From jwevans1@uiuc.edu Sat Apr 22 15:51:31 2006 Subject: Firefox Myths Comment From: Jeff Evans To: OptimizeXP@comcast.net Content-Type: text/plain Message-Id: <1145739089.8493.38.camel@localhost.localdomain> Mime-Version: 1.0 X-Mailer: Evolution 2.4.1 Date: Sat, 22 Apr 2006 15:51:31 -0500 X-Evolution-Format: text/plain X-Evolution-Account: 1123110017.8575.0@jeffubuntu X-Evolution-Transport: smtp://evans_fam%40sbcglobal.net@mail.insightbb.com/;use_ssl=when-possible X-Evolution-Fcc: mbox:/home/jeff303/.evolution/mail/local#Sent Content-Transfer-Encoding: 8bit Your own stated definition of myth is "A fiction or half-truth, especially one that forms part of an ideology." I feel compelled to point out that most of the "myths" listed on the site are themselves myths according to your definition. System Requirements: True, stated Firefox system requirements are higher on Windows. First, have you ever tried running IE on a 486 66 with 32 MB RAM? Sometimes meeting the "minimum" requirements is not sufficient for a positive experience in using the software. I don't know for sure they're not in this case, but I'm just pointing out the possibility. Have you tested performance of IE on a system barely meeting its minimum requirements, and compared that with the performance of FF on a system barely meeting its minimum requirements? Until you do, the point about system requirements is meaningless. Performance: All references for this section link to a page for a single study conducted by an individual. This far from proves anything about performance between browsers in general, under all situations for all users. And that's exactly the point. In his specific case according to his metrics on his machine IE was faster than FF on Windows. In my own experience (back when I still used Windows regularly), a clean install of Firefox with a minimal set of extensions was slightly faster when navigating between pages than a fresh copy of IE (read: a clean Windows install). Does this mean that FF is always faster than IE? No, but it does show that IE is *not* always faster than FF. I will concede your point that a "cold" startup of a sterile copy of IE is usually faster than FF (for me, the difference was a few seconds, which I suspect the majority of FF users are more than willing to tolerate). However, keep in mind that in the real world, few users have the luxury of our lab conditions. Many Windows machines on which IE is the primary browser are infected with malware targeted toward IE, thus significantly degrading its performance (including startup times and responsiveness). Security: Clicking on the link to Secunia shows that the most severe *unpatched* vulnerability is "Less Critical". The "Highly Critical" and "Extremely Critical" vulnerabilities have all been patched. The wording of this section also begs the question whether the number of vulnerabilities is even a meaningful measure of security. First, the number of known vulnerabilities does not translate directly to the number of actual vulnerabilities. Second, traditionally Mozilla has patched discovered vulnerabilities (particularly severe ones) quickly. Thus, the sooner one is discovered, the sooner it is fixed. If Firefox flaws are being discovered at a faster rate, they are consequently being fixed at a faster rate. This seems to suggest that more discovered vulnerabilities actually leads to better security. Also note that no comparison to the number of vulnerabilities for IE can be made, since it is a closed-source product. Any programmer can tell you it's easier to find bugs in a program when the source code is available. As for the claim about "most secure web browser", I've never heard anyone make this claim so I checked your "source", which appears to be from a forum post by a member of spreadfirefox.com. Whether a statement by a individual about a product counts as a "myth" about that product if proven to be false is questionable. On the issue of OS integration you link to a Microsoft Employee's blog. This is, needless to say, hardly an objective source of information on the matter. Even so, the claim I hear on this topic is usually made in the context of the following: "a flaw found in Internet Explorer will affect more applications than a flaw found in Firefox." Strictly speaking, this is true, since IE is a "critical component" of Windows by Microsoft's own legal admission and is used by a wide variety of other applications (including Windows Explorer, MSN Explorer, Steam, and many others; you can find a full list through searching). This means that a vulnerability in IE is much more far-reaching than a flaw in Firefox. With regard to ActiveX, the page you link to is again an article by one person. And many who commented on that very article disagreed with it. The most important point about ActiveX vs. Extensions (FF's closest equivalent), is that in order to install a malicious ActiveX control, the user has only to click a bunch of "yes" buttons. From my experience, many users do this without bothering to read the text in the dialog box, let alone understand its implications. To install a malicious Extension, a Firefox user must first add the source site to the list of trusted sites, then click the extension file *again*, then wait for a few seconds before the "OK" button becomes available, then click OK. This makes "casual click" installing much much less likely. So in a narrow sense the argument I just made does not show that ActiveX is insecure. But its implementation on Windows IE (which is just as important) is insecure and leads to unintended consequences. Spyware is much more of a Windows issue than a browser issue, as you hinted at in your "Solution to Spyware" issue. The point here is an astronomically low percentage of users even know enough to realize they need to secure their system before using IE. An even lower percentage know how to do this, and even fewer users actually go through all the steps (the most important of which is running under a restricted user whenever possible). That said, let's look at your example of Firefox infecting the user with spyware. The