Responses To "Langa Letter: The Pros And Cons Of Firefox" - InformationWeek
Software // Enterprise Applications
05:15 PM

Responses To "Langa Letter: The Pros And Cons Of Firefox"

First, I am surprised that no mention was made of the cause of most Firefox rendering errors in the article. Internet Explorer does not in any way support the standards for markup and stylesheets set by the W3C, and most of the noncompliant code written to work in IE will break in compliant browsers. The first thing I do when I get a rendering bug in Firefox is View Source, and every time the code is the same Microsoft-friendly slop, usually made worse by some worthless WYSIWYG editor. And out of thousands of Web pages, I've only run into this problem maybe a half-dozen times in the past year. Additionally, any image saved as a PNG is broken in at least two ways when viewed in IE, as Microsoft didn't see fit to support the gamma information or alpha channels in PNG files.

Second, there is no mention of Firefox's superior plug-in management. In IE, once I install an ActiveX applet from a Web site (an applet I'm not sure is even legit or that I even need to view the Web site, I might add), I have found no way to remove it. In Firefox, I have never been prompted to install anything unless I have clicked the "Install" button for a plug-in on Mozilla's Web site. Afterward, I can easily remove any plug-in I like at any time I like.

Last, there is again no mention of Firefox's superior usability. When I launch Firefox, it takes about half the time IE takes to load on the same machine in the same session. Firefox has tabbed browsing, a "search within document" that can start searching when I start typing, a download manager, an integrated DOM inspector, the option to view detailed information of a Web page (including all media, meta information, links, and forms), and all the functionality I had when using IE. With plug-ins I also have the option to remove all ads from a page (permanently if I use wildcards), create a TinyURL of a page, search for a term, and even view a page in IE with nothing more than a right-click and clicking on a menu item.

Oh, and should I ever switch back, will IE import my bookmarks from Firefox? I suggest actually using a program when writing an article about it.

Devin Goodman
Englewood, Colo.

In your discussion of the software with 1,000 users versus 50 users, you made a serious mistake. You assumed that no one would find the same bug twice.

Because people do find the same bug twice, and report it twice, and so on, the number of bugs detected per user in software with the same fault rate will be lower with more users than with fewer users.

Another aspect is that the smaller the user community is, the more likely people are to be active in it. If there is a bug, a user is more likely to report it. In software with a large user base, particularly with a user base as large as IE, the user base is likely to be apathetic, and not report bugs, because "someone else probably already reported this." Kind of an interesting twist on the math.

Because of this, you can't really say that the 1,000-user software with 50 bugs reported in a period of time is equally buggy as the 50-user software with two to three bugs. It's not linear; it's asymptotic.

Another point is that you did not address the severity of the bugs. This is a critical point--there are plenty of "security exploits" that are along the lines of "If the user jumps through hoop X and Y to get to the free porn on the other side, they can be tricked into giving out their credit-card number." Sure, whatever. You can't protect everyone from everything; it's not a serious threat. But when you get into a real problem that could easily be exploited by simply opening an E-mail, that is a very serious threat.

I don't know what the answers to these questions are, or if they have easy answers. I do think it's likely that your conclusion that "Firefox is hitting bugs because its user base is growing" is correct; however, I also think that the methods used to reach this conclusion are flawed.

David Bronaugh

In reference to Fred Langa's article stating that Firefox is less secure than IE: Is Fred really that stupid? He is confusing vulnerabilities that have been found by the "white-hat testers" with the vulnerabilities that have actually been attacked in the wild!

It doesn't matter if a product has one user, or all but that one user, the number of vulnerabilities will not change. The one with the most users MAY have the most attacks in the wild, but that still depends on how hard it is to attack.

A large percentage of the vulnerabilities found in Firefox were either also found in IE, were not found in IE because IE does not support the feature that contained the vulnerability, or came from code that has been used by many people, and came from outside the Firefox team. The latter problems also affect many other applications.

To the best of my knowledge, and I have read all reports that I could find, not one valid attack has been found that affected Firefox. Also, users are more likely to update Firefox than IE because the automatic update system does not require a reboot. At most, you may need to exit and restart Firefox, not the whole computer!

Most of the problems found with Firefox are not what would be considered critical, while most of the IE problems were classified as critical. Most of the Firefox issues were fixed very quickly, and the information was released by the Firefox crew, not so with IE!

Probably the most important advantage of Firefox over IE as far as security is concerned is the fact that Firefox is NOT integrated into the operating system, and any vulnerabilities will NOT directly affect the operating system!!!

Ron Barnhart
System Administrator

Excellent article by Fred Langa. I use and love Firefox but have no illusions about perfectibility. Fred is spot on that nothing is perfect and that open-source users need to be just as vigilant as possible. His use and application of the Law of Large Numbers is also great.

John Hay
Executive Director
Alabama Advance Inc.
Birmingham, Ala.

2 of 4
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Annual IT Salary Report 
Base pay for IT professionals has remained flat this year with a median annual salary of $88,000 for staff and $112,000 for management. However, 58% of staff and 62% of managers who responded to our survey say they're satisfied with their compensation. Download this report to find out which positions earn the highest compensation.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll