Firefox Myths?
18 05 2006
Alan mentioned Firefox myths which catch my attention. For some reason, I saw this website but never check it till now.
Basically, they nailed it.
Not too long ago, I talked with one of guy from Browsehappy.com – I told him they are being biased. It is full of misleading. He got bitch at me for saying that. Whatever.
Now, I feel better that it doesn’t matter which browser you use, just use latest version and you will be fine. Really.
Grant W Laird, Jr.
http://blog.grantlairdjr.com
The concept of this page is nice, since there are quite a few myths floating around about Firefox (really, it isn’t 100% standards compliant, etc.).
However, the article itself is full of factual errors and misleading statements. It used to be sort of okay — although from the very beginning it misrepresented the data in my standards support resource — but the author has since embarked on some crusade and added a lot of nonsense to the page just to try to make Firefox look bad. The purpose of the “Fanboy Quotes” section in the sidebar is to deliberately misquote people who pointed out factual errors in his page, and he lies about things I have done with my standards support resource. He has even resorted to spamming his article on a website using my name.
Here’s a debunking of some of the stuff on his page, although it doesn’t cover all of the errors.
Secunia does not list an extremely critical vulnerability that ever affected Windows users. It did list one that affected *nix systems (which was fixed the day after it was discovered), but his page clearly says that it is only dealing with Windows and he has used that excuse in numerous debates about his article.
The browser speed tables come from the website of an Opera employee and the results I’ve gotten from the same tests have been quite different in some areas.
He claims to debunk the “myth” that Secunia keeps vulnerabilities secret to give Opera a chance to fix them, but if you read Secunia’s e-mail response and the page it links to, Secunia itself confirms this supposed “myth” he’s trying to debunk. Here’s Secunia’s official statement from their own website: “All vulnerabilities discovered by Secunia Research are reported directly to the vendors in a responsible manner, giving the vendor two weeks to reply with a confirmation and details about the expected release date for the security update. Secunia always wait for the security update - as long as the vendor keeps a reasonable time frame for issuing the update and actively co-operate with the Secunia Research team.”
He pretends like Firefox’s vulnerabilities aren’t quickly patched, noting two old vulnerabilities (both with a 2/5 criticality rating from Secunia). Only one of them affects Windows users, and Internet Explorer has the exact same vulnerability discovered the same day and still unfixed, plus several older vulnerabilities. Among IE, Firefox, and Opera, Firefox has also averaged at the fastest patch time for exploited vulnerabilities and has averaged at fewer exploited vulnerabilities per day than IE or Opera.
Regarding ActiveX, here’s what Microsoft themselves have to say: “An ActiveX control can be an extremely insecure way to provide a feature. Because it is a Component Object Model (COM) object, it can do anything the user can do from that computer. It can read from and write to the registry, and it has access to the local file system.”
The author refers to Opera’s fast-forward/rewind feature as being “the same thing” as Firefox’s cached history feature. If you spend five minutes to actually read what they are, you’ll see they’re totally different things. Opera does have some form of caching system, but it isn’t related to the fast-forward/rewind feature at all.
His article argues that Firefox doesn’t block all popups because you need to tweak settings or install a plugin to do it perfectly. However, at the same time he says that IE6 supports tabbed browser because you can get it through an extension.
He says that I tried to redirect visitors coming from his article away from my standards support summary page, which I never did. Then he says that Internet Explorer visitors going to my standards support resource get redirected to a browser warning page, which they don’t and never did. Then he took a quote from me out of context (I was talking about how frustrating Internet Explorer is in web development and how IE is the only browser that doesn’t play nicely with the standards). Then he claims that I’ve been deliberately lowering my figures for Internet Explorer just for the sake of doing so, when the truth is that the figures have been lowering for all browsers (as new bug information is added to the support tables, the percentages will naturally go down).
I could go on, but I think you get the point by now. Don’t take something like this at face value: it has lots of factual and logical errors, and sadly the author absolutely refuses to hear any criticism. Whenever anyone points out errors on his page, he just calls them a “Firefox fanboy”. Without realizing it at the time, he has even referred to an Opera fan site and Internet Explorer developers as Firefox fanboys just because quotes from them contradicted his article.
I like Firefox and Opera (and although I don’t think Safari and Konqueror are quite mature enough yet, they are making a lot of progress in the right direction). Firefox and Opera are both very good browsers and have strengths in different areas. I personally use Firefox, but I have specifically recommended Opera to some people based on personal needs. I don’t like Internet Explorer simply because Microsoft was irresponsible and cut off development for so long, and even now with IE7 it’s making slower progress than its competitors.
Well… There are few miss for example…
IE don’t support PNG-24 while Firefox does. Of course, IE required lot of goodie download to plug-in for IE which is annoying.
IE’s requirement is full of bullshit because it’s actual built-in IE under OS.
First of all notice who just spammed your blog and then look under the corresponding name in the Fanboy section, enough said.
Don’t be fooled by all the excuses Mr. Hammond makes.
1. There is not a single factual error on the page and absolutely nothing is misleading all the sources are linked directly, there is nothing to hide.
2. From day one I have never misrepresented ANT and Mr. Hammond knows this. Even when he asked me to make the initial correction I did, which he noted in his blog. The fact was he doesn’t want anyone using his data to criticize firefox.
3. I am on no crusade and nothing was added for any other reason then to debunk the said Myth.
4. The Fanboys Quote section is self explanatory, it is called “Fanboy Quotes” for a reason.
5. I have never lied about anything in relation to his page but merely interpretted what I saw. Mr. Hammond is still mad for getting caught redirecting visitors from my page to his specially created warnings.
6. I have never spammed my website anywhere and especially never under his name.
7. That page doesn’t debunk anything. What it does is provide alot of excuses nothing more.
8. The extremely critical vulnerability does exist in Firefox no matter how bad Mr. Hammond wants to cover it up.
9. The Opera speed tests were done BEFORE the author became an Opera employee and are fully documented and sourced. To this day not one reuptable source has been able to come up with documented, reproduceable results to dispute them. Even Mr Hammond failed here when he tried to do this himself comparing IE running in emulation under Linux to a natively supported Firefox build. The author of the speed tests did not try to mislead anyone with misleading speed data like Mr. Hammond initially tested.
10. The Myth was that Secunia had an exclusive agreement only with Opera to cover up vulnerabilities. This is clearly not so and has been debunked. I quickly and simply destroyed this Myth before it even got started.
