From a technical standpoint, the ideal solution would be to include both plain Firefox and Firefox with the most popular security extensions, like NoScript and AdBlock(Plus). But this was a marketing study, so I think they were justified in their approach.

Shipped or not with them is exactly the issue. It'd be a murky point if NoScript were developed by Mozilla, but not even that - if you want to keep your Raw Processing analogy, you'd have to assume that Raw Processing is only available if you root your camera and install a third-party firmware.

What good is a browser safety test that assumes every user is both very knowledgeable about Internet security and very diligent in protecting his/her own data, when in truth the average user is completely clueless and doesn't even care that much? Yet that's a built-in assumption in a test that pretends that an optional third-party security plugin used by a minority of the overall users of that particular browser is in fact part of the browser itself. Besides, if you want to add NoScript to Firefox when testing, it's only consistent that you also add every other extension that's at least as popular as NoScript, right? But why should you stop at that particular level of popularity? Why not install every single extension you can get your hands on? It'd be a miracle if you could get the browser to launch, and even then it wouldn't beat IE 4 on a security test with all those added vulnerabilities.

That's good to know. Thanks for the link.

This was a market-oriented study and Opera has a negligible market share when compared to IE, Firefox and Chrome. It's a pity. I really like Opera, but from a market standpoint it's irrelevant.

Even better, use SRWare Iron Browser. Also based on Chromium, but with a bunch of privacy- and security-oriented tweaks. AFAIK, it's nothing you couldn't do yourself while compiling chromium, but it's a lot more convenient like this.

No, it'd be like reviewing an SLR without an external flash bulb. Raw mode is built-in to the camera, NoScript is not built-in to Firefox. NoScript, like the external flash bulb, is an optional feature that the browser/camera is made to accept, but also made to work without. Most Firefox users don't use NoScript, even though almost every power user does. Likewise, most people who buy SLRs are overspoiled teens who will never leave the safety of "Auto" mode and probably don't even know that you can swap lens at all - but every serious photographer has a bag full of peripherals for each specific kind of photo they want to make. I've never read a side-by-side comparison of, say, a Nikon and a Canon camera where the reviewer concludes that despite being all-around worse than model B, you should still buy model A because it fits more different kinds of peripherals. It's the same thing with web browsers.

Yes, that's exactly what I didn't mean. The test was a test of Firefox (and IE and Chrome), not a test of "Firefox with some add-ons installed". Chrome has optional third-party security plugins too, and they also weren't enabled for the test. NoScript isn't a part of Firefox, doesn't come bundled with the browser, and isn't developed by Mozilla. Why should it be included in the test?

They tested the vanilla browsers, as they should. Most people don't install NoScript, and many who do get annoyed with it and switch it off.

I see. But doesn't that mean that if I don't use any of these plug-ins, the differences in browser security become irrelevant? I'd lose the ability to view flash videos or read PDF files in-browser, but Youtube already has an HTML-5 mode anyway, and I usually download my PDFs and read them locally later.

I beg to differ. IE comes tied-in with Windows and is the most widely used web browser in the world. That also means that it is the most targeted web browser by people bent on exploiting its vulnerabilities in order to gain unlawful access to someone else's computer. Even though it might have less security flaws than Opera or Firefox, you can bet your gonads that the proportion of security flaws that actually get exploited on IE is a lot bigger than in either of these two browsers. It comes with the turf. Of course, this doesn't mean that IE is inherently less secure than Firefox. You're right to say it isn't. Still, if I had to choose between IE and FF based only on security, I"d go for FF simply because it's probably a lot less targeted. I have no data to back up my claim, though, and could be completely wrong. Does anyone have any numbers on this?

Let them boycott the class. Let them flunk the tests because they haven't seen the lectures. Let them go elsewhere to get a medical degree - some crackpot university that teaches "Medicine according to Islamic precepts", then let them treat other wackos who are willing to go to a doctor with those credentials, kill them, get their hides sued off and die in poverty. Society as a whole will profit from the death of our most ignorant and closed-minded.

I also noticed no slowdown, and I get pretty heavy e-mail traffic. Still if that many people are affected, I expect a patch soon.

Since Microsoft and Apple each own a sizeable amount of each other's stocks, and since Microsoft is a software company who don't really give a fuck what hardware you're running their product on, I can't see the benefit to this. Nay, the best outcome for Microsoft is everyone buying a Mac and installing Windows on it: that way their Apple shares value, AND people are still buying their product directly.

You're more likely to get him to shit rainbows AND announce that the next generation Macs will ship with Windows 7 instead of OS X.

Google's idea was great, but it doesn't work in the current carrier-controlled (and I don't mean this in a conspiracy-theorist way) market. The phone is just too expensive up front to compare with carrier-sponsored models that get their price dilluted into your monthly service payments.