Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Mozilla Internet Explorer The Internet

Firefox Users Surf Safer 240

SenseOfHumor writes "According to two University of Washington Professors, Firefox users have a safer browsing experience than users of IE. These researchers sent their crawlers to 45,000 websites and studied the impact on Firefox and IE." From the article: "Levy and Gribble, along with graduate students Alexander Moshchuk and Tanya Bragin, set up IE in two configurations -- one where it behaved as if the user had given permission for all downloads, the other as if the user refused all download permission -- to track the number of successful spyware installations. During Levy's and Gribble's most recent crawl of October 2005, 1.6 percent of the domains infected the first IE configuration, the one mimicking a nave user blithely clicking 'Yes;' about a third as many domains (0.6 percent) did drive-by downloads by planting spyware even when the user rejected the installations."
This discussion has been archived. No new comments can be posted.

Firefox Users Surf Safer

Comments Filter:
  • Who cares? (Score:4, Interesting)

    by Arthur B. ( 806360 ) on Friday February 10, 2006 @05:32PM (#14690375)
    Everyone knows that... I mean if a user has an idea what spywares are and heard of firefox he probably uses it, if not this study won't change anything.
    • Re:Who cares? (Score:5, Insightful)

      by OneSeventeen ( 867010 ) * on Friday February 10, 2006 @05:56PM (#14690606) Homepage Journal
      So if I user never heard of Firefox, but has heard of spyware, this study won't change anthing? I work in a department that switching to Firefox would solve 25% of the tech support calls, but the users still insist on IE because they don't know the severity of the situation, and also don't even know what Firefox is. This article will actually help to prove to the non-techies that switching would be a good idea.
      • Re:Who cares? (Score:4, Interesting)

        by Bert64 ( 520050 ) <bert AT slashdot DOT firenzee DOT com> on Friday February 10, 2006 @10:30PM (#14692177) Homepage
        I've used firefox since it was called phoenix, and beta versions of mozilla before that... I'd never heard of spyware until quite recently, i also didn't really understand the concept of popups and other intrusive stuff...
        I went from amigaos (fast browsers with no javascript) to unix with mozilla (and popup blocking by default) and never encountered things like popups and spyware, i had a rose tinted view of the internet...

        Then i went to a friend's place, and saw him battling with IE... i was absoloutely disturbed, how could anyone's experience of the web be so horrendous, and yet he was still willing to use it!
        Had i first experienced the internet in that way, i'd not have had much interest in it at all.
  • by neonprimetime ( 528653 ) on Friday February 10, 2006 @05:32PM (#14690384)
    Could somebody with power please post results like this somewhere that the general public would see?
    Slashdot readers already know this!

    This needs to be in USA Today, New York Times, on Fox News, CNN, local newspapers, local news, etc.

    Then it would actually mean something.
    • You mean like make Firefox the most used browser in the world and in turn become the highest targeted browser for these types of things? Its just a flip flop scenario.
      • If we're dealing with solid software, written by those with a clue, a lack of security should have no relation to the market share.

        Look at Apache, for instance. It is used by an estimated 60% (if not more) of all web sites. But we rarely hear about serious security issues. Sure, bugs and exploits do crop up occasionally, but nowhere near at the rate of its competitors.

        Likewise, if Firefox is a well-written application, then it should be secure if it has one user, or if it has hundreds of millions of users.
        • Furthermore, Firefox devs are not-for-profit (afaik). They're attached to the browser, not the paycheck, so bringing in more users will increase support and bring in more devs that will work harder. You don't have the "Ok, we dominate the market, we can slack off now" mentality that you do with MS.
        • I wonder if you are familiar with the phrase 'ex falso quodlibet.' If FireFox is a well-written application, then it should be secure. Over the last year or two, however, I have noticed a strong tendency amongst the developers to prefer adding features to fixing 'minor' bugs.

          Ever wondered why OpenBSD is so secure? In part, it's because they don't differentiate between bugs which they know how to exploit, and ones they don't. If they find a bug, they categorise it and scour the code base for instances o

    • ...on Fox News, CNN, ...,

      I just had this image of guys in suits yelling at each other about the merits of Firefox and IE; saying things like "Firefox is a liberal plot to undermine American values!", etc...

    • Could somebody with power please post results like this somewhere that the general public would see?

      Sure! I'll rush over to kuro5hin with this right away!

    • According to the article, "We can't say IE is any less safe," explained Levy, "because we choose to use an unpatched version [of each browser.] We were trying to understand the number of [spyware] threats, so if we used unpatched browsers then we would see more threats."

