Firefox Users Most Secure on Internet, Study Reveals

By p858snake
in Back Page News

 Share

Recommended Posts

Grand Master

Scirwode

Posted
Posted

I use Firefox 3.0 with NoScript and I haven't had any problems.

burp.. Opera!

:laugh:

Scirwode

Grand Master

spenser.d

Posted
Posted
How would you know without an AV program??

I don't know, but I don't visit any shady websites on my laptop first off - it's really only for checking basic things online and doing schoolwork. Second, until my laptop starts running slow and crappy (and believe me, it's not a beast - it doesn't take much to bring it to a crawl), I could really care less - if you guys would've read my first post correctly, you'd see I said I haven't run into any problems. I didn't say that I know for sure I don't have anything wrong but it's a risk I'm willing to run considering what I do with it. I do a hell of a lot more with my desktop, on which I run IE8 (IE7 until IE8 came out, FF until IE7 came out) and I can probably count on one hand the number of times my AV has had to clean out anything over the last 5 years - none of them critical.

-Spenser

Grand Master

markwolfe Veteran

Posted
  • Veteran
Posted
I do like Opera but you have to offer a bit more proof then "cough"

How about Secunia's report of current and historic vulnerabilities? :)

http://secunia.com/product/4932/ <== Opera 8

http://secunia.com/product/10615/ <== Opera 9

The article is mis-worded. It should read "more up-to-date with current versions", instead of "more secure".

Grand Master

+Gary7 Subscriber²

Posted
  • Subscriber²
Posted
I don't know, but I don't visit any shady websites on my laptop first off - it's really only for checking basic things online and doing schoolwork. Second, until my laptop starts running slow and crappy (and believe me, it's not a beast - it doesn't take much to bring it to a crawl), I could really care less - if you guys would've read my first post correctly, you'd see I said I haven't run into any problems. I didn't say that I know for sure I don't have anything wrong but it's a risk I'm willing to run considering what I do with it. I do a hell of a lot more with my desktop, on which I run IE8 (IE7 until IE8 came out, FF until IE7 came out) and I can probably count on one hand the number of times my AV has had to clean out anything over the last 5 years - none of them critical.

-Spenser

My Bother In Law has never used a AV program and he claims to never have had a problem, I delete all of his emails. ;)

But if you do just use it for schoolwork and not to visit any nasty site then your probably OK. I use Avast and it has never detected any virus and I also use an on line scanner about every 3 months. A great many people now believe that AV programs are a waste of resources, but I have 3 gigs of ram and I am only using one module of Avast so I am not concerned about it.

As far as the most secure goes, anything but IE.

Mentor

dmd3x

Posted
Posted
Get a job and see if your attitude changes.

I agree. Although I prefer using IE7 over IE6, I understand why the I.T. department that I work for has chosen to stay with IE6, there is a lot of intranet and other software that only works right with IE6, and this given software is quite expensive to upgrade. They are working on it, but IE8 beta is already in the works...

:sleep:

Grand Master

zhangm Supervisor

Posted
  • Supervisor
Posted
Get a job and see if your attitude changes.

Wow, what an asinine assumption, I complain about slow software updates, so I must be a 12 year old living in a basement. No, I work at a college, my job this summer was to update our maintenance software and scripts to be Leopard-compatible. It was really easy. :rolleyes:

Grand Master

redvamp128

Posted
Posted
There is none, that is why most major corporations are not moving to Vista. Some companies are still using W2K.

We just upgraded to Win2k3 Server and XP workstations in order to run OPERA (not the browser but the hotel management system)... We were running NT4 workstations- Win98 (for the Credit Card System- and Win2000 Server.

Veteran

megamanXplosion

Posted
Posted

This study has very little to do with browser security, but with secure practices among users. As a person who uses Opera 9.51, OpenDNS, PeerGuardian with extra lists for security, an extensive HOSTS file for security, all on a limited user account of an XP machine that scores ~74 on the CIS XP Benchmark behind a software and hardware firewall, I am most certainly not just "slightly more" secure than an Internet Explorer 6 user on an unsecured XP on an administrator account hooked directly to a DSL modem. This article doesn't address browser security—which is a quite different metric from user ineptitude.

Proficient

.tony

Posted
Posted
This is stupid. I shop and pay bills using IE7 for months when even I have Firefox. It's just IE is more compatable than Firefox on most websites out there (why you need IEtab extenstion when IE don't need anything).

Only because websites don't follow standards and have such bad workarounds applied so they only work on IE.

Mentor

dmd3x

Posted
Posted
Only because websites don't follow standards and have such bad workarounds applied so they only work on IE.

That's strange... I shop and pay bills online and I work only in Firefox, haven't run into any problems. The only thing I use IETab for is for Windows Update and Microsoft Exchange Web Based (which will work in ff, just not as well).

Grand Master

shakey_snake

Posted
Posted (edited)
And of course using Secunia is just as incorrect, of the 4 major browsers only Mozilla fully discloses all vulnerabilities.

There was even one time where Opera ASA didn't even disclose when it has fixed a security hole in it's changelog.

More secure my ass. :laugh:

Anyways, I'm not surprised by this news.

