[GLLUG] Microsoft Compares IE and Firefox

davefff davefff at comcast.net
Thu Dec 13 01:06:28 EST 2007 

Hello,

Thank you Stanley for this. It got me going; see below...

I've been a Firebird and Firefox user since 0.3 way back years ago. My 
son introduced it to me as I have problems with BG and Internet Explorer 
and all their nonsense. Yes, Opera is good, according to my sister, but 
Firefox is for everyone...

Firefox is OURS to use , play with, and improve: it is the FUTURE!

I refuse to hear complaints about it, and know that BG even has secretly 
funded some of it.

We can make it what we want it to be, not have it packaged and forced 
upon us.

I'm not interested in any SPIN: BG, Bushies, Clintons, McGov't or any 
other perfidy type of nonsense.

Dave  KB2MVF



Stanley C. Mortel wrote:
> From "Security Update" 12/12/07:
>
> Microsoft Compares IE and Firefox
>
> People can't resist arguing about whether one browser is better than 
> another, and invariably the argument centers on Mozilla Firefox versus 
> Microsoft Internet Explorer (IE). Last week, I came across a study 
> conducted by Microsoft Strategy Director Jeff Jones that compares the 
> two browsers. The study would have been better if it had included 
> Opera. I guess omission is one good way to marginalize the competition.
>
> My assumption was that because someone from Microsoft produced the 
> report, it would try to show that Microsoft's strategy for IE 
> development and support results in a better, safer product. The report 
> didn't convince me that IE is superior to the open-source Firefox.
>
> Jones said that he examined vulnerabilities in Firefox and IE over the 
> past three years, broke them down by severity, looked at each browser 
> version by version, and examined each browser in terms of unfixed 
> vulnerabilities. Right away, Jones said that according to his 
> findings, more security problems have been found and fixed in Firefox 
> than in IE. Jones' findings point out that the Internet community is 
> finding problems and Mozilla is fixing those problems both openly and 
> quickly. The findings cause me to ponder a thought: If people can find 
> 199 security problems in Firefox, then imagine how many might be found 
> if Microsoft opened the IE source. Well Microsoft isn't about to do 
> that, and even without the source, people have found at least 87 
> problems in IE, according to Jones.
>
> Next, Jones takes aim at Mozilla's support life cycle for Firefox, 
> which is shorter than Microsoft's for IE. What Jones failed to mention 
> is that IE is--according to Microsoft--tightly integrated into the OS. 
> So Microsoft has no choice but to support its browser versions longer. 
> Updates to the loosely integrated Firefox are unlikely to break a 
> dozen other applications or the OS itself. Therefore, Mozilla can 
> enjoy the luxury of short support periods, which in turn streamline 
> development and speed up browser innovation.
>
> Jones wrote that Novell is shipping SUSE Linux Enterprise Desktop 10 
> with support until 2013, Red Hat is shipping Enterprise Linux 5 with 
> support until 2014, and Ubuntu 6.06 was shipped with support until 
> 2009. All three OSs include Firefox 1.5. Mozilla ended support for 
> Firefox 1.5 back in May, but that was announced well in advance, so 
> each vendor should have been aware of the support timeline. Now they 
> have to decide how to handle ongoing support by either choosing to 
> patch Firefox 1.5 on their own or have users upgrade to Firefox 2.x.
>
> Jones also argues that frequent upgrades are risky for businesses. 
> Microsoft releases a batch of security patches and other product 
> patches nearly every month, many of which have broken various aspects 
> of Windows. I've been using Firefox since it was released. The browser 
> tells me when an update is available via a nonintrusive pop-up box, 
> and I click OK. The entire upgrade process takes about 20 seconds over 
> a broadband link. Never once has a Firefox upgrade ever broken 
> anything on my systems. I bet others have similar success stories. As 
> for businesses, administrators can upgrade Firefox on any number of 
> systems and most likely experience similar results.
>
> Jones stated that part of his motive for creating the report was to 
> refute Mozilla's statement that those who use Firefox "won't harbor 
> nearly as many security flaws as those that have Microsoft's Internet 
> Explorer." While Jones did do that, the proof is relatively 
> meaningless. At the end of his report, Jones summarizes by saying that 
> IE has experienced fewer vulnerabilities over time than IE, which left 
> me wondering, "So what?" If Windows runs on 80-something percent of 
> all desktops, then by default IE also runs on 80-something percent of 
> all desktops. It seems obvious that a major vulnerability in IE will 
> cause more widespread damage than a similar vulnerability in Firefox 
> or any other browser. So that needs to be kept in mind when comparing 
> the number of vulnerabilities in each browser.
>
> Jones also failed to point out that Mozilla fixes vulnerabilities 
> faster than Microsoft. Of course, Microsoft is more limited in what it 
> can do in terms of patch releases because it carries a much larger 
> responsibility due to its a huge Windows user base and because IE is 
> tied to various other aspects of the OS.
>
> One thought that came to mind after reading the report is that maybe 
> Microsoft is bothered by the fact that Firefox is a very good browser, 
> that it's growing in popularity, that it's free, and that it's open 
> source. Any great open-source program makes open source look 
> attractive to people. And naturally that's problematic for Microsoft.
>
> If you're interested in Microsoft's spin, then head over to Jones' 
> blog at the URL below where you'll find his report available in PDF 
> format.
> <http://ct.email.windowsitpro.com/rd/cts?d=33-747-803-202-8087-38052-0-0-0-1-2-207>blogs.technet.com/security/archive/2007/11/30/download-internet-explorer-and-firefox-vulnerability-analysis.aspx 
>
>
>
> ****************************
> Stan Mortel
> mortel at cyber-nos.com
> ****************************
>
> _______________________________________________
> linux-user mailing list
> linux-user at egr.msu.edu
> http://mailman.egr.msu.edu/mailman/listinfo/linux-user
>
>

More information about the linux-user mailing list