Browser

Poll: Is Firefox more secure than Internet Explorer?


In the past, there was a time when I thought Firefox was without a doubt more secure than Internet Explorer. Why? At the time it was something new, people would rave about how much more secure Firefox was-- it's open source platform meant a lot of Microsoft bashers saw a good opportunity to jump on board and scare people towards a rival product. Security aside, Firefox also had some rather nice little features that Internet Explorer was missing at the time--tabbed browsing was a must have and I don't know how I survived without it. After being a faithful Firefox user for a couple of years, I found myself frequently switching back to Internet Explorer. What happened? First and foremost Internet Explorer 7 introduced tabbed browsing and a few other ‘new' features that seemed to have been lifted straight from Firefox.

Equipped with tabs, Internet Explorer became a much more convenient browser to use day-in and day-out because some Web sites only support Microsoft's browser. Sure I could use Firefox and switch to IE when I needed to, but that soon becomes cumbersome. Maintaining two sets of bookmarks is a real pain, so it wasn't long until I stopped using Firefox altogether.

So how about the feeling of security that Firefox gave? Was it justified in the first place? Is Internet Explorer just as secure anyway? There have already been vulnerabilities uncovered.

I found an interesting paper written by Jeff Jones (yes, taken from Microsoft TechNet) which gives a vulnerability comparison between Internet Explorer and Firefox. Now I understand that this is hardly likely to be deemed impartial analysis, but it's claimed that over the three years from November 2004 - October 2007 Microsoft patched 87 vulnerabilities (54 critical) versus Firefox, who patched a total of 199 (75 critical) over the same period. Now you may suggest that those statistics only address patched vulnerabilities and Microsoft left a lot more unpatched in IE than Firefox have. The same report suggests that while Firefox 2 has at least 24 unpatched disclosed vulnerabilities; IE7 only has eleven.

I don't really think you can win-no one will ever be completely safe while surfing the Web, and staying clean depends as much on common sense and keeping your patching up to date as it does on which particular browser you use. I'd like to hear people's opinions on browser security. If you have any statistics opposing those cited by Jeff Jones, leave a comment and share the link.

136 comments
trepub
trepub

The figure doesn't mean anything here. If you have not used the correct plug ins for security, you will agree only on the fun part that Firefox brings. Things change dramatically, when you have right plug ins in place for firefox. You can stop running malicious scripts from the sites you do not have included as trusted. You can stop downloading certain contents from the blacklisted sites, persistent bugging ads, etc. This makes you feel in control. Obviously the war of users and malwaremakers will continue, but at least Firefox has dramatically made people aware about such things, which were totally unknown to the general users, before the firefox. I know if you only use internet for official work, only a few trusted sites, then you don't need any security enabled browser. But if you surf, then you must be careful. If you are afraid to surf, then you may miss a lot good material which actually may help you. Finally, it's each individual's discretion. If you are good at tweaking IE to use correct level of security with correct sites, then you are safe. But I feel, that, it is more difficult to tweak IE that way. Firefox wins by good margin here, not for being more secure, but ALLOWING you to be in better control, that too quite easily compared to IE. I feel that only people who are willing to learn about all this, will appreciate what I am saying.

BlindogsH
BlindogsH

I've read a lot of viruses manipulate the active x controllers in IE to spread their germs.(A little joke there.) Anyway to my understanding Firefox and Opera don't allow active x controllers to run.

caesarmoridon
caesarmoridon

I find it interesting that most people in the poll said yes, but most of the commentary says no. I personally hate IE 6, 7 and probably 8, 9 and 10. But, I hate Microsoft so, I am biased. I do not use IE 7 because it drives me nuts, second I love all the developer tools in FF. FF is generally faster in my experience when compared to IE whatever, unless you have all your tools and everything else under the kitchen sink loaded. I like the adaptability of FF and Opera as well compared to IE. With the IE tool-bar plug-in added, I do not ever have to use the inferior Microscrewyou product again! Good Riddance!

jason2000mj
jason2000mj

My assumption was that FF was more secure than IE. So, when I browse certain potential Trojan prone websites, I always use FF. That assumption lead me to a nasty virus that took weeks to off my system. In conclusion, one must not totally rely on the browser to act as an anti virus, but rather be wise about browsing.

sdang0
sdang0

Yes, I believe FF is more secure than IE if you know how to use it, just go about:config in FF and make it your own way, can you do that with IE? Of course I use both IE and FF, as an IT Tech. I have to.