vulnerability you link to relies on a flaw in the Java runtime, not any particular browser. You may argue that Mozilla's confidence in Sun JRE is misplaced and constitutes a vulnerability, but you cannot argue this infection is the fault of Firefox. Features You state the myth that "Firefox is Bug Free." What is your source for this? It's a single post from a member of the "PetLovers.com" forums. This cannot reasonably be construed as a "Firefox myth". Looking at the supposed "memory leak", keep in mind IE6 (without extensions) does not even offer tabbed browsing (yet). Thus to make a valid comparison of memory usage, we would have to open as many IE windows as Firefox tabs pointing to the same pages. From my experience, the difference in memory usage between the two processes when this exercise is carried out is insignificant and varies. This does not seem to indicate that Firefox "leaks memory". Most individuals who make this argument are also using the incorrect term. What they really mean to say is that Firefox memory usage is excessive. (True memory leaks are completely different). With extensions, the question is not about whether or not IE supports extensions, but the actual extensions available for both browsers. In this sense, there are many more useful Firefox extensions available than IE extensions. If one only carries out the exercise of examining some of the top rated and top downloaded FF extensions, and attempts to find IE equivalents, one will see the evidence of this. In the "Integrated Search" section, I find no mention of the supposed claim in the linked blog post. I do not agree with your interpretation of the sentence "Firefox has been widely praised for its stability, trustworthiness and innovative features including tabbed browsing, live bookmarks, built-in pop-up blocking, and hundreds of available extensions." amounting to a claim that Firefox was the first browser to offer pop-up blocking. But I can see where your interpretation comes from, so I will not argue that. However, I posit this is a very minor point. The link cited in "Pop-up Blocking All" makes no claim that Firefox blocks all pop-ups. The relevant section from the referenced page is "Some web pages open endless pop-up advertisement windows. Firefox *can* stop these annoying windows from opening." (emphasis mine). The RSS icon issue is again a very minor and basically irrelevant one. Nobody familiar with the situation claims that "Microsoft stole the icon." Again with the "Tabbed Browsing" issue you cite a book where the author supposedly makes the mistaken claim. This is fine, but again whether or not Firefox was the *first* to introduce feature X is not terribly relevant. Standards The W3C standards section links to a page which 404ed for me. In any case, to my knowledge neither Mozilla nor any Firefox developers have ever stated that Firefox is "100% standards compliant." The next two points on the site ("W3C Standards Development" and "W3C Standards define a Webpage") refer to philosophical debate over web standards and have nothing to do with Firefox myths. As such, I fail to see their relevance to the site. The points about the Acid 2 test are complete misinformation. The first claim you have listed is "Firefox fully supports the most important W3C Standards". The link (a rather tongue-in-cheek method of using the Greasemonkey extension to ostensibly make Firefox pass the test) makes no such claim, and in fact humorously points out the truth - that Firefox doesn't pass the test. The next point regarding the Acid 2 test is also completely absurd. "Firefox passes the Acid2 Test". In the reality section you quite correctly state "No official public release of Firefox passes the Acid2 Browser Test." The linked article makes it clear the screenshot is from a version of Firefox in the "reflow branch", which is not released to the public. In the context of "Firefox" being "publicly released versions of Firefox", the given myth from the given source is utterly intractable. Your claim of "Firefox is completely compatible with every Web Site" comes from, again, a forum post from applegeeks.com. And again, nobody from Mozilla or the Firefox community makes this claim. Quite the contrary, many go to great pains to point out the sites that *don't* work with Firefox. In many cases these sites only work with IE by using ActiveX controls or relying on IE "quirks" rendering modes to display correctly, making them innavigable in other browsers. General: You state "Yet this page is clearly about Myths relating to Firefox running on Windows." In that case, it would seem prudent to title the page "Windows Firefox Myths" or something similar. The introduction states that "All Myths relate to running the default install of Firefox in Windows with no extensions. Please read carefully and look at the sources." Given that many of your "sources" are posts on web forums taken out of context, how can you make this claim? Have you personally contacted each of the posts' authors to garner their true meaning and verify they were using "the default install of Firefox in Windows with no extensions"? Perhaps they were using a few of the slew of Firefox-enhancing extensions, creating a condition in which their statements were true? You also seem most concerned about open and uncensored debate. In the spirit of this, why not have an official, unmoderated (excepting spam, vandalism, etc.) FirefoxMyths.com comments section or forum in addition to the "Testimonials" section? If all your rebuttals have indeed been "merely filled with opinions, rhetoric and conjecture", why not post them and allow your readers to see that for themselves? Show that you are confident in your position by allowing full transparency of responses (positive and negative). Finally, allow me to paraphrase what seems to be the crux of your argument: "Some person made statement X (whose context cannot be determined) about Firefox. X is false. Therefore, X is a Firefox myth." I suggest you change your definition of myth given at the top of the page to one that reconciles with the actual "myths" you have listed.