Differences between IE and Firefox...?

What are the pros and cons for each? I keep being told that firefox is better, but no one has ever told me why...

one of the main things is the Internet Explorer is part of the Windows operating system. (for example, opening my computer and typing a URL into the address bar takes you to that website).
What this means is that if people can take control of IE (which they can do because like almost all software it has security holes), they can then take control of your whole operating system.
Firefox (or any other standalone browser) is seperate from the operating system, so if it is compromised, then your computer still remains safe.
Also, Firefox is open-source and features daily builds, so bugs are found and fixed much quicker and there is added functionality there. (like tabbed browsing and the countless extensions).

the way both browsers view the internet is basically the same, and the interfaces are rather intuitive, so I'd suggest picking it up, you may not see much difference in terms of normal web surfing (unless you get a bunch of extensions), but you'll be protected from a lot of malacious internet activity.

Yes. use Firefox.

I have firefox too. It's great because off the extra windows in the same browser :D

Tabbed browsing
Popup blocker

I know there is a site with a long list of reasons why Mozilla is better than IE but I don't recall the address. Mozilla is just a lot more secure overall.

What this means is that if people can take control of IE (which they can do because like almost all software it has security holes), they can then take control of your whole operating system.
Firefox (or any other standalone browser) is seperate from the operating system, so if it is compromised, then your computer still remains safe.
While you nailed the reason Firefox has a bit of an advantage, please note that it's not entirely safe from compromising the entire system. Windows (XP, ME, etc. the user-oriented ones) still has weak permissions-based security, so there's nothing stopping a Firefox (or AIM, KaZaA, and so on) worm from doing damage to whatever it feels like.

On an unrelated note, Firefox is much, MUCH, more standards-compliant. IE, for instance, has limited (and sometimes incorrect) CSS 2.1 support, while Firefox does it perfectly. Furthermore, Firefox does not have ActiveX support. While some say this is a disadvantage, the majority of the Mozilla community feel it is important to not support this, as ActiveX is home to countless vulnerabilities.

Tabbed browsing
Popup blocker


Service pack 2 added a popup blocker and activeX blocker to IE
Tabbed browsing is rumored to be coming with the release of Longhorn

One more thing that hasn't been touched upon yet: Extensions and Themes.

While Firefox obviously supports the common plugins (Shockwave Director, Flash, Java, etc), it also has a big selection of extensions, which add to the functionality of the browser itself.

Additionally, themes make it easily customizable. UI appearance, icons, menus, almost everything except the form buttons on webpages can be themed.

If Firefox didn't hog so much memory and could render non-standard DHTML properly it would be perfect. Unfortunately both are serious problems for me so I use Avant which is an IE based browser that uses tabs, very little memory, and allows you to switch off all the insecure IE stuff.

I love the extensions... Mouse Gestures ROCK! :P

While you nailed the reason Firefox has a bit of an advantage, please note that it's not entirely safe from compromising the entire system. Windows (XP, ME, etc. the user-oriented ones) still has weak permissions-based security, so there's nothing stopping a Firefox (or AIM, KaZaA, and so on) worm from doing damage to whatever it feels like.


Kazaa is listed as the top spyware threat on the net by Computer Associates, followed by GameSpy Arcade, Ezu, and Adopt.Hotbar.com. None of that peer to peer stuff is secure.
http://www3.ca.com/securityadvisor/pest/

So is it almost mutually agreed upon that firefox is better than IE (or most things). If not, what is the best including these 2

So is it almost mutually agreed upon that firefox is better than IE (or most things). If not, what is the best including these 2

There's Opera, Netscape, and a few IE shells, like Avant. I don't care for Opera because of the interface, Netscape is bloated, and the IE shells still use IE.

Firefox is still the better compromise, but like Buffaloed mentioned, it is a freggin' memory hog. Right now, I have 2 tabs open and it's using approximately 88 MB of RAM. I have 768 MB, so it's not a big deal and RAM isn't that expensive anymore. The problem with it not rendering non-standard DHTML is because IE doesn't fully support web standards, whereas Firefox does.

Tabbed browsing is a thing of beauty.

While you nailed the reason Firefox has a bit of an advantage, please note that it's not entirely safe from compromising the entire system. Windows (XP, ME, etc. the user-oriented ones) still has weak permissions-based security, so there's nothing stopping a Firefox (or AIM, KaZaA, and so on) worm from doing damage to whatever it feels like.

On an unrelated note, Firefox is much, MUCH, more standards-compliant. IE, for instance, has limited (and sometimes incorrect) CSS 2.1 support, while Firefox does it perfectly. Furthermore, Firefox does not have ActiveX support. While some say this is a disadvantage, the majority of the Mozilla community feel it is important to not support this, as ActiveX is home to countless vulnerabilities.

