Alternative Browsing - Which browser is safer to use?

• Microsoft's propriety active scripting component called ActiveX provides real risks. It does offer users some real convenience features but those features can come at a high cost. ActiveX has been at the center of multiple security vulnerabilities including many of the most serious. VBScript and browser helper objects (BHOs) are two other IE convenience technologies that has been heavily exploited by hackers. Firefox does support a similar technology called XPCOM - a plain text and platform-independent software model - that is very comparable to ActiveX - once you get the user to click "Yes." IE’s ActiveX controls can allow a hacker or spyware/adware application full access to the system. Using Restricted and Trusted Zones properly in IE for visited web sites can remove much vulnerability to unknown drive by downloads of ActiveX. FireFox has the same issues with the XPCOM plugins - if a user allows them to be installed, they can have full unrestricted access to the user's system. Microsoft has addressed most of the issues surrounding the ActiveX controls in the Windows XP Service Pack 2 release where Internet Explorer prompts twice when any site wishes to install an ActiveX control, or redirect to a downloadable file. The folks at SuperAdBlocker.com have done extensive development with Internet Explorer and FireFox and say that both browsers have their strengths and weaknesses. The major problem that they have faced with FireFox is that due to its Open Source nature, the code changes drastically between builds. This has meant that developers have been hampered with often-changed internal architecture of the product.
• FireFox being Open Source does allow spyware/adware authors to have direct access to see how the product works from an engineering perspective and possibly find flaws and security holes quicker than a non-open source product.
• IE is very close to the core of the Windows operating system. In fact Microsoft itself argues that it's actually not a browser but part of the operating system. Such closeness is not a good thing; it means that a hacker who breaks into IE may not only have hacked your browser but may also be able to gain access to the operating system itself.
• IE was not designed with security in mind but was built on old code that was jazzed up to win the features war with Netscape Navigator browser. In the latter objective it succeeded brilliantly but this doesn't change the reality that the core IE code was created long before security was the issue it is today. Yet, according to a Secunia study, Microsoft has had 44 security advisories in 20 months, for an average of 2.2 advisories per month, while Firefox has had 14 advisories in 6 months, for an average of 2.3 advisories per month. These figures are nearly identical–IE exploited vulnerabilities are not out of line versus Firefox.
• Microsoft used to drag their feet in admitting or fixing security vulnerabilities. They are better now, but many exploits still occur weeks or months before a fix is published.

Opera and Mozilla Firefox are two popular browser alternatives to Microsoft Internet Explorer (IE) that – by default use – provide greater safety over IE in general web surfing.

Firefox is a free, fast, lean tabbed browser produced by the Mozilla Corporation. It's the young nimble brother of the original full-featured Mozilla Suite that itself being a spin-off from the ill fated Netscape browser. Microsoft stopped developing Internet Exlorer after the browser war was won over Netscape’s browser and has only added security fixes for the most part to version 6.

Microsoft has announced that there will not be further security enhancements to older IE versions and so you need to be using XP operating system service pack 2 to have the latest IE security enhancements. IE version 7 is supposed to be released at end of 2006 but will require XP SP2 or 2003 operating systems. It is anticipated that hacker attacks on older IE versions left behind in security enhancements will increase for those not upgrading.

Use Firefox browser if you do not have the latest Microsoft Operating System and IE versions to date. The current version of Firefox is stable and gaining in popularity.

Firefox is not exempt from flaws and as it has becomes more popular, flaws are emerging. Part of this is due to the fact that, unlike IE, the Firefox source code is in the public domain and can be scrutinized for flaws by hackers. However Mozilla has shown itself to be very responsive to fixing reported flaws, often doing so within a few days. This is a far cry from Microsoft's past track record.

There is no doubt that Firefox is currently less of a security risk than IE.  But it can have problems, as in this April 2006 news item:

“A bug in Firefox 1,5.0.2, the current patched-up version, allows remote code execution, but only through some user cooperation. The Firefox development team is working on a patch. The problem happens when non-image content is presented in an IMG tag. It will appear to the user as a broken image link. If the user right-clicks and chooses the View Image option, the file will be downloaded and, if the type is in the Firefox bypass list, executed.”

Which browser is better?

When Microsoft won the browser wars it seemed to give up on improving Internet Explorer. The pending version 7 will help bring it up to standard, but some claim that version 6 has fallen behind more modern browsers in a whole range of areas. Here are just some of the more important:

• Some claim that IE is relatively slow to display web pages. Modern browsers like Firefox and Opera positively fly by comparison. But one researcher was personally curious about how they perform, head to head, so he wrote a test case in C# to test their startup time. On his P4-M 1700, Firefox takes an average of 2.44 seconds to start. Internet Explorer 6.0 starts in just 1.17 seconds! Internet Explorer starts at least twice as fast as Firefox. Loading up the latest Google News (10/4/2004) takes 0.5448 seconds in Firefox, but only 0.4887 seconds in the latest version of Internet Explorer. The rending time in IE 6.0 is 10.3% faster than in Firefox. Google News is 94kb of HTML with inline CSS, and 51kb of pictures, a good example of a high profile, high payload site. IE performs as fast. Firefox took 19656kb of RAM on loading Google News, while Internet Explorer filled 17428kb, a memory footprint 2.23 megabytes smaller than Firefox. This is 11.3% better, a factor that becomes more important the older the computer you have.

