SEARCH

The How-To Geek Forums Have Migrated to Discourse

How-To Geek Forums / Geek Stuff

Browser wars . . .

(24 posts)
  • Started 6 years ago by BobJam
  • Latest reply from jack7h3r1pp3r
  • Topic Viewed 3356 times

BobJam
BobJam
Posts: 1052

I had posted part of this on another thread (http://www.howtogeek.com/forum.....?replies=7) and took the suggestion of the original poster and started my own thread essentially because I hijacked his.

jmcguire in the original thread had said that "non techy users will almost always use IE". And I would reply that a lot of non techy users switch to Firefox just because someone they think is computer savvy (a neighbor or "friend") says they should because they think it's more secure. He also says that "a very large user base of IE are non-techies". I would reply that "a very large user base of FIREFOX are non-techies". "Firefox users have to actually download the program" . . . so does that imply that those with the ability to do downloads are tech savvy?? If that's the case, then my 90 year old grandmother is tech savvy.

(I know I got sarcastic in my last comment there, but I really would like to have a good lively {AND CIVIL . . . certainly NOT implying that jmcguire has not been . . . on the contrary, she/he HAS been} discussion about this. And I think jmcguire is reasonable and civil, and wants the same thing . . . so I don't mean to be abrasive or abusive here.)

Firefox was at one time justifiably noted as more secure than IE. But as Firefox gained in market share, more and more malware writers focused on Firefox exploits, 'till now it has a lot more holes than it was publicized as having at one time. Nevertheless, Firefox still benefits from the rep it had a few years ago. A lot of users still maintain that it's the best browser because it's so secure (NOT anymore) and bash IE7. While IE7 still has a lot of holes, it has improved it's security and Firefox's security has declined. Some people insist that Firefox has the security level it once had, when indeed it doesn't. Firefox may be more secure than IE7, but IE7 is gaining on it rapidly. But some Firefox proponents are pretty testy about all this (I anticipate some comments on this . . . no flames, please), blindly insisting that Firefox is invulnerable. I have some friends that use Firefox and they are arrogant and close-minded about it.

And another thing that Firefox users are vulnerable to (is this turning into a rant on Firefox??) . Since they mistakenly think that Firefox will take care of security concerns, they let their guard down and are susceptible to malware attacks. The same can't be said of IE users . . . since IE has a rep for poor security, IE users will try to compensate by having tighter security.

There's sort of a Catch-22 with the security patches Microsoft is always coming out with. Yes, there are a lot of exploits on Windows, but then it has the biggest market share, so what do you expect?? If Linux had a bigger market share (and Firefox is actually getting more market share) then I bet the malware writers would focus on Linux more, and there would be more Linux exploits.

Posted 6 years ago
Top
 
Lighthouse
Lighthouse
Posts: 13598

I never think of browsers in their "security" capacities. Just that they do exactly what I want (hence FF2 for me, with all those add-ons)

Posted 6 years ago
Top
 
BobJam
BobJam
Posts: 1052

LH,

That's an intersting viewpoint, and it makes a lot of sense. As long as your security is taken care of in other aspects (Windows Critical Updates, antivirus and antispyware software, firewall, etc.) then I can see your approach.

Sort of makes my discussion moot.

Posted 6 years ago
Top
 
wallaceb
wallaceb
Posts: 214

i too have never thought of a browser in terms of it's security. I simply use what ever browser that i feel most comfortable in, and what allows me to have the most add ons. Firefox has a huge array of plugins many of which are not available in IE.

When i do need to use IE for a website requiring it, i use Maxthon
http://www.maxthon.com/

it will allow you to even run windows update and it too is EXTREAMLY customizable, and has many plugins for those who do not like FF and still do not want to use IE.

Posted 6 years ago
Top
 
jack7h3r1pp3r
jack7h3r1pp3r
Posts: 2815

i usually go by what i a really speedy browser right now i am using both opera and ff3 which are both equally fast and i use ff3 for all of my add-ons and such and i don't really think that the browsers security is too big of a deal because as long as you have the essentials else where you should be fine.