Good summary. A couple things:

#1. IE is still the dominant web browser... ergo it's the most "lucractive" target for hackers to attack, either by writing memory exploits to compromise the software itself or interface exploits to trick the user into doing things they wouldn't normally do (location bar address spoofing has been a particularly persistant problem).

#2. No software is 100% secure. Firefox has security holes too. The more popular it becomes, the bigger the bullseye on it will become and you'll begin to see more attacks tailored for it.

That said, there are some fundamental design principals behind Firefox that do make attacks a bit more difficult architecturally. Whereas Microsoft took the approach of providing seamlessly interoperability with IE (hence the integrated ActiveX stuff) the Mozilla developers opted to give the user more control over what the browser is doing and what it's not. This used to be a pain because you'd have to manually install FLASH, etc, but the distribution has matured to the point where most of the features users really need are included. You can run Firefox out of the box and it will give a good balance of compatibility, usability, and security. The same can't be said about IE.


S L

#2. No software is 100% secure. Firefox has security holes too. The more popular it becomes, the bigger the bullseye on it will become and you'll begin to see more attacks tailored for it.


Looks like it's getting popular. :shakehead

January 7, 2005 New Mozilla Flaws Exposed (http://www.internetnews.com/security/article.php/3456161)

A trio of newly exposed flaws in Mozilla browsers (including Firefox) was announced this week by a number of different security researchers.

Looks like it's getting popular. :shakehead

January 7, 2005 New Mozilla Flaws Exposed (http://www.internetnews.com/security/article.php/3456161)

Remember back in the day when Macs got viriuses and whatnot? If Linux ever takes off, the same thing will probably happen to that OS.

Remember back in the day when Macs got viriuses and whatnot? If Linux ever takes off, the same thing will probably happen to that OS.


It already does happen. On the network I monitor, for example, only around 0.25 % of connections to the ssh daemons on our machines are from legitimate users. The rest are people trying to guess username / password combinations or attempts to exploit specific software vulnerabilities to that program.

I've read recently that the an unpatched Windows 98 machine connected to the net without a firewall will almost certainly get compromised in under an hour. I don't have any data for Linux machines, but my guess is that a default redhat install wouldn't last more than a day.


S L

It already does happen. On the network I monitor, for example, only around 0.25 % of connections to the ssh daemons on our machines are from legitimate users. The rest are people trying to guess username / password combinations or attempts to exploit specific software vulnerabilities to that program.

I've read recently that the an unpatched Windows 98 machine connected to the net without a firewall will almost certainly get compromised in under an hour. I don't have any data for Linux machines, but my guess is that a default redhat install wouldn't last more than a day.


S L
Stale distros are particularly problematic. There've been a lot of local (and a fair amount of remote) privelege exploits in the Linux kernel lately (both trees). I think it would take more than a day, though, with today's popular focus being Windows machines.

There are improvements being made, though. Mandrake and Gentoo, for instance, are both very good with getting kernel updates out very quickly (for Gentoo, a couple of CVS commits and an scp to the mirror system is all that's needed to plop a patch into kernel sources). Even Fedora's getting better. They distribute SELinux policy in the core distro now (though it needs improvements to security, since it allows anything which isn't governed by policy, the opposite of a MAC).

I guess what I'm trying to say is that since these distributions are community-driven, the hope is that the community will solve the problem that MacOS's (and sometimes, Microsoft's) in-house developers couldn't. That is, fast and effective responses to new vulnerabilities. The same can be said with Firefox. Even though it might be an inconvenience to install an update for you, the community gets it done pretty darn quickly compared to closed-source alternatives.

And for your SSH issue, I suggest turning off keyboard-interactive authentication and relying on pubkey authentication if possible. :)

There are improvements being made, though. Mandrake and Gentoo, for instance, are both very good with getting kernel updates out very quickly (for Gentoo, a couple of CVS commits and an scp to the mirror system is all that's needed to plop a patch into kernel sources). Even Fedora's getting better. They distribute SELinux policy in the core distro now (though it needs improvements to security, since it allows anything which isn't governed by policy, the opposite of a MAC).

Kernel vulnerabilities are only part of the problem. I think the bigger problem lies in the distro itself -- what daemons are provided, which are running by default, what permissions are they running under, etc. Then, aside from the daemons, you have to concern yourself with the feasibility of privilege escalation assuming a user account is hacked or a daemon compromised. That's why I think loaded distros like Redhat really aren't fundamentally much better security-wise than Windows. The more minimalistic the distro, the better your security is going to be. I think a lot of maintainers are really missing this point in the attempt to "sell" linux to people who would otherwise use Windows.

