.net/forum/index.php?show...amp;p=590344574

Just curious.

And I use Linux which does not have Active X so they didn't even bother testing before releasing this news. Now don't get me wrong it may have some issues with flash or even some with java. But they didn't bother even testing it on OSX either.

redvamp128 said,
Just a quick thought.

Just curious and think clearly before you read it on digg or Neowin or other news site about this little question.

Before today Has anyone else heard of "Secunia?" when they released this report?


Yes anyone who keeps himself up2date on software security has certainly heard of them. They got a big vulnerability database.
They released some good scanning and update software too.

Is it time to rename them Suckunia?

I don't know about these so-called vulnerabilities they counted, but I haven't had any security problems with Firefox in all the years of using it. Firefox makes it much more difficult than IE to accidentally download malware or be phished. IE7 improved, but IE8 turned out to have a bunch of new issues with rendering and other bugs, so why even bother?

It doesn't matter which browser you use or which operating system...at least if you are somewhat competent. Obviously its not the user's fault 100% of the time, just more like 98%.

Wow, look how quick the Mozilla fans rush in to the defence!

the best defense is an educated user
Of course this is true but it sure is nice to have something like this to throw in Mozilla's face as it spews out utter garbage about being the "safest" or "most secure" browser. Maybe they could consider spending less time on their high horse and more time fixing problems in their software?

I could say the same about Microsoft. In case you hadn't notice, IE stil has unpatched vulnerabilities. Firefox doesn't.

C_Guy said,
Maybe they could consider spending less time on their high horse and more time fixing problems in their software?

True, they should indeed spend more time fixing all those unfixed vulnerabilities from the report.

Oh wait, there are all fixed already!

Secunia is finished IMHO. I'm no longer going to even consider what it writes. I've encountered no security issues with Firefox (or any Gecko browser for that matter), so whatever is disclosed doesn't really affect me unless something becomes widespread rapidly and it happens to work without user interaction.

Everyone can be stupid one in a while. Also, think if a big site such as Yahoo or MSN was hacked and malicious code was inserted. Its not the users fault they get hit there, its the browers fault for having an unpatched hole.

Secunia: taking seriously security reports from a company that is in the business of selling security advice....

YIKES

They have a free evaluation tool as well - that tends to call everything installed on your system a security threat. Even worse than AVG in creating panic-like symptoms to get you to buy their paid version. And here's one from their EULA:

3.3 We reserve the right to monitor your usage of the Software and the Website Service in order to verify that your usage comply with these terms and conditions.

Sounds like spyware to me. So, before putting any type of weight behind a report like this, make sure to look at the company and reasons for their report.

Some of the people with complaints about Firefox's speed, I strongly suggest to perhaps take a peak at the beta version of Firefox. I didn't want to try it out until it was released myself, but I couldn't hold off any longer. I've got to say that it's quite a big improvement to me in terms of speed.

As for the article at hand, it's easy to grab some statistics and use them to slant the article in one direction.

Seems those that didn't look at the PDF may have missed this bit of information as well.


For browser plug-ins, the number of vulnerabilities in ActiveX controls in 2008 remains by far the most significant, at 366.

Or what about this?


This table considers only those vulnerabilities publicly disclosed without or prior to vendor notification. The number of days unpatched are in red for those vulnerabilities that are still unpatched as of 31 December 2008.

I don't know about you guys, but that doesn't look good on Microsoft's behalf at all. But hey, instead of talking sh-- to each other, why don't we sit back and realize what I believe to be the overall truth despite whatever operating system or browser we use: stupid people will always do stupid sh-- and simply find ways to screw up their computer. It NEVER fails. And if it did, I suppose many of us would be out of a job, eh?

Like I said above: Pure FUD.
1) Scare people into thinking that Firefox is full of holes
2) Sell them software they don't need to patch holes that don't exist.
3) Profit!

PatrynXX said,
Cool, Opera is down there. Google Chrome is the best in security, but they didn't post that.

Perhaps because Google Chrome runs on an outdated version of WebKit? And WebKit falls under the same umbrella as Safari?