Posted 6 years ago
Top
 
ScottW
ScottW
Posts: 6609

I'm going to have to disagree with the crowd. Browser security IS important and I'm surprised that you geeks don't know that.

Consider this question: how will you get infected with malware? We don't pass around floppy disks like in the olden days so that viruses were spread that way. None of us geeks are likely to open an e-mail attachment from an untrusted source. We all have firewalls -- hardware or software or both. We know where to get our downloads from -- filehippo, softpedia, etc. -- where they are pre-screened malware free. No, we are too smart to let the malware come in.

So, how will you, or I, or any of us geek types ever get infected? By going to where the malware is, navigating with a *browser*. The browser is now the most likely vector of infection. Have a read through those security patches that Microsoft puts out and you will see this phrase often:
"In a Web-based attack scenario, an attacker could host a Web site that contains a malformed <object>". Where <object> is usually a URL, but can be a number of other things, too. Remember the Windows MetaFile vulnerability? A flaw in the graphics rendering engine allowed for remote code execution on all versions of Windows available at the time, "if a user visited a malicious Web site or opened a specially crafted attachment in e-mail".

Still feeling safe and complacent? By show of hands, who here is safe from cross-site scripting, zero-day exploits, firewall leaks, application security holes, browser hijacking, and whatever else the bad guys are working on? If you are, go back to being complacent. The point is that security matters, attack methods are constantly changing and at this point in time, the browser is the go-to attack vector for malware. Browser security is just one part of the fix -- it's application layer security -- but every layer of security helps.

Posted 6 years ago
Top
 
Lighthouse
Lighthouse
Posts: 13598

I think, ScottW, that geeks are not too afraid of being infected. It's gonna happen sometime.(and we know what's going on and are (normally) sufficiently protected. If not. We know what to do.
For normal users, yes. They need as much protection as possible.

Posted 6 years ago
Top
 
whs
whs
Posts: 17584

But it is just the "normal users" that should use all the tools that are available - but they do not seem to listen or do not see the benefit for the small investments. An article about the arsenal one should have would be useful - arsenal for both, Geeks and non-Geeks. Keep it simple but make it efficient should be the guideline.

Posted 6 years ago
Top
 
Lighthouse
Lighthouse
Posts: 13598

whs. A lot of them don't know. I have cleaned up a lot of computers (clogged with temp files). The users did not even know there was anything outside the OS the computer came with.

Posted 6 years ago
Top
 
whs
whs
Posts: 17584

That is my point. Some more education is urgently required - but in a way that a lay-man/woman understands.

Posted 6 years ago
Top
 
ScottW
ScottW
Posts: 6609

There seems to be a lot of focus here on the oft-forgotten User Security Layer, in other words how savvy the user is. If security is higher at the User Layer, there is less need of security at the other layers, but that doesn't mean there is *no* need. I don't like to think of my being infected as inevitable. I plan to hold the line against infections with multiple layers of protection, including the browser. But, if I should lose the battle, I will restore from a Ghost backup.

I wrote this short article in the Wiki so I wouldn't have to retype it so much. It's a very high level description of what people need, but includes security at the Network Layer (router, firewall); at the Application Layer (browser, AV); and at the User Layer (phishing, attachments). For the geeks, I would add Kernel Layer protection (HIPS) because there is little software available and it's not user friendly.

Posted 6 years ago
Top
 
jmcguire
jmcguire
Posts: 552

Security is definitely a major issue as ScottW pointed out. I do understand BobJam's point on download, but will reiterate and better explain the point, a non-techy person in most cases will not download something when they already have a program to do the same thing. To better describe the user base I am referring to, it is the same person that when they ask you to fix their computer, it takes very long to start up because they didn't really read the options when downloading programs and almost everything they have downloaded starts up with Windows. They also have programs Geeks know to stay away from like WeatherBug. When I was at college/university a lot of people would ask me to look at their computers. I will say though, in concordance with BobJam, a part of this was when Firefox was the secure browser it claimed to be and before IE7 came out. Upon opening IE (as Firefox was not on their computer), I found half the screen covered with toolbars. After a while (sometimes a LONG while), their computer was starting up faster, programs did not start up with Windows, they had Firefox, and I had taught them how to use Ad-Aware and sometimes Spy-Bot: Search and Destroy.

