Netscape vs. Firefox vs. IE

Post by **Tormentius** » Mon Feb 28, 2005 10:32 pm

U4EA wrote:
As much I like Microsoft, I'm gonna have to say that's a bullshit argument. Apache has a much larger market share for web servers compared to IIS, yet has far fewer and much less serious exploits for it out there. Microsoft has always been about user-friendliness and features as opposed to security and robustness.

There's been a trend at MS to focus more on security (and that has to be applauded for sure) after Bill Gates's recent memo on "trust-worthy computing" .. I suggest you read it as it's quite interesting.

Apache is an entirely different topic and one I won't argue with you on because frankly I agree. For browsers (and everything else) MS has been getting better all the time. They aren't there yet but I'm pretty sure when IE7 is released that amount of people migrating away from IE is going to drop significantly.

Post by **U4EA** » Tue Mar 01, 2005 7:25 am

Apache is an entirely different topic, but it does blow the "Firefox is not more secure, its just not a large enough target" theory out of the water.

Post by **Tormentius** » Tue Mar 01, 2005 7:50 am

U4EA wrote:Apache is an entirely different topic, but it does blow the "Firefox is not more secure, its just not a large enough target" theory out of the water.

I don't think it does at all. Apache is an enterprise grade web server while FF is a consumer grade browser (as it has no enterprise grade features whatsoever). It's like trying to compare Dlink and Cisco.

Post by **Kills On Site** » Tue Mar 01, 2005 7:50 am

U4EA wrote: but it does blow the "Firefox is not more secure, its just not a large enough target" theory out of the water.

well the fact that FF is not yet a norm and is used mainly by people who have other forms of virus and spyware protection (Norton, SpyBot) that it is more secure, but what holes it does have (and every bit of software has a hole) have not been exploited much.

Now I believe that no matter how secure a PC is it is still up to the user in the end. It is all about clicking yes and turning things on and off. A smart person who browses mostly good sites will do just fine in IE and the dumbass who doesn't know shit can fuck up in FF. I think if you instantly notice a drop in spyware from IE to FF then you need to check the sites you goto.

Post by **U4EA** » Tue Mar 01, 2005 10:16 am

Tormentius wrote:I don't think it does at all. Apache is an enterprise grade web server while FF is a consumer grade browser (as it has no enterprise grade features whatsoever). It's like trying to compare Dlink and Cisco.

I'm not sure what Apache being an enterprise grade web server has to do with anything. My only point was that if you're going to use the market share argument (IE has a lot greater market share, that's why it's targetted more than Firefox) then it should imply that since Apache has greater market share than IIS, it should be targetted more. However, Apache (even having greater market share than IIS) still has fewer and less severe vulnerabilities compared to IIS.

Kills On Site wrote:well the fact that ..

I'm not bashing IE .. I used it exclusively up until a month or so ago, and the only reason I switched to Firefox was for tabbed browsing. I had virtually no problems with IE (IE6 at least) while using it, and I kept it regularly patched up.

Post by **Tormentius** » Tue Mar 01, 2005 4:32 pm

U4EA wrote: I'm not sure what Apache being an enterprise grade web server has to do with anything. My only point was that if you're going to use the market share argument (IE has a lot greater market share, that's why it's targetted more than Firefox) then it should imply that since Apache has greater market share than IIS, it should be targetted more. However, Apache (even having greater market share than IIS) still has fewer and less severe vulnerabilities compared to IIS.

It has a lot to do with it as they're completely different products. You're comparing a user friendly browser with a hardened web server product.

IE is targetted by script kiddies and other pond scum because malicious code run against it can hit a huge user base (92% last time I checked). As FF becomes more widely used those same people are going to start writing malicious code to exploit it as well. It might not have as many vulnerabilities up front but I think you're underestimating the amount of time some people have.

Post by **U4EA** » Wed Mar 02, 2005 7:17 am

Man you're either trolling me really well, or I'm not explaining it properly.

I am not (I repeat, NOT) comparing IE (Internet Explorer) to Apache. I'm comparing "IE vs Firefox" to "Apache vs IIS". By IIS I'm referring to "Internet Information Services", Microsoft's enterprise grade web server. So I'm comparing the comparison of two user friendly browsers with the comparison of two hardened web server products.

The argument in question is: there are more vulnerabilites for IE because it has a larger market share, so anyone wishing to cause the most damage will target IE instead of Firefox. This also implies that Firefox is not inherently more secure than IE .. rather it just seems more secure because no one targets it because it's got less market share.

What I'm trying to prove is that the entire basis of the argument in question is flawed.

IE has bigger market share = people target it more = there are more exploits for it

Now if our argument actually held true, it would follow that:

Apache has bigger market share = people target it more = there are more exploits for it

Empirical evidence will show that this is blatantly NOT true. Hence, that argument is null and void. IMO you're a little too hasty and overzealous in jumping to Microsoft's defence.

In any case, I'm done with this thread.