Monday, April 18, 2005

Firefox flaws found — Get over it

News flash: Nine new flaws found in Firefox. Here's another news flash: get over it. Bugs are inevitable in any application as complex as a web browser. The fact that it is Internet Explorer's biggest competition right now just makes it that much more of a target. What many of these stories on the web fail to mention is that the Mozilla Foundation actually released the 1.0.3 patch to fix these flaws for Firefox last Friday. Symantec's latest internet security report misleadingly claims that more security vulnerabilities were found in Firefox than in Internet Explorer during the last half of 2004. The difference is that Firefox is open source and the code is available for anyone to see. Flaws will be found more often because a larger number of eyes are looking for them in Mozilla browsers than the smaller number of Microsoft employees looking over their own code. And so far, security patches have been released much more quickly for Firefox than IE.

However, I must at least mention in Microsoft's defense that their patches are much more complicated since their browser is so closely integrated with the operating system. If they implement a fix in IE that breaks the OS, they would have a bigger situation on their hands and many upset customers. One reply to this MozillaZine article makes a good point: Windows itself is inherently vulnerable and many of the security problems of any application are because of the operating system's flaws. The years of slapping prettier GUIs, "fluff" applets and utilities, and other "features" into Windows does make it difficult to maintain. Maybe it's time Microsoft just started over from scratch?

Firefox has lots of great features, is very speedy, and updates are published quickly, but the browser is still young and isn't compatable with some sites. Internet Explorer is already preinstalled with Windows and most sites are designed to work with it, but patches are far and few between. Each has its strengths and weaknesses, so it's ultimately the end-user's decision which one to use.


Post a Comment

<< Home