I want to see the rate in which these were fixed. Firefox can patch this itself a in week when a serious flaw is found yet IE users have to wait a month or more.

It depends on how serious the flaw is. Usually if the flaw in IE is very bad, Microsoft will push out a patch withing a couple days.

Umm, yea...BIG difference between the browsers so I am questioning the accuracy of this "report". 30 something for all browsers and 115 for FF? That is a BIG diff...

From my point of view firefox is the most secure just because I can have NoScript, FlashBlock etc etc. Also its by far the most pleasant to use simply because of AdBlock.

So for as long as I can get those only on Firefox I'm sticking with it. I'd love to use Chrome or IE8 but I just cannot part with NoScript and ESPECIALLY AdBlock.

It's just beginning, mate. Firefox is by far the most installed non-default browser.

Unless Chrome, Opera, and Safari (for windows) start installing themselves by default onto OEM machines, the road to catch firefox will be tough.

I use Firefox because I can skin it, no other reason.
I have found the NoScript a hinderance sometimes, and hate having yet another application on my system.

Mr Spoon said,
I use Firefox because I can skin it, no other reason.
I have found the NoScript a hinderance sometimes, and hate having yet another application on my system.

Don't use NoScript? It's not required by any means.

I don't use any virus or spyware protection on any of my computers and I haven't got infected for at least the past 5-7 years. Come to think of it, I don't create "is this a scam" threads on forums either, so I must be an educated user. If the internet was full of smart and unbias people it would be boring. We need the idiots and fanboys to keep it exciting. You can't argue with people you agree with.

Bottom line. Viruses and spyware is a user problem. You don't have to install the XXXviewerTool to watch free porn videos. You didn't receive an e-card from a friend. You didn't miss a shipment and the details aren't in that attachment. You didn't win the lottery in Australia. You don't have to look at a bunch of cat pictures in the attached powerpoint file. You don't need the weather on your desktop (look outside). You don't need to change your screensaver for xmas.

Hell, you don't even need winzip to view and create zip files.

People just don't know any better.

It doesn't matter what browser you are using!

tonyxcom said,
I don't use any virus or spyware protection on any of my computers and I haven't got infected for at least the past 5-7 years.

If you don't have protection, how would you know if you've got infected.

No, I don't believe running web detection routines every couple of months counts.

Because I don't have weird popups, my system isn't slow, I dont have any rouge dll's in system32, no rouge processes running.

I fix spyware and virus problems as part of my living, so I am pretty keen on spotting them and their symptoms.


If you don't have any Antivirus running, your system could be a zombie and you'd never know until it's too late to do anything about except reformat and start again. Oh, and it wouldn't show up as a "rouge DLL"; it would hijack a "legit" system DLL and you'd never know the difference.

Not every virus or worm gives you "wierd popups" or slows down your system. Some just hijack your machine sit their as part of bot network. Others sift through your online banking and online shopping history looking for credit card numbers and private financial information, turning your PC into a datamine for identity thieves. And other just **** with you for the fun of it. (and that's just the snowflake on the tip of the proverbial iceberg). Good luck trying to protect yourself from all those threats by yourself.

I like the way you roll. I don't use antivirus/antispyware software on my machine either (running Win7) and haven't had viruses for years. I sometimes run a few scanners to check and they always come up with nothing.

Every day I curse my work PC (running XP) for how slow it is for a Core2Duo machine w/ 3GB RAM and all I can think of is that it must be because of the F-Secure crap running on it.

The biggest "hole" with any software is the user itself. I've run into lots of people who will click just about anything without any common sense at all. I was relieved when some of them bought a Mac, mainly because at least then they just can't run all that Windows malware. Since IE is the default browser for Windows, it's no surprise that there's a bigger share of idiots using those browsers than there's in the group running Firefox, Opera, Chrome or Safari.

Lemme guess, I should run Zone Alarm too right?

Tell you what. I will install the Nod32 that I install on the computers at work and if I find something I will give you $100. If it doesn't you give me $200.