      So reporting this on CNN and the like wouldn't have the impact that you hope it would. In fact, this study might be useful in studying malware but is meaningless in comparing FF with IE regarding security (as they rightfully admit).
  • How Firefox fared (Score:3, Insightful)

    by yfkar ( 866011 ) on Friday February 10, 2006 @05:35PM (#14690411)
    "In the same kind of configurations, Firefox survived relatively unscathed. Only .09 percent of domains infected the Mozilla Corp. browser when it was set, like IE, to act as if the user clicked through security dialogs; no domain managed to infect the Firefox-equipped PC in a drive-by download attack."

    So we can say that if you don't explicitly accept anything, you're safe with Firefox. Pretty much what I expected.

    I wonder what the numbers will be for IE 7.

    • People running the IE7 beta have already been owned through it. The browsers not even out yet and there's remote exploits already! Now THAT is innovation.
      • Don't worry, it's just Microsoft testing some pre-release exploits ready to boost sales of their ONEcare package.

        We all know the problems Microsoft have had with quality control in the past, they just want to be sure they have all the kinks ironed out of their malware so that they can be sure have some Vista exploits to point to when they want to scare users into subscribing to their protection racket.

  • by PFI_Optix ( 936301 ) on Friday February 10, 2006 @05:36PM (#14690416) Journal
    From TFA:

    "We can't say IE is any less safe," explained Levy, "because we choose to use an unpatched version [of each browser.] We were trying to understand the number of [spyware] threats, so if we used unpatched browsers then we would see more threats."

    I hope they used a very old version of Firefox. Comparing FF1.5 to an old unpatched version of IE is hardly a fair comparison.

    They should have patched both browsers and had them run the same crawl. Then we could see how each browser in its most current state handles spyware, and how much each one has improved via patch releases.
    • Your quote from TFA shows something very important: by pointing out the limits of their experiment, they demonstrated that they weren't just interested in spreading FUD about IE. Not that I'm a fan of IE or anything; I've been using Firefox for several years now. I just like to see objective studies, properly reported.
    • by Spy Hunter ( 317220 ) on Friday February 10, 2006 @06:43PM (#14690961) Journal
      They used computers running Windows XP without Service Packs 1 or 2. They tested IE 6.0 (no details about any patch installs separate from the [lack of] service packs) against Firefox 1.0.6. This is all from their paper (warning pdf) [], which has numerous other details.

      Somebody should start a news site that takes all the top news stories, finds the original research or primary source, and links to that instead of the dumbed-down yet sensationalistic news wire blurbs and blog whores. I know I'd appreciate it.

    • Well IE6 compared to Firefox 1.5 is a fair comparison, both are the latest non-beta feature releases of each browser (with only security updates since, such as firefox, it's not firefox's fault that IE hasn't had any serious update in 5 years.
  • by IAAP ( 937607 ) on Friday February 10, 2006 @05:36PM (#14690419)
    Of all the FOSS projects out there, it looks as if Firefox is the most successful in terms of market penetration. People who never have heard of Linux/GNU know about Firefox.

    Could it mean the death of IE?

  • by MichaelSmith ( 789609 ) on Friday February 10, 2006 @05:36PM (#14690426) Homepage Journal

    Owning a computer now is a bit like having a pet rabbit. It never just is. You have to feed it the right stuff or it gets sick. If you leave the hutch door open it might run away then you have to search the street for the bloody thing.

    People could choose to have computers which just do their job from year to year but they seem to want to believe that the thing is alive, just like the pet. They want it to have issues and risks, to get "infected" and require "cleaning".

    They won't be happy with something which just browses the web and shows them pictures. It won't be as entertaining and involving that way.

    • Owning a computer now is a bit like having a pet rabbit. It never just is. You have to feed it the right stuff or it gets sick. If you leave the hutch door open it might run away then you have to search the street for the bloody thing.

      even the viruses multiply like rabbits

    • That statement requires a bit of qualification. Owning a Windows PC now is a bit like having a pet rabbit, etc.

      At work I primarily use a Linux workstation. I give it no care and feeding, as it requires none. It has no registry, it has no spyware, adware, or virii. Completely boring, untinteresting, and extremely useful. Perfect for me, as I am more interested in doing my job than fighting my PC.

      And at home I primarily use a Macintosh running OSX. Similar experience to Linux, better graphics, better ap

    • There never was a day when a PC 'just was'. Before LAN or Internet connections met the PC, there were virusus on floppies. Win systems then were single-user. Nothing was off-limits to malware. The *concept* of off-limits hadn't been implemented in Win systems.

