Comparatively Speaking...

Monday July 1st, 2002

Linux Online recently compared the major Linux browsers, including the Mozilla-based trio of Mozilla 1.0, Netscape 6.2 and Galeon. Reviewer Michael J Jordan praises Mozilla's stability, tabbed browsing, rendering and customisation.

As mentioned by fondacio on our forums, the International Herald and Tribune took a look at Mozilla, Opera and NeoPlanet (note that the site doesn't seem to work in some builds of Mozilla). Reviewer Lee Dembart says that "Mozilla is impressive and has it all over Opera." He especially likes the ability to block pop-ups, tabbed browsing and pipelining.

UPDATE! tuxracer writes: "I've put up a browser comparison list, comparing various features that affect usability and W3C standards compliance. It compares Mozilla 1.0, Netcaptor 7.01, Internet Explorer 6.0 (Windows), and Internet Explorer 5.x (Mac)."

#41 Re: Re: Re: Re: Re: Re: Re: Got that right!

by Dobbins

Saturday July 6th, 2002 10:10 AM

You are replying to this message

"I have absolutely no clue as to what you were trying to say there."

Windows is capable of showing that that file someone sent you is named "picture.vbs" rather than simply showing a file named "picture" in you outlook window. By default showing the extension is turned off making it more likely someone will click on it. You can warn people not to click on .vbs or .exe or .com but since Windows hides the extensions in the default settings they don't know they are clicking on the type of file you warned them about. MS knows the default settings cause this problem, but they consider Windows users to be dummies that would be confused by seeing extensions.

"Of course. Your point being? A non-root user doesn't have an addressbook? Or a non-root user doesn't have information that is valuable to him/her that could be exploited by malicious code if the user ran such code in their own user process?"

A Regular user is incapable of running a file that will damage the entire system. A file he runs can't change the files that are the equlivant of Windows regestry. It can't Format the Hard drive. It can't delete or modify files belonging to other users. All he can do is run a file that will expose the data in his home directory to exploit, NOT the entire system.

"Oh please. You failed to mention older versions of Sendmail and Apache, too. And a whole slew of others. ;)"

The only security flaw in Apache in years was patched in a matter of a couple of days. IIS flaws remain unpatched months after discovery. Sendmail is patched in a matter of days if not hours when a flaw is discoverd while Microsoft's mail program has holes remaining open for months. Really savy 'nix admins can use Qmail, which has NEVER had a security exploit, instead of Sendmail. Microsoft users don't have the option of choice. If the maintainers of Apachee and Sendmail was as slow as Microsoft is in patching thier programs I can take the source code and either fix it myself or pay some one to fix it, an option that dosen't exist with Microsoft's closed source products. Microsoft users can only wait hoping that MS will get around to fixing the flaw, and that if they do bother fixing it it will be released as a patch rather than as part of the next version requiring upgrade fees.

As for your list strawman, there is no list of sites waiting to exploit your system, just like there isn't a list of burglers that live near you. The absense of a list dosen't mean there are no malicious sites or no burglers in your area. The Security model is to assume that there are sites and burglers that will take advantage of you if you fail to take the proper precautions.

"especially regular mozilla users who have to use IE from time to time for whatever reason"

IE dosen't run on my system for two reasons. 1. It dosen't work on Linux 2. Even if it did I don't install software with 18 known security problems on my system.

Windows users can do the same thing I do, simply not use IE. Much to Microsoft's dismay it is still possible to surf the web without using their software.