I love Slashdot


The comments from my last post are still coming in thick and fast. Thanks to everyone who didn’t just swear at me (and if I didn’t approve your comment, it was because it had too much profanity in it).

First things first: I was wrong about uninstalling plug-ins.

Thanks to several helpful posters, you can actually do this via Tools -> Options -> Downloads -> Plugins and clicking on the little blue arrows. Perhaps someone should tell the documentation writers because searching for “Disable” in the Firefox help (or looking for it in the index) found no hits. And I swear I thought I had poked every last option on that dialog in an attempt to find the plugin. Oh well.

Google didn’t help much either, but maybe this post will get a good Page Rank and help the next poor guy (or girl).

·How to disable Flash in Firefox. Tools -> Options -> Downloads -> Plugins

·How to disable plugins in Firefox. Tools -> Options -> Downloads -> Plugins

·How to disable plug-ins in Firefox. Tools -> Options -> Downloads -> Plugins

Second thing: Complaining about the installation errors was probably a cheap shot.

Still, if the same errors had appeared during the installation of a Microsoft program, users would have picked them out and laughed at them. Someone mentioned that the blank dialog may have been caused by McAfee (except it’s not installed) or by Virtual PC itself (could be, although I’ve never seen it before). Anyway, that was my installation experience; yours may have been better (just as everyone likes to give their “I browsed one web site and had 28 bajillion pieces of spyware silently installed on my machine!” when I’ve never seen anything like it. YMMV).

Third thing: I did actually say that Firefox was “a nice browser.”

I was merely pointing out that the average user has no way of trusting that the thing they installed on their computer really is Firefox, or that the extensions / plug-ins they load into Firefox really are the genuine articles.

Fourth thing: Jeff Klawiter apparently has a plugin to let you sign Firefox extensions

Thanks for being part of the solution! :-)

Fifth thing: Yes my post was biased against Firefox.

Because every article written about IE or Windows or Linux is completely balanced, no?

OK, let’s look at the most common replies:

I am an idiot

There were a lot of these kinds of replies, citing various reasons. But only my friend Pat got it right — he can call me an idiot, but only due to personal experience.

I am an idiot because I don’t know what depaul.e d u is

I guess if failing to have an encyclopaedic knowledge of all the universities in a country you didn’t grow up in makes you an idiot, then I am guilty as charged. Seriously — have you heard of Swinburne?

Anyway, the point is that the average internet user might not know what “.edu” means, or who controls the server. The New York Times told them to download Firefox from a “.com” address, and now they’re downloading it from somewhere completely unrelated.

I am an idiot because I used the term “numeric IP address”

Yes, that was a tautology; call me an idiot if you want. The intent was to point out that it wasn’t a typical domain name like www.mozilla.org, and some people may equate “domain name” with “IP address” (yes, the same kinds of “idiots” that read the New York Times :-) )

I am an idiot because I think domain names are more secure than IP addresses

The point of that comment was that using an IP address (as opposed to a domain name) is one of the tell-tale signs of a phishing / scamming site. We tell customers to be wary of such sites, because (by and large) any legitimate business will have registered a domain name.

But now they are being asked to download Firefox from a nameless IP; does that make it OK?

I am an idiot because I don’t understand MD5

Not true; I know exactly what MD5 is. Nevertheless, manual verification of hashes (generated via any algorithm) is a non-starter with a large majority of the user population, especially when there is no obvious indication on the web site that that is what one should be doing.

Digital signatures don’t prove software is good — even spyware vendors can get certificates

Indeed.

Note the dialog doesn’t say “only install signed software” — it says “only install software from publishers you trust,” and the digital certificate is used as proof of who the publisher is. If you don’t trust the publisher, don’t install the software.

The problem with unsigned code is that you have no idea who the publisher is! Is it really that hard to grasp? Signing isn’t a panacea, but it’s better than nothing!

But Firefox is more secure!

Hypothetically, let’s say that that is the case. Let’s assume that the source code for Firefox is perfect and there are no security problems whatsoever with it. (Of course, we all know this isn’t the case… but bear with me for a second).

The whole point of the blog was that it doesn’t matter how good the Firefox source code is!

Doing what the typical end user would do (download, click, click, click) you have zero proof that what you downloaded is, in fact, the true Firefox web browser. It could be a compromised version of Firefox, or even some completely unrelated root kit.

I could have checked the MD5 “signatures”

Repeat after me: MD5 sums are not signatures. They are hashes.

Anyone who compromises the server hosting the binaries can simply replace the MD5s as well. Compromising a server hosting a digitally signed binary won’t help without access to the private key (which would typically be stored on a smart card that is kept physically separate from the hosting web server).

