Okay, so Doyce has moved to a different browser. And Les has been talking a lot about the same subject recently, too. And any number of other people whose opinions I respect seem to be using other, non-IE platforms ...

Granted that IE has security issues, riddle me this:

1. Is there something about IE''s architecture that renders it particularly, intrinsically insecure vs. other browser platforms, or is it just that the Bad Guys find IE a more attractive target than less-used browsers? And, if so, is this more a matter of security through obscurity than anything else?

2. If the danger in IE is its openness to hostile scripting (via Java or ActiveX), how is a non-IE browser going to work around that and still maintain the web functionality folks (i.e., me) want?

3. I haven't been bitten by a security hole yet, and have the full array of AV and spyware-blocking and anti-spam stuff running on my machiune. I avoid most risky behavior (don't open spam, don't hit file-sharing and adult sites). How much risk am I really taking here for what return?

I'm looking here for something a bit more sophisticated than "Micro$oft bad, Firefox Pretty" here. Any input welcome.

Filed under :: My Computer
Link · Print · Edit · TR/G

The problem I had was that, even with all my precautions and so forth, I *did* still get bit by a malware bug that hijacked Google and caused me all sorts of pain, via IE.

The problem? You can't just uninstall IE completely and reinstall it. It's simply not possible in the current incarnation of Windows. Therefore, if it's well and truly corrupt, all you can do is try to fix it (tried and failed) or format the whole system and start over (what I ended up doing).

So I now tend to think of my browsers as ablative armor -- I want something that I can shuck off and replace if it catches fire -- I don't want the thing grafted to my skin.

I can't immediately answer whether or not these other browsers are more secure intrinsically than IE -- I know Firefox isn't automatically a leather-submissive to ActiveX the way IE is, but there are more holes than that. What I will say is not to dismiss the whole security through obscurity thing: from my point of view, if 95% of the malware and dangers to my machine are delivered via a particular piece of software, I'm frankly taking an unnecessary risk by not avoiding that software.

It's a bit like avoiding the dangerous parts of town simply because they're dangerous.

Or, to draw a better parallel, *not* buying the most common car on the road because of the reports that it explodes in 5% of all rear-end collisions, or because it's the most popular automotive terrorist target in the world. I mean... if I *can* avoid that, why wouldn't I?

What's interesting to me is that a lot of the 'cool feature' reasons that folks give for switching to Mozilla/Firefox (pop-up blocking, tabbed browsing) are things that I know you already have via Slimbrowser, so those comments have to be a sort of 'so what' for you -- indeed, the only reason I didn't switch over to Firefox earlier was because I wanted it to work exactly like Slimbrowser in those respects and didn't try very hard to get it to do that :)

Since then I've actually tried changing a few options and, I'd say I have about 99% similarity between the two, so there's that... I never bothered to mention those two features as upsides because I know you already benefit from them via the Slimbrowser 'skin' over IE :)

Yes -- from an interface standpoint, I'm pretty pleased with what Slimbrowser has given me. Howsomever, between you and Les, you're well on your way toward convincing me.

One of the chief reasons I have for using Firefox is the security issues.

First off, the Java problems were strictly the Microsoft implementation of the JVM. "Normal" Java (i.e. Sun's JVM) does not have the same loophole that was recently exploited. Standards compliance ... Microsoft never plays that game.

Next, the separable controls. IE seems to think that letting third party folks hijack pieces of your browser (especially the search bar) is "customization". I call it "serious security flaw". Do a google search on "IE CWS" and read the horror stories. Some CWS trojans require a reload of the OS to get rid of.

Finally, the CSS compliance. While Firefox has 1-2 CSS bugs, they are bugs with the browser actually attempting to implement the CSS specification. Again, Microsoft didn't invent the CSS spec, so they play fast and loose with it. What that gives you is a non-compliant view (i.e. looks different on IE than everyone else in the world).

The tabbed browsing is cool. However, I much preferred the Tabbed Browser Extension in Firefox 0.8 than the crappy integrated version in 0.9. If I had known, I would have never made the upgrade.

I also don't know if IE has a plugin that does "gestures". Basically, I can set up mouse gestures in an extension to Firefox that do things like page fwd / back, etc. All with relatively short mouse movements.

There's also a DOM browser extension that's pretty cool, and helps to diagnose when I pork things up in my blog's HTML :)

I've used Opera, Mozilla, and Firefox so far. I'm currently using Firefox, but all three had things going for them over IE. Security is my main issue, though.

D