The Definitive reason why Firefox is safer than Internet Explorer

[+Warwagon MVC]

I was sitting around one night, when it became apparent why Firefox is safer than Internet Explorer. It’s not because it doesn’t have as many security vulnerabilities as the competition. Or that all the bad guys try to target Internet Explorer instead.

Nope, it’s none of those things. It's safer because when prompted to download a file, it doesn’t let you open the file automatically, it just allows you to save it. Now you might be asking “How does that solve the world’s malware problem?” It solves it because people are idiots, which is why they tried to run the file in the first place.

Stupid users..

A) Don’t know where Firefox downloads the files to.

B) How to open a file once it’s been downloaded

C) How to access the “downloads” dialog box.

D) Don't realize that by downloading the file they still have to install it.

You don't know how hard it is to walk someone through opening a file while doing phone support, if they are using firefox (Which is a good thing I guess)

Case and point, I had someone call me asking how to open up word documents (they didn’t have Microsoft word). I told them go to Google and search for “Word View 2007”. Then download and install that, then try to reopen the word document you were having trouble accessing before. He said "cool, thanks"! I hung up with him and 10 mins later he calls and says he has the same problem it still won’t let him open the word file. So I remotely connect into his computer. I ask him if he has installed the Word Viewer. He says he has. So I pull up downloads and see he had downloaded the correct file. I asked him if he opened the file listed in the download box. He says “No, do I have to?”.

So now let’s take 2 users. User #1 is using internet explorer. They somehow stumble upon a fake AV popup and it prompts them to run setup.exe, they click run. Then the computer asks "are you really sure you want to run this file"? They click run again. They are now infected.

User #2 is using Firefox, and gets the same Fake AV website as user #1 and is also prompted to run the file. They click save. That’s it. They think they successfully installed the file, and close out of the website.

This would explain why on numerous occasions I've gone to a customers house (who use Firefox) and saw fakeAV setup files in their download directory and wondered how they avoided getting infected. It all makes perfect sense now.

So Firefox really is safer than Internet Explorer.

[Prince Charming]

Ohhh! I see what you did there!

You turned a lack of something into a feature!

Seriously though, I have to disagree. I don't really see the link between this and browser security, at all. I also think you're completely ignoring IE8's SmartFilter tech, which will usually prevent a malware download before the user is able to.

I do think your youtube dances were sexy though.

[HawkMan]

Ohhh! I see what you did there!

You turned a lack of something into a feature!

Seriously though, I have to disagree. I don't really see the link between this and browser security, at all. I also think you're completely ignoring IE8's SmartFilter tech, which will usually prevent a malware download before the user is able to.

I do think your youtube dances were sexy though.

Have to mostly agree with pandya here, the stuff at the end is just freaky though.

[Fish]

But by your description of this user, they most likely wouldn't be using Firefox to begin with. "That big blue E is "The Internet"... What's a Firefox?"

[+Warwagon MVC]

But by your description of this user, they most likely wouldn't be using Firefox to begin with. "That big blue E is "The Internet"... What's a Firefox?"

It was based on me installing it on their PC.

[+Warwagon MVC]

Not sure if it would have helped this one guy, but yesterday I got a call from a guy that got one of those fake security warnings. He said he tried installing it 5 times and in the end he gave them his credit card number :laugh:

[Fred Derf Veteran]

In my experience stupid users install anything that the computer tells them to. They can't differentiate between ads and the operating system. I try to get these users off of MSIE as quickly as possible.

[nowimnothing]

It's sad, but true.

I usually refer to this by saying that Microsoft gives users a little extra rope with which to hang themselves.

[name in use]

Not sure if it would have helped this one guy, but yesterday I got a call from a guy that got one of those fake security warnings. He said he tried installing it 5 times and in the end he gave them his credit card number :laugh:

Ouch... :argh:

[+Warwagon MVC]

Ouch... :argh:

Exactly. Funny thing is, I had to tell him to get a new credit card. I f I hadn't told him I don't think he would have.

[Solid Knight]

Got to love those fake anti-virus pop-ups. I get people who consistently fall for them every time.

[Rudy]

At first I was like "Meh" but I think I agree with your statement....and yea some people are pretty stupid

[BajiRav]

I actually miss the "Run" feature from IE when using Chrome and others. I think Firefox does allow you to directly open an executable like IE?

[ignoramous]

It's sad, but true.

I usually refer to this by saying that Microsoft gives users a little extra rope with which to hang themselves.

May be it's all a part of a bigger conspiracy where MSFT continues to "shell" out vulnerabilities, so that the anti-virus companies could convince us to pay them more.

[ViZioN]

Not sure if it would have helped this one guy, but yesterday I got a call from a guy that got one of those fake security warnings. He said he tried installing it 5 times and in the end he gave them his credit card number :laugh:

Wow, really?! :unsure:

May be it's all a part of a bigger conspiracy where MSFT continues to "shell" out vulnerabilities, so that the anti-virus companies could convince us to pay them more.

All software has bugs/vulnerabilities, not just the more publicised bugs found in Microsoft and Adobe products, for example.

[Kondrath]

lol, I definitely have to agree with Warwagon on this one. Can't count how many times I've fixed a user's PC or have asked them to download a file and about 90% of the time the file magically is nowhere to be found.

"Is it on your desktop?" No

"Is it in your documents?" Hmm.... no don't see it

"Is it in your downloads folder?" No... Wait what's that?

I hate fixing computers. Absolutely can not stand it. People are too frustrating. Or I'm too impatient, lol.

