Software // Enterprise Applications
Commentary
4/14/2005
09:35 PM
Fred Langa
Fred Langa
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Langa Letter: The Pros And Cons Of Firefox

Firefox is a good browser but not the panacea its most ardent fans think it is. While Microsoft's IE gets most of the attention for its security vulnerabilities, the reality is that Firefox (like other open-source products) has security flaws of its own of that readers need to be aware of, Fred Langa notes.

Leap Of Illogic
Imagine two products--it doesn't matter what kind. Let's say that one product has 1,000 customers, and a terrible reputation for reliability. The other has only 50 customers, but a great reputation. Why the difference in reputation? The small product has only 2 or 3 customers with problems, but the large product has fully 50 customers with problems. In other words, the large product has as many trouble-plagued customers as are in the total user base of the small product. No wonder it has a bad reputation!

You can see where this is going, of course: Both imaginary products actually have exactly the same 5% trouble rate. It's only the disparity in the size of the user base that makes them seem different. In reality, they are both roughly equally reliable--or unreliable.

Using the same simplified analogy, and everything else being equal, a browser with a 95% market share will generate 95% of the problem reports in a given area. That doesn't mean that the browser with a 95% share is necessarily worse than a browser with a smaller share, just that a larger user base means larger numbers of problems; and a smaller user base means a smaller number of problems.

Of course, things do get more complicated when you shift to the real world. For example, the "everything else being equal" part of the above analogy fails when discussing Windows 95, 98, and Millennium Edition because they're not the equals of any of the current generation operating systems. Rather, Windows 95, 98, and ME have fundamental architectural problems that make them hard to secure: They are, at their core, still that "easy-to-connect-to" operating system from a decade ago; and not well suited to today's computing environment.

But on the flip side, the "everything else being equal" argument also breaks down for Linux and other open-source software because, as small-share players, they've gained a reputation for security that's at least partly undeserved: Low numbers of problems is not the same as a low percentage of problems. (We'll come back to this in a moment.)

Plus, this software has only recently begun to receive serious scrutiny from the malicious hackers, crackers, cyber-vandals, and other lowlifes that have traditionally focused on Windows. Consider that, historically, Linux was a numerically marginal player, attracting mainly users with a high degree of skill and knowledge; these users were "friendly" to their operating system of choice, and were not inclined to mount attacks against their fellow users. Instead, when these users found an exploitable hole in part of the operating system, they reported it and helped to correct it. In fact, this was an example of the open-source movement at its finest.

But today, open-source software has moved into the mainstream. For example, there now are enough unskilled and semi-skilled users of Linux that the operating system presents targets of opportunity for the unscrupulous. And with more crackers seeking open source security flaws for malicious exploitation, more and more are, in fact, coming to light, as a variety of independent sources confirm.

Previous
2 of 4
Next
Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 20, 2014
CIOs need people who know the ins and outs of cloud software stacks and security, and, most of all, can break through cultural resistance.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.