Skip to main content

Finally, someone has the courage to challenge Firefox

Microsoft employee Peter Torr has started a flame war in his own blog today. Torr claims that the distribution and code signing of Firefox isn't up to scratch. Torr provides screenshots of the latest XPSP2 protection IE but fails to mention the poor protection in IE 6 SP1 which many more users are still using. Nevertheless if you enjoy battling it out about Firefox vs IE then this is a read for you. Here's a snip:

Recently, a lot of volunteers donated money to the Firefox project to pay for a two-page advert in the New York Times. If only they had spent some of that money on improving the security of their users by, say, purchasing a VeriSign code signing certificate.

"But the thing that makes me really not trust the browser is that it doesn't matter how secure the original code is if the typical usage pattern of the browser requires users to perform insecure actions.

· Installing Firefox requires downloading an unsigned binary from a random web server
· Installing unsigned extensions is the default action in the Extensions dialog
· There is no way to check the signature on downloaded program files
· There is no obvious way to turn off plug-ins once they are installed
· There is an easy way to bypass the "This might be a virus" dialog

Via How can I trust Firefox?
Via Neowin