[Fred Derf Veteran]

I hate fixing computers. Absolutely can not stand it. People are too frustrating. Or I'm too impatient, lol.

It is best to have very low standards.

[+Warwagon MVC]

It is best to have very low standards.

Yep also making threads like this help with the stress :yes:

[+Warwagon MVC]

Today an old man called me telling me he was infected with a Fake AV. He swore up and down that he didn't run anything, but also couldn't really be sure. He said he kept trying to exit out of the fake AV popup by clicking this, and clicking that and in the process he said he probably clicked run.

This proves my point. This is how people get infected. They use IE, and they try to get out of the fake popup but it won't let them out. They click and click and click and in the end run the file. If they use firefox the worst they could click is "save" and the file never accidentally gets executed. thus they system stays clean.

[sc302 Veteran]

Make things too easy and people complain about things, make things difficult and even the simplest of tasks become impossible. Where is the happy medium.

Example: IE go to an infected site and it runs code for the user...but when a tech needs you to run something it is very easy for the end user to run something. FF go to an infected site and it doesn't auto run, send user to a site to load something and they say they ran it but never really did and is sitting somewhere on their harddrive. This happens to me quite frequently when I need people to run things like teamviewer, IE they just need to click on the link and choose run twice, FF click on the link and it downloads then the end user says they ran it only to find it in their download folder idling.

I hate/like both equally. Too bad you can't mark certain sites to auto run things on and the rest to prompt. Would require some configuring, but it beats all on or all off.

[Panacik]

I was sitting around one night, when it became apparent why Firefox is safer than Internet Explorer. It?s not because it doesn?t have as many security vulnerabilities as the competition. Or that all the bad guys try to target Internet Explorer instead.

Nope, it?s none of those things. It's safer because when prompted to download a file, it doesn?t let you open the file automatically, it just allows you to save it. Now you might be asking ?How does that solve the world?s malware problem?? It solves it because people are idiots, which is why they tried to run the file in the first place.

Stopped reading there and cant be bothered to read the other posts in this thread...

Basically, i have seen malware infections occur with people using Firefox and internet explorer WITHOUT the need to download anything at all.

In fact, being an admin, i also had my machine infected WITHOUT downloading anything at all. I simply browsed a site that had only just been "hijacked" and without knowing, it downloaded scareware in the background.

It was after i closed Firefox that i suddenly got inumdated with trojan warnings from "Windows Antivirus 2010" etc.

This is a common occurance in the office for most of our users and results in the need to boot to safe mode, delete the temp files and clean the startup reg entry.

The malware part only comes AFTER you click the "clean now" button on the scareware. But that does not use any browser anyway.

Your trolling failed.

Today an old man called me telling me he was infected with a Fake AV. He swore up and down that he didn't run anything, but also couldn't really be sure. He said he kept trying to exit out of the fake AV popup by clicking this, and clicking that and in the process he said he probably clicked run.

This proves my point. This is how people get infected. They use IE, and they try to get out of the fake popup but it won't let them out. They click and click and click and in the end run the file. If they use firefox the worst they could click is "save" and the file never accidentally gets executed. thus they system stays clean.

Your right in this sense, but in the scareware i have seen over the last year, the browser does not even matter.

[+Warwagon MVC]

True but why not at lease stop this % from happening

[+Warwagon MVC]

Stopped reading there and cant be bothered to read the other posts in this thread...

Basically, i have seen malware infections occur with people using Firefox and internet explorer WITHOUT the need to download anything at all.

In fact, being an admin, i also had my machine infected WITHOUT downloading anything at all. I simply browsed a site that had only just been "hijacked" and without knowing, it downloaded scareware in the background.

It was after i closed Firefox that i suddenly got inumdated with trojan warnings from "Windows Antivirus 2010" etc.

This is a common occurance in the office for most of our users and results in the need to boot to safe mode, delete the temp files and clean the startup reg entry.

The malware part only comes AFTER you click the "clean now" button on the scareware. But that does not use any browser anyway.

Your trolling failed.

What you've just described is what happens when you have a vulnerability on the system. whether through Windows, IE, Firefox, Flash, Java, Adobe acrobat reader or others. Which is why it's a good idea to run securnia to make sure all of your 3rd party apps have the latest security updates.

[Panacik]

What you've just described is what happens when you have a vulnerability on the system. whether through Windows, IE, Firefox, Flash, Java, Adobe acrobat reader or others. Which is why it's a good idea to run securnia to make sure all of your 3rd party apps have the latest security updates.

But the point is that using Firefox in all these cases makes no difference at all...

[SergeLab]

Some reasons why Firefox is often safer than IE are:

+Firefox has a better auto-update mechanism.

+Firefox is typically updated faster, which discourages exploit-writers.

+Firefox has fewer components, because it is not integrated into the OS, so it has less attack surface.

One solution is to have both:

"One security technique is to use multiple browsers for different tasks. This technique works because browsers and browser plug-ins are usually the software that is targeted by the exploit packs. Having multiple browsers allows configuring each one with different security settings.

It is recommended to install several web browsers and to disable all plug-ins in one of them. It is recommended to use that browser for most regular web activity. It is recommended to have another browser on hand with plug-ins enabled. The browser with the plug-ins enabled can then be considered the less secure browser. When a trusted web site requires plug-ins to be viewed correctly, it may be viewed with the less secure browser.

The multiple browsers technique has some additional benefits. Different web sites are best viewed with different browsers. Having multiple browsers on hand allows viewing the web site with whatever browser displays it best. Some browsers are faster than others. It may be possible to configure the fastest browser as the most secure and use it for most browsing activity."