It's sad that this page doesn't show up right in Firefox (version 3 at least).

"It's sad that this page doesn't show up right in Firefox (version 3 at least)."

It doesn't show up right in IE 7 or 8, or Chrome either. The picture of IE covers half the article.

Anyway, while it is all well and good for Mozilla and IE to duke out the most secure browser claim, it really doesn't matter. They could both be bulletproof and it doesn't change the fact that Acrobat, Flash, and Quicktime, hosted in the browser will still be an easy attack vector. Though MS is right, Mozilla may patch vulnerabilities fast (too fast if you look at duplicate patch rate and patches that address similar problems at a later date) but they also have more vulnerabilities that they need to patch, at least according to public data.

As Mike pointed out, any comparison is hard, because Microsoft doesn't disclose vulnerabilities.

I can see only two ways of a comparison that can even start to be fair:

• You disclose all internal bug information about MSIE security bugs. (Compare: in bugzilla.mozilla.org, you can see the full developer discussion, after release)
• You only count bugs that outside developers have found and have shown exploits for - that then also goes for Firefox.

If you want a safe browser, get Opera

I abandoned IE for Firefox, after MANY years of declining IE performance & reliability. As new IE releases emerged, they got slower, crashed more often & consumed ever more HW & system resources. I started using Firefox on an occasional basis alongside IE, & used it progressively more as IE problems & crashes kept increasing. Finally I made Firefox my default browser & stopped using IE altogether more than a year ago. It also happens that my security software gets many fewer alerts with Firefox than it did with IE. I'm glad that Firefox has more useful features than IE & updates itself automatically, rather than warning you of critical security flaws that you MUST apply ASAP the way MS marketing terror-techs do. In sum, my experience tells me that Firefox beats the heck out of IE in every way I can think of.

First of all, I make most of my living off of Microsoft software -- so, I don't have any bias against Microsoft. Nonetheless, I won't believe anyone who attempts to tell me that IE is more secure than, or as secure as, Firefox. For starters, hackers attack IE more than any other browser. This makes sense because IE is the browser market share leader. Furthermore, any attempt to enable all of IE's security features would render it virtually useless because so many web sites depend upon ActiveX -- which is probably IE's main point of vulnerability. Believe anyone else at your peril.

I have been a IT security pro for
nearly 29 years now, and am currently
CSO for my company. We have done
extensive research on many browsers
over the years, and I myself believe it
or not still prefer older modified
versions of Netscape, yet I use IE 7
with our own modifications regularly.

At one time Firefox seemed to have
a slight edge over IE, but that doesn't
remain really accurate any longer IMHO.
I don't know Jeff Jones personally, but
do find him from some of his speaking
enguagements to be a fairly non-bias
security pro. yet from time to time
disagreeing with him on some issues.

Generic MS browsers are pretty much
as good as they can be given the threats
known and documented. This leaves a
problem however IMO. That being that
it seems to me that a bit more pro-active
security improvments by both MS IE and
Firefox would be advisable. But than
again that depends largely on how much
budget and personell resources are avaliable by which taking such a direction is avaliable or a willingness
to commit.

So far, the most exposed Browser to
security problems I have personally tested and continue to test, is Chrome.

>I don't know Jeff Jones personally, but
>do find him from some of his speaking
>enguagements to be a fairly non-bias
>security pro.

I don't know him neither, but it is clear, without a doubt that he would never be able report the truth without getting fired by Microsoft for harming IE.
So whatever he says is pretty tainted and pointless. Can you say "conflict of interest?"
Furthermore I wonder how come Firefox, a free and non marketed product has gotten so much marketshare over IE (a highly marketed product), if not with word of mouth quality?
Anyone who truly believes Jeffs assertions has not read a single line of news in the last 10 years of Microsofts security practice and track record.

Well, interestingly enough... issues of Microsoft biases aside, I had worked briefly with Jeff years ago, when he was involved in work in the DOD Trusted Computing world, and he was spot-on then, technically.
- J

"Once you lose your integrity, the rest is easy." - J.R. Ewing, ("Dallas")