Duck, Microsoft: Firefox Is Coming To Retail Stores (Linux offering OpenOffice & Firefox together)

TechWeb ^ | November 22, 2004 | TechWeb.com

[Eagle9]

Linux operating-system producer Linspire Inc. has found another way to challenge Microsoft: it's offering its OpenOffice.org product suite and the Mozilla Foundation's Firefox browser in a single package in retail channels.

Linspire, formerly called Lindows, positions its OOoFf package to directly compete with Microsoft Office. The OpenOffice.org product enables users to create spreadsheets, presentations, and documents using files in popular formats, including .doc, .xls and .ppt. The Linspire product also enables users to utilize the PDF format.

"Our goal with OOoFf is to help get OpenOffice.org and Firefox into every possible distribution channel," said Linspire CEO Michael Robertson in a statement Monday. "As users grow comfortable with these high-quality open-source products, it makes the migration to desktop Linux a much more practical transition."

The combo OOoFf consists of an installation CD-ROM, documentation materials, and Flash tutorials. The software is compatible with Windows 98 and higher and Mac OS X 10.2 and higher.

Firefox has been downloaded by more than 10 million users, and the browser has taken some market share from Microsoft's Internet Explorer. The Linspire Linux-based operating system has been designed for desktop and laptop computers, and the firm said the new Firefox- OOoFf package should help spur the growth of its Linux operating system.

[zeugma]

I've been hearing a lot of positive things about both Mandrake and Suse recently. When my subscription to KRUD runs out, I'll be looking at both, as I've been less than pleased with the stability of Fedora. RH9 was rock-solid for me, but Fedora 1 & 2 have both sucked (in a relative way).

[melbell]

"by the way, Firefox doesn't not effectively block pop ups. Just go to drudgereport.com. you will get popups."

um..yeah...did you actually try enabling the popup blocker before making this statement??

[SCALEMAN]

"The problem of spyware and viruses are so damn severe that I restrict windows from internet access"

I am neutral in this fight, but I suspect if Firefox gets even remotely close to the usage of IE, you will get the hackers interest and viruses and worms will be written to take advantages of its weaknesses. Just because people aren't writing code to attack Firefox, doesn't mean it is invulnerable.

[N3WBI3]

Everyone here has told him it works, I even posted a picture of it working on XP. He still insist it does not work..

[Knitebane]

We are basically in agreement, sir.

[Knitebane]

I am neutral in this fight, but I suspect if Firefox gets even remotely close to the usage of IE, you will get the hackers interest and viruses and worms will be written to take advantages of its weaknesses.

Nope.

An oft repeated myth, but it doesn't get any more true the more it's repeated.

Just because people aren't writing code to attack Firefox, doesn't mean it is invulnerable.

Of course not. Firefox has it's share of bugs. But they will less nasty because it's not imbedded into the OS, it's built by a group of developers that believe that standards are more important than marketshare and that reliability and usability are more important that market domination.

[SCALEMAN]

"An oft repeated myth, but it doesn't get any more true the more it's repeated."

I wasn't repeating anything I have heard or read anywhere else. This was my own observation. As I stated before, I am neutral. I will use any OS that is good for me. But I still believe and always will that there is no 'invulnerable' software, and Firefox is just below the radar at the present. If I were writing destructive software, I would target the largest number of platforms with the smallest amount of effort.

I understand your point of FF being a separate program and not imbedded.

[N3WBI3]

Making the assumption that the engineering behind a program plays no part in how safe it is is like saying if everyone drove a yugo they would be as safe as if they were driving a saab. While its true there will probably be as many accidents I would bet fewer people would die.

Fierfox maintains more seperation from the operating system than Ie does and because of this its far easier to write an Ie exploit which will affect the underlying Operating system.

[Paridel]

But I still believe and always will that there is no 'invulnerable' software

While this is true in a strict sense, there is an engineering trade-off between features, development time, ease of use, etc. and security of the product. You can make a program arbitrarily secure, the question is just how many resources you are willing to throw at it and how much it outweighs other software quality criteria.

If I were writing destructive software, I would target the largest number of platforms with the smallest amount of effort.

I think this would be true is the programs had the same goals. I may be wrong here but I think that while Firefox is aiming at just being a lightweight standards compliant browser while Microsoft is aiming for something quite a bit more complex with IE (as part of their .NET framework). That involves not just being more closely tied with the operating system, but also allowing closer integration of server and client side code.

I would think that would make it a little harder to patch up. For instance it would be fairly trivial (to a seasoned network programmer) to write a "secure" copy of lynx (a text only browser), but much harder to keep things secure when you add client side code, javascript, active-x, etc. to the picture. Doesn't mean that it can't (or shouldn't) be done, just it is a lot harder for you to patch up and thus easier for people to attack.

Please not that I'm not trying to defend / criticize either design goal, just that is how I view the differences in philosophy.

-paridel

[Knitebane]

If I were writing destructive software, I would target the largest number of platforms with the smallest amount of effort.

