Langa Letter: The Pros And Cons Of Firefox - InformationWeek
Software // Enterprise Applications
09:35 PM
Fred Langa
Fred Langa

Langa Letter: The Pros And Cons Of Firefox

Firefox is a good browser but not the panacea its most ardent fans think it is. While Microsoft's IE gets most of the attention for its security vulnerabilities, the reality is that Firefox (like other open-source products) has security flaws of its own of that readers need to be aware of, Fred Langa notes.

Leap Of Illogic
Imagine two products--it doesn't matter what kind. Let's say that one product has 1,000 customers, and a terrible reputation for reliability. The other has only 50 customers, but a great reputation. Why the difference in reputation? The small product has only 2 or 3 customers with problems, but the large product has fully 50 customers with problems. In other words, the large product has as many trouble-plagued customers as are in the total user base of the small product. No wonder it has a bad reputation!

You can see where this is going, of course: Both imaginary products actually have exactly the same 5% trouble rate. It's only the disparity in the size of the user base that makes them seem different. In reality, they are both roughly equally reliable--or unreliable.

Using the same simplified analogy, and everything else being equal, a browser with a 95% market share will generate 95% of the problem reports in a given area. That doesn't mean that the browser with a 95% share is necessarily worse than a browser with a smaller share, just that a larger user base means larger numbers of problems; and a smaller user base means a smaller number of problems.

Of course, things do get more complicated when you shift to the real world. For example, the "everything else being equal" part of the above analogy fails when discussing Windows 95, 98, and Millennium Edition because they're not the equals of any of the current generation operating systems. Rather, Windows 95, 98, and ME have fundamental architectural problems that make them hard to secure: They are, at their core, still that "easy-to-connect-to" operating system from a decade ago; and not well suited to today's computing environment.

But on the flip side, the "everything else being equal" argument also breaks down for Linux and other open-source software because, as small-share players, they've gained a reputation for security that's at least partly undeserved: Low numbers of problems is not the same as a low percentage of problems. (We'll come back to this in a moment.)

Plus, this software has only recently begun to receive serious scrutiny from the malicious hackers, crackers, cyber-vandals, and other lowlifes that have traditionally focused on Windows. Consider that, historically, Linux was a numerically marginal player, attracting mainly users with a high degree of skill and knowledge; these users were "friendly" to their operating system of choice, and were not inclined to mount attacks against their fellow users. Instead, when these users found an exploitable hole in part of the operating system, they reported it and helped to correct it. In fact, this was an example of the open-source movement at its finest.

But today, open-source software has moved into the mainstream. For example, there now are enough unskilled and semi-skilled users of Linux that the operating system presents targets of opportunity for the unscrupulous. And with more crackers seeking open source security flaws for malicious exploitation, more and more are, in fact, coming to light, as a variety of independent sources confirm.

2 of 4
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll