Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[G-Flex]

Indeed. I've found that FF and the addon NoScript makes it annoyingly safe.

This does not mean that Firefox is safe, at all. We're talking the security of a browser, not the security of a browser with an add-on that cripples its functionality. I mean, it's obvious a browser will be safer if you install something on it that intentionally blocks scripting, but that doesn't say much for the browser itself, nor is it a very good solution to the security problem.

Thing is, love it or hate it, IE IS a huge gaping chasm is your computer's defense. FF is a good bit better, but still has problems. So far, GC has proved itself impossibly virus proof.

I'm going to have to ask for sources on this, if you're talking IE8.

[Heron TSG]

Indeed. I've found that FF and the addon NoScript makes it annoyingly safe.

Just add on AdBlock Plus, and you're golden.

that cripples its functionality.

What does No-Script do to cripple FireFox? If you want to see something that's blocked, it's only two clicks away, and you can leave all the undesirables blocked out.

[S31-Syntax]

Indeed, what kind of functionality does it cripple?
IE is, and will always be, a nonexistant part of my daily software use. I don't even use it to download a new browser.

[G-Flex]

It cripples functionality by blocking scripting, which is a major part of the web.

Obviously you can make exceptions, but then you have to trust those exceptions, which kind of goes against the idea of making the browser secure in the first place. The point of a browser being secure is that things can't exploit it, not that the user is trusted to tell whether or not a website might exploit it. If the user has to make a decision on whether or not to trust a website to actually run scripts, that is not a method of "browser security".

Does it help security? Sure it does. But it doesn't make the browser itself secure, it just helps the user avoid content until he thinks it might be fine to view.

The goal of security should be that you can view sites in their entirety without losing functionality, and things like exploits and malware are rendered ineffective. The goal is not to force the user to decide whether or not he wants to take the risk.


Don't get me wrong, I'm glad things like AdBlock and NoScript exist, but they're simply not relevant to the central question of whether or not the browser itself handles things in a secure manner, good tools or not.

Indeed, what kind of functionality does it cripple?
IE is, and will always be, a nonexistant part of my daily software use. I don't even use it to download a new browser.

That's great, but it really isn't that bad. You're being paranoid.

[KaelGotDwarves]

I'm just going to throw in my personal account- that is a good friend of mine who works as a developer on an internet standards committee previously licensed by HP but is now freelance, who exists on just one of many groups that works to improve web usability and reliability - she LOATHES IE because microsoft try to ignore web standards and create their own standards, easier for microsoft but makes it hell for everyone else. She uses firefox (better than opera) and would use chrome but she thinks google tracks enough information already. Also, she believes Apple sucks for overpricing everything they put out, so no safari.

And yes, she's a she.

It's just an personal anecdote but take it as you will.

[G-Flex]

IE has historically had problems with standards compliance (IE6 was total trash), but in more recent versions it's improved, and we'll have to see where IE9 stands.

[Mel_Vixen]

Indeed. I've found that FF and the addon NoScript makes it annoyingly safe.

Just add on AdBlock Plus, and you're golden.

Its better to include Flash-block as well. Flash is a gapping hole in any browser. Flash as external software made also FF crash horrible thus flashblock   and the FF inbuild "addon container" (container thread for flash f.e.)   is in my opinion pretty safe. 

The problem with flash and scripts is that they get abused so we block them for rather obvious reasons. Most important stuff can be done by PHP and good website design without JS or flash without loosing functionality. The exception may be browser-games, shops etc. Sadly certification is nowhere near trust-able so it would be rather useless for scripts.

Ok that was my "flash-rant" because it annoyed the hell out of me.

Funfact: MS trys to get all IE6 and IE7 upgradet to IE8 because the older versions are less safe. Coincidently while IE8 takes 29% of the browser market IE7 and 6 take ~ another 25%. FF 3.6 = 17.63%, Chrome 6 and 7 ~ 8%, Safari 5 = 2.5%. Source here

The big patchdays are a problem in my opinion and i think patches should be available asap.

edit: IIrc the W3C (?) said that the beta versions of iE9 handles HTML5 pretty good and follow the standard so far

[ECrownofFire]

I'm just going to throw in my personal account- that is a good friend of mine who works as a developer on an internet standards committee previously licensed by HP but is now freelance, who exists on just one of many groups that works to improve web usability and reliability - she LOATHES IE because microsoft try to ignore web standards and create their own standards, easier for microsoft but makes it hell for everyone else. She uses firefox (better than opera) and would use chrome but she thinks google tracks enough information already. Also, she believes Apple sucks for overpricing everything they put out, so no safari.

And yes, she's a she.

It's just an personal anecdote but take it as you will.

Tell her to use Chromium then. Open source version of Chrome, basically. I use it. Chromium on Linux means you're guaranteed to never run into any viruses, ever.

Anyway, I just like my addons, and I'd prefer to not have one company dominate the browser "marketplace". Stagnation isn't good for innovation, and all that. I haven't really ever had any major problems with IE though, excluding slowness and lack of addons. I never really seem to run into computer problems much, except when doing silly and/or stupid things (like how I can't run Steam on my windows/Ubuntu dual boot without it blue screening due to Linux's screwy NTFS implementation, but it works fine on Linux, so I don't really give a fuck. Oh, and another MBR screwup, also with Linux, but that was me being stupid again). Never had a virus on any computer I've used (or at least not one that's been my fault).

[Mel_Vixen]

There is an old idiom among It-people: "There is no Computer without viruses."

[G-Flex]

The problem with flash and scripts is that they get abused so we block them for rather obvious reasons.

The focus on web safety should be browsers that aren't susceptible to scripting attacks to begin with, not on third-party add-ons that disable those features entirely in order to attempt to evade such attacks. That's why things like DEP and Protected Mode exist. A well-designed, secure browser running in a sane OS should not require 2+ massively feature-disabling third-party additions in order to avoid attacks using those features as a vector.

Obviously, with something third-party like Flash, you can probably only do so much as a browser developer, though.

[Jake]

You know, it might be an open question whether the methods by which Microsoft acquired its share of the browser market were completely above-board, but that share stood at around 65% last I heard; bigger than everyone else in the market combined. Something that only works properly in the remaining 35% is stretching the definition of 'standard' a bit.
Not that I use IE or anything else Microsoft if I can possibly avoid it, mind you, though the rise of Firefox seems to have spurred them into making some significant improvements from 7 and onwards. But it's still something to think about.

No, it's not. Standards are defined by external organizations and it's up to the browser developers to adhere to them. We're talking ACTUAL standards, not de facto standards that just happened to evolve over time. We're talking things that have actual specifications, and whether or not browsers adhere to those specifications.

Thought I'd better bring that debate over here. And there is, I think, a worthwhile debate to be had about whether a de facto standard that evolved over time is necessarily better or worse than one designed by committee.
More to the point, is this particular de facto standard demonstrably worse? I ask this in honest ignorance; my knowledge of the theory and practice of web design is scanty at best, and I'm not in the business of wailing on something just because It's Micro$oft Doing It.

[G-Flex]

Actual, drafted standards are necessary, otherwise it's impossible to ensure consistency and compliance. Period. Also, proprietary pseudo-standards are both unnecessary (we have organizations to come up with good ones) and potentially harmful (since there's a conflict of interest when one company wants to force everyone else to do things their way, or force competitors out of business by introducing ill-conceived proprietary standards specifically so everybody else's stuff doesn't work with products X, Y, or Z).


Basically, if your standards aren't written down, there's not even such a thing as compliance, and one particular company trying to enforce its own proprietary rules isn't often in the best interests of anyone but them.

Honestly, IE hasn't had "de facto standards" as much as simple noncompliance. They just sort of did things their way with little regard for standards back in the IE6 (and previous) days, simply because competition wasn't around.

[Jake]

I see what you mean; if MS had been consistent between versions and documented a standard of their own it would be another matter, as the conflict-of-interest scenario you describe would be a great way to kill their market-share entirely the moment someone came up with a third-party browser that could display both 'standards' as they were intended.

[Mel_Vixen]

G-flex i meant "abused" in terms of annoying adds popups etc.

[G-Flex]

That's a fair point. I use adblock, but really just to hide things that either bog down my computer, are abusive (goddamn floating ads), or otherwise deserve the boot. It's also fun to play around with the element selection helper add-on.