Pages

March 7, 2006

Firefox v. IE: an AOL View, pt 2

Read part 1.

Before I continue down this road I should point out that (a) I’m not answering why AOL is bothering to make a browser at all - that’s a different discussion for a different day - I’m answering why I think IE is a better choice than anything (currently) from the Mozilla Foundation as the underyling engine for that browser, and (b) this was a question that was asked even by our CEO, so I'm really not just rationalizing ex post facto :)

In my
last post on this topic, I leveled a few scathing accusations against Firefox (vs. Internet Explorer), including:

- Firefox is safer/more secure
- Firefox is more standards compliant
- Firefox provides a better experience/is more powerful
- Firefox is cooler

So given all that, how
is it possible that I think IE is a substantially better choice than Firefox (Mozilla/Gecko/etc. - I'm using Firefox as a proxy here) for our web browser, AOL Explorer?

Its always possible that we at AOL are just evil (and
stupid :)). Or, perhaps its not so much THAT, as it is that we're part of a vast conspiracy to keep you down - that we are, in fact, "the man".

Let's parse this a little bit further to see where it leads us.

a) Firefox is safer/more secure
While it's true that there's been
some noise over time about the number of security vulnerabilities in IE vs. Firefox, as well as the classification of those bugs, I think its just that: noise. I'll stipulate that, more likely than not - by any objective measure - Firefox has a safer browsing engine than IE.

There was, for example, a
test comparing unpatched versions of each browser that demonstrated that Firefox is 21 times safer than IE (or to put that in less-alarmist language: unpatched IE had about a 1.52% greater rate of infection).

I'll posit, however, that Firefox (and its derivatives) are not safer in a meaningful way for consumers.

I say this for two primary reasons:

(1) Opportunity set.
Certainly the targeting opportunity is a factor (a key point: you'll note Firefox was
NOT zero) - the idea being that Firefox users don't get targeted as much, because there are easier, broader pickings (*cough*IE *cough*AOL). How big a factor this is is difficult to say, but its hard to discount completely. And although I agree that the Firefox team has been (much more) diligent in patching the holes, new ones get found regularly.

I mention this because throwing our user base against this codebase would certainly create opportunity and incentive for the malicious. (Updated: for example this report)

(2) Third party technologies.
While Firefox may not support ActiveX (and much is made of this), it does support NATIVE plug-ins and extensions, including Flash,
Java, Quicktime, Windows Media Player, etc. So it is subject to not only to its own (potential) problems, but to those of external vendors and technologies, much like Internet Explorer: Firefox just doesn't have as MANY (yet).

My main point on security, though, is slightly sideways: you're going to have MEANINGFULLY less infections and problems on your computer (viruses, spyware, etc.) only by having actual security software installed on the box: Antivirus, Antispyware, Firewall, et al., and that these provide FAR more security, and are FAR more important in this regard, than the choice of browsing engine.

Certainly McAfee and Symantec actually deal directly with many (if not most) of the vulnerabilities that emerge in IE (and Firefox, for that matter), whether they are caused by third party technologies or not.

Bear in mind, I'm not saying it SHOULD be so, but I am saying that it IS so, as a practical matter.

All in all, I think that scare tactics can be effective, but I'm not sure the delta is significant when you step back and look the entire scale of security problems, and, more importantly, effective remediations.

[Continued...]

3 comments:

Anonymous said...

Well, the way we got to tens of millions of users is because people had *huge* problems with spyware, drive by downloads with IE. Their computers were a mess and ridiculously slow or compromised. Many folks including US CERT are recommending Firefox (implicitly).

Firefox isn't immune to security vulnerabilities we know that http://www.mozilla.org/security/security-announcement.html
but we're able to respond a little bit faster likely because we're not tied to the OS. Ability to respond and time to respond is pretty important. You can count vulnerabilities all day, that only kinda matters.

Also, go ahead and throw your (entire) user base at us. We have the same number of users you do (not more than AIM but almost double than dial-up). A percentage of your users use either stand alone IE or Firefox now anyway. Probably 5-8% of your users are using Firefox today. Yes?

Sree Kotay said...

You're right, of course.

They would have been safer still had they gone to Opera - perhaps you should encourage them to do so.

Anonymous said...

情趣用品,情趣用品,情趣用品,情趣用品,情趣,情趣,情趣,情趣,情人歡愉用品,情惑用品性哥,情人用品性哥,情趣用品,AIO交友愛情館,情人歡愉用品,美女視訊,情色交友,情人用品性哥,視訊交友,辣妹視訊,美女交友,性愛,嘟嘟成人網,按摩棒,震動按摩棒,微調按摩棒,情趣按摩棒,逼真按摩棒,G點,跳蛋,跳蛋,跳蛋,性感內衣,飛機杯,充氣娃娃,情趣娃娃,角色扮演,性感睡衣,後庭區,SM,潤滑液,情趣禮物,威而柔,香水,精油,芳香精油,自慰,自慰套,性感吊帶襪,情趣用品加盟,情人節禮物,情人節,吊帶襪,辣妹視訊,美女交友,情色交友,成人交友,視訊聊天室,美女視訊,視訊美女,情色視訊,免費視訊聊天,視訊交友,視訊聊天,AIO交友愛情館,嘟嘟成人網,成人貼圖,成人網站,AIO交友愛情館,情色,情色貼圖,情色文學,情色交友,色情聊天室,色情小說,七夕情人節,色情,A片,A片下載,免費A片,免費A片下載,情色視訊,情色電影,色情網站,辣妹視訊,視訊聊天室,情色視訊,免費視訊聊天,視訊聊天,美女視訊,視訊美女,美女交友,美女,情色交友,成人交友,自拍,本土自拍,情人視訊網,視訊交友90739,生日禮物,情色論壇,正妹牆,正妹,成人網站,A片,免費A片,A片下載,免費A片下載,AV女優,成人影片