Having said that… this fails the “normal user” test. No normal user would manually verify hashes or signatures (nor are they encouraged to), which is why I didn’t. IE makes it obvious to the user who the publisher of a piece of code is (or that no publisher can be verified), although prior to SP 2 I completely agree that the UI was sucky.

I could have downloaded the source, read it line-by-line, then compiled it

And when will I see a two-page New York Times ad telling me how to do that?

Next please…

Code signing is a solution to a Windows / IE problem; Linux / Firefox doesn’t need it

Do Linux or Firefox somehow make it impossible to install bad software? I thought not.

Code signing is a way of providing evidence to help users make trust decisions for the software they are going to install, independent of the platform. Check your Linux package installer of choice — I bet it checks for digital signatures (albeit ones generated by PGP keys rather than VeriSign certificates).

Those weren’t random web sites — they were official mirrors! You should trust them if you trust mozilla.org

Trust is not transitive. If I trust you and you trust Bob, that doesn’t mean that I trust Bob.

Let’s say I trust the Mozilla developers to write 100% secure code. Let’s also say I trust the mozilla.org administrators to run a secure web site. Let’s even further suppose that I trust the mozilla.org administrators to only allow “good” mirrors (ie, they won’t use www.hackers-r-us.com as an official mirror for Firefox).

Does that mean I should trust the administrators / users of each of those mirrors to keep their systems secure? No.

Hackers now have several websites they can try to hack in order to compromise the Firefox install.

Mozilla can’t afford bandwidth, so it needs the mirrors

But they can afford two-page ads in the New York Times? <g>

Mozilla can’t afford code signing certificates

But they can afford two-page ads in the New York Times? <g>

Oh and they can apparently afford an SSL certificate.

Mozilla shouldn’t buy a code-signing certificate because that supports the nasty closed-source for-profit world

See above; they were happy to get an SLL certificate from Thawte to protect their bug web site.

Next please…

Firefox only installs extensions from white-listed sites, and only update.mozilla.org is trusted by default.

Simply not true.

I downloaded the FlashBlock extension from http://mozdev.xmundo.net/flashblock/flashblock-1.2.5.xpi and “Install Now” was the default button (hint: try typing that URL into the address bar of Firefox and see what happens).

I must be running on a Mac

What, you’ve never heard of Virtual PC for Windows?

Why am I running under Virtual PC?

Because I wanted to be able to blow it all away. Plus it was a way to get a relatively “clean” machine.

How much are they paying me for this?

Nothing; it’s all on my own time.

My boss is on vacation, and I’ve never met Bill Gates (nor am I likely too… he’s a busy guy).

Users are dumb and don’t read dialogs anyway, so this whole code signing thing is a waste of time

Great attitude — let’s keep the population uneducated and encourage them to install random code; they probably won’t get tricked into installing malware if they’re smart enough to run Firefox!

Any arguments to the effect that “users will just click OK anyway” actually work against Firefox; see below (it has less secure defaults for saving and executing files than does IE).

The fact that you can’t check the signature on Flash is not Firefox’s fault; it’s Macromedia’s fault

Not true.

The download from Macromedia is digitally signed. Firefox just doesn’t choose to convey that information to the user.

OMG IE is insecure coz it is part of teh kernel!!111!

Oh, that gem. Yes, and Paintbush runs as LocalSystem!

For crying out loud…

IE has lots of bugs, so I don’t trust it

Fine, you don’t trust IE.

IE has lots of bugs (I never denied that).

But again this misses the point of the article — I don’t care if the “true” Firefox has no bugs whatsoever. How do I (as a normal user, not a computer geek) know that I am really running Firefox?

Not fair; you’re comparing IE 6 SP 2 with Firefox 1.0

Yes, it’s taken Microsoft a while to get IE into good shape. Even so, you didn’t have to wait until XP SP 2 to block unsigned ActiveX controls (or to even prompt for signed ActiveX controls). I don’t have an old copy of IE or Windows lying around to test on, but I’m pretty darn sure it still prompted you for installs of controls in the past (and check, for example, this newsgroup post from 1998 which seems to confirm my memory).

Having said that, Firefox is still several months newer than SP 2, it has had years to learn from IE’s mistakes, and it still managed to “borrow” the Gold Bar from IE. So you can’t really claim it is disadvantaged in that sense.

Who cares if getfirefox.com redirects to mozilla.org? microsoft.com redirects a lot, too

Good point; the reason for spelling that out was not very clear. Basically I wanted to show that the download was coming from somewhere completely unrelated to the Mozilla web site (including the redirect).

