Replies

A friend and I did an experement about 3 mos ago where we took two systems, installed a fresh version of Windows XP (Scv Pk 1) and installed no programs on either, except for Firefox.

Your experiment is BOGUS. SP1 came out, what, beginning of September 2002 I think? I'll wager that you weren't using a two year old copy of firefox?

I can't image anyone in their right mind would use Windows sans all security updates in the past two years. Two year old Linux installs have security issues as well (to name one? The SSH Remote Buffer Overflow Vulnerability announced ~ Sept 2003). A lot of these are very well known now, with example code published in security journals, and exploring them is fairly trivial.

Besides a more realistic test would be IE with a tool like EMS Free Surfer MKII (to block pop-ups) installed, and heck I would also throw in SpywareBlaster (to prevent known spyware registry entries) or SpyBot's TeaTimer because they are free and easily installed just like Firefox. Why? Because this isn't about being "fair" it is real world browsing experiences with both browsers. If you intentionally ignore easy steps you can take to make things more secure your test no longer reflects real usage.

-paridel

So, in order to make it fair, you have to add on a bunch of stuff, is that it?

Not that it really matters since even with all of the current patches, there are still 24 unpatched Internet Explorer bugs.

It's not about whether it's easy or not. It's not about whether it's free or not.

It's about whether Microsoft (not third-party vendors) have produced a product that works properly out of the box.

And the answer is no.

Your first point (updates) is 100% valid, I am interested in the level of patching he did. As the ie and ff Operating Systems were both *as* vulnerable this was not a windows/Linux test he should have just patched ie. I dont quite agree with other ways you would make this 'fair'..

Besides a more realistic test would be IE with a tool like EMS Free Surfer MKII (to block pop-ups) installed, and heck I would also throw in SpywareBlaster (to prevent known spyware registry entries) or SpyBot's TeaTimer because they are free and easily installed just like Firefox.

Well it would not be a straight up test of IE vs FireFox then would it? No no for Ie To compete 'in a realistic test' you have to install two maybe three pieces of other software (of which how much is included with windows or free?).

If you intentionally ignore easy steps you can take to make things more secure your test no longer reflects real usage.

Like buying more 3rd party software to protect you from the crap MS give you..

Let me add that it was Service pack 1, with all the latest updates from MS Windows update web site. Just for giggles, we're going to do the same thing again with the latest Service pack from MS installed and ready to go. I'll post here when we're done. And I don't know how old the FIrefox version was at the time, as I don't know the release date, but it was .08, and the latest version is 1.0. But with all Windows updates installed, IE still gets tons more instances of spyware than Firefox. This I know for a fact, because before I removed all references to IE on our work computers, I could do a spyware check, and tell with 100% accuracy which browser that user ran. IE's time is coming to a close.

If you intentionally ignore easy steps you can take to make things more secure your test no longer reflects real usage.

The problem is that "real usage" for most people is the old computer just as they got it -- no patches, no software to make up for IE's shortcomings.