Deal?

tonyxcom said,
I don't use any virus or spyware protection on any of my computers and I haven't got infected for at least the past 5-7 years. Come to think of it, I don't create "is this a scam" threads on forums either, so I must be an educated user. If the internet was full of smart and unbias people it would be boring. We need the idiots and fanboys to keep it exciting. You can't argue with people you agree with.

Bottom line. Viruses and spyware is a user problem. You don't have to install the XXXviewerTool to watch free porn videos. You didn't receive an e-card from a friend. You didn't miss a shipment and the details aren't in that attachment. You didn't win the lottery in Australia. You don't have to look at a bunch of cat pictures in the attached powerpoint file. You don't need the weather on your desktop (look outside). You don't need to change your screensaver for xmas.

Hell, you don't even need winzip to view and create zip files.

People just don't know any better.

It doesn't matter what browser you are using!

Because - obviously - everyone knows as much about computers and online safety as you do.

But, let's just assume that people don't - that's where having a browser like Firefox would come in handy. I'm far from being all over the Mozilla 'bandwagon' so to speak, but it's statements like the above that just irritate me. Firefox IS more secure than say IE, even IE 8 which I know has made strives in that category as well as others.

You are a minority in the online world. The majority does not conform to the minority.

I never said I was the majority. I'm not stupid remember.

My point is that it doesn't matter the browser. The "majority" will still open attachments in email. The "majority" will still install Limewire or stupid little programs that do cute things. The "majority" will still install pirated software increasing their risk for infection.

None of those things have to do with the browser.

And currently most infections don't even come from browser exploits. They come from USER EXPLOITS. If a user sees a flash popup described as a windows dialog box and they get tricked into installing something it is still not a browser problem. If a user is looking at porn and the site tells them they must download this viewer or app to look at the content and the user installs it... it is still not a browser problem.

If I had to guess, based on my direct experience with customers that were infected, 99% of the infections were caused by something the user did, or was tricked into doing.

You don't have to install the XXXviewerTool to watch free porn videos. You didn't receive an e-card from a friend. You didn't miss a shipment and the details aren't in that attachment. You didn't win the lottery in Australia. You don't have to look at a bunch of cat pictures in the attached powerpoint file. You don't need the weather on your desktop (look outside). You don't need to change your screensaver for xmas.

The "majority" will still open attachments in email. The "majority" will still install Limewire or stupid little programs that do cute things. The "majority" will still install pirated software increasing their risk for infection.

Wow man, you hit it spot on. Hope you don't mind me quoting you on that in the future. :)

Despite the stupidity of the majority, I must say they do a wonderful job in giving us work to do.

I just can't agree more with Tonyxcom. I haven't used any virus software after Windows 98. At that time I used to get viruses as I went to traps you talked about and didn't know any better. Viruses were kind of newe thing to me back then, I would have kept virus scanning going on Windows XP also but it seriously slowed my comp down and I decided to go without it. Now, many years later I still haven't got any actual virus, only some random stuff from adaware which you really can't prevent anyway. I install virus program and (uninstall it immediately after scan) like every 3 months just to be sure.

Don't get me wrong, I understand why some people use virus protection. They want to be safe and secure. What I can't understand is why my computer-expert friends always say it's totally crazy and tell me my computer must be full of some really scary stuff. It's totally my own choice and not the worst one you could make! I mean, seriously worst thing that could happen is somebody hacked to my bank account but that's just not that easy if you always logout and you have changing password everytime you login. Oh, and I use firefox because I like it.

I just can't agree more with Tonyxcom. I haven't used any virus software after Windows 98. At that time I used to get viruses as I went to traps you talked about and didn't know any better. Viruses were kind of newe thing to me back then, I would have kept virus scanning going on Windows XP also but it seriously slowed my comp down and I decided to go without it. Now, many years later I still haven't got any actual virus, only some random stuff from adaware which you really can't prevent anyway. I install virus program and (uninstall it immediately after scan) like every 3 months just to be sure.

Don't get me wrong, I understand why some people use virus protection. They want to be safe and secure. What I can't understand is why my computer-expert friends always say it's totally crazy and tell me my computer must be full of some really scary stuff. It's totally my own choice and not the worst one you could make! I mean, seriously worst thing that could happen is somebody hacked to my bank account but that's just not that easy if you always logout and you have changing password everytime you login. Oh, and I use firefox because I like it.

