same (lame?) old Firefox criticisms

[omziff]

Reading this article, I see the same old, tired criticisms of FF, and
open-source. His whole thesis seems to be the standard:
"the only reason that there aren't more flaws in Firefox (or other free
software),is because it is not as worthwhile a target for exploitation,
since not as many people use it as MS products."

I dont know, but this seems like a lame argument. Especially when they
compare vulnerabilities so simplistically by saying "over the course of
the last xxx months, there have been 13 flaws in IE, and 21 in FF,
without actually aknowledging the severity/nature of the specific
vulnerabilities.

the article is here:
http://tinyurl.com/brved

 

[Curt]

Reading this article, I see the same old, tired criticisms of FF, and
open-source. His whole thesis seems to be the standard:
"the only reason that there aren't more flaws in Firefox (or other free
software),is because it is not as worthwhile a target for exploitation,
since not as many people use it as MS products."

I dont know, but this seems like a lame argument. Especially when they
compare vulnerabilities so simplistically by saying "over the course of
the last xxx months, there have been 13 flaws in IE, and 21 in FF,
without actually aknowledging the severity/nature of the specific
vulnerabilities.

the article is here:
http://tinyurl.com/brved

Try not to get frustrated. It's the same old flawed statement the same
crowd makes regarding Windows vs. Linux too. The reason - in 99.9% of
the cases - that Mozilla/Firefox are more secure than IE is very simple:
A lack of ActiveX.

 

[Conor]

Reading this article, I see the same old, tired criticisms of FF, and
open-source. His whole thesis seems to be the standard:
"the only reason that there aren't more flaws in Firefox (or other free
software),is because it is not as worthwhile a target for exploitation,
since not as many people use it as MS products."

I dont know, but this seems like a lame argument.

No it isn't. If you're a virus writer you want to target as many people
as possible so you go for the most popular OS/Apps.

 

[Curt]

No it isn't. If you're a virus writer you want to target as many people
as possible so you go for the most popular OS/Apps.

What if you're a lazy virus writer and want to target the most easily
exploited OS/app?

 

[Curt]

Reading this article, I see the same old, tired criticisms of FF, and
open-source. His whole thesis seems to be the standard:
"the only reason that there aren't more flaws in Firefox (or other free
software),is because it is not as worthwhile a target for exploitation,
since not as many people use it as MS products."

I dont know, but this seems like a lame argument. Especially when they
compare vulnerabilities so simplistically by saying "over the course of
the last xxx months, there have been 13 flaws in IE, and 21 in FF,
without actually aknowledging the severity/nature of the specific
vulnerabilities.

the article is here:
http://tinyurl.com/brved

Here's today's Slashdot thread on this:
http://it.slashdot.org/it/05/04/18/1726224.shtml?tid=154&tid=172&tid=218

 

[wald]

Reading this article, I see the same old, tired criticisms of
FF, and open-source. His whole thesis seems to be the standard:
"the only reason that there aren't more flaws in Firefox (or
other free software),is because it is not as worthwhile a target
for exploitation, since not as many people use it as MS
products."

I dont know, but this seems like a lame argument.

Yes. There is one big and undeniable counterargument: web servers.

Compare the current share of Apache versus MS web servers: 70% of
the internet runs on Apache, about 20% on IIS. See NetCraft for
the source of these data:

http://news.netcraft.com/archives/web_server_survey.html

Nevertheless, which server is considered to be the most
vulnerable? I rest my case.

Regards,
Wald

 

[El Gee]

What if you're a lazy virus writer and want to target the most easily
exploited OS/app?

<snicker>
Good point

--
++++++++++++++++++++++++++++++++++++++++++++++
El Gee // www.mistergeek.com <><
Know Christ, Know Peace - No Christ, No Peace
Remove .yourhat to reply
++++++++++++++++++++++++++++++++++++++++++++++

 

[Mel]

What if you're a lazy virus writer and want to target the most easily
exploited OS/app?

A lazy virus writer would look for some proof of concept exploits
he could use

Perhaps these would do:- (firefox 1.0.2 or earlier)

http://www.mikx.de/firelinking/ (cross platform too

http://www.mikx.de/firesearching/


Most of the rogue or hacked websites I've visited have attempted
to use a selection of IE and or Java exploits in the hope that
one might work. I expect the hackers will be adding Firefox exploits
for those who don't keep it up to date.

 

[Bob Adkins]

Reading this article, I see the same old, tired criticisms of FF, and
open-source. His whole thesis seems to be the standard:
"the only reason that there aren't more flaws in Firefox (or other free
software),is because it is not as worthwhile a target for exploitation,
since not as many people use it as MS products."

I dont know, but this seems like a lame argument. Especially when they
compare vulnerabilities so simplistically by saying "over the course of
the last xxx months, there have been 13 flaws in IE, and 21 in FF,
without actually aknowledging the severity/nature of the specific
vulnerabilities.

