A few corrections to JoshB's misstatements:



> Firefox sux.....uses more system resources...



I haven't compared the memory footprint or CPU usage, but in my anecdoatal experience, Firefox loads faster and renders faster than IE. I *have* managed to hang Firefox, but it took something like 100 windows/tabs to do it. (a little mistake with an extension that lets me open every link on a page at once ... )



> and when used in conjuction with Google toolbar, you leave

> your system even that much more vulnerable to security risks

> and attacks...



I'm not even sure what this guy is trying to say, but if he is saying that the Google toolbar is somehow a vulnerability in Firefox, he's badly misinformed.



> Go with IE.....who would u trust more..Microsoft..or

> Firefox...come on..whos been in the game longer



I'd trust the one that doesn't have a history of enormous security vulnerabilities, of refusing to acknowledge they exist, and taking forever to fix them. And, um, that one would NOT be Microsoft.



> Another note.......I forgot to mention........if you're worried about

> security risks....Firefox is open source...meaning anyone can

> change it....and how it works.



You are badly misinformed about what open source is.



Just because you can, if you want, download the source code to Firefox and build your own version however you like doesn't mean you can do anything to anyone ELSE'S copy of Firefox. I can copy this web page, too, and do whatever I want to my copy, but this page will remain here on Yahoo just the same.



The Firefox project managers have very strict standards for what they accept into their codebase, and anything that DOES go in, even from a recognized developer, has been seen, reviewed, and tested to destruction by a lot of experts -- quite probably, more than review any given piece of IE code.



== THE ACTUAL ANSWER TO THE QUESTION ==



If a flaw does turn up in Firefox -- and of course some have -- those same experts find it, fix it, and push the patch, often within hours. Microsoft, on the other hand, rarely patches more than once a month, and that's after they've finally admitted that the problem exists in the first place, which may not happen for quite a while.



There's a bigger reason why Firefox is more secure, and will always be more secure, than IE, however: integration. As part of their defense against the big anti-trust case, Microsoft claimed that IE (which they had up until then treated as what it was, an application program -- they even sold it to Mac users) was "part of the operating system" and therefore couldn't be removed. In order to make that real, they actually wrapped parts of it into the core of Windows. So, when an exploit targets IE, the bad guys are already inside the walls. It's part of Windows (sort of) so Windows trusts it in a way it wouldn't trust any normal app, whether a game or a word processor -- or another browser.



Also, as many people have pointed out, the bad guys go for the softer and more profitable targets. Not only are there more people running IE, but more of them are clueless lusers who have no idea how their computer works or what it does. People who are competent enough to change to Firefox, Opera, or any other browser, on the other hand, might not be uber-geeks but they do show some degree of cluefulness, so they're more likely to have anti-virus software, firewalls, spyware removers, and other security tools in use. So they're not only a smaller set of the possible targets but they are, on the average, tougher to crack. So they'll be sticking with targeting IE for a long time. This is why many IE exploits are found in the wild, really taking over people's computers and doing bad things, while most if not all Firefox exploits have been proof-of-concept stuff, not running around the Web eating your computer.



Note: Firefox 2 now has built-in spell checking. I love it, especially when I'm typing while half asleep!



-- added 10/25 --



A quick response to the post by "oddball" (aka Mastertech, Mike G., etc.)



> It cannot stop viruses or spyware.



Since it doesn't natively support VBA or ActiveX, both of which have full access to your computer, it isn't vulnerable to the kind of drive-by downloads and trojan droppers that have plagued IE. That's certainly an effective way of (as the asker said) helping you prevent them.



> Firefox does not allow the use of ActiveX, so, you will still need

> to use IE on sites that require ActiveX to be used.



Which there are very few of. There is, however, an ActiveX add-on for Firefox if you really REALLY need to use it for a particular website. Of course, that brings in the whole ActiveX vulnerability again. That's something only Microsoft can fix.



> The only reason that Firefox was not attacked previously is

> because there was so few users.



Incorrect. While that certainly is a factor, it is far from the only, or even the major, factor. IE is trusted by Windows in a way that other applications, such as Firefox, are not. An attacker targeting Firefox has to start by breaking down the door; an attacker targeting IE is already inside the house.



> People using firefox are being infected all the time.



Simply, a lie. It isn't happening. Given all the interest in Firefox, it would be a news story to make the Melissa virus look trivial if it happened. It hasn't.



> Firefox just released a new version that is supposed to fix areas

> that was allowing access for infections.



Also wrong. Firefox 2.0 (available as of yesterday) implements new features, a more efficient engine, etc. Security flaws found in Firefox are patched within days, often hours, of their discovery, rather than waiting for a new release or even the equivalent Microsoft's "Patch Tuesday".



> It also had to add some features that IE7 has and it didn't.



