Software // Enterprise Applications
Commentary
4/19/2005
05:15 PM
Commentary
Commentary
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Responses To "Langa Letter: The Pros And Cons Of Firefox"

To quote Mark Twain, there are three kinds of lies--lies, damn lies, and statistics. This is aptly illustrated by Fred Langa's naive use of statistics to show the relative security between Internet Explorer and Firefox.

The number of security holes found in one product over another does not tell the whole picture. How many are found but not reported? How serious are the problems? How soon are fixes issued? The open-source model means that all security holes are known. It also means that they are fixed--there is no hiding security holes through being anonymous.

The 95% of the market argument is also, besides tiresome, not particularly applicable. The 5% to 10% of the market that uses non-IE browsers is the more demanding 5% to 10% of the market--the ones who expect better and are more demanding of their product than the IE users.

Simply put, where was spyware when the market share was in Netscape's favor? Has anyone actually gotten a spyware infection from using Firefox?

Clint Ricker
Systems and Network Administrator
Northeast Georgia Internet Access
Athens, Ga.


Based on reading Fred Langa's April 18 article, "Langa Letter: The Pros And Cons Of Firefox," it is clear that he does not understand the subject matter he is dealing with and that he did not do any real research into it.

He assumes that people download Firefox because it is some kind of security "panacea" to Internet Explorer. The open-source movement, including Mozilla, has never made that claim and states that no software product is perfectly secure. I switched, and I believe that many others did for the same reason, because we were looking for a simpler, more functional browser. Firefox provides that with a clean smooth interface, tab browsing, and RSS feeds.

As far as security goes, that is just icing on the cake for me. I used to have to clean my computer out once a week when I used IE to keep all the malware, spyware, and adware from slowing my system down. Now I just use my malware, spyware, and adware scans monthly. Does Firefox stop every insidious piece of software from getting through? No, but it stops the bulk of them. I went from around 100 critical pieces of spyware, malware, cookies, and adware weekly with IE down to 10 cookies monthly with Firefox.

This leads to an illogical fallacy Fred Langa seems hell bent on perpetuating from other article writers: The more popular a product is, the more attacks that will occur against it and will succeed. The popularity of product and its shortcomings to be attacked are two separate things. Popularity has to do with the number of people who think that a product is good, while attacks have to do with the quality of the code. If the code's quality is high, then it doesn't matter how popular it is because the browser still won't have weaknesses that will allow many attacks or even that many attacks that succeed.

This leads to another illogical fallacy Fred Langa uses: All bugs are created equal. IE may have 13 and Firefox may have 21 bugs, but no mention is made to the level of dangers these bugs represent to the user's computer system. A bug can be as simple as a problem with easy spoofing to as dangerous as system access. Fred Langa didn't even go to http://secunia.com to see what their studies showed about the bugs in both IE and Firefox.

Fred Langa talks up IE's problems as being only about being the most popular and therefore more likely to be attacked, yet he doesn't really talk about the nature of IE or Firefox and their underlying differences. Langa doesn't cover IE's major flaw, ActiveX, except in passing, which is the source of most viruses as it creates the holes and external controls hackers and virus writers need. With Firefox, Langa seems all too happy to cover what he sees as flaws without talking about the W3C standards, which are standards for coding and rendering Web sites that all third-party browser follow and more and more Web designers follow and Microsoft doesn't follow.

Overall, Fred Langa's article is a sad disappointment. He makes assumptions for why people switch and for other people's expectations of security. He uses two illogical fallacies--popularity equals attacks and all bugs are created equal--to try and disprove Firefox's value compared to IE. Finally, he doesn't even talk about ActiveX in any depth or W3C at all, which anyone who actually did any research would have done.

Keith Gallistel


At first, I was interested in what Mr. Langa had to say about Firefox. However, my interest soon turned to dismay.

After making a good argument about reputation and the relationship to number of customers and number of bugs, he fails to provide the numbers to make his argument justifiable. If his argument is sound, then it should be relatively easy to pull the numbers form CERT, Symantec, and others to show his argument is justified.

Why didn't Mr. Langa research and provide the numbers?

He also failed to extend his argument to look at the severity of the bugs and their rate of occurrence as an indicator of quality, reliability, and security. Something many of the comments in the forum point out in detail, so I won't duplicate them here.

Mr. Langa makes some good points about the differences between Microsoft software (and proprietary software in general) and Firefox (and open-source in general). He also made a very good point that ALL software is flawed, something that is true not only for software, but just about everything humans make.

However, I found his article lacking a level of rigor and detail that I have come to expect of high-tech journalists. I found the article not to be an objective analysis of Firefox. While making some valid and useful points, it seemed to be more of a subtle smear job on Firefox and open-source projects.

Given Mr. Langa's extensive work in computer journalism, I am very disappointed in this article.

John Thompson
Computer Consultant
Thompson Computer Consulting
Pleasanton, Calif.


Previous
1 of 4
Next
Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on InformationWeek.com
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.