CharlieSpencer
CharlieSpencer

Regardless of which one may be more or less secure when installed, I can remove FF if I want to. I'm stuck with the insecurities of IE whether FF is installed or not. Winner: FF, simply because I can eliminate it's security issues by removing the app.

iihamd
iihamd

Until there's something like NoScript for IE, Firefox reigns.

rpverhagen
rpverhagen

Look all browsers are as secure as the user who is utilising them. If your software does not have the latest patch, then you're not secure. The thing I like about using Firefox is that you can lock it down very easily. Tools->Options and you can disable java and java scripting as well as images from particular websites. This is somewhat harder to do in IE, however it can be done. Make Firefox more secure with the following addons IETAB is an add in that opens web pages in firefox that are made for IE. VIDALIA BUNDLE is a proxy randomizer that makes it hard to trace your IP. And the winner is... Firefox is still the best browser!

williammcc1
williammcc1

Konqurer and Evolution are more secure and dont crash. Dont like IE or Fire Fox to much junk they put in them.

jond4u
jond4u

Is it web-browsers or web-pages that are insecure? In my opinion, it's more a question of when web designers will adopt a standards-compliant and browser-transparent approach to web-page coding, rather than trying to kowtow to MS, which they know has a large automatic installed base (IE comes with windows). Why have W3C standards otherwise? Justin neglects to note that IE7 only runs on XP or Vista, though MS could have as easily made it more platform transparent. I try to go the extra mile to insure that web sites I design or manage are relatively browser-transparent and still standards-compliant. This is tough to do, when you add active behaviors and multimedia content, and many designers don't bother. This dictates that some people must use IE to see their pages as intended. I think this is bogus.

PrinceGaz
PrinceGaz

I have both IE7 and Firefox installed on my main PC, but I use Opera for day-to-day use. Yes, Opera has similar issues to Firefox when it comes to sites that are only compatible with Internet Explorer, though probably less of them as it is truly web-standards compliant and has been for some time. What Opera has in its favour is that so few people use it and it has an almost totally independent code-base from the other browsers (because it is developed in parallel for so many diverse platforms) that hardly anyone bothers trying to attack the vulnerabilities there may be in any given version. You can install Opera, and three months later find there has only needed to be a low-risk security update (in fact many updates are as much feature upgrades as they are fixes). In the same period, there'll have been a load of IE and Firefox issues which needed patching quickly to be safe. Thing is though that Opera is only as safe as it is because of its very low userbase (somewhere around 2% I believe). If it became more popular, more vulnerabilities would be discovered (exactly as has happened with Firefox), so might I suggest everyone reading this who use IE or Firefox, continue to use them :)

stormworld
stormworld

I believe security is as much an issue of who is using a product as is the product itself. (Please, I'm not discounting the need for secure products). But, if you don't think about security and the need for security, at this point in time no matter how secure a product is thought to be you are asking for nothing but trouble. I know this is anecdotal, but I have been using IE since it first came out. Between me, my wife and two sons we have visited a lot of sites and in all that time have never had any problems related to security that I am aware of. And I have no reason to beleive otherwise. I'm sure that this has as much to do with the fact that I think about security as luck. I keep my AV up to date. I keep my firewall up to date. I keep my adware programs up to date. I keep my PC and application patching up to date. I use various plugins on the browser (such as netcraft) to help monitor sites I'm going to. I monitor my PC for anything unusual. I keep up with what's happening and adjust as the need arises. And based on everything I have read and heard, I don't think I'd be better off, at this time, using any other product. Again, I'm not discounting the footprint of MS and the target it wears. I'm just saying that to move to another prodcut and think that I don't have to worry about security is naive. But I'm glad there are other products as they will keep pushing each other and maybe there will be a day that I want have to think as much about security.

Photogenic Memory
Photogenic Memory

Even though MS has IE7; which is an okay browser, it doesn't feel as homey as Firefox. There's so many ways you can customize and add extra functionality to it from the FireFox site that you can't get with MS. Also importing and exporting favorites lists isn't a problem to switch between the too. I don't know why the author interjected that opinion but whatever. It easy. However like all popular software; it gets abused and some bady will poke holes in it so secure your operating system as best as you can. Be smart.

jonybader
jonybader

IE tab lets you view IE-only pages in firefox. It's been around forever. You seemingly neglected to mention that option.

ps2goat
ps2goat

What matters more: the number of critical patches that are made for a product, or the number of security risks that still live on undetected? I use IE7 most of the time for general browsing, but sometimes it pisses me off. The javascript will be too much for it, and it will freeze (every tab!). Trusty old FireFox doesn't have so much the same limitations, and it even lets you download or queue more than two files at a time from the same domain.

mike
mike

I love IE, and I'll never use FF. IE has a great feature called ak-tivX. That's pronounced [trojan package manager]. I don't know how I ever used a computer before my little IE sponsored trojan army was installed on my brand new machine that now runs like a 486 DX4 ... that's right 2 math co-processors. mike

JCitizen
JCitizen

I have to use it for my customers sake. If someone whould make a better third party one for 7 I would turn it off and use theirs.