So today with the popularity of Firefox large enough to be on college/university campus's computers, large enough even to set a record in the Guinness book of world records (although to my knowledge no record existed previously), how secure is the browser?

As Geeks we either loath or love Microsoft, whether we use Windows or not, because honestly if we have a "Geek" job, we have to deal with Windows at some point. (Unless you are working for Apple or on a Linux team.) So momentarily let us put away our feelings toward Microsoft as a company, Microsoft as the maker of things such as Vista and Office 2007, and look only at IE6 and IE7.

Why look at IE6 some may say? Some corporations cannot yet switch to IE7 because it will break programs they have. We can assume this will be fixed in an IE7 update but for now, it must stay in the mix.

There are numerous browsers out there but the largest majority uses either IE or Mozilla as the underbelly, so we will look at the main browsers in use today.

IE6 - Windows
One of the lesser secure browsers, but can be integrated with virus scanning software and firewalls. Still has a large user base mainly due to corporations.

IE7 - Windows
Microsoft's most secure browser. Not aesthetically the best according to many people, but not the point. It is more secure than its predecessor, and does take security measures the previous browser did not. Can be integrated with different virus and firewall software.

FF3 - Windows, Linux, Mac
Mozilla's most secure browser. Many aesthetic changes over FF2 that many didn't like, but once again, not the point. It is more secure than it's predecessor. It can be integrated with different virus and firewall software, and has numerous plug-ins to help security.

Safari - Windows, Mac
Horrible Windows browser. As far as a Mac browser, it is better than it's Windows counterpart, but most likely the worst browser on the Mac.

Opera - Windows, Linux, Mac
Quite possibly the best browser available, at least for Windows. Still a smaller user base, but Opera is very secure and very fast.

So what browser to use? IE7, FF3, and Opera are all good browsers. While Opera most likely is the most secure, IE7 and FF3 are not bad enough to push away. The extra features, especially that of FF3 make it worth it. IE7 and FF3 are secure enough to keep one safe if the person stays on safe sites.

As for the big debate of IE7 v FF3. IE6 v FF2 most would agree went to FF2. So did IE7 increase and FF3 decrease ( I say decrease because while more bugs were fixed, the growing user base as BobJam pointed out has made a difference) to make IE now on top? I think at least for now the answer is not so simple because one piece of malware may make it into IE7 and not FF3, while another may make it into FF3 and not IE7.

Browse on.

Posted 6 years ago
Top
 
Lighthouse
Lighthouse
Posts: 13598

@ScottW. Yes good, BUT. How is someone, that has just bought a computer (and knows nothing about it), going to find your (or anyone elses) article on the subject (and understand it) to be able to protect their system?

Posted 6 years ago
Top
 
raphoenix
raphoenix
Posts: 14920

Agree With All AND ScottW,

I'm on this site with a laptop dropped off by a friend this morning after I finished cleaning it up (out). Have never seen so much Viruses, Spyware, BHOs, etc.. on one machine. Debating how to keep it from happening again so it won't be back on my table but know my friend has a bad habit of clicking on everything and doesn't know anything about what's in his machine as Lighthouse says. My friend just thought his machine was "broke" and ask me if he should buy a new one (LOL).

Regards,
Rick P.

Posted 6 years ago
Top
 
whs
whs
Posts: 17584

Now we get to the point that Lighthouse makes. Someone that just bought a computer is lost. But there the "bloat" comes in. A 3 month trial of Norton or McAfee or whatever will at least make the person aware that such a thing as Security Suites exists. How else would he/she know. And Btw: the same goes for all the other "bloatware" which actually can be an orientation help for the beginner.

