Firefox: More Errors Than Internet Explorer, But Faster Solutions

The Firefox vs. Internet Explorer debates are much like the Mac vs. PC wars. Everyone seems to choose sides, and the Firefox crew proselytizes much like Mac owners do.

Now we learn that Firefox actually has more bugs and security vulnerabilities than Internet Explorer. Really.

Our shock and disappointment felt like a sucker punch to the gut. Firefox has been good to us, with fewer pop-ups, cleaner page loading, and a The pain and suffering rapidly subsided with the follow-up, though: While Internet Explorer has fewer gaping security holes, Microsoft takes NINE TIMES as long to patch each problem. Nine.

Why does a corporation the size of Microsoft take that much longer than Mozilla to fix a problem? Well, laziness comes to mind.

Bottom line: Despite a great raw number of errors in the browser, Firefox is still better at warding off attack by viruses and other nastiness than IE. Add that to your hymnbook.

Firefox Buggier, But IE Takes 9 Times Longer to Patch [Information Week]

Comments

Edit Your Comment

  1. Falconfire says:

    Food for thought.

    1) We are getting numbers from a company who wants nothing better to SELL you virus protection software… even going so far as to invent viruses and vulnerabilities to sell it. They want nothing more than to make you paraniod.

    2) Firefox works on multiple platforms, IE works on one… Windows. Two if you count Apple which they stopped development or even supporting with IE over 2 years ago.

    3) The problem with browsers is not so much they can be vulnerable to a smart hacker, its that in Microsofts case the browser is so intigrated into Windows that it becomes extreamly easy to hack a persons computer simply by surfing them to a website. Even Apple has system administration rights in place that prevent a website from just changing things on the computer. Even if it tries it warns the user about it. IE does not.

  2. RumorsDaily says:

    Ed Rooney: So far this semester he has been absent nine times.
    Katie Bueller: Nine times?
    Ed Rooney: Nine times.

  3. Veinor says:

    Also, the Firefox vulnerabilities are easier to discover, given that it’s open source. IE relies on security by obscurity, to a certain extent; also, the FF exploits are usually less severe.

  4. “Why does a corporation the size of Microsoft take that much longer than Mozilla to fix a problem? Well, laziness comes to mind.”

    Working for Microsoft (but not the IE team), I can safely say this.

    Microsoft isn’t lazy. It’s most likely because (like falconfire said) IE is so ingraned into the system, they want to make sure any fix that happens doesn’t open up new holes. It does, but they want to make sure that the amount of new open holes is minimial.

    “Now we learn that Firefox actually has more bugs and security vulnerabilities than Internet Explorer. Really”

    The reason? Faster updates.

    Good, Fast Cheap. Pick 2.

  5. mechanismatic says:

    I’ve never had a problem since switching to Firefox. And the extensions are awesome. And Internet Explorer displays xhtml elements improperly. I recently tested IE7. Sure, there are a few improvements, but it also hijacked my html file icons. I had to uninstall it just to get that ugly blue and yellow icon from showing up despite the file manager saying that the firefox icon was still the default. If Firefox crashes, it doesn’t crash Windows.

  6. scottboone says:

    The report seems to miss that Firefox’s vulnerabilities were found in source code that is open to the light of day…the hackers merely have to sift. On the other hand, the IE source is FAR from open. It is a wonder that Firefox as suffered so FEW issues.

    Also, several of the vulnerabilities attributed to Firefox were “responsible disclosures” resulting from the Firefox team’s own quest to squash such things. How many of the IE vulns were handled in the same fashion? The report lends no respect to such kind behavior.

    This report smacks of hypocrisy…thieves in glass houses throwing stones at the honest who admit to walking off with a few dozen counter pens in their lifetime!

  7. AcidReign says:

    …..I’ve been using Firefox for about two years, after getting hosed repeatedly with MSIE. No browsing solution is perfect. I got a naesty trojan recently via Firefox, but I suspect that it was delivered via an .mpeg, and didn’t become active till played by Windows Media Player. Hard to tell. I relied on a day-old backup, and Dban’ed my disk, and reinstalled everything. So I don’t know for sure. Better safe than sorry. Bastards. Killing the hand that feeds, to be sure…

  8. Xkeeper says:

    Oh, Opera, you poor, forgotten browser. How I love you so.