I would think most of the kiddies that create worms, hacks, and scripts to
attack hated MS products are Linux and FireFox users. They want to prove how
inferior MS products are, and how superior FF & Linux are, wouldn't you
agree?

As far as I know, there is not yet a large cult of Linux and FF haters. It's
not yet trendy and cool among the kiddies to hate those products. That may
come in time, if Linux and FF are ever seen as part of "the establishment".

-- Bob

 

[Dewey Edwards]

I would think most of the kiddies that create worms, hacks, and scripts >to attack hated MS products are Linux and FireFox users. They want to >prove how inferior MS products are, and how superior FF & Linux are, >wouldn't you agree?

No. In they're twisted logic, they want to prove how inferior *you*
are, and how superior *they* are. It's not haha, you're an MS user,
it's haha, you fell for it. Absolutely no reason to assume that
most use Linux.

As far as I know, there is not yet a large cult of Linux and FF haters. It's
not yet trendy and cool among the kiddies to hate those products. That >may come in time, if Linux and FF are ever seen as part of "the >establishment".

I doubt most script kiddies have any political agenda (those that do
are into Denial of Service attacks, and the like). It's a game, and
the score is the pain caused.

Currently, "three card monte" uses MS. The easy marks are there.

 

[Fuzzy Logic]

(e-mail address removed) wrote in @l41g2000cwc.googlegroups.com:

Reading this article, I see the same old, tired criticisms of FF, and
open-source. His whole thesis seems to be the standard:
"the only reason that there aren't more flaws in Firefox (or other free
software),is because it is not as worthwhile a target for exploitation,
since not as many people use it as MS products."

Be realistic. If you are a bad guy and want to get information via a web
browser who are you going to target? I think it's safe to say you would be
spending your time on Internet Explorer. Now if some other browser were to
get a significant part of the market share I can guarantee that more
security issues would be discovered in it as the bad guys start targetting
that browser.

I dont know, but this seems like a lame argument. Especially when they
compare vulnerabilities so simplistically by saying "over the course of
the last xxx months, there have been 13 flaws in IE, and 21 in FF,
without actually aknowledging the severity/nature of the specific
vulnerabilities.

To do a proper risk analysis would be grounds for a research paper and
beyond the scope of the article.

Internet Explorer has been around since '95 and many of the bugs have been
patched long ago. It's to be expected that there are going to be bugs in a
browser that's just in it's infancy and that more will be discovered as more
people use it.

the article is here:
http://tinyurl.com/brved

Overall I would say it's a fair and accurate article. His summary is bang
on:

As you choose your browsers (and operating systems, or any software, for
that matter), make sure your decisions are based on cold facts; not on
unproven conventional wisdom; not on false analyses that ignore huge factors
such as the size of the installed base; and not on the evangelical zeal of
pro-open source or anti-Microsoft partisans.

It's great that there are open-source alternatives to try, and it's smart to
proactively explore all your options. But go in with your eyes open: All
software has flaws. There are no panaceas!

 

[elaich]

Overall I would say it's a fair and accurate article. His summary is
bang on:

Please remove your rose colored glasses. He ignored facts to print
innuendo. The roasting he is taking on the comments page is well deserved.
The many fallacies in that article are well exposed there, so there's no
need to print them here.

 

[Fuzzy Logic]

Please remove your rose colored glasses. He ignored facts to print
innuendo. The roasting he is taking on the comments page is well deserved.
The many fallacies in that article are well exposed there, so there's no
need to print them here.

I don't wear rose colored glasses! Firefox users are fast becoming zealots
and appear to be oblivious to the fact the security is a process not a piece
of software. Regardless of what browser you use you are at risk. How much
varies from day to day as new threats are discovered.

 

[Sietse Fliege]

Regardless of what browser you use you are at risk.

Being on dial-up, I just use this for safe surfing:
http://img26.echo.cx/img26/7966/antivirus4av.jpg

 

[Tritoneur]

Reading this article, I see the same old, tired criticisms of FF, and
open-source. His whole thesis seems to be the standard:
"the only reason that there aren't more flaws in Firefox (or other
free software),is because it is not as worthwhile a target for
exploitation, since not as many people use it as MS products."

I dont know, but this seems like a lame argument. Especially when they
compare vulnerabilities so simplistically by saying "over the course
of the last xxx months, there have been 13 flaws in IE, and 21 in FF,
without actually aknowledging the severity/nature of the specific
vulnerabilities.

the article is here:
http://tinyurl.com/brved

Just to add to the debate.

http://news.bbc.co.uk/1/hi/technology/4472219.stm

 

[Bob Adkins]

Just to add to the debate.

http://news.bbc.co.uk/1/hi/technology/4472219.stm

Did you look at the critter that wrote the article?

-- Bob