And it’s true — Microsoft has used bandwidth aggregators like Akamai in the past, which might present an unexpected URL to the user. But at least they can be sure the files haven’t been tampered with due to the digital signature which IE dutifully checks for them (ie, not relying on them to get MD5s from some secondary source, manually check them, etc).

ActiveX controls suck

Maybe, but how is the download experience for the Flash plug-in better? At what point during the install was I informed that the thing I had downloaded really was from Macromedia, and not from Hackers-R-Us (or some un-named entity)?

Firefox’s downloads are more secure because they don’t auto-execute

Neither do IE’s.

First you get the “Open, Save, Cancel” dialog, then (assuming you clicked “Open”) you get the “Run or Don’t Run” dialog. That’s two dialogs, each with helpful information in them, and reasonable default actions if you just hit <Enter> (Cancel and Don’t Run). With SP 2, even if you choose to save the file to disk, you will still be given the second warning if you later try to execute the file through the shell (with the default, again, being Cancel).

With Firefox, you get the “Save to disk” dialog and then the “Open” dialog; still two dialogs, except the default is “OK” (not Cancel) and there’s no protection if you save to disk and then open from there — ie, only one dialog, the default action of which is to save the EXE to your desktop where you might (accidentally?) click on it later.

Your HTML sucks

Sorry; that’s just the way it is. I don’t control http://weblogs.asp.net

It’s still viewable in Firefox; there’s just a bit of a gap after one of the images.

You’re spreading FUD

Well, yes, I suppose I am.

·People should fear code they cannot easily verify

·People should feel uncertainty about downloading and executing code that they cannot easily verify

·People should doubt the integrity of code they cannot easily verify

And, to re-iterate what I said earlier, manually checking MD5s or compiling the source does not qualify for 99% of users.

You must be a crappy developer / You should fix your own code

I am not a developer. I am a Program Manager.

My job is not to write code directly; I leave that to the experts.

Why don’t you just use Firefox?

Because my blog doesn’t display properly…

Comments (244)

  1. Filip says:

    <quote>

    People should fear code they cannot easily verify

    People should feel uncertainty about downloading and executing code that they cannot easily verify

    People should doubt the integrity of code they cannot easily verify

    </quote>

    What does "verifying code" mean?

    PS: good luck with the zealots!

  2. If your blog doesn’t display properly in Firefox, I think you should take it up with the admin. I and many with me won’t touch IE.

    Signing software does not solve the securityproblem with software. I have been using MS software since 1988 and Linux since 1995 and, signed or not, I do not have any confidence in Microsoft or Microsoft Software. I rather get Linux from http://ftp.university.edu than but sofitware from Microsoft. MS history is full of security mistakes and monopoloist behaviour, which makes me avoid MS as much as I can.

    And guess what? It works very well;)

  3. It is interesting you point out this FUD about Firefox. Yet the same happens for IExplorer and basically everything a user runs nowadays. Digital signatures and automatic checks don’t really mean anything, do they? When you say "Pople should fear code they cannot easily verify", it means if you cannot look at the code and compile it yourself, live in fear. Well, how does IExplorer help that? How does Firefox help for the matter you may ask? It doesn’t either, I don’t think users will read the code before running a program.

    Most of the points you make seem valid, but then you could replace FireFox with IExplorer, and their value wouldn’t change. I guess that’s why people are accusing you of spreading FUD, because you shoot at things nobody is capable of solving anyway, yet direct those arguments against a specific product, which of course is not made by your company.

  4. port80 says:

    Run with Firefox for a month. Play with it for a bit. I’m sure you’ll learn to love it. Many of the offices I admin are stuck on win xp for desktop so I use Firefox and Thunderbird with openoffice.org to lower the chances of infections. Eight months later and I’m virus free and no trojans. There is a little bit of learning to do when switching from one product to another so give Firefox the time like you did IE. BTW it *is* a better browser ;)

  5. Wolverine says:

    I too will not use IE. I gave it up years ago and switched to Firefox.

    I don’t care if it isn’t perfect. I will keep updating it. I am careful and do configure my software for security.

  6. Bill Kerney says:

    Mozilla doesn’t have enough bandwidth to support all the downloaders? The solution is not to use mirrors. As you say, who knows if they are compromised or not?

    The solution is to use BitTorrent. Bandwidth scales with the number of users downloading it, and you can fix the amount of upstream you want going at any one time as the seed. Whatever they set it to, it’ll be much less than having normal downloads, and much higher than they’ll need to saturate the swarms downloading from it.