11. There is nothing to pretend, it is clear Firefox vulnerabilities are not quicky patched. You cannot cover this up, it is a fact. Mentioning IE is an excuse.
12. Microsoft’s comments are clear, you can write and insecure ActiveX vulnerability. Just like you can write an insecure Firefox Extension or an insecure executable. But that is irrelevant because it does not change how the ActiveX control is delivered. You always must confirm installation of the ActiveX control, this is no different then downloading and running an executable.
13. Pop-up blocking is not the same as supporting a feature. Firefox clearly supports ab blocking with the ad block extensions but does not natively. I can disable every manner of scripting in IE too and not have any pop-ups or install a Pop-up blocking or adblocking extension but those would be unfair comparisons. Pop-up blocking tests must compare native support to be fair.
14. Oh clearly he did do both but does not appear to do either as of today. He moved pages to different domains and web hosts and then wants to cry innocence, please.
15. I have never referred to an Opera user or IE developer as a fanboy. The fanboys I refer to are ONLY obsessive Firefox users like Mr. Hammond. His insanity over covering up the truth about Firefox is demonstrated here, which is why I added him to the spammer section for good reason.
Oh I am sure he will try to add even more lengthly replies in the future. He thinks that if he talks enough it covers anything up.
“IE’s requirement is full of bullshit because it’s actual built-in IE under OS.”
Sam, why is that bullshit? If IE can run on lower hardware than Firefox why does OS integration matter? Seriously think about this for a minute.
1. Keep repeating yourself all you like, it won’t make it true. People have conclusively proven a lot of stuff on your page wrong, and you haven’t come up with any defense except, “Nuh uh, my sources are irrefutable!” even when your sources disagree with what you say on your page.
2. You say you never misrepresented my page and then you immediately turn around and admit that you had to correct stuff. You didn’t even correct it at first, despite my very thorough explanation of why your claim was incorrect. You responded saying that you weren’t going to listen to me unless I changed my blog post and remove the part about you trying to make Internet Explorer look superior to Firefox. You finally changed your page a few e-mails later, although you freaked out when I corrected Internet Explorer’s support values for XHTML 1.1 changes and you started bashing me all over your page.
3. “Opera is able to do the same thing without consuming anywhere near as much memory.” was added to disprove the myth that Firefox’s memory leak is a bug? “Internet Explorer has very good support (81-86%) for the most important web standard, HTML 4.01.” was added to disprove the myth that Firefox fully supports W3C standards? The Fanboy Quotes section was added to disprove myths? Obviously things were added for purposes other than just “to debunk the said Myth”, so don’t lie about it.
4. “Fanboy Quotes” isn’t very self-explanatory. The title implies that what you have there are quotes, not misquotes.
5. “I have never lied about anything in relation to his page but merely interpretted what I saw.” Wow. Just, wow. Amazing how you think that argument works when you use it, but you don’t think it should work when I use it. I said on my blog that you were trying to make Internet Explorer look somehow superior to Firefox. That was my interpretation of the page. You said that I was lying and demanded that I remove it, repeatedly saying that you wouldn’t listen to a thing I had to say until then. Explain how this isn’t a double standard. No, I don’t mean reply with “This isn’t a double standard, this was my interpretation and you are lying,” I mean actually explain it rationally. You seem unable to do that.
6. 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, … and under my name. You were banned from digg for posting 24 stories (out of 32 total submissions) about your own two websites, including 12 stories about your Firefox Myths page alone, plus countless copy/paste comment spams on seemingly any browser-related story, often in multiple comments per page. Oh, but according to your article, the real reason you were banned is that digg is full of Firefox fanboys. Right.
7. No, it shows that even though some writer at eWeek agrees with you, Microsoft doesn’t. Plus it exposes all of those misquotes- er, “Fanboy Quotes”.
8. First of all, no, it doesn’t exist on any platform anymore. It was fixed less than 24 hours after it was discovered. And your page lies about that vulnerability. You have said many times and even on the page itself that Windows is the only operating system you’re addressing. You said that you weren’t going to put anything only related to Linux/Unix on that page. Well, that vulnerability is only related to Linux/Unix, so by your own argument, you shouldn’t have that on the page. Sorry, but you’re holding double standards. You can’t have it both ways.
9. I failed with what now? I was experimenting with changes to my database so I could put speed test stuff in there, and I had a mockup speed test to test my internal changes. It was a mockup. Notice I never linked to it from the main site and I never promoted it in any other way. While it was up (all of four results or whatever I had), there was a big fat bold disclaimer saying that the page was only a test, it was done exclusively on Linux, and the values should not be regarded as legitimate. I took it down shortly afterward, once I had finished my internal changes. I still plan to make a proper speed test page, testing on a real Windows system with default settings, etc. And yes, I have tried to produce his results. Firefox on Windows consistently starts up faster than Mozilla on Windows for me, and I also got other different results in some of the areas I tested. You should notice that he only ran three tests per aspect per browser. Three! That isn’t enough data for it to be considered an accurate test, especially when we’re talking about differences in milliseconds.
10. Uh, no, that wasn’t the myth. Again, you’re reading too much into what people are saying. The claim was that “Opera usually coordinates its browser updates with Secunia, so that Secunia doesn’t release any information about security vulnerabilities in the browser before a patch is made available.” That is true. Firefox also coordinates its browser updates with Secunia so that Secunia doesn’t release any information about security vulnerabilities in the browser before a patch is made available. So does Microsoft. That’s how these security researching companies typically work. They privately inform the company of the vulnerability and give them a reasonable amount of time to fix it before they publicly disclose the information. Secunia even says this on their site. There’s no myth here.
11. “Quickly” relative to what? How quick is quickly? A month? A day? There’s no definitive length unless you want to just make something up that sounds good to you, but then it’s merely opinion. Relative to the competition, Firefox fixes its vulnerability very quickly. There are those two little vulnerabilities (the only one you listed that affects Windows users only has 2/5 criticality) which pull the average out a bit, but even still, the average per vulnerability is faster than Internet Explorer *and* Opera. So why don’t you just go out and say that every browser is slow at fixing vulnerabilities? That’s essentially what you’re saying anyway, except you’re twisting it to make Firefox look bad.