• IE doesn't offer tabbed browsing. It does offer “taskbar grouping” in Windows XP. The taskbar button grouping feature works in two ways. First, taskbar buttons for documents opened by the same program are always displayed in the same area of the taskbar so you can find your documents easily. If you have many documents open in the same program, Windows combines all the documents into one taskbar button that is labeled with the name of the program. A triangle on the right side of the button indicates that many documents are open in this program. The single button provides access to all the open documents.
• IE is not easily extendible. Modern browsers like Firefox are designed from the ground up to accommodate third party extensions so that you can customize the browser to have the functionality and look that best meets your personal needs.
• IE lacks a smart self-recovering download manager.

Does Firefox browser work well on all web sites?

A number of web sites utilize non-standard, proprietary Microsoft features such as ActiveX in order to provide site navigation and other features.  It's probably not a good web design practice but that doesn't stop people doing it. If you visit one of these non-standard sites using Firefox you will find that some functions won't work or work differently. This could be could be something trivial like the screen colors are wrong or an animation doesn't work or it could be some vitally important function such as a logon box or navigation link.

Luckily there aren't too many such sites and thankfully, their number seems to be reducing.  However there are sufficient that you will encounter one sooner or later. If it's an important site such as your internet banking site then you are going to be frustrated. One site that definitely doesn't work with Firefox is Microsoft Windows Update.

You can of course, simply open IE when you encounter any of these sites. Firefox even has a downloadable extension that allows you to open a page using IE from within Firefox. This significantly reduces the nuisance value but does not of course, solve the basic problem.

If you use Firefox you are going to have to accept that certain sites will be broken and will require you to fire up IE to access them. This is a simple reality.

Firefox may load web pages much faster than IE but the program itself takes longer to load. Much longer, maybe twice as long.  That's because major component of Internet Explorer are always running on your PC, they are pre-loaded. That means IE has less work to do when it starts. The Firefox load time inconvenience can be eliminated by always keeping Firefox loaded and simply minimizing it when not in use. In fact it doesn't even need to take up any task bar space as there is a free Firefox extension that allows you to minimize it to the system tray.

If you've loaded up your copy of Internet Explorer with lots of additional toolbars, special buttons and other add-ins the sad news is that most of them won't work with Firefox.  Some will but only if the vendors offers a special version for Mozilla Firefox.

Luckily the most commonly used Internet Explorer Add-ins: the Google Toolbar, The Yahoo Toolbar and RoboForm are all available for Firefox. You can also integrate GetRight  and most other download managers by using a one of the many free Firefox extensions.

However quite a few IE products are simply not available for Firefox .If you use one of these products, you are currently out of luck.  Special versions may become available for Firefox as it grows in popularity but there is no guarantee.

The situation with plug-ins is  better, Most of the standard IE plug-ins including Adobe Acrobat Reader, Apple QuickTime, Macromedia Flash, Sun Java, Real Networks RealPlayer and even Windows Media Player are available fro Firefox.

Note: SpywareBlaster only adds the tracking cookie protection feature to Firefox. IE-SPYAD/2 and Enough is Enough do not add any protection to Firefox. Editing your Hosts file would increase browsing safety if you use Firefox.

To Configure the security settings for Firefox:

·          upgrade to the latest version when new releases are available

·          clear the URL History

·          clear the Cache

·          disable Popups

·          disable Java & JavaScript

·          disable Automatic Software Installation

·          disable, filter, and selectively manage cookies

For details, see; https://netfiles.uiuc.edu/ehowes/www/btw/ffox/ffox-opts.htm

IE More Secure Than Firefox?

October 2, 2006   By  Jim Rapoza

http://www.eweek.com/print_article2/0,1217,a=190060,00.asp

"Firefox has more security problems than IE!" screamed the headlines of several technology news stories recently.

If you're a casual news reader, you might see these headlines and think to yourself, "Hmm, that's funny—I thought Firefox was supposed to be more secure than Internet Explorer. It just goes to show you that no Web browser is really secure."

But if you're the type of person who actually reads more than just the headline of a story, you might have seen that the Symantec report on which these stories were based (Internet Security Threat Report Vol. 10) included a lot more information than just the number of vulnerabilities found per browser.

Indeed, the report, which noted trends seen from January to June 2006, included the illuminating fact that the Mozilla Foundation takes less time than Microsoft does to patch browser holes—just one day of exposure on average for Mozilla browsers, including Firefox, as opposed to nine days for Internet Explorer.

Look at it this way: Instead of focusing on the 47 reported vulnerabilities in Mozilla browsers versus the 38 reported vulnerabilities in IE, the headlines could just as easily have bellowed, "IE users exposed to vulnerabilities for 342 days vs. only 47 days for Mozilla users!"

Any reader of the stories about Symantec's report may have felt a touch of déjà vu. Indeed, if you felt like you had read pretty much the exact same story before, it's because you did: Symantec releases these reports periodically, and the report that came out last year at this time said basically the same thing as this year's report (and spurred similar news stories).

So, a year from now, when another report including data on browser security (or lack thereof) pops up, don't forget to look past the provocative "IE vs. Firefox" headlines. Make sure you dig deep into the report's findings to discern what the results really mean. If you don't, it will be déjà vu all over again.  

https://netfiles.uiuc.edu/ehowes/www/btw/ffox/ffox-opts.htm