    Of course, BitTorrent is something of a dirty word these days, since the MPAA and RIAA are going after a lot of BitTorrent sites, but that’s just pirates exploiting a good tool. It’s a great tool for certain uses, and solving the problem Mozilla is currently having is one of the things its best at.

    One of my friends works for Microsoft (he’s a Unix programmer, oddly enough), so I don’t dislike Microsoft employees, by any stretch of the imagination, but its hard to argue the merits of Internet Explorer when its technology has been basically stalled for the last 4 years.

    SP2 introduced popup blocking (finally), but implemented it with one of the most hated features of all time, the information bar, which, for the average user, is impossible to disable. There’s no "right click to disable" option on it.

    Having a nearly-invisible warning come up every time you download a file, too? Now that’s just cruel.

    Mozilla implemented popup blocking years earlier and twice as well.

    -Bill Kerney

  7. Dude says:

    I guess this is stage 2. Now that he’s got himself to admit things we made him to, now this page is something like a politician’s son screaming "Yea, my pop was killed while doin’ campainin’ for his party. Now since he’s no more, gimme all your votes." It’s probably sympathy vote/ soft-cornering for Microsoft. Still he does have a few things to get straight, as seen here:

    "Yes, it’s taken Microsoft a while to get IE into good shape."

    Good shape. Jesus. We can see what ‘shape’ it’s in.

    "Third thing: I did actually say that Firefox was "a nice browser." "

    Then why has all this spewed forth?

    "only install software from publishers you trust,"

    Do we? Can we? Should we? Can’t we just use Firefox and shut up about it? Let him live with IE, guys. Just let him live with it.

    On a second note: Can we "trust" Microsoft and all that comes out of Redmond?

    "

    Your HTML sucks.

    Sorry; that’s just the way it is. I don’t control http://weblogs.asp.net

    "

    Typical, generic, Microsoftie’s default pass-the-buck in action. Hell, Why should I even care to blame you? It’s what each one of you there at Redmond do your whole life. Things will never, NEVER change if this is the default at Microsoft. This is JUST the attitude that Windows has towards its users. Nothing to see here.

    "My job is not to write code directly; I leave that to the experts."

    Yeah. That we can see. <smirk>

    "

    Why don’t you just use Firefox?

    Because my blog doesn’t display properly..

    "

    Run your blog through the validator at w3c, it speaks volumes for itself. And was that a Microsoft logo I saw in the Platinum Sponsors section? Dude, give it up already.

    I don’t intend to spew venom; I wish to show you the truth. It’s hard to believe that someone has to SHOW it to you.

  8. Dude says:

    I don’t care whether you MODerate or FUDerate these posts, but the truth is out there. People know it; it will prevail. I almost forgot that this blog is run by Microsoft.

    –thanks for reading

  9. Steve Jeapes says:

    "Trust is not transitive. If I trust you and you trust Bob, that doesn’t mean that I trust Bob. "

    It can do though. People that use PGP rely on that sort of system. If you trust mozilla.com, it seems reasonable to trust a mirror listed on that site, even if it is to a slightly lesser extent.

    As Federico states above many of the problems are more based upon manipulation of the user and that will still be present what ever the options are set to.

  10. I think most people missed the point in there comments…

    Here in short:

    If FireFox is not (trusted) signed, then it might contain a backdoor.

  11. TR-2003-97 says:

    <p>Looking at the netcraft page for debpaul.edu you can see that many of their servers are running old unpatched/unupdated editions of the Apache, PHP, mod_ssl and OpenSSL. This would seem to reinforce the point about not knowing whether the site you are downloading executables has been compromised, and whether the unsigned file are genuine.

    <p>http://uptime.netcraft.com/up/hosted?netname=DEPAUL,140.192.0.0,140.192.255.255

    <p>http://www.kb.cert.org/vuls/id/303448

    <p>http://www.k-otik.com/exploits/20041127.phpnolimit.c.php

    <p>http://www.apacheweek.com/features/security-13

    <p>http://secunia.com/product/253/?period=2004#advisories

  12. Frans Bouma says:

    The problem with viewing blogs here on weblogs.asp.net in firefox is a problem about the crappy css stylesheets coming with the crappy old version of .Text we’re using here.

    My blog here with a custom css works fine in firefox for example.

  13. jcsston says:

    One thing you didn’t mention was that IE6 SP2 is Windowx XP only.

    Firefox is much more secure than an older version IE on, say a Windows 98 machine.

  14. Peter, you say "People should fear code they cannot easily verify".

    In my opinion its alot harder to verify IE’s code, mainly due to the fact that I cannot possibly ever look at the code.