12. Yes it is different, since an ActiveX component’s access to your entire system is just one click away. This will be improved in IE7, and then it will be more comparable to Firefox’s extension system. But right now, in the real world, they are two very different beasts as far as the likelihood of a typical user to grant access. Furthermore, a Firefox extension would need to be specifically written to interface with websites and allow any website to make direct use of its functionality. With ActiveX, the whole idea is that websites themselves interface with the control, and in IE 6 SP2 and below, any website can interface with the control on the same terms without site-by-site permissions. A Firefox extension can be perfectly functional without ever giving the website a means to detect or use it, and this is how Firefox extensions typically work. It’s intrinsically much more secure.
13. I completely agree, which is why your claim about IE6 supporting tabs is B.S. Who cares if it supports tabs via a plugin? It doesn’t by default. Compare apples with apples. Double standards, can’t have it both ways.
14. My standards support resource *never* redirected anyone to the browser warning page. You’re imagining things. My personal site (the Nanobox, with the whole red design and the sidebar to the left) is the only one that did. Get your facts straight. (And no, I didn’t change web hosts, I just bought a domain. My current host is still the one you whined to and asked to shut my site down because you don’t think parody sites should be legal.)
15. I’m an Opera user. I use Firefox most of the time, but I also use Opera from time to time. It’s a good browser. I use a lot of extensions for Firefox to provide functionality that I can’t easily get in Opera (if I can at all), but if Opera supported all of the features I like, I would definitely consider switching to it full-time. The only browser I really have a problem with is Internet Explorer, because of the limitations it creates during web development. I also don’t care for Safari and Konqueror as much as Firefox and Opera (what? I prefer a closed source browser to an open source browser? It’s true!) because the layout engines aren’t very sturdy and have a lot of IE-esque bugs in fundamental areas. I really like Firefox and Opera, and I don’t know why you seem to think that I’m all about one specific browser, but you’re wrong.
As for the lengthy replies, sorry, but I actually try to explain myself. My responses to criticism aren’t just, “No, I’m right, you’re wrong, now be quiet.” For someone who claims to want to reveal “the truth”, you sure don’t present your arguments very well.
Oh yeah, I should mention that, aside from the hard drive space, Internet Explorer 7 actually has equal or higher system requirements than Firefox. Same minimum processor, same minimum memory, higher minimum operating system, and it also seems to leak memory a lot faster than Firefox in some cases (open up your task manager and start opening and closing blank tabs in IE7 and watch as the memory goes up and up).
Sam you are full bullshit and it starts to come out of your mouth. Even that IE is integrated to some part… How comes Opera is much faster than Firefox? Is Opera too integrated? Idiot.
One of the reasons Firefox starts relatively slowly is the fact that the entire interface is actually an XML format that’s rendered like a webpage with heavy scripting. It was designed this way so that extensions/themes can change literally any aspect of the interface, something that can’t be done in Opera or Internet Explorer (at least without seriously huge hacks that would dig deep into the program itself and certainly conflict with any other such addons). This was a trade-off the Mozilla/Firefox developers chose to take, and one that I personally think is worth it unless you’re on old hardware where the startup time is more significant. K-Meleon (a Windows-only web browser) also uses the Gecko rendering engine that Firefox uses, but because it doesn’t use the elaborate XUL model for the interface, it starts up much faster than Firefox. Likewise, Epiphany on Unix/Linux and Camino on Mac OS X also start up faster than Firefox because they use native widgets for the interface instead of XUL, at the expense of Firefox’s powerful extension model.
1. You making statements that people have done anything are meaningless. Nothing on the page is factually wrong no matter how bad you wish it were. The sources are irrefutable. As for YOU being the sole source that disagrees that is a personal issue with you. Your data is being used not you biased opinions.
2. I will never listen to anyone who spreads lies about me, get over it. But I will always correct any errors. In your case the wording was not initially clear. I made no changes on the data however until the data showed different results. And I will leave it to the public to decide the coincidence of you changing your XHTML support values for IE after you saw what I stated was factually correct.
3. Notes are added to make any points I feel are necessary. Usually so I do not have to explain them in emails. Quotes and Testimonials are seperate from the content of the page and are there for commentary on it. I have never lied about anything.
4. Get over it.
5. You deliberately and maliciously lied about my page because you believed it criticized your beloved Firefox. Typical Fanboy retaliatory nonsense. This is quite clear. I asked you to remove a lie about my page and you refused. That was from day one and the first email you sent. It is not complicated.
6. Those are not “spammed” but posted for reading. I’ve never posted anything under your name. If that was not you then someone else did. I only posted my sites to Digg when a new version was released. There is nothing wrong with that. There is no proof of any of your other absurd claims. Digg is full of Firefox fanboys which apparently includes the administration.
7. Oh Microsoft agrees with me, you are attempting to take what they say out of context. What is stated in the Eweek article is clear enough that even a fanboy could undertand it but you see that destroys the lies they spread about ActiveX.
8. Oh yes it does exist on the version of Firefox affected by the vulnerability. My page doesn’t lie about anything, the security vulnerability exists. Unlike you I do not wish to cover it up. Unlike fanboys I let them know the truth about Firefox’s security problems. Get over it, it is not going anywhere the public will know the truth.
9. You have nothing but alot of words.
10. This is pathetic, you are now trying to talk your way out of it. Too bad, game over you and your fanboys got owned.
11. Wait so it is “MY OPINION” that those vulnerabilities are not patched since 2004? You are getting desperate. You have nothing again. Though I am sure you think by using alot of words you have made some point, rather just excuses.
12. Firefox extensions can be written to be insecure just like ActiveX controls can be written to be insecure. An insecure extension is no different than downloading a malicious executable.
13. Oh IE6 supports Tabs no matter how bad you want to cover it up.
14. Do you think this sort of nonsense really works? You showed a warning only to people coming from my page to yours. You got caught red handed and then BEGGED me to link back directly. Never in a million years. I realize getting caught doing something dishonest like this is embarrassing, now all the world nows who you truely are.
15. Your whole actions in relation to my page speaks for itself.
There is nothing to argue when the facts are on your side. You have to argue to make excuses for everything. What I present is clear and unbiased, it is brutally honest with no excuses.
Molto,
Bravo, you get what Mr. Hammond just tried to make excuses for. Opera starts up faster than both IE and Firefox. That means there is no excuse for Firefox loading like a dog, no excuse. I could see Mr. Hammond racing cars for NASCAR and then when he loses trying to make excuses why. NO ONE CARES = YOU LOST.