I was the same until I got a virus. It's hard to consider yourself getting a virus when your careful which what sites you use.

A colleague in the office doesn't use one either. He also turned off scanning on his business laptop which annoyed me. Of course he ended up with a virus on it.

Run a HouseCall scan and see what it finds? http://housecall.trendmicro.com

tonyxcom said,
Hell, you don't even need winzip to view and create zip files.

How can I do this without winZip ? Can you please help me learn it or let me know where can I learn it ?
I hope you would like make others also as educated as you.

Airlink said,
If you don't have any Antivirus running, your system could be a zombie and you'd never know until it's too late to do anything about except reformat and start again. Oh, and it wouldn't show up as a "rouge DLL"; it would hijack a "legit" system DLL and you'd never know the difference.

Not every virus or worm gives you "wierd popups" or slows down your system. Some just hijack your machine sit their as part of bot network. Others sift through your online banking and online shopping history looking for credit card numbers and private financial information, turning your PC into a datamine for identity thieves. And other just **** with you for the fun of it. (and that's just the snowflake on the tip of the proverbial iceberg). Good luck trying to protect yourself from all those threats by yourself.



Not very many people use windows 98 anymore. xp, 2000, vista etc wouldnt allow an actual virus infection. 99% of the "viruses" out there today aren't viruses, but trojan horses. Which are not nearly so destructive.

It also helps to run as a standard user rather than an administrator. Chances of getting a virus infection virtually disappear, because nothing is allowed to be installed.

supernova_00 said,
Brad, how about also linking to Mozilla's response instead of just creating a crap storm without all the facts.

Use the "report a problem" link at the top, it's what it's there for. (And I have done so).

Good read there. Liked this bit:

Some vendors make the point that the number of internally found issues is small and not meaningful. That would unfortunately imply their internal testing and security processes are incapable of finding security issues, and rely entirely on the generosity of random strangers (security researchers). I would find that pretty scary.

The tone in his article seems to be very upset. You can't blame him though. Reports like this can severly damage a product's reputation.

The only fact I know is that once I started using Firefox instead of IE, my spyware/adware problem magically disappeared. And when my family members start using Firefox, the calls about their computer messing up magically go away also.

How could that be!?

Are we talking about IE 6, 7 or 8?

IMO, IE 6 wasn't any good, IE 7 only marginally better, and IE 8 caught up to others in some respects, and actually surpassing them in others.

IE 8 is much much better than IE6 or IE7, but I still get asked by my Boss (who is reluctant to switch to Firefox) to fix spyware problems on his XP machine running IE8

Chrono951 said,
How could it be that I use IE all the time and I never get spyware or adware? How could that be?

You also need an internet connection :P

j/k

I feel safe with all of those browsers. Gone are the days of ActiveX blindly installing malware on everyone's PC without their knowledge.

Maybe not, or maybe people accept them anyway?

Number of vulnerabilities by browser plug-in, 2008
Figure 4: Number of vulnerabilities in various browser plug-ins and add-ons.
1------------Firefox Extension
0------------Opera Widget
366---------ActiveX
54-----------Java
19-----------Flash
30-----------QuickTime

Page 11.

m.keeley said,
Some great comments, feels just like being on a Mac forum with all the apologists piping up!

Please, attack the arguments, not the people.

Every time I see browsers tested in the good UK PC magazines, they always downgrade Opera for plain not working on a lot of sites. It's also slower than Firefox and Chrome on heavy Javascript sites. I've tried it out a few times over the years but find it awkward mainly because it's tricky to set it up how I want and there's not the wealth of info and addons around like there is with Firefox. They rather chopped their own legs off by expecting people to pay for it for the first several years, so no big user base was built up while Firefox wasn't around or called Firebird.

supernova_00 said,
Number of disclosed vulnerbilites. Who knows how many vulnerbilities are hidden because they are not open source!

They still have to patch them. While they could patch multiple issues at once every so often, it wouldn't reduce the number of patches by that much.