And you wouldn't get very far.

If you write destructive software, you target the software with the most, and most serious, security vulnerabilities.

That's why Microsoft software is the most targeted, not because it is popular, but because it's buggy.

The obvious example is IIS vs. Apache. Apache is much more popular, yet IIS is more attacked. IIS is terrible code and has lots of bugs. It's a cracker's playground.

[Bush2000]

Oh, great. Yet another "oh-why-won't-they-switch-to-our-superior-OS" discussion. You guys just don't seem to get this. It doesn't matter how low you price Linux or where you market it in the retail channel. Even at zero dollars, it is not seeing any real adoption by desktop users. Until you can get developers to target popular applications that people actually use (not dust-bin rejects) at Linux -- and you improve Linux ease-of-use -- desktop adoption rates won't change. Where are the popular games? Popular finance software? Linux wireless support is crap. So is application setup. Blah, blah, blah ...

[Bush2000]

That's why Microsoft software is the most targeted, not because it is popular, but because it's buggy. The obvious example is IIS vs. Apache. Apache is much more popular, yet IIS is more attacked. IIS is terrible code and has lots of bugs. It's a cracker's playground.

Except your anti-Microsoft bigotry doesn't reflect reality. Here's proof.

Comparing IIS 6.0 to Apache, we see the following statistics:

IIS 6.0 has had 3 vulnerabilities over 2003 and 2004. All 3 of which are classifed as moderately or less critical.

Apache 2.0 has had 23 vulnerabilities -- of which 5% are rated as highly critical -- and 5% remain unpatched.

So keep trying to sell your open-source-is-safer snake oil. The facts show that you are wrong.

[Bush2000]

Well, now we know what happened to Golden Eagle.

Yeah, Nicky. You certainly worked overtime to get him banned. Taken right from the DU playbook. Shutdown anybody who tries to disagree with you.

[Nick Danger]

Oh right, I had Eagle banned. I just waved my arm and away he went. Except that he isn't banned — he just hasn't shown up since late August. Now all of a sudden we get rained on by new shills who don't speak good the English. In fact that one guy you got in here sounds like the same guy I get when I call Verizon. Vishnu? Not much, vishnu with you?

[Paridel]

Something to keep in mind is that it isn't always server at fault, it is also the administrators of the server.

Especially any server side code that works on user input. Even when a language has a feature like 'taint' in Perl most people don't bother using it.

-paridel

[Knitebane]

The facts show that you're a remarkably good liar. When one looks at a small subset of the data and ignores the larger set, one can draw all kind of conclusions that have nothing to do with reality.

You and Ballmer seem to have this same problem. Maybe it's all that time under his desk?

Apache 2.0.x with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Not critical

Microsoft Internet Information Services (IIS) 6 with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Moderately critical

My, my. Look at all that red ink.

But wait, it gets worse.

The vast majority of Windows web servers are not running IIS 6.0! They're still running IIS 5.x. So let's take a look at the stats there:

Microsoft Internet Information Services (IIS) 5.x with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Extremely critical

And yes, Apache 2.x isn't the most used web server, it's Apache 1.3.x. So let's look at those stats:

The Secunia database currently contains 0 Secunia advisories marked as "Unpatched", which affects Apache 1.3.x.

Hey! No red ink at all!

Find a better source for your FUD. I'm on the Secunia site every day. I do security for a living, and no matter how much you and Stevie try to spin it otherwise, Microsoft routinely comes in dead last when it comes to security.

Speed-to-patch, stablity of patches, zero-day exploits, external access to or bypass of system permissions, you name it, Microsoft sucks at it.

[Knitebane]

And that's why it's so important for software to come with sane default settings. Apache runs as a user with no permissions outside of its files directory by default. On OpenBSD, Apache runs in a chroot jail, by default.

PHP, if run as an Apache module, has the same default. It can only affect files in the www directory. The same goes for the Perl module.

Microsoft default settings have been a subject of much derision for a long time now, so I won't belabor the point.

[Bush2000]

Whoa, hold on a sec there. If you want an apples and apples comparison, compare the latest version of IIS against the latest version of Apache. One that score, Apache is much less secure. You want to pretend that the new version of IIS doesn't exist -- because it doesn't fit in nicely with your ridiculously overhyped and bigoted anti-Microsoft ideology. Microsoft invested huge amounts of human capital in IIS 6.0 and .NET Server -- and the results show. Your competition isn't IIS 4.x or IIS 5.x. It's 6.0. IIS was completely rewritten in IIS 6.0 (http://www.directionsonmicrosoft.com/sample/DOMIS/update/2002/07jul/0702riawns.htm). But by all means, keep spinning your web of lies.

[P-Marlowe]

Why would anyone buy it when its free?

[Bush2000]

Why would anyone buy it when its free?

Shhhhhhhhhhhhhhhh ... don't take away their illusions. Let reality smack them in the faces.