Regarding SELinux, you hit the nail on the head. The only thing SELinux adds to Linux is mandatory access control, which ultimately needs to be governed by an intelligently configured policy. In my experience, most users (and most IT people too) will simply discard the policy altogether if their programs aren't running correctly rather than intelligently fine-tune it.


I guess what I'm trying to say is that since these distributions are community-driven, the hope is that the community will solve the problem that MacOS's (and sometimes, Microsoft's) in-house developers couldn't. That is, fast and effective responses to new vulnerabilities. The same can be said with Firefox. Even though it might be an inconvenience to install an update for you, the community gets it done pretty darn quickly compared to closed-source alternatives.

And for your SSH issue, I suggest turning off keyboard-interactive authentication and relying on pubkey authentication if possible. :)

It's not about inconvenience -- it's really about incompatibility. Patches have a tendency to break existing configurations, and it takes a lot of effort to test that everything is working properly after the patch. For a lot of networks, this downtime is worse than just living with the vulernability. That's why there are so many unpatched systems out there, and that's why attackers are so successful.

Regardless, you're going to need to patch anyhow. My big problem with Linux (and why I am more of a BSD guy) is that Linux developers have a tendency to rush code and rush distributions in order to be as "cutting edge" as possible. It's nice to have support for new drivers, new features, etc but not at the risk of having to patch sooner or more often simply because you get the code to work first then worry about security later. I'd prefer that "community-driven" approach you describe function more like the guys at OpenBSD... fix the bugs as best as possible before they become problematic. In that regard, I'd say most of the Linux distros are just as bad as MS.

S L

I guess this as good a time as any to ask the difference between OpenBSD, FreeBSD and Linux. :)

I guess this as good a time as any to ask the difference between OpenBSD, FreeBSD and Linux. :)

That's a big question, but I'll try to provide a simple explanation not bogged down in technical details.

Linux is an example of a kernel. A kernel provides the core operating system features. It is responsible for things like process scheduling, memory management, and interacting with devices. A kernel by itself doesn't give you much. You need applications on top of the kernel in order to do anything useful with it. That's where a distribution comes in.

A Linux distribution comes with both the Linux kernel and a set of applications to use with it. Typically the applications included are things like system libraries, a shell, password management programs, file management programs, a window manager, a desktop environment (think the Windows interface), and networking applications. There are many distributions out there: fedora, redhat, gentoo, debian, slackware, etc. These distributions differ from each other mainly in which applications they include with the kernel and which packaging system they include to install new applications.

Because there is a lot of variation between different versions of the linux kernel, different distributions, and different hardware architectures that users man be running, you can't always download a program and just execute it. Instead, the program has to be tailor-made to your environment. One way to do this is to download the source code of the program and simply compile it on your machine. Unfortunately, compiling source code for a big program (let's say Firefox) can take hours, if not days. The goal of many distributions is to make it easier to install binary (already compiled) versions of popular programs, but each distribution seems to take a different approach to this based on different underlying philosophies (e.g. speedy release vs. quality assurance).

Unlike linux, where every distribution is based of the same kernel, each different distribution of BSD has a different kernel. They were all spawned from BSD 4.4 in the early 90's, but have since taken divergent path based on, once again, different underlying philosophies. FreeBSD is the most "linuxy" distribution -- it has the most up-to-date support for new drivers and filesystems. NetBSD focuses on being compatible with a wide-variety of architectures, from desktops, to VAX mainframes, to Sega Dreamcasts. OpenBSD focuses on being secure.... code included is carefully mulled over and subjected to intense scrutiny.

What's the difference between the linux kernel and the BSD kernels? The simple answer is that there's different stuff going on "under the hood". While they both essentially provide a unix-like, multiuser, timesharing interface they go about it in slightly different ways. Having seen the source code to both kernels, linux looks like it is easier to expand on, while the various BSD's have "cleaner" code and are more architecturally sensible.

I don't think one is necesarily "better" than the other. I use both: linux for desktops so that I can hook-up new hardware and install new software rather painlessly and BSD for network applicances and server applications, where I value simplicity and security over a wide range of functionality.

Choice is a nice thing to have... make good use of it :)

S L

Good post, Steve.

To further complicate things, some of the more pedantic people in the Linux (and surrounding) communities refer to the kernel as simply Linux and the base programs that complete the operting system as GNU/Linux (GNU being the project that resulted in all these programs being written/cloned from UNIX).