I don't think that many IE users know enough about code to report vulnerabilities, and Opera and Safari are closed which means that users can't seek out vulnerabilities, whereas Mozilla is open and encourages users to develop it.

Kirkburn said,
They still have to patch them. While they could patch multiple issues at once every so often, it wouldn't reduce the number of patches by that much.

Well yeah but Mozilla has one bug report per problem and anyone can read them. How about IE? Who is to say that one of their patches actually patches just one security vulnerbility and not 50? No one because Microsoft isn't open source and/or has their bug database publicly viewable by the world.

supernova_00 said,
Number of disclosed vulnerbilites. Who knows how many vulnerbilities are hidden because they are not open source!


I hate the fact that people assume open source means it's somehow easier or more likely to discover security holes. F/OSS has mountains of security holes, as does closed source software. Did you not hear about the SSL certificate problem whereby if you generate a an SSL cert on Debian you can guess the crypto key...

Neither closed or open models are perfect and both have their security holes. I won't bother providing you to a link to Secunia's list of holes in an open source app or platform of your choice.

stevehoot said,
I hate the fact that people assume open source means it's somehow easier or more likely to discover security holes. F/OSS has mountains of security holes, as does closed source software. Did you not hear about the SSL certificate problem whereby if you generate a an SSL cert on Debian you can guess the crypto key...

Neither closed or open models are perfect and both have their security holes. I won't bother providing you to a link to Secunia's list of holes in an open source app or platform of your choice.

My point was that the list combines both Mozilla's disclosed and 3rd parties found vulnerbilities that were found in Firefox, unlike the others browsers where only the 3rd parties found vulnerbilites were disclosed....very, very scewed numbers.

supernova_00 said,
My point was that the list combines both Mozilla's disclosed and 3rd parties found vulnerbilities that were found in Firefox, unlike the others browsers where only the 3rd parties found vulnerbilites were disclosed....very, very scewed numbers.


But you could take that to paranoid extremes so easily. It rules out any possibility of honesty from Microsoft. Even if MSIE went opensource and the numbers stayed consistent, you could simply say something like "NOW the low numbers are accurate. they were higher and kept secret before, but thanks to open source they can say they're low without lying".

The reality is, some people will flat out refuse to acknowledge the possibility--the *possibility*--that Firefox has more vulnerabilities than closed source. People who can't even be shown proof because they can twist it into somehow being a conspiracy. People for whom, as long as Firefox is open and alternatives are closed, Firefox will inherently remain a result of superior programming.

It's childish, really.

shhac said,
I don't think that many IE users know enough about code to report vulnerabilities, and Opera and Safari are closed which means that users can't seek out vulnerabilities, whereas Mozilla is open and encourages users to develop it.

Yes because their are oh so many people who i always hear say "WOW firefox is great because i get to see code i know nothing about!"

Open or closed source somebody still has to do security checks and somebody still has to roll out and distribute the patch. Even though everyone has access to the source in open source software that doesn't automatically result in mass amounts of people--or even anyone at all--looking for security holes to plug. It's a special skill that very few people have. Who is doing the security checks on all that code at Source Forge? How long did it take for them to find and patch the OpenSSH hole? From what I recall, it was laying around for quite some time before they noticed it.

stevehoot said,
Did you not hear about the SSL certificate problem whereby if you generate a an SSL cert on Debian you can guess the crypto key...

Which was easily tracked down to a patch from a Debian dev.
Now try finding out that kind of stuff on closed source.

shhac said,
I don't think that many IE users know enough about code to report vulnerabilities, and Opera and Safari are closed which means that users can't seek out vulnerabilities, whereas Mozilla is open and encourages users to develop it.



You would be incorrect, sir. There are plenty of very knowledgable internet explorer users out there. Like the developers, for one.

First, this report is rather old. It was released at the beginning of March. Secondly, it doesn't include IE8, which from what I heard, is much more secure than its predecessor.

pkubaj said,
First, this report is rather old. It was released at the beginning of March. Secondly, it doesn't include IE8, which from what I heard, is much more secure than its predecessor.

First, it covers 2008. Publishing date is meaningless.