Posted 6 years ago
Top
 
raphoenix
raphoenix
Posts: 14920

whs,

YOU MAKE A GOOD POINT !!

Never considered the issue from that aspect. You express wisdom in your comment.

Regards,
Rick P.

Posted 6 years ago
Top
 
ScottW
ScottW
Posts: 6609

@LH: what whs said -- there needs to be more education. I'm doing my part in my little world. I tell my friends and family and members of this forum who ask about security or have suffered an infection.

@jmcguire: what makes you say Opera is the most secure Windows browser? I haven't used it, but I find no information proving or even suggesting that it is most secure. I hope that you are not suggesting that Opera is the new Firefox -- so little market share that the hackers aren't targeting it?

@BobJam: why do you say that IE7 is catching up to FF in terms of security? Are we just talking about lots of patches from MS? I don't believe IE7 has a Service Pack. Protected Mode? That only applies to Vista and you're an XP user, so I wouldn't expect that. Send me a link if that's where your info comes from. I am neither arrogant nor close-minded.

@ALL: one last thing about the User Security "Layer", then I will move on. Thing is that this is not really a layer. A user who is ignorant of security concerns will not be safe at any of the real layers. They won't know how to plug holes in their router and firewall (network layer) nor how to tighten security in their browser (application layer). So, I would argue that you can't judge a browser by the type of user who is likely to use it. Instead, we should discuss how a browser behaves for a user who is security-aware and another user who is security-unaware.

Posted 6 years ago
Top
 
whs
whs
Posts: 17584

Rick, they tell me, wisdom comes with age. I am glad there is one person in the world who sees it coming - after over 70 years.

Posted 6 years ago
Top
 
BobJam
BobJam
Posts: 1052

ScottW . . . sent you the link in an email.

Posted 6 years ago
Top
 
jmcguire
jmcguire
Posts: 552

@ScottW, I used it for a short time, but honestly did not much care for it. The reason I said it is possibly the most secure is ratings from approximately one year ago ( I do apologize for not having a citation, I read hundreds of articles and never bookmark them ) it was ranked as the most secure. I do not know if this has changed or not, but it is still a very secure browser and the development team has always been quick to fix problems. Once again, note these were articles from approximately a year ago. As far as suggesting Opera is the new Firefox, of course not. I was simply pointing out it is a small market share.

@ScottW, I agree with almost everything you said. There needs to be more education on the issue. As far as security goes though, I think the best browser is one that performs the best for someone who is security aware and someone who is not security aware.

@whs, Very good point with the "bloatware" concept, I as raphoenix had never thought of the issue from that perspective.

Back to the issue of browser security in relation to security aware and non-security aware. The field of Human Computer Interaction is a fairly new idea of importance to the computing world. Microsoft spends money many of us could only dream of on this concept every year. We as users are accustomed to certain things, even though it may not be the best design. Sadly this leads to certain things that are such a cornerpost that it may never change. I am getting off topic, but I said that to say this: While I think a browser should operate in such a way that the security aware and non-security aware are equally covered, it would be very difficult to do. For anyone who has studied Human Computer Interaction, may know where I am getting at. If not, I do not care to explain, just ask.

So while I disagree with ScottW, I have to agree with you at the same time. Currently this is the issue we need to discuss, but the ultimate answer to is develop better more intuitive software for both user groups.

If anyone is interested in Human Computer Interaction go to Amazon and search for "About Face 3." Very good textbook.

Really while this discussion is about browsers, it essentially comes down to IE vs Firefox, because the other players in the game simply do not currently have as big of an impact, so I suggest someone start the discussion on very specific issues AND HOW THE ISSUE IS HANDLED.

This type of discussion will be more effective.

Posted 6 years ago
Top
 



Topic Closed

This topic has been closed to new replies.

Enter Your Email Here to Get Access for Free:

Go check your email!