Wow. You managed to have a “response” for every number, yet you said a lot of nothing.
I’ve pointed out numerous factual errors on your page and you haven’t responded to my allegations except with your typical, “Nuh uh, my sources are irrefutable!” response.
I will repeat (these numbers are not related to the ones above):
1. Secunia does not list an extremely critical vulnerability that ever affected Firefox on Windows. Prove me wrong.
2. Firefox has on average fixed total vulnerabilities and exploited vulnerabilities more quickly than Internet Explorer and Opera. Prove me wrong.
3. Microsoft has acknowledged inherent security issues with the ActiveX model and has responded by making ActiveX opt-in on a site-by-site basis in IE7 due to the security problems. Prove me wrong.
4. Opera’s Fast-forward and Rewind features do entirely different things than Firefox’s cached history feature. Prove me wrong.
5. Firefox will block all forms of popups if you use extensions. Therefore, it blocks all popups on the same terms that IE6 supports tabs. On the other hand, if extensions don’t count, then IE6 doesn’t support tabs. Prove me wrong.
6. On the issue of tabbed browsing, allow me to use your own fallacious logic against you. You claim that “Opera developed it back in 1995″. Well according to this definition, “develop” means “make something new, such as a product or a mental or artistic creation”. If Firefox didn’t make tabbed browsing new, then neither did Opera, because InternetWorks had it back in 1994. Prove me wrong.
7. According to the World Wide Web Consortium, CSS 2.1 and CSS 3 are not yet W3C standards. Prove me wrong.
8. The founder of the World Wide Web Consortium originally created and defined HTML, which is part of your definition of “webpage”. Prove me wrong.
These are just some of the factual errors. It doesn’t even address the contradictions you make in your arguments and the sheer bias and deliberately misleading information on your page.
You know you don’t have any logical defense, so you have to resort to calling me a Firefox fanboy, pretending that I don’t promote Opera all around my site, and making lame excuses for things on your page that clearly don’t belong there. Your solution seems to be taking everything that you’re doing and saying that we’re guilty of it and you aren’t.
You’re a proven liar, there is conclusive proof that you have lied about your identity multiple times (here, here, and here, all with the same IP address you used on my site). Tell me, are you still claiming that a few of the “Mastertech”s out there are you and that other “Mastertech”s that sound exactly like you and argue exactly like you and claim to be you are actually different people? It seems that once their IP address is publicly revealed and shown to be the same guy as David Dobsen, Mike G., Realist, FFeLEET, the Mastertech who posted on my site, etc., you have a sudden revelation that that Mastertech really wasn’t you. How convenient.
By the way, the liar’s known IP addresses are 69.136.66.50 and 206.137.1.33. I’d really like to know if “Andrew” here has one of those IP addresses, as that would prove once again that he is lying about his identity. But hey, then the “real” Andrew K. will probably come out and say the one here isn’t really him. I’m kind of surprised he hasn’t changed his IP after all this time.
Wow. You managed to spam more nonsense.
You have pointed out ZERO fatual errors. Let me save you some time. I WILL NEVER CHANGE ANYTHING ON MY PAGES EVER AGAIN IN RELATION TO ANYTHING YOU SAY EVER FOR ETERNITY. (Just in case you don’t want to waste your time.)
I will repeat:
1. Secunia does list an extremely critical vulnerability in Firefox. Prove me wrong. Your obsession with it only effecting Linux is correct! I’ve never disputed it does not only effect Linux. I also never said otherwise. This does not mean I am going to EVER stop listing it. Get over yourself. Your response will be typical. You are arguing with yourself.
2. Averages? Nice way to mislead people. I don’t care about averages, I care about Myths. Again you are arguing with your self. The common Myth is not that Firefox on AVERAG fixes vulnerabilities quicker it is that Firefox quickly pathced vulnerabilities. It doesn’t period. There are unpatched vulnerabilities since 2004. Prove yourself wrong no one cares.
3. ActiveX has been opt-in. Microsoft has acknowledged that ActiveX like Firefox extensions can be written to be insecure.
Prove yourself wrong.
4. Opera’s cached features works similiar to Firefox’s. Prove yourself wrong.
5. Keep crying about this. The public can test this themselves. I can also tell people how to disable all scripting in IE and have it do the same thing. This does not make the browser functional for everyday use. Get over yourself nothing will EVER change about this.
6. This is the most pathetic argument yet. You seem to think that if you can find some absurd technical fallacy in your own mind it can dispute something. Get over yourself.
7. Again the technical fallacy argument. I am never ever again changing anything on the page because of your tactics. I don’t care what they are “officially” pandered. CSS 2.1 and CSS 3 are clearly standards.
8. Who cares.
What you are pointing out are so pathetic it is not even funny. You dispute nothing because you have to look for such ridiculous extreme points. There are no contradictions, bias or misleading information. Everything is sourced.
I’ve just defended every point with ease. You mentioning Opera is hardly promoting.
I have never lied about anything. None of those names are mine except Mastertech. In your delusional world they are. You Mr. Hammond are one of the worst Human Beings I have ever dealt with ever. Not only do you continue to lie and slander me you violate my copyrights and steal my work. There is a special place in Hell for people like you.
“Now, I feel better that it doesn’t matter which browser you use, just use latest version and you will be fine. Really.”
Well, that’s not really true. Users of Internet Explorer have been exposed to auto-installing spyware due to the lateness of patching. Here are two videos, one of auto-installing spyware on the latest version of IE, fully patched, and another on an unpatched version of IE, where the patch had been available for a few days:
http://sunbeltblog.blogspot.com/2006/04/video-of-createtextrange.html
http://www.sysinternals.com/blog/images/spyware-infestation.wmv
If you want to see auto-installing spyware on Firefox, you have to be using version 1.0.4, which has long since been updated:
http://sunbeltblog.blogspot.com/2006/04/pssstyou-wanna-see-firefox-exploit-in.html
Research has found that users of unpatched versions of IE are vulnerable to auto-installing spyware, whereas users of similarly unpatched version of Firefox (1.0.6) were not:
http://www.cs.washington.edu/homes/gribble/papers/spycrawler.pdf
There is a difference in the security record of various browsers, with IE having the worst record. Opera and Firefox are a much better bet, security wise.