Second, IE8 wasn't released in 2008.

It's a shame to see that Opera doesn't have more of a market share than they do. They really do have a good browser but doesn't seem to have many users.

FlintyV said,
It's a shame to see that Opera doesn't have more of a market share than they do. They really do have a good browser but doesn't seem to have many users.

because everytime i see someone use opera
they switch back due to websites not working correctly init...and theyre engine requires special code for sites like gmail that work perfectly in other browsers
simple things like websites that receive right clicks opera wont support..right clicking on menus they REFUSE to add, and without an easy built in add blocker like fx and extensions i cant imagine opera ever becoming popular

on a side note, i wonder what chrome will be on that chart next year

Neoauld said,
because everytime i see someone use opera
they switch back due to websites not working correctly init...and theyre engine requires special code for sites like gmail that work perfectly in other browsers
simple things like websites that receive right clicks opera wont support..right clicking on menus they REFUSE to add, and without an easy built in add blocker like fx and extensions i cant imagine opera ever becoming popular

This is because those websites code around Firefox and IE, not Opera.

It's not because Opera has flaws in its design, unless you count following the standards more strictly a flaw (which, you can, but not to a particularly great extent).

I've tried using Opera, and I tried to like it, but the interface is clunky, the rendering is off, and the features aren't there. Opera makes the best J2ME browser around, but their desktop offerings are severely lacking compared to the competition...

Opera has always done what "I" wanted it to. which is why i've been using it for years now. i started out on Firebird, it didn't work, i found Opera. i tried Firefox years later, it still didn't work. good thing Opera always worked

lillitnn92 said,
Opera has always done what "I" wanted it to. which is why i've been using it for years now. i started out on Firebird, it didn't work, i found Opera. i tried Firefox years later, it still didn't work. good thing Opera always worked :)

No offense, but that's incredibly vague.

Before Firefox 3, I was a devoted Opera user. It was faster, it had all the right features for me. Firefox 3 turned the tables for me, I could get all the features I wanted (mouse gestures, speed dial etc) as addons for it and it was fast and easy to use.

Opera's big problem is that it tries to branch in all directions. It's got an e-mail client, BitTorrent client, widgets etc. but none of those are anywhere near as good as programs dedicated to just that one thing. That, combined with the very customizable but often quirky UI are the main things keeping me away. Opera Software is great at coming up with truly usable new features (often quickly adapted to other browsers) but they can't seem to mend all that into a coherent whole, there's little bugs and annoyances all around Opera 9. Hopefully they'll overhaul the UI for Opera 10.

I had no serious problems with page rendering with Opera 9. As for speed, haven't compared it to FF3.1/3.5 but Opera has always been very fast at actually rendering pages as well as starting up.

LaXu said,
Before Firefox 3, I was a devoted Opera user. It was faster, it had all the right features for me. Firefox 3 turned the tables for me, I could get all the features I wanted (mouse gestures, speed dial etc) as addons for it and it was fast and easy to use.

Opera's big problem is that it tries to branch in all directions. It's got an e-mail client, BitTorrent client, widgets etc. but none of those are anywhere near as good as programs dedicated to just that one thing. That, combined with the very customizable but often quirky UI are the main things keeping me away. Opera Software is great at coming up with truly usable new features (often quickly adapted to other browsers) but they can't seem to mend all that into a coherent whole, there's little bugs and annoyances all around Opera 9. Hopefully they'll overhaul the UI for Opera 10.

I had no serious problems with page rendering with Opera 9. As for speed, haven't compared it to FF3.1/3.5 but Opera has always been very fast at actually rendering pages as well as starting up.


See that's what bugged me too about Opera: too much stuff. I'm not the sort of person to complain about bloat (it makes me feel like one of those anti-MS weirdos), but I never bothered with their email client--it had nothing to offer me--and I LOATHE the included torrent client and how irritating it is to disable it.

The best thing Opera could do for their browser is trim out the clients that are inferior to almost every other free option out there, make the GUI (Mozilla, pay attention here too) more in line with the OS on which it's installed, and stop suing people for crying out loud.