That is backwards. IE7 was released to add features that have been in Firefox for years. IE just added tabs, better CSS support, and some other odds and ends. If there is any feature IE7 has that Firefox doesn't, someone will be sure to come out with an extension that adds it.



For further information, here is a rebuttal (not mine) of the anti-Firefox website:

http://nanobox.chipx86.com/blog/2005/12/re-firefox-myths.php



I'm not sure what oddball's issue is, but he is deliberately putting innocent people (or at least their computers) at risk with his misinformation.

People in here who have been bagging Firefox are also forgetting one other vital statistic.



IE is used by say 85% of the pop. Firefox say 10%. If you are a virus writer and are going to go to all the effort of creating a virus and wreacking havoc, which one would you choose to write one for? the one that only has 10% of the market? come on now. For that reason alone, Firefox is already much safer.

IE has alot more security holes, microsoft has a large history of leaving plenty of flaws, but firefox has less holes that can be exploited. also, most virus/ spyware/ malware companies target microsoft's internet explorer and firefox is a whole different browser than IE.

Go with firefox, firefox has alot of plugins and themes to customize your browser. i have downthemall, siteadvisor, and download helper.

http://www.firefox.com/products/firefox

http://www.siteadvisor.com

Firefox 2.0 was released today with improved virus protection and phishing.



IE7 is still Internet Explorer a 85ish% percent of the browsing market share. Mozilla Firefox is gaining popularity, but... Why make viruses for a small percentage of the population? Everything can be subjected to viruses if one tries hard enough.



Firefox is freely open source with many a cool add-on (both extensions and themes).



Firefox is the verdict.



-specialk



P.S. - "They [Microsoft] have been in the game longer." Pah. Why did it take them 3.5 years to come out with an update to their web browser and fixes to many known holes?!?!

2

Don't get Norton, it will just keep asking you for money. Browsers DO NOT prevent Viruses. Anti Virus programs do. However, there are other types of Malicious software that can get on your computer and cause problems. Firefox is good if used with these plug-ins: Add Block Plus, Better Privacy, Web Of Trust, and No script. Microsoft Security Essentials is a very good FREE anti virus program.

Firefox has a built in pop-up blocker. It's updated more often, and is free. Plus, it's harder to hack. Yes, it's open source. That means that people can fix the holes that others might exploit.

Neither has actual anti-virus software... but you can download free software for scanning that work really well, and have nearly daily updates.

Firefox has loads of optional extensions that you can download to make your browser safer, faster and less annoying. You can block all those wiggly jiggly Flash driven advertisements, for instance. It's just so much FASTER and it never causes me any stupid windows errors!

Most of what Firefox claims is flat out lies. It cannot stop viruses or spyware. You still need to use the same Security programs that you use with IE. Firefox does not allow the use of ActiveX, so, you will still need to use IE on sites that require ActiveX to be used.



The only reason that Firefox was not attacked previously is because there was so few users. With all the lies they told an got use, the hackers are now focusing effort on firefox. People using firefox are being infected all the time. Firefox just released a new version that is supposed to fix areas that was allowing access for infections. It also had to add some features that IE7 has and it didn't.



Here is a site that has all the proof about Firefox's bogus claims.



http://mywebpages.comcast.net/SupportCD/FirefoxMyths.html

Newton K Covered many of the points quite well.



%85 was a 2 year old figure. On sites I visit Firefox has sometimes twice as many hits as IE. Many nuetral sites are seeing at least 50/50 usage. IE does not have anything close to %85 market penetration. Safari alone has close to %10. Firefox at least %40. Netscape, Galleon, Konquerer, Opera and others combined a good %3-5. %10 of the desktops out there run Linux and there IS no IE version for Linux. Apple users another %8 of the desktops can run IE but tend to run Safari or Firefox. So %85 is grossly exagerated.



Lets start with Vulnerability patching and reaction.



Microsoft - Typically will deny the problem even when known exploits are circulating. Patches only arrive after national media finds out about the problem and makes it impossible to ignore. Patches are then released on the next patch release cycle. There are too many too release each time a vulnerability is found.



Firefox - Exploits are generally addressed in days. Even for example the recent exploit that turned out to be a blatent lie. Firefox's developers worked hard at finding the so called exploit and could not reproduce it nor find it. This exploit was not even actually a Firefox issue it was the Javascript engine that Firefox and most if not all other browsers use. Still they worked hard until the perpetrators admited it was a hoax. Patches are released as soon as they are ready and tested.



Executables tossed at the browser.



IE - Will automatically run anything thrown at it the right way. There is no way to defeat this behavior without some serious registry hacking. Frequently this is the route spyware uses to gain entry to people's machines. Spyware makers take an add on a legit website and in the HTML of the add will push an executable at IE users.