JCitizen
JCitizen

Keeps you advised of the baddies. My PC-cillin blocks the webpage completely. Helps make up for a poor firewall(as if I was using it).

Meesha
Meesha

This link was very useful and I feel the compiled information to be more credible than what I've seen to date in other forums and such. Well worth taking your time to read regardless of what browser you prefer.

caesarmoridon
caesarmoridon

Thank you for posting that informative website link. There are far to many worms for Microsoft out there trying to convince an ignorant populous of the greatness of their flawed products. There must be 10,000 robots for the evil empire in tech forums around the web. Someday, we will live in a world without their presence. People need to be informed of how inferior their products are and how lacking in innovation their systems are. Nearly everything new in Windows Vista was in a Linux or Apple based OS before Microsoft jacked it and overcharged for it. As usual they have no original ideas and just stole designs from Jobs, Linus and the rest. I do not know how Bill Gates sleeps at night.

sleepin'dawg
sleepin'dawg

http://www.revouninstaller.com/index.html Beats the hell out of Windows uninstall. It can removes all traces of [b]everything[/b] you might want to uninstall BTW IE is officially called [b]Windows Internet Explorer[/b] You might have been trying to find plain Internet Explorer.

MarkGyver
MarkGyver

To remove IE from Windows 2000 before install, follow the directions here: http://www.vorck.com/windows/remove-ie.html To remove IE from XP or another version of Windows, see if any of the links in this Wikipedia article help: http://en.wikipedia.org/wiki/Removal_of_Internet_Explorer For completion, if you're running Linux (or BSD, etc) and manually installed IE under WINE (or Crossover, etc), type this command in a console: rm -rf /home/[your login name]/.wine This will delete all of your settings and installed programs that you have in WINE, including IE.

DanLM
DanLM

I'll tell you what, I really like it. It's a nice browser. I'm not sure if that oppinion will hold over time, but I am definatly impressed. Dan

ken.meyerkorth
ken.meyerkorth

There's plenty of IE haters out there and plenty of FF haters too. BUT... This has nothing to do with compromised software. What it has to do with is whether you are pro Microsoft or anti Microsoft. IE has never been hacked in a maliscious way by a Pro Microsoft person unless it is to make a bug report. Always the opposite. Same with FF, Somebody in love with IE will probably compromise it just to say it can be done. You never hear about Opera because it does so little and is buried under the headlines of everything else. Hence no reason to crack it. If we could look past the idea of compromising the software and use tools that prevent that from happening while looking forward to finding ways to make it better, we could have Holodecks invented by next month.

sleepin'dawg
sleepin'dawg

Load either version of FF with a standard set of add-ons and it slows to a crawl. Add to that it will freeze and/or lock up on you when you least expect it. 3 is an improvement over 2 as regards stability but it's still not perfect and while faster it's not fast enough to offset the disadvantages and drawbacks. The reason FF appears more secure is that it has not penetrated the market like IE. The vast majority of the public has little or no idea about alternatives to what came preloaded on their boxes and couldn't care less. Besides there are superior browsers to these two eg: Opera. You've gotta love any browser with a built in sharing utility like BitTorrent and it has such a small installed base few if any bother to write hacks or exploits for it. The previous installed base for FF was mainly the sole reason for the supposed vaunted security of FF but now that more and more people are climbing aboard the FF bandwagon the imaginary secuity of FF is starting to lose some of its lustre. BTW the small installation footprint of Linux and Unix are what makes them appear more secure. Don't get me wrong; I love Linux and Unix but I seriously belive I might have to take steps to increase security levels if either were more widely installed. There really is something to the argument of [b]"Security through Obscurity"[/b] [b]Dawg[/b] ]:)

TechnoDoc
TechnoDoc

Many people have mentioned IE-Tab as you did, but IE-Tab is just a the actual IE shell running in FF, so it has all the same vulnerabilities as IE itself although it is not as obvious. You might as well run the real IE and alt-tab to it for the occasional sites that "require" IE. The problem remains that so many sites work properly only in IE thanks to bigoted design.

ejhonda
ejhonda

We gots us a winner! Double score for hammerin' the point home with a double dip of sarcasm. ;) It's the combination of IE's OS integration and the lowly user masses IE inherits from its default status. Both conspire to make IE statistically much more vulnerable than FF. Let's face it - on the whole FF users are a bit more technically sophisticated, and that will go a long way towards ensuring FF the browser is less involved in security messes. Same goes for any browser that doesn't come default with an OS.

seanferd
seanferd

Don't entirely trust McAfee. Site advisor has been known to give compromised sites a "pass".