Oh and, uh, change the icon. It's time.

Kirkburn said,

This is because those websites code around Firefox and IE, not Opera.

It's not because Opera has flaws in its design, unless you count following the standards more strictly a flaw (which, you can, but not to a particularly great extent).

i dont disagree with you
but that excuse doesnt fly in the real world, or for the average user
telling a customer "the internet needs to change their ways because were right and theyre wrong"..that customer is gonna go with a browser that DOES work with everythin

i really like opera, but they arent competitive and they constantly hide behind the web standards excuse..when they are in no position to encourage anyone to follow them

FlintyV said,
It's a shame to see that Opera doesn't have more of a market share than they do.

says who?

opera has up to 50% market share in some countries.

don't trust the liars at net applications.

LaXu said,
Opera's big problem is that it tries to branch in all directions. It's got an e-mail client, BitTorrent client, widgets etc. but none of those are anywhere near as good as programs dedicated to just that one thing.

actually, the email client is easily the best there is. and the convenience of having it built in is amazing.

Opera Software is great at coming up with truly usable new features (often quickly adapted to other browsers) but they can't seem to mend all that into a coherent whole

nonsense. opera actually has a coherent whole, as opposed to bolted-on firefox extensions.

Joshie said,
See that's what bugged me too about Opera: too much stuff.

silly thing to say.

all that stuff is hidden or deactivated unless you actually start using it, so you won't even notice that it's there.

Neoauld said,
i really like opera, but they arent competitive and they constantly hide behind the web standards excuse..

that's just a BLATANT LIE.

opera was designed from scratch with compatibility in mind.

they do NOT use web standards as an excuse.

opera's excellent standards support is NOT what's getting in the way of compatibility.

please STOP spreading the lie about opera hiding behind standards, because it's just untrue.

d_ralphie said,
that's just a BLATANT LIE.

opera was designed from scratch with compatibility in mind.

they do NOT use web standards as an excuse.

opera's excellent standards support is NOT what's getting in the way of compatibility.

please STOP spreading the lie about opera hiding behind standards, because it's just untrue.

really
everytime ive posted a site that works in Fx and IE on the opera forums, theyre reply has always been "That site is coded wrong its not standards complaint"
Yes they have compatibility in there, but not enough obviously

Neoauld said,


really
everytime ive posted a site that works in Fx and IE on the opera forums, theyre reply has always been "That site is coded wrong its not standards complaint"
Yes they have compatibility in there, but not enough obviously


LOL, yeah, opera is like apple fan boys, if it's wrong, this is probably someone else issue

Kirkburn said,

This is because those websites code around Firefox and IE, not Opera.

It's not because Opera has flaws in its design, unless you count following the standards more strictly a flaw (which, you can, but not to a particularly great extent).


Actually previous versions of Opera (like 6, 7 and 8) were following only part of the standards. Have you ever tried making DHTML/AJAX web applications for them?

Neoauld said,
everytime ive posted a site that works in Fx and IE on the opera forums, theyre reply has always been "That site is coded wrong its not standards complaint"

really?

how about you show me these threads, eh?

also, show me that OPERA said that, and not just some random ignorant forum moron.

Yes they have compatibility in there, but not enough obviously

says who? do you even know the most common cause of compatibility problems? BROWSER SNIFFING! as in, the site sends different content to opera which doesn't work.

This seems to pop up every other month or so.. of the listed browsers only Firefox does full disclosure on all their security vulnerabilities. Opera/Apple/Microsoft only disclose vulnerabilities that were found by third party researchers. In other words, this is a completely bogus way to measure browser safety.

macel said,
Opera/Apple/Microsoft only disclose vulnerabilities that were found by third party researchers

Wrong.

Really? Last time I checked Microsoft pushes all their updates through automatic updates and they will dsiclose a security issue as the update title.

Besides, a hole is a hole, it's a capability of being breached whether or not it can be used or not.

I've been saying this for years, and I'll say it again, FireFox machines are the most infected machines that I get in to fix and remove spyware/viruses...

Tech Greek said,
I've been saying this for years, and I'll say it again, FireFox machines are the most infected machines that I get in to fix and remove spyware/viruses...