Firefox - Unless you set firefox to execute a particuler extension it will ask you what to do with it. Nobody sane would automatically execute .exe .com and other executable extensions. That would be like holding up a sign saying please infect me with a virus or spyware. Firefox gives you complete control over what you do with any given extension. If a vulnerability comes out for a plugin. For example if Adobe has a vulnerability with Firefox you can turn off using Adobe for PDFs until it is fixed. With IE you just have to hope you don't run into the exploit.



VBA - This is Microsoft's equivalent to Javascript. It is a completely failed idea which should have been long ago removed from all non-office Microsoft products. It hasn't. In fact in most you cannot turn it off. If you want to turn VBA off in IE6 you have to turn all scripting off. VBA has no sandbox. That means that any script that uses VBA can do whatever it wants to and with your system. The same DLLs your system uses to delete, create, install files are exposed to VBA. So as long as VBA is enabled in IE any website you visit can do anything it wants to your computer. All it has to do is get a VBA script into it's HTML and get it executed by IE. This can even be hidden in email that you read from web based email sites like Hotmail or Yahoo.



Firefox does not support VBA. As such it cannot be exploited in this way at all.



Javascript. - Every so often a vulnerability is found in Javascript. These are rare. Usually there are 3-5 years between serious Javascript vulnerabilities.



IE and Firefox both support Javascript and are both equally vulnerable to Javascript vulnerabilities.



System level privlages.



IE - As already pointed out. IE runs as part of your operating system. This was done purely to keep ISPs and others from removing IE from a machine and to satisfy legal preceedings. Microsoft finally admited it was not integral and is supposed to release an IE free version for Europe. The problem is simple. If IE is comprimised it has the most dangerous privlages you can give an outsider. All security is bypassed. No security measure can help.



Firefox- Runs in user context. If Firefox is comprimised and the user does not have rights to install software then it is extremely difficult to infect the machine. Firefox by not running as a system process prevents the evading of user rights that happens with IE vulnerabilities.



Cookies



IE - has very primitive Cookie control and virtually no way to examine cookies.



Firefox - Complete fine grain control of cookies. Ability to examine the contents of any cookie set in Firefox. Interface is easy to use. Easy to work with.



Active X - Origionally designed to facilitate developers in embedding functionality from other applications or in place of dynamic link libs. OLE, DLLs and other methods quickly made Active X objects obsolete. Active X for a time was quite popular on websites until back end scripting languages like PHP and Cold Fusion as well as advancments in Java and Javascript made it again obsolete. ActiveX from day one has been plauged with security problems. Even Microsoft at times has said do not use ActiveX.



IE- ActiveX by default is enabled. This is very dangerous. Many websites will write ActiveX interfaces for IE and use more convenctional methods for other browsers. So to visit a site safely many IE users have to use Firefox or Opera to avoid exposing themselves to ActiveX



Firefox - Does not support ActiveX. It is an obsolete and insecure method of delivering web content. As such Firefox is not vulnerable to most ActiveX attacks. The user has to ok ActiveX objects I believe for them to run if they are supported at all.



Spin the wheel often enough and something will break. IE changes the way HTML and other protocols with almost every version. So much so that at times there has to be many forks in how website designers prepare a website to compensate for the differences between IE versions. Since IE uses a mostly propriatory way of rendering HTML pages despite being a major part of the design of the web standards it basically plays Russian roulette with every redesign. Sooner or later they are going to introduce a really big whopping unfixable vulnerability. In contrast Firefox and other WC3 compliant browsers adhere to a set of standards that makes it easy for all software to work and play well together. Just common sense to not thrash about and inflict such woes on anybody unfortunate enough to encounter Microsoft products.



I am forgeting some of the reasons. There are just so many reasons why Firefox is more secure than IE. I can think of zero aspects of IE that is more secure than Firefox and very few where they are equal. In terms of extensibility Firefox wins hands down. People do things with Firefox and make public the plugins that I never thought anybody would attempt to do with a browser. There are literally thousands of Firefox plugins. You can run Firefox on anything. So your bookmarks will travel from different operating system to different operating system. Firefox has pioneered or adopted years ago many features IE still doesn't have or just now adopted with IE7. So in terms of using current technology Firefox has IE beat hands down. I can think of no reason anybody would every use IE to be honest.

Firefox sux.....uses more system resources...and when used in conjuction with Google toolbar, you leave your system even that much more vulnerable to security risks and attacks...



Go with IE.....who would u trust more..Microsoft..or Firefox...come on..whos been in the game longer



Another note.......I forgot to mention........if you're worried about security risks....Firefox is open source...meaning anyone can change it....and how it works.

well there are no such programs to stop viruses they get thru anyway but their are things that help (firewall, norton ect...) firefox is again a ripe off