As to the Firefox Myths page, IMO it is a piece of anti-Firefox, pro-IE propaganda. Despite claiming not to be a comparison page, it goes on about the past security vulnerabilities in Firefox, but then includes a paragraph about how secure IE is, it talks about possible installation of Spyware in Firefox via Java as a security “exploit”, but then includes a passage about how secure ActiveX in IE is supposed to be, and it mentions how standards support in Firefox is not perfect, but then praises IE’s standards support, which the source quoted shows is in fact far less good.
Where the page can’t even attempt to claim IE is as good as Firefox, it turns its praise to Opera, for example in the Acid2 standards test, which IE makes a complete pigs ear of.
In conclusion, it does matter which browser you use: if you are concerned about security or standard support, Opera and Firefox have definite advantages.
If, by “defending every point”, you mean pluggin your ears and whistling, then yeah, excellent job. Luckily most people are smart enough to realize that you can’t back up your claims. I’m just annoyed by your fanatic persistence.
I asked you to disprove those claims. Obviously this concept is beyond you; strange, considering the purpose of your page is supposedly to disprove myths. Try e-mailing an Opera employee and ask if the rewind and fast-forward buttons has similar functionality to Firefox’s cached history feature. Up where you page says “All Myths relate to running the default install of Firefox in Windows with no Extensions.” perhaps you want to add “Er, except that vulnerability one.” Perhaps you should reread that “myth” about Secunia keeping vulnerability information private until Opera releases a fix, and notice that Secunia’s site and the e-mail they sent you confirms the claim, not refutes it.
But what am I saying? You’ve already expressed that you won’t listen to anyone who disagrees with you. You’re just about the most fanatic fanboy of anything I’ve ever met, and as people on various sites have pointed out, you’re nearing the edge of insanity now. You’ve been gradually deteriorating since you first published that page, and you really need to wake up and take a look at yourself. You aren’t well.
Holy hell, the truth from Mastertech!
Andrew “I will never listen to anyone… ”
Andrew “I WILL NEVER CHANGE ANYTHING ON MY PAGES EVER”
Andrew “the page [Firefox Myths] is factually wrong”
Andrew “I realize getting caught doing something dishonest like this is embarrassing, now all the world nows… my page… is… nonsense”
This is Grant…
The reason I said any browser with latest version are safe because I work for big corporate and they still use IE browser everywhere. Are you saying that IT department are too stupid to continue IE browser? I wonder…
Corporate use of Web Browser often has little to do with the inherent merits of the Browser itself to the end-user, but rather the manageability of the Browser. Check some of these articles;
http://www.computerworld.com/softwaretopics/software/story/0,10801,108622,00.html
The Boeing Co. has been discreetly providing feedback to the Mozilla Foundation for the past year or so on features that might encourage enterprise adoption of the open-source Firefox browser. At the top of the list has been a tool kit to help IT departments distribute Firefox with custom configurations to end users. The Chicago-based aerospace company had good reason to express interest in such a tool. Last August, Boeing made Firefox one of its corporate Web browser standards alongside Microsoft Corp.’s Internet Explorer (IE) and a version of Netscape Navigator that is being sunsetted.
http://4sysops.com/archives/firefox-versus-internet-explorer-in-a-corporate-network/
“I am using Firefox myself for a quite while and I really like this web browser. However, when it comes to the question of switching to a new web browser in a corporate network, other arguments have to be considered.”
http://news.com.com/2100-7344_3-6076320.html
“Another hurdle Firefox must overcome is the “heartbreakingly slow” process many enterprises go through to certify the use of a tool as critical as a Web browser, according to Baker.”
Think of it like this - you get a car; sure it comes with a radio built-in, it may not necessarily be the best one, but does that mean you a going to install a new, better radio? No, course it doesn’t; maybe it doesn’t fit right in the car, or you don’t like its styling, perhaps you just can’t be bothered to change it.
It’s not quite that simple unfortunately
“Keith Glennan, Northrop Grumman Corp.’s chief technology officer, said he has often thought that the Los Angeles-based company should run Firefox instead of IE as its default browser. Glennan uses Firefox at home and especially likes its printing and tabbed browsing capabilities and its ease of navigation. But when he thinks about giving the browser to Northrop Grumman’s 115,000 users, the decision boils down to economics.”
Grant,
Sorry about this but as you can see these guys are very scared about people reading this page. It looks like Frank from the Fanboy Spammers has chimed in.
Frank,
I am still waiting for a link that auto-installs spyware in the latest patched version of IE. The FUD you spread about IE does not relate to the real world. The fact that you consistently argue about IE vs. Firefox show where you are really at. You are a Fanboy of the worst kind. The Firefox Myths page has ONE purpose to stop people from lying to novice users about Firefox. If you want to be honest (something far beyond you or Mr. Hammond) you would not lie to people and try to scare them with nonsense. I support thousands of clients and have for over 15 years.
“As to the Firefox Myths page, IMO it is a piece of anti-Firefox, pro-IE propaganda. Despite claiming not to be a comparison page, it goes on about the past security vulnerabilities in Firefox, but then includes a paragraph about how secure IE is, it talks about possible installation of Spyware in Firefox via Java as a security “exploitâ€, but then includes a passage about how secure ActiveX in IE is supposed to be, and it mentions how standards support in Firefox is not perfect, but then praises IE’s standards support, which the source quoted shows is in fact far less good.”
Why is because you say so? This is how all your argument work. You declare it therefore it is. It doesn’t work like that in the real world. ONE of the spyware installation sources is using the Java exploit. The double standard is these types of exploits on IE are all FUD towards ActiveX, actually every single IE vulnerability which has nothing to do with ActiveX is all blamed on ActiveX. I don’t praise IE’s standard support but note that it supports standards. Something the Fanboys would like you to believe otherwise.
“Where the page can’t even attempt to claim IE is as good as Firefox, it turns its praise to Opera, for example in the Acid2 standards test, which IE makes a complete pigs ear of.”
In your fanboy mind this is some comparison or Anti-Firefox Page. NO it is an ANTI-Firefox Propaganda page. Get you facts straight.
“If, by “defending every pointâ€, you mean pluggin your ears and whistling, then yeah, excellent job. Luckily most people are smart enough to realize that you can’t back up your claims. I’m just annoyed by your fanatic persistence.”
No by taking your long winded responses and destroying them by pointing out the irrelevance. I’ve backed up EVERY claim with sources that ANYONE can read for themselves.
“I asked you to disprove those claims.”