The partial patch system in Firefox is quite good and really pretty amazing.

And as far as business go, they could at least restrict IE6 usage to their intranets/VPNs and keep that steaming pile off of the internet-wild.

Edited by shakey_snake
Veteran

megamanXplosion

Posted
Posted

Opera waits for security reporters to make their discoveries public before announcing a fix so the reporters can be properly credited (links to the reporter's site, thus Google PR boost). Typically, vendors and reporters publish around the same time so there's typically no issue, but a wrench was thrown in the plans a single time because Opera had previously promised a build for Christmas to their community but the reporter was on Christmas vacation and unable to make his discovery known. Opera decided to deliver on its promise to the community by releasing Opera 9.10 in a way that would allow them to properly credit the reporter at a later time, after the reporter came back from Christmas vacation.

That's called professional courtesy, Shakey.

Grand Master

shakey_snake

Posted
Posted
That's called professional courtesy, Shakey.

Whatever the reasoning, it's an unprofessional non-courtesy to their users. :whistle:

Anyways, I've hope they've gotten out of the business of promising their users releases by x date.

No need to put yourself between a rock and a hard place.

Veteran

megamanXplosion

Posted
Posted

Apparently, you know nothing of the software industry. Those who test your software for vulnerabilities choose to remain silent to the public at large so you have an opportunity to fix the problem before it's known by malicious exploiters. This knowledge exclusivity is a privilege, not a right, and your privilege can be easily revoked. If you give those people the proverbial middle finger, they'll be tempted toward revenge the next time they find a security issue, which increases the odds of malicious exploiters being informed about the problem, thus increasing the odds of screwing over your customers. It was courteous to the users to not screw over the security reporter.

And your idea of courtesy is baffling. You think it would be more courteous to delay the release with security fixes so the users could have a more complete changelog when the software's released and less courteous to offer them the security fixes faster? What twisted idea of coutesy do you have?

As for promising to make releases, they didn't. I used that phraseology to see if you'd correct me. Why? Because anyone who knew actually researched the undocumented security fix incident you mentioned would know there was no promise because Opera never makes promises about releases and thus you would've corrected me about being factually incorrect in proposing such an explanation. (They were hoping for a release, but never promised one. Which you can easily verify yourself.) You bit the troll bait, Shakey.

Grand Master

shakey_snake

Posted
Posted
Apparently, you know nothing of the software industry.
I do not know how you can possibly know enough about me to make such a claim. Perhaps you know where I sleep too? or what I'm wearing right now? :rolleyes:
Those who test your software for vulnerabilities choose to remain silent to the public at large so you have an opportunity to fix the problem before it's known by malicious exploiters. This knowledge exclusivity is a privilege, not a right, and your privilege can be easily revoked. If you give those people the proverbial middle finger, they'll be tempted toward revenge the next time they find a security issue, which increases the odds of malicious exploiters being informed about the problem, thus increasing the odds of screwing over your customers. It was courteous to the users to not screw over the security reporter.
Seriously, a simple: "jpeg vulnerability fixed more details to follow..." would have been more that sufficient. However anything was omitted, and that is a problem.
And your idea of courtesy is baffling. You think it would be more courteous to delay the release with security fixes so the users could have a more complete changelog when the software's released and less courteous to offer them the security fixes faster? What twisted idea of coutesy do you have?
Humm... I never said that....
As for promising to make releases, they didn't. I used that phraseology to see if you'd correct me. Why? Because anyone who knew actually researched the undocumented security fix incident you mentioned would know there was no promise because Opera never makes promises about releases and thus you would've corrected me about being factually incorrect in proposing such an explanation. (They were hoping for a release, but never promised one. Which you can easily verify yourself.) You bit the troll bait, Shakey.
Yeah, I didn't know about something that didn't happen but I assumed you were not lying to me. I guess that makes me a troll. :rolleyes: Great logic.

This is utterly ridiculous. All you've really done is established that you are not a reliable source of information.

I'm going out of town for the week , so don't expect a reply to whatever fanboy garbage you dream up next. And even if I was going to be around, I wouldn't expect me replying to you ever again when it come to browsers. Clearly a mistake.

Anyone who wants to read about what we are talking about can read about it here:

http://www.heise-online.co.uk/security/Ope...et--/news/83279

Veteran

megamanXplosion

Posted
Posted

If you knew anything about the development process of Opera Software, you would've corrected me. You know nothing about Opera's development process, thus you have no knowledgable basis on which to put forward implications of Opera Software's security policies. And I didn't call you a troll because you took the bait, I said I put the bait there because I identified your trolling before then—feel free to look at your strawman picture again, I think you missed something. The changelog they posted was sufficient. People knew of stability, accessibility, security, and performance improvements and more. Users were given more than enough incentive to upgrade.

You're exaggerating a small hiccup in the development process as if it were a huge security concern when it's not. Where's your aspersions against Mozilla's security policies, considering the many security vulnerabilities they didn't bother to fix in 2.x after several years of being known and problems beginning to accumulate in 3.x as well? Where's your aspersions against their security policies? That would only be fair, wouldn't it, Shakey?

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.