      And users often had to futz around with memory segmentation (remember Quarterdeck's QEMM386? What a problem solver!), IRQs, etc. Adding hardware or just installing a game could cause you far more problems than you'll typically see now.

      Putting away the
  • by Hamster Lover ( 558288 ) * on Friday February 10, 2006 @05:37PM (#14690429) Journal
    installed Firefox for me? Probably scanned my machine and then installed it out of pity.

    Seriously though, since I installed Firefox last Summer it's made Ad Aware and HijackThis obsolete.
    • AdAware's obsolete if you don't pay for it anyway - they stopped updating the free version a long time ago. I would pay for spybot if I needed a corporate version, because it's free, but I would now NEVER EVER pay for AdAware and I try to encourage everyone else in the same direction, just because I'm a bitchy fucker and I don't think that security should cost money.

      I, too, have not been infected with anything since I stopped using IE and started using a firewall - which was quite some time ago. You do

  • User education (Score:5, Insightful)

    by doombob ( 717921 ) on Friday February 10, 2006 @05:38PM (#14690435) Homepage
    A better, but longer headline: Firefox browser less likely to automagically download malware that damages the operating system than internet explorer browser.

    The misleading headline makes it sound like people who use firefox are less likely to visit a site that would take advantage of an unpatched exploit in their computer. That conclusion, however, would not surprise me if it were true.

    In addition, there are very few people who just go the websites of the world in a random fashion. So who cares if around four percent of the websites out there have malicious programs - that is a problem of domain hosts that allow nasties to keep their sites on those servers. In a world where most people (probably around 80% of internet users) visit the top websites (probably around 20% of sites), I think the problem is one of user education (don't go to sites you don't trust, don't randomly click on crap - which probably needs to be applied most to pr0n surfers).
  • by ehaggis ( 879721 ) on Friday February 10, 2006 @05:47PM (#14690506) Homepage Journal
    Lynx is a very safe browser. Flash ads are rendered impotant. Animated GIFs are defeated on load. Active X; no way! Lynx is the browser of the future! Now let me get back to my 3270 terminal.
  • by amigabill ( 146897 ) on Friday February 10, 2006 @05:51PM (#14690549)
    What about comparing the mindset of people using Firefox to the mindset of those who use MSIE? I know people who are seriously under MS't thumb, in that they simply do not care if there is any alternative and quality is completely irrelevant. They also don't care enough about the world to be careful on the web. One friend of mine (who's nearly 31 years old now) I won't let use my computer without supervision because he doesn't want to "learn how" to use Firefox, and he's often impulsively copying crap from god knows where on to my machine or other people's machines to show off the latest stupid gimmick he's found out there someplace. I don't like gimmicks off some random web page running on my PC as I'm afraid of what computer illnesses may come along for the ride...

    I think that a lot of people using Firefox go beyond just having a different browser to be safer doing the exact same things. I think that the average firefox user probably has a somewhat different web surfing habit than IE users. Many are using Firefox because they sought out something "safer" than MSIE in general, and are probably actively trying to be safer in their usage as well by not doing some of the things or going to the sorts of sites that those less interested or less knowledgable are doing or going to.

    Regardless of the browser in use, who is more likely to click through the bank account phishers, the average MSIE user or the average Firefox user? Things like that...
    • If he's that much of an idiot, just remove all IE references from your computer. I know that I can't get to IE without either directly browsing to the executable or running iexplore.exe. Which is how I like it. Keeps other people from doing stupid things. If they want to use the Internet, they use Firefox, or they don't use it at all.
  • While I use Firefox myself and believe it is marginally more immune to exploit, I suspect that the most likely reason for the results in the FA is that Web users who know how to use Firefox in the first place are more likely to be cognisant of such threats to begin with, and are also more likely to protect their computers from spyware/adware/etc.
    • I think you have a sound point, but my experience is different. I find that even the non-techies like firefox and find it so much more "secure" than internet explorer. I've installed it for my parents and for some colleagues, and they all appreciate it. The only complaint is about the sometimes slow behavior (and they get bored when I explain what a "memory leak" is.) We all know that pop-ups and spyware are annoying, and I think my non-techie friends like a browser experience without that hastle. I put ad-

    • I suspect that the most likely reason for the results in the FA is that Web users who know how to use Firefox in the first place are more likely to be cognisant of such threats to begin with

      Their experiment tried to emulate the careless behavior of the "average user" and it was found that Firefox was much less susceptible to attacks. So yes, the browser does matter as well as its default configuration. It also helps that Firefox doesn't support ActiveX by default and isn't affected by drive by installatio

  • by fzammett ( 255288 ) on Friday February 10, 2006 @06:11PM (#14690733) Homepage
    I'm really sick to death of all the "Firefox kicks everyones' ass" pieces all over the place. I really can't stand being in the mindset to defend MS, but yet...