Firefox, it's not CamelCase.

What reasons do you see for Firefox getting infected more - I mean, is it the browser, the browsing habits, or the user being stupid?

Tech Greek said,
Really? Last time I checked Microsoft pushes all their updates through automatic updates and they will dsiclose a security issue as the update title.

Besides, a hole is a hole, it's a capability of being breached whether or not it can be used or not.

I've been saying this for years, and I'll say it again, FireFox machines are the most infected machines that I get in to fix and remove spyware/viruses...

And you inspect each patch and know only one thing security vulnerbility was fixed in each patch right?

Slimy said,
Wrong.

Please show me where Microsoft/Opera/Apple disclose vulnerabilities that were found internally before release?

Kirkburn said,
Firefox, it's not CamelCase.

What reasons do you see for Firefox getting infected more - I mean, is it the browser, the browsing habits, or the user being stupid?


A combination of all three, I imagine. Think about the simple fact that users, educated or not, will use Firefox with an Apple Complex: "I'm perfectly safe, I'm not using Microsoft." If you market a product as being more secure, people will dump caution and click anything without thinking twice.

I mean, what do you expect? How should Firefox be marketed?

"Firefox! More secure, as long as you browse intelligently and don't click mysterious links and don't install software offered by pop-up ads..."

Really, the same 'safe habits' people need to use to make Firefox secure are the same habits that would make ANY browser (including IE) just as secure. In other words:

Browse safely, and use whatever the heck you feel like.

What? All this does is show how many vulnerabilities were found and patched. This does not take into account the severity of the vulnerabilities, likelihood of being realistically exploited, or how quickly they were patched.

Doesn't this completely refute the previous article where the guy that hacked Mac OS X via Safari point blank said it was easier to exploit???

Once again... I'm a firm believer that all statistics does is confirm what the user "wants" it to confirm.

HeartsOfWar said,
What? All this does is show how many vulnerabilities were found and patched. This does not take into account the severity of the vulnerabilities, likelihood of being realistically exploited, or how quickly they were patched.

Exactly my thoughts!

HeartsOfWar said,
Doesn't this completely refute the previous article where the guy that hacked Mac OS X via Safari point blank said it was easier to exploit???

No. The thing about the Safari on OSX hack was that it was on OSX, not that it was Safari.

OSX doesn't properly implement any of the newer anti-exploit technologies that Windows and Linux do, and as such, if you have a vulnerability in any piece of software there, be it Firefox, Safari, whatever, it's easier to crack open and do something with.

HeartsOfWar said,
Once again... I'm a firm believer that all statistics does is confirm what the user "wants" it to confirm.


I took an entire college course thats studied slanted statistics....its amazing, if your looking for a result its easy to setup a test to prove your results

bdsams said,
I took an entire college course thats studied slanted statistics....its amazing, if your looking for a result its easy to setup a test to prove your results

It's also a hell of a lot easier when all parties involved are not represented fairly.

But it gets pretty hard when diehard fans end up being fanboys who can't admit things.

Seriously, this may not mean you'll end up getting a virus if you use Firefox, but the way you are ignoring the news presented is just too fanboyish.

bdsams said,
I took an entire college course thats studied slanted statistics....its amazing, if your looking for a result its easy to setup a test to prove your results

If this is your original analysis of the report, you just participated in slanting! ;)

Secunia is not "reporting that Firefox is the most vulnerable web browser that is widely adopted on the market today.", as stated in the opening paragraph of the article. The chart is the first chart in the report, and is just one metric that is looked at.

I posted this already in the forums, but will repost it here, since this is the same subject, just in a different location.

But there is also a chart that shows ActiveX (a Microsoft IE technology) as being the source of the lion's share of vulnerabilities. More than 3 times the total number of firefox vulnerabilties.

And a chart that shows how the vendors Microsoft and Mozilla have responded to 0-day exploits that were publicly announced without responsible disclosure to the vendor. IE's were more severe, yet were either unpatched, or took a lot longer to turn around a patch.

The remainder of the report focused on overall market, and did not separate browsers.