You creating arguments about technical fallacies and attempting to rewrite the page is not going to happen. Maybe you need some more off topic long winded responses comparing all the failings of IE some more. I mean we would all like to hear more irrelevant things to a page about Firefox Myths.
I will always listen to anyone who doesn’t spread lies about me. You choose from day one to do so. If you cannot comprehend any of that then deal with the fall out. I’ve hired a staff.
“I am still waiting for a link that auto-installs spyware in the latest patched version of IE.”
Well, your wait is over! Check out the video I linked to earlier: the infecting URL is clearly visible. (Please, nobody visit that URL unless you have updated IE, will you? Assuming it still exists.)
Of course, for anyone without their head in the sand, the word of well-known companies like Sophos and Websense would be enough when they said that they had found hundreds of sites using the CreateTextRange exploit to auto-install malware.
http://www.sophos.com/pressoffice/news/articles/2005/12/msexploit.html
http://blogs.zdnet.com/Spyware/?p=801
As you like to say Andrew, look at the sources: The University of Washington, Sunbelt Software, Sysinternals, Sophos, Websense. Are all of these organisations spreading black propaganda against IE? Your site likes to suggest that all browsers are equal, security wise. The information in the links I have posted suggests otherwise. Readers can look at all the sources and make their minds up, I’m sure.
As to being a Firefox fanboy, if you notice, I’m very careful to recommend Opera and Firefox as more secure than IE. If I am a fanboy, it’s an alternative browser fanboy, thank you very much.
Playing down the risks of AvtiveX is fine if you apply the same standards to Java in Firefox, but you don’t: both can be used to install spyware if the user clicks ‘yes’ to the installation,but you call such an installation an ‘exploit’ under firefox (where clearly it does not fit the definition of the word ‘exploit.’) Who is trying to scare people I wonder, who has the double standards? In contrast, you try to set up IE as totally secure: “Anyone who claims Internet Explorer cannot be secured from Auto-installing Spyware either doesn’t know how or is lying.”
“I don’t praise IE’s standard support but note that it supports standards.”
Well, actually, you do praise IE’s standards support:
“Internet Explorer has very good support (81-86%) for the most important web standard, HTML 4.01.”
IMO talking about Firefox’s “incomplete” support of web standards, and then going on to mention how good IE’s standards support is, is making a comparison. The reader is invited to draw the conclusion that there is really little difference in standards support between browsers. Looking at the figures themselves reveals that there is a large difference:
http://www.webdevout.net/browser_support.php
To my mind the page attempts to compare browsers, always to the detriment of Firefox. Actually, Andrew, you rather give the game away with all those links to the ‘Firefox Sucks’ and similar sites: this is not a neutral mythical myths busting site, but an attempt to make Firefox look bad. God knows why you have such a Firefox Fobia.
You’ve been pointed to this link of IE auto-installation of malware many times;
http://sunbeltblog.blogspot.com/2006/04/video-of-createtextrange.html
“If you’re curious to see the exploit in action at one site, you can see this video here. In it, the AppWiz keylogger is installed.
Patrick Jordan
Senior Spyware Researcher”
Sunbelt Software are the creators of anti-spyware, anti-spam, network security and system management tools. But then again, Microsoft, Sophos, CERT & other vendors have all confirmed auto-installation of malware in IE, for example;
http://www.sophos.com/pressoffice/news/articles/2005/12/msexploit.html
“Experts at SophosLabsâ„¢, Sophos’s global network of virus, spyware and spam analysis centers, have warned internet users to take care when surfing the web, following sightings of malware which has been planted on websites exploiting an unpatched Microsoft security vulnerability.
The security vulnerability, which is not yet patched by Microsoft, allows hackers to run malicious software (such as a Trojan, virus or worm) on a user’s machines when they visit a website containing the exploit code.”
http://blogs.zdnet.com/Spyware/?p=801
“Websense is reporting a rapid increase in sites using this exploit. At the time of the blog post, nearly unique 100 URLs had been found attempting to run this exploit.”
You have to wonder why Andrew, for all his self-professed technical genius, denies what Microsoft & anti-virus/security vendors can & have all confirmed in the past. Yet curiously, when it comes to Firefox, he decries all the vulnerabilities - of which only 3 are unpatched on Secunia.
As regards corporate use of Firefox. There’s more to it than just “which browser is better”, manageability is a key issue. Check these out;
http://www.computerworld.com/softwaretopics/software/story/0,10801,108622,00.html
http://4sysops.com/archives/firefox-versus-internet-explorer-in-a-corporate-network/
http://news.com.com/2100-7344_3-6076320.html
Manageability is a key factor when it comes to Browser use in a corporate environment. Enter corporate Firefox into Google & you’ll find several articles which discuss this very topic. Suffice it to say IE currently offers easier management in a corporate environment than Firefox does.
As regards corporate Firefox use. Browser use in a corporate environment often has little to do with the Browser itself, check these articles;
http://www.computerworld.com/softwaretopics/software/story/0,10801,108622,00.html
http://news.com.com/2100-7344_3-6076320.html
http://4sysops.com/archives/firefox-versus-internet-explorer-in-a-corporate-network/
Manageability is a priority in businesses & it’s something Firefox (& other browsers too for that matter) are lacking in as the above highlights.
In Myth - “Firefox is a Solution to Spyware” Andrew posts a link to a Sunbelt blog as proof of malware auto-installation in Firefox;
http://sunbeltblog.blogspot.com/2006/04/pssstyou-wanna-see-firefox-exploit-in.html
Andrew however, still demands proof for malware auto-installation in IE occurring, despite being link to another (recent) Sunbelt blog video which proves it;
http://sunbeltblog.blogspot.com/2006/04/video-of-createtextrange.html
Perhaps Andrew would like to clear up why he uses Sunbelt as proving auto-installation of malware in Firefox, yet the same “reputable source” which proves malware auto-installation in IE is ignored. I’m sure we’d all appreciate an explanation for the hypocrisy, or perhaps Andrew can clear things up by providing a link to a webpage which will auto-install malware in Firefox.
The link doesn’t work anymore and the video is of a patched vulnerability.
“The createTextRange() zero-day vulnerability has been patched in the latest round of security updates from Microsoft.”