    This whole "study" was stupid in terms of proving one browser more secure from malware than the other (which wasn't their point apparently, which makes the /. post even more stupid). The conclusion is if you take two unpatched browsers, you'll get spyware a lot, and moreso for IE.

    Ok, as others have said, that's not exactly like finding out the Sun orbits the Earth or anything.

    It is much like saying "hey, you know, if you go into a burning building without firefighting gear, your gonna get burnt".


    "If you have sex with a number of HIV-positive people you may well contract the virus".


    "If you vote republican, you will slowly lose your personal rights".


    "If you vote democrat, you will pay a bunch more in taxes".


    Let's see what happens with two FULLY-PATCHED browsers. Will FF still come out on top? Yes, I would imagine so. I'm not about to say IE isn't inherently more dangeruos than FF, because I think it is. But it's a question of degrees... are two completely up-to-date installs of FF and IE going to be *that* much different? I would seriously doubt it. I'd be willing to bet they are close enough that you could effectively ignore the difference (until your machine gets wiped out by the .00000001% of malware that got through I guess!)

    It's interesting to me... I've been using IE all along... there are some things that annoy me about FF that keeps me from using it full-time. In all that time, I can count on one hand how many times I've been infected with anything. And, once I moved to Maxthon a year or so ago, I haven't been infected with anything even once. The difference between IE and FF is not THAT big, when you are fully-patched.

    Talking about anything less is pointless... and yeah, I know the argument... "But grandma doesn't know she should be patching her browser and doesn't know how". Well, get grandma off the computer! We don't let kids drive cars because THEY DON'T KNOW HOW TO (neither do many adults of course, but I digress). Using a computer is no different than using any other tool: you can hurt yourself, and sometimes others, if you don't know how to use it. Can't you smash your hand with a hammer? Can't you cut a finger off with a can opener? Can't you badly burn yourself using your oven? There is a certain amount of risk to using any tool, and you accept that risk, but more importantly, you learn about the tool to some minimal degree that allows you to mitigate the risk as much as possible. People need to start doing the same with computers. Not everyone has to know how to hook a system call or spawn daemon threads in a VM or whatever else, but keeping a browser up to date, especially as relatively easy as it is today? Yeah, I'd say that's the MINIMUM level of knowledge one should have, and if you don't have it, git knit a sweater, you shouldn't be touching a computer.

    Enough with all the "FF rules and IE sux0rs" crap... if you like one or the other, great, no problem, choice is good, use what you like. But enough with constantly telling me how unsafe I am using IE (or an IE derivative). My experience does not bear it out, and even if it did, the answer would still be what it's been all along: the USER is more at fault than the browser.

    Hey, when something gets through FF by the way, do we start screaming that it is insecure and no good? Of course not! We first ask "well, what did the USER do to let the garbage in"? Because OF COURSE it could never be FF's fault. And you know what? 9 times out of ten, it isn't! Just like 9 times out of 10, it isn't IE's fault... ok, to be fair, 8.5 times out of 10 for IE... like I said, I don't doubt FF is a bit better.

    Ok, I'm done, rant over.
  • One of my routines when I install a new copy of Windows is to set all file/directory perms so that the average user can only write to their local home directory. This is usually a game of 1) set the perms, 2) see what breaks, 3) make an individual decision about whether to reset the perms for a particular file or directory to fix the brain dead program that requires users be able to write to a non-home directory in order to properly run.

    How many of the infections are caused by the silly default perms th
    • Dunno about 3.51, but NT 4.0 was C2 secure only if it had no floppy drive and no network...
    • Have you thought about using vmware and not using real windows at all? At least, not as your base OS... vmware player is now free and there's ways to fool around with it and create a VM using it, or you could get someone with vmware to make you a system image...
  • Not a single user running Konqueror on FreeBSD has been infected by malware through their web browser.

    I'll probably be alright using Firefox on Linux though.
  • You can test the browsers yourself by placing the URL to the Yahoo Random Link [] in a toolbar bookmark and click it a few thousand times. Although be warned it can take you anywhere! So I really wouldn't recommend using it in IE.

    There used to be a "browser buster" on that would reload this URL (loading a new page each time) automatically in a frame. But I don't see that out there anywhere any more. Probably because the YRL was busted for a long time.
  • birds more likely to get avian flu than fish.

This process can check if this value is zero, and if it is, it does something child-like. -- Forbes Burkowski, CS 454, University of Washington