    It’s funny how Opera is so overlooked, yet so much better than Firefox, not to mention available on most platforms, too.

  9. inzain says:

    Why does it take nine times as long for Microsoft to release a patch? You answered your own question – they’re a large corporation. This means that they’re actually responsible for what they release, and as such, they have to do vigorous testing to make sure that the browser used by 80%+ of computer users doesn’t get broken by a patch.

    Mozilla doesn’t have that burden. They release a patch very quickly (usually the same/next day as a disclosure), and then they let their user base test it. If someone’s computer gets hosed because of it – oh, too bad, you shouldn’t have been using beta software. Lack of accountability is one of the great points of open source software development.

  10. Paul says:

    Mozilla has the worst support for any software I’ve ever used. I was dumb enough to use Friefox and Thunderbird in my business environment. I loved tabbed browsing. I did not love the day when Thunderbird lost every e-mail I’d sent or received in the last week. Mozilla’s “support wiki” says tey don’t know why that happens, but to avoid the loss of all of your e-mail, just don’t install using the default settings…let that concept marinate for a second.

    And I once used Firefox to save a 450 files when we lost ftp access to a mission-critical system. It showed progress and completetion times for all 450 files, but only downloaded 20. Mozilla’s support site says yeah, it happens. They don’t know why. Erase this obscure file and try again…after all, that file “gets corrupted” a lot.

    Firefox and Thunderbird both show great promise. But when you KNOW anyone who installs using the default settings faces the loss of all stored e-mail, permanently, for unknown reasons, you should not be marketing your product, you should be labeling it “beta software.”

  11. mfergel says:

    I love Firefox but there must recent update has a serious install problem. it locks into a loop when trying to do the autoupdate install. It claims the browser is already running and that he needs to be shut down to continue, despite the fact that all Firefox instances are closed.

  12. JackieTreehorn says:

    I use Opera, too. Me likey. Me likey a lot.

  13. Hooray4Zoidberg says:

    @AcidReign that trojan you got was from a flaw in WMP, not firefox. I was hit with the same one a while back through firefox. It just loads WMP through an html object tag.

    As someone who works in the software security industry I wouldn’t be caught dead using IE. Maybe it does have less security flaws, but it seems like every week someone exposes another one. Firefox has gained enough market share at this point that it would be logical for hackers to start targetting it. Yet I haven’t seen anything bad latley. Most of the time I can safely surf a dangerous site with firefox that will destroy a computer using IE within 10 seconds.

  14. I’ve been using Firefox for about 6 months now…and I love having complete control over scripts with the script blocker extension.

    The extensions alone are worth any bugginess…although I’ve never experienced any myself.

    I’ll never go back to IE…never.

    And no browser war should go without mention of this: http://www.youtube.com/watch?v=M9BON5nd8Fg

  15. mechanismatic says:

    inzain,

    I find the concept of Microsoft being accountable humorous. They got off easy with the antitrust stuff. A lot of their software is flawed and vulnerable. And when they come up with new ways to squeeze consumers out of their rights or gouge them for more money, they don’t do a thing. You can sue them of course, but they’ve got more money than god, so who can buy the better lawyers? Open source isn’t perfect, but it’s a damn sight better than getting shafted by the man and infecting your files with drm and authenticity verification software. Bashing firefox because it’s not produced by a big company is like telling little kids to suck it up when a bully steals their lunch money.

  16. inzain says:

    I wasn’t bashing Firefox. It’s arguably one of the best things that has happened to the web since Netscape. I’ve been using Firefox back when it was still called Phoenix, back when nobody knew what extensions were, back when everyone thought IE was good enough.

    What I AM bashing, however, is the pointless Microsoft hate. Sure, a lot of Microsoft software is vulnerable, but ALL software is. The article we’re replying to attests to that – despite “security” and “safety” being the #1 reason for Firefox fanboys to recommend it, it has more vulnerabilities than IE. You’ll see the same when you compare Apache to IIS or any other large OSS program to its Microsoft alternative.

    And, come on… DRM and Authenticity Verification Software? Now you’re just copy/pasting karma whores from digg and slashdot. Never had any of that in XP (save WGA, which was really only inconvenient to those of us who pirated our version of Windows).