Which means it is useless. Every single one of your other links it just as useless. You have presented no links to something that currently auto-installs spyware on my fully patched version of IE. Not to mention most of these exploits before they were patched had no effect on IE 7 Beta 2. But see you spreading FUD about IE is a good distraction from the completely lack of facts you have about Firefox Myths. The information provided on the Firefox Myths page is to simply debunk the associated Myth.
Also the overwhelming majority of corporations do not use Firefox.
Again I want proof of Auto-installing Malware on my fully patched version of IE not some patched vulnerability sandboxed video.
The Sunbelt link on the Firefox Myths Page has one purpose to prove that Firefox can get infected with Spyware, it has nothing to do with IE.
“The link doesn’t work anymore and the video is of a patched vulnerability… Which means it is useless.”
The link you’ve provided for Sunbelt relates to a vulnerability patched in Firefox 1.0.5. So by your own admission that also makes the link you use “useless”. The writer notes similar too;
“Now, the Faithful (and admittedly few) Readers of My Blog are demigods when it comes to security, so most of you are running a patched version of Firefox (basically, any version 1.05 or higher). But checking browser stats on this site does show that there is a very small number of you that aren’t updated to a safe version.”
So perhaps you can clarify why the Sunbelt blog re: a patched Firefox vulnerability is not useless, yet a link proving auto-installation of malware for a now patched IE vulnerability *is* useless? The link provided proves that auto-installation of malware in IE can occur.
But as you say; I want proof of Auto-installing Malware on my fully patched version of Firefox not some patched vulnerability sandboxed video. Where’s the proof Andrew? All I see are sources relating to patched vulnerabilities - that makes your sources “useless” as you’ve stated in your previous post
Mmm… So mentioning auto-installing malware in IE is “spreading FUD,” but inviting readers to draw the conclusion that auto-installing malware in older versions of Firefox simply debunks a myth of Firefox security? I don’t think so.
“You can still easily get infected with Spyware using Firefox as these exploits demonstrate:”
Firefox Myths then goes on to quote from two sources, one regarding the Java spyware installation and the other auto-installing spyware in older versions of Firefox.
The author then states:
“Anyone who claims Internet Explorer cannot be secured from Auto-installing Spyware either doesn’t know how or is lying.”
This, of course, is proved false by the video of auto-installing malware in IE.
IMO the Firefox Myths page
a)attempts to spread FUD by mentioning as many Firefox vulnerabilities as it can without making clear that they are patched, and even implying that they remain unpatched by careful use of tense:
“Mozilla - lists 113 “known” security vulnerabilities in Firefox, 24 of which are rated as High and 47 Critical.”
b) attempts to diminish security problems in IE, to the point of contradicting reality, as in the suggestion that IE can be secured against all auto-installing spyware. (Despite not being a comparison guide, of course!)
We need a balanced picture here. All browsers have security vulnerabilities, and users need to apply patches and updates to prevent auto-installing malware. I believe Firefox has a better security record than IE. Does this make me a Firefox fanboy? Well actually I have been harshly critical of Firefox in the past, so that would be a perverse misinterpretation of the truth:
“16/5/2005
There have ben several Firefox updates recently, patching critical security vulnerabilities, the latest found by a 16 year old boy: ‘The incident is the latest black eye for the open-source software project’s security image.’”
“23/10/2005
Firefox is up to 1.0.7, after several security updates. The update process itself remains entirely manual. (I.e. most people won’t do it, making claims of greater security somewhat dubious. The fact that a ByteVerify exploit remains the seond most common malware in the world according to Trend Micro proves that if updating isn’t automatic, it won’t get done- the ByteVerify exploit was patched in IE in 2002.) Apparently the next major release, Firefox 1.5, now out in Beta, will fix this.”
http://www.geocities.com/dontsurfinthenude/blogarchive.htm
So I’m hardly a fanboy. I simply believe that the message of Firefox Myths, that all browsers are created equal but Firefox is less equal than others, is wrong.
“The link you’ve provided for Sunbelt relates to a vulnerability patched in Firefox 1.0.5. So by your own admission that also makes the link you use “uselessâ€. The writer notes similar too;”
That is not why the link is there. The link is there is to prove that Firefox can be infected with Spyware and to debunk the Myth that Firefox is a solution to Spyware. It clearly is not.
“So perhaps you can clarify why the Sunbelt blog re: a patched Firefox vulnerability is not useless, yet a link proving auto-installation of malware for a now patched IE vulnerability *is* useless? The link provided proves that auto-installation of malware in IE can occur.”
It has to do with the context of the argument. You and the other Fanboys here are attempting to combine two seperate arguments. I am not making any claims about a fully patched version of Firefox. That is not the purpose of that link. There is a widely held belief that Firefox is completely immune to Spyware. This link proves it is not, Firefox can clearly be infected. The other argument is that IE even fully patched can get infected. I am still waiting on proof of this.
“But as you say; I want proof of Auto-installing Malware on my fully patched version of Firefox not some patched vulnerability sandboxed video. Where’s the proof Andrew? All I see are sources relating to patched vulnerabilities - that makes your sources “useless†as you’ve stated in your previous post”
I am not making this claim you are in an attempt to try to manipulate the argument.
Two things are true here:
1. Firefox can be vulnerable to Spyware.
2. No one can prove my fully patched version of IE can be infected with Auto-installing Spyware.
It is that simple.
“This, of course, is proved false by the video of auto-installing malware in IE.”
Not at all because the claim is that IE can be secured from auto-installing spyware and it can! Simply install the latest patch and that vulnerability in the video cannot be exploited. Prove otherwise.
“So I’m hardly a fanboy. I simply believe that the message of Firefox Myths, that all browsers are created equal but Firefox is less equal than others, is wrong.”
Well you might want to read the page again because the page does not compare browsers. It is simply to debunk Firefox Myths. You don’t like it because I do not provide excuses for why Firefox fails each of the Myths. Too bad. The Truth hurts:
The reality is Firefox is not perfect and not the best at any of the widely held Myths that propagandize it as such.
“No one can prove my fully patched version of IE can be infected with Auto-installing Spyware.”
I think no one can prove it to Andrew because he is simply not listening. His dogmatic refusal to accept the evidence is obvious.
“You don’t like it because I do not provide excuses for why Firefox fails each of the Myths.”
I don’t like it because you make excuses for IE while slagging off Firefox. Firefox is insecure because of past vulnerabilities, but IE is not. Firefox has incomplete standards support but IE has good support. If you don’t think this is comparing browsers, you are the only one.