JCitizen
JCitizen

You're a true Tech Republic gentleman!

CharlieSpencer
CharlieSpencer

I notice the the W2k article has instructions for installing without IE, but notes that you must do this during the initial installation. You can't remove it post-install. The Wikipedia article also notes in passing it's possible to leave IE out, but not to remove it once installed. I do wonder about JC's point regarding IE and WE being two sides of the same bad penny. I've never had a reason to look before today, but it doesn't appear that Good Ol' File Manager is part of an XP Pro installation. Maybe it can be installed and run in XP as a substitute.

JCitizen
JCitizen

There are those that believe that the two are joined at the hip. So no matter what some malware will still find a way to access the kernel by simply getting into/onto your machine. If I understand correctly Windows Explorer is married to the OS and no way to get rid of it; although many good security configurations can mitigate the vulnerabilities. Corrections to this idea/old wive's tale are welcome! =)

PrinceGaz
PrinceGaz

Liking it is of course the main reason I use it; I stay abreast of security issues so that advantage of Opera it is not so important to me, but nice to have. Opera is probably one of the best PC software products available which relatively few people know about, or if they do know about it, actually use. That must be because Opera themselves don't market it at all because they are a commercial operation making it available totally free without restrictions, because it helps them develop their money-making mobile browsers. It is a truly great browser, though I've heard the new Firefox v3 beta is proving to be very fast indeed (though on my PC, Opera is easily fast enough anyway). I'll continue dabbling with Firefox, and of course IE for those WIndows Updates every month, but Opera is likely to remain my main browser for the forseeable future.

MarkGyver
MarkGyver

What is your "standard set of add-ons"? I know that with my own "standard set" of NoScript, CS Lite, Nuke Anything Enhanced, External IP, and ChatZilla, I have yet to have any issues with slowdowns or instability. If you're talking about *plugins* such as Flash, then there may be some slowdown because Firefox does not have direct control over them. The only times that I've experienced slowdown with Firefox are the times when I have way too many tabs open; a couple dozen tabs can slow things down in Fx (it only takes 2 or 3 to freeze IE7).

LarryBoy2
LarryBoy2

Really? FF "will freeze and/or lock up on you"? Interesting. I've been using FF since shortly after it's official launch, have a number of extensions, and while it's slow to launch, I rarely ever have it freeze or lock up. It's more likely to be certain extensions or combinations of extensions that are problematic, although I suppose it could be argued that FF should be stable enough to handle such problems with extensions. Be that as it may, I'll stick w/ FF and my extensions.

JCitizen
JCitizen

I use PC-cillin which blocks bad sites completely and list the reasons why on the block page. I haven't been bumped since.. In fact it is getting down right boring lately as my honeypot just doesn't hit any mines using my defenses. There are probably better tools out there. Thanks for the knowledge, one can't be too paranoid!

JCitizen
JCitizen

and thanks to you and sleepindawg!

sleepin'dawg
sleepin'dawg

There are also a whole bunch of freeware alternatives but none come to mind at the moment.

Dumphrey
Dumphrey

the other day and installed it. SO far I like what I see. If I do not post anything about it soon, PM me and remind me...

JCitizen
JCitizen

with me moving soon I probably won't have the time to investigate it myself for at least a month.

Dumphrey
Dumphrey

But atm i am unfamiliar with Free Commander. But, since this is the second time you have mentioned it, I will look into it.

seanferd
seanferd

I cannot vouch for the quality of any, though.

JCitizen
JCitizen

Since I didn't get a response a few threads down, I thought I'd pick on you. Sorry!

Dumphrey
Dumphrey

I can't leave it alone... So what would you use instead of Windows Explorer? And what reg key controls WinExp? (I know, I know, google it....) In Linux there are several file managers to choose from at any given point, but what options are there for Windows? Any experience with any alternatives? Hmm, ya know what, I think I'm gonna start a new discussion on this topic...

Mond0
Mond0

Does Opera have anything like NoScript, PhishTank, CustomizeGoogle, SiteAdvisor, SiteHound and other security "buffs"?

sleepin'dawg
sleepin'dawg

to other browsers. Even IE is slow but faster than FF, which is why I goose its performance [b][i]and security[/i][/b] by running Avant Browser.

sleepin'dawg
sleepin'dawg

launch slowly it is [b]SLOW[/b]. If you want a fast but secure browser with add-ons [i](like BitTorrent built in)[/i] run Opera or failing that run Avant Browser which puts IE on steroids.

Editor's Picks