  17. Funklord says:

    I find the explanations for Microsoft’s glacial pace in fixing IE to be laughable. Let’s get real here. MS has a monopoly. Despite Firefox’s gains, MS still controls close to 90% of the browser market. When you have a monopoly, there is no pressure on you to improve your product. There’s no financial incentive for MS to make IE better or safer. What are people going to do, stop using IE? Yeah, right. IE has been riddled with holes for years and they’re still using it. MS will devote little time and effort to IE until people really begin switching to another browser. They’re just starting to get a little scared, hence IE7, the first update to the program in years and years.

    Summing up: having a monopoly means having no pressure to improve your product. Why waste the money?

  18. “I find the concept of Microsoft being accountable humorous.”

    I find your reply humorous. You seem to touch on allot of matters except the actual point. :) Let’s review.

    1) They got off easy with the antitrust stuff.

    So? What does the legal trouble have to do with how good/bad IE is?

    2) A lot of their software is flawed and vulnerable.

    You say allot of MS software is flawed. Can you be more specific? I will admit, Microsoft BOB had some troubles. :)

    Even so, surely you don’t think the team that worked on the (for example) office suite also works on the IE team… Or are you saying everyone at MS is an idiot?

    3) And when they come up with new ways to squeeze consumers out of their rights

    Again, I’m not argueing if they are or not. But how does the EULA (which I assume you are speaking of) effect the number of bugs in IE?

    4) or gouge them for more money

    Does Marketing actually put in more bugs due to higher prices in your world? Is the sky purple as well? :)

    5) they don’t do a thing.

    So, you aren’t aware of the patches that come out weekly?… or do you mean they aren’t sending you a special CD and $10 for your trouble as well?

    6) You can sue them of course, but they’ve got more money than god, so who can buy the better lawyers?

    Again, how does the amount of money the company have effect bugs?

    7) Open source isn’t perfect, but it’s a damn sight better than getting shafted by the man and infecting your files with drm and authenticity verification software.

    Spoken by a true pirate. :) Listen, I don’t agree with DRM. I think it’s evil and I’m actually fighting tooth and nail inside the company to reduce the impact of the end user (Someone at the consumerist can attest that this is comming from a Microsoft IP). As for Verification, a company has the right to protect it’s investment, but here’s the rub..

    YOU DON’T HAVE TO INSTALL IT.

    Did you realize that? It’s optional. Yeah, you don’t get all the new toys we put out, but did you actually expect to not be verified and get updates to your programs as well?

    7) Bashing firefox because it’s not produced by a big company is like telling little kids to suck it up when a bully steals their lunch money.

    Ah.. Here we finally agree. You shouldn’t bash FF just because it is open source. Likewise, you shouldn’t bash IE because it isn’t.

    I await your explination as to … well… what your actual point is except “M$ is EVIL”…

  19. mechanismatic says:

    inzain,

    Actually, I don’t read digg and slashdot. I’m speaking from my own experience. It’s a pain to access media with it that has drm. It takes time away from actually playing the content you’re trying to access. It’s unnecessary. It’s the whole make-guns-illegal-and-only-criminals-will-have-guns argument again. DRM only stops tech un-savvy people from enjoying their content under fair use principles. For professional coypright infringers like the people who sell cds on the streets for $5, it’s just a minor inconvenience. And WGA is a waste of time. I know I purchased a legit version of Windows. It’s already registered with MS. Why should I have to continue to remind them everytime I want to update my software that my copy is still legal? If they have problems with copyright infringment, it’s their problem. They shouldn’t make it mine.

  20. “MS will devote little time and effort to IE until people really begin switching to another browser”

    Umm..

    No one on the IE team works less then 50 hours a week currently. Granted, IE7 is comming out, but I can look up the hour figures from any version to any version and give you the average per week hours…

    Care to give me 2 versions?

  21. mechanismatic says:

    The actual point I was making with all my examples was that MS is not accountable, to the public, to the law, to its customers. I wasn’t specifically addressing the issue at hand in this thread regarding the bugs in IE and Firefox. I was pointing out a general trend with MS and their products.

    1) This example shows that they weren’t legally accountable for their business practices. This has nothing to do with IE. I never said it did.