“The Truth hurts.”
Pleeeeaaase! Spare us the lame clichés. I can stand anything but that!
Before that patch was released IE *was* vulnerable to that exploit. That’s the “point”. The same goes when the next zero-day vulnerable occurs - & there have been a few in the past 6 months.
You seem to believe that because patches are now available that the unpatched period in-between where they *were* vulnerable doesn’t count. That’s a ludicrous position to hold. Auto-installation of malware is a reality (As dozens of security vendors have posted) & it’ll still be a reality when the next zero-day vulnerability occurs, the fact such a vulnerability may be patched some weeks after the fact doesn’t change it.
Your position on the matter is laughable. What was it you were saying while the createtextrange() vulnerabilities were exploited, yet still unpatched? ;
“1. You did not have all the security updates applied.
2. You never removed MSJVM.
3. You manually installed it.
Those are the only way you can get infected with IE.”
During that period your “fully patched” system was vulnerable, why? Because there was no patch for it, same as for everyone else.
See you propaganda tactics are getting old. You create up lies that I never said. If this is what you want to do, I can do the same.
“No one can prove my fully patched version of IE can be infected with Auto-installing Spyware.â€
I think no one can prove it to Andrew because he is simply not listening. His dogmatic refusal to accept the evidence is obvious.
“You don’t like it because I do not provide excuses for why Firefox fails each of the Myths.â€
I don’t like it because you make excuses for IE while slagging off Firefox. Firefox is insecure because of past vulnerabilities, but IE is not. Firefox has incomplete standards support but IE has good support. If you don’t think this is comparing browsers, you are the only one.
“The Truth hurts.â€
Pleeeeaaase! Spare us the lame clichés. I can stand anything but that!
“I think no one can prove it to Andrew because he is simply not listening. His dogmatic refusal to accept the evidence is obvious.”
You have no evidence that my fully patched version of IE can be infected with Spyware. Please provide a link.
“I don’t like it because you make excuses for IE while slagging off Firefox. Firefox is insecure because of past vulnerabilities, but IE is not. Firefox has incomplete standards support but IE has good support. If you don’t think this is comparing browsers, you are the only one.”
You are beyond pathetic. The page is about Firefox Myths NOT IE. Firefox is insecure not only for past vulnerabilities but also unpatched vulnerabilities. Firefox DOES have incomplete standards support!!! What part of that do you not get. I noted however that IE has good support for HTML. I did not say Firefox had bad support for HTML = you are trying to put words in my mouth to further your agenda or lying to people about Firefox and IE. In your world the only way you can endorse Firefox is by flat out misleading people. You need to compare it to IE as an excuse all the time. I will and can make any notes as I feel are necessary. Most of the notes are due to emails I received and I did not want to answer the same ones over and over. Firefox Fanboys live in this IE bashing world where they create the illusion of the Firefox Browser as perfect by bashing IE. I have destroyed that illusion.
“Before that patch was released IE *was* vulnerable to that exploit. That’s the “pointâ€. The same goes when the next zero-day vulnerable occurs - & there have been a few in the past 6 months.”
This is obvious with any security exploit ever. Tell us something we do not know. The difference is I never saw any proof of this. I have repeated for the last two years asked for a link that proves my fully patched version of IE can be infected with Spyware until you provide this, you are only spreading FUD. Online Zero day hysteria makes good news stories but it does not translate into real world use.
“You seem to believe that because patches are now available that the unpatched period in-between where they *were* vulnerable doesn’t count. That’s a ludicrous position to hold. Auto-installation of malware is a reality (As dozens of security vendors have posted) & it’ll still be a reality when the next zero-day vulnerability occurs, the fact such a vulnerability may be patched some weeks after the fact doesn’t change it.”
Yes it is a reality on unpatched versions of IE. I have yet to see a single bit of proof otherwise. I use IE 24/7 all during the unpatched time and had no infections, neither did a single one of my thousands of clients. Hysteria and reality are two different things.
“Your position on the matter is laughable. What was it you were saying while the createtextrange() vulnerabilities were exploited, yet still unpatched? ;”
Exploited by whom? Please provide proof that I can reproduce… Oh wait the vulnerability is patched? See Firefox has code execution vulnerabilities as well, what happens in between patch time? Oh thats right Secunia initially rates the vulnerability as Low and then changes it to high when the patched version of Firefox is released. Have you ever wondered why so many security firms are quick to post vulnerabilities for IE but never Firefox? It couldn’t be a widespread hatred of Microsoft by irresponsible people determined to see them Fail? No they really care about security.
“During that period your “fully patched†system was vulnerable, why? Because there was no patch for it, same as for everyone else.”
Just like every other browser is during this time. The reality is Microsoft was not seeing any indications of it being exploited and neither did I. Funny how few security sites covered this “widespread” exploit being exploited. Maybe because it wasn’t?
Interesting how the whole conversation has shifted completely off of the Firefox Myths article and gone completely towards IE bashing. Typical Fanboy tactics.
The conversation was about the blog author’s conclusion from the page that: ‘it doesn’t matter which browser you use, just use latest version and you will be fine. Really.’
My original comment was to address that point. Auto-installing malware in a current and fully patched version of a browser is something which has happened only in IE. It proves that it does matter which browser you use: some have a better security record than others.
Security sites reporting this exploit being used to install malware include Sophos, Websense and Sunbelt software.
Another link was posted to auto-installing malware in IE where a patch was applied a few days late to IE (the Sysinternals link above.)
There have been other occasions where a vulnerability in IE has been exploited before a patch was put out:
http://www.theregister.co.uk/2005/12/01/ie_exploit_trojan/
This is in contrast to Opera and Firefox, whose users have not been exposed to such exploits in patched versions of their browsers. Discussion of IE is “on topic” considering the blog author’s conclusion from the Firefox Myths page.
“You are beyond pathetic. The page is about Firefox Myths NOT IE.”
Well, personal insults just show you’re losing the argument, if you ask me. If the page was about Firefox myths, why does it talk about IE at all?
Firefox has “incomplete” support for standards, oh, and by the way, IE has “good” support.
Firefox is insecure, oh, and by the way, IE is 100% rock solid, cast iron secure.
The implication is clear. You’re inviting your readers to draw the conclusion that “it doesn’t matter which browser you use,” a conclusion I have contested. As for “lying to people,” I’ll just use that favourite phrase of yours: look at the sources.