    2) I don’t know how many times Outlook lost my emails until I quit using it. IE doesn’t display html correctly, which is a pain for web design – for instance, the error in adding horizontal values together instead of including them so that pages display wider than they’re supposed to. I won’t go into more detail on IE flaws. Just google ‘IE’ and ‘flaws’ and you’ll have enough reading material to put you to sleep. IE 7 hijacking my file icons and bypassing what the file type management displays as the assigned icon is just a minor annoyance. There’s much more to go on about, but it would take to much time. No, not everything MS comes out with is annoying or useless. When netscape stopped being supported, IE was the lesser of browsing evils. I’m just saying in comparison to Firefox, IE’s flaws are more apparent and less excusable.

    3) Not just the EULA but also what I’ve read (but haven’t confirmed albeit) about Windows Media Player 11. Not backing up rights and such. This doesn’t directly affect IE, but when there’s more integration of the internet and video media, I’m sure more problems will pop up.

    4) Marketing just makes the IE flaws less acceptable. Since Firefox is free, if you encounter a problem, you can say, “well at least I didn’t pay for this.” You can’t say that with MS. How about the way in which they used to include everything with Windows and now you have to purchase all the Office programs. They get you (and the companies you work for) used to using it and then they charge you later for newer version of what used to be free. You already pay too much for Windows without getting shafted on the frills.

    The sky can actually be purple during sunset. It’s very pretty.

    5) I’m not aware that the patches that come out weekly address the issues I’ve encountered. Usually the issues I have are corrected, or worsened, in the next version. The only time I’ve seen news of MS quickly patching something is when FairUse4WM came out and they patched it the next day. It’s no surprise they’ll patch a vulnerability that only addresses their iron grip on content that fast. The customers are addicted like it’s Starbucks coffee. MS can take it’s time because what else are people going to do?

    6) The money just means that if you sued them in an attempt to get them to address an issue, they’d win the lawsuit, so the consumer has no legal recourse. Again, MS is not accountable to law.

    7) The argument you don’t have to install it sounds nice, but doesn’t apply in this case. The illusion of a choice is not free will. You can choose not to install it on your home computer, but you still have to use it at work if the company you work for uses it. You have to learn it if you want a job in the tech industry. What if the educational institution you attend uses it? You can’t completely boycott MS unless you’re willing to live in a shack in the woods. If you want to use the internet, the servers might be MS. If you use your cellphone, the programs on it might be written in C++ using an MS IDE. About the only alternative you have is to become a mac addict, and that has it’s own shortcomings. If you want to play a new computer game, it’s coming out on PC first. There is no escape.

    MS isn’t evil. Bill Gates isn’t the antichrist no matter how you add up the numeric values of the letters of his name. But MS does have buggy software and apparently doesn’t seem too concerned if it’s customers are inconvenienced, vulnerable, or dissatisfied with their products. They have a secure hold on the market. I wouldn’t care either if I had all that money to throw around and knew more was coming in from companies too paranoid to trust an open source alternative because it’s not backed by suits and ties in Seattle.

  22. AcidReign says:

    …..Yeah, Hooray. I figured it was a WMP flaw. There are the geeky folk who switch to open source just because of the challenge and coolness factor, but I switched to Firefox because of being repeatedly beaned by drive-by crap. To me, your browser shouldn’t install shit without your ok, and Firefox (so far) fills that bill. Microsoft has finally gotten this, I think, but why should I switch back?


    ……I’ve resisted Thunderbird because I’m not sure about a number of things about it, and basically too lazy to try. AOL software has encrypted login, and as long as you back up the Optimize folder regularly, you’ll never lose your email archive. Acronis TrueImage takes care of that for me late every Tuesday night. Anything since will still be on AOL’s servers,

    …..(that path is:
    C:Documents and SetttingsAll UsersApplication DataAOLC_America Online 9.0organize.)

    …..AOL’s also got a pretty big attachment limit, 14 megs last time I checked. I can send and receive those big old 10 minute 160K mp3s…

  23. madderhatter says:

    I use a plethora of browsers and operating systems between home and work. You want a secure operating system ? Get FreeBSD. You want a secure browser ? Get Lynx.

    Text-based and secure, or a GUI and always have the wool pulled over your eyes – make up your mind.