  15. Excellent :-)

    The whole post is about codesigning (or bettter said, an automated and secure integrity check from trusted sources). But they make it a "FireFox is more secure that IE" batlle from it.

    As I just read the reaction from Debian-lover about how he rather download something from and education institution then from M$. Well.. that just about hits the spot! How does he know for sure that the download is not tampered with by using a secury way of an integritycheck.

    It really doesn’t matter if you are downloading an executable. The whole thing also applies to archives. The weird thing it that none of the mainstream compressors like bzip, rar, 7zip, ace have such a build-in certificate signing solution.

    Ok.. the Linux world is using md5 hashes for integritycheck for years. But what if I am installing from a cd and have no internet connection available? Certificates just rule!

  16. Patrick says:

    Is that because the blog uses some non-standard html that has been implemented by Microsoft in Internet Explorer as opposed to the standards developed by the World Wide Web Consortium.

    I know… you probably have nothing to do with the blog software but I really hate it when people say stuff like it doesn’t display properly in Firefox if the page they are viewing doesn’t conform with the standards. And yes I know that the large majority of users don’t give a hoot about standards but I think if someone wants to use html they should use standards. If html doesn’t do what they want they should develop and use their own format.

    Just my two cents worth…

  17. One very important point: MD5 hashes retrieved from a trusted domain(*) are signatures indeed. When I retrieve the hash from mozilla.org, I am perfectly sure the hash was generated by the Mozilla team. So, MD5 signatures are not an erroneous term.

    It is a failure of Microsoft that Windows provides no means of checking MD5s, SHAs and GPG signatures. These are the most common methods of software authenticity verification, and are implemented by all popular Linux distro package managers. This problem crosses most downloadable software, not just Mozilla.

    (*) I’ll not define trusted domain, but it must at least avoid DNS cache poisoning attacks.

  18. Sam Phillips says:

    >>Trust is not transitive. If I trust you and you trust Bob, that doesn’t mean that I trust Bob.

    Trust *is* transitive. Or at least it should be. The whole point of trust as far as I am concerned is that you accept information from someone else without checking because you trust them.

    If you don’t trust what someone tells you – you don’t trust them do you!

    Or am I being a bit simplistic :)

  19. Hemmo says:

    > Perhaps someone should tell the documentation writers because searching for "Disable" in the Firefox help (or looking for it in the index) found no hits.

    I think Firefox documentation writers are doing just fine when compared to IE’s.

    Searching for ‘Plug-ins’ in Firefox finds this advice:’… Select the Downloads category and click the Plug-Ins… button. You can also enable or disable currently installed plug-ins here.’

    Search for ‘plugins’ in IE fails with ‘No topics found’. Search for ‘plug-ins’ finds a page about the Internet Explorer status bar.

  20. R. Townley says:

    "Let’s also say I trust the mozilla.org administrators to run a secure web site."

    You ought to. Those are LAMP servers, and far less vulnerable to crackers than Microsoft’s IISes are.

  21. Pop says:

    I actually went to Swinburne – any reason for choosing that uni?

    While I’m happy browsing with Firefox – you have raised many good points that Mozilla might like to address in regards to installation.

    I’m not sure why the zealots are crying about it – they should try to take something positive from blog – not argue every point you make.

  22. btw, there is nothing wrong with saying a numeric IP address. IPv6 addresses are hex so they are alpha numeric. By saying numeric IP address one is simply referring to IPv4.

  23. newrp01 says:

    Dude, you’re a smart guy. Thanks for the feedback on your previous article.

    And remember, criticism is a particular kind of praise.

    Let’s just hope that both IE and FF continue to provide a secure and pleasant browsing experience for the end-user.

  24. Matt Shaw says:

    Respectfully, we would be having this same conversation were IE not bundled with Windows. Digital signage is irrelevant. As has been shown, even Gator was digitally signed. I learned years ago that digital signatures were so common among the refuse of the software world that I stopped paying attention to them, and started paying attention to the method of delivery and the source.

    Yes, some of the FF mirrors could possibly be cagey, but this is the reality of a small, open source initiative. They do not yet have the funds for a server farm that could support the current demand. Again, were Microsoft to start out as a browser company today, we’d be on opposite sides of the table. Given time, and the support of an already seriously loyal following, they’ll be able to provide more/better/faster service of this kind.

    The fact is that if trust is the major issue that you’re here to discuss, then it should disturb the hell out of you that the majority of those of us who know a thing or two about computers distrust Microsoft products out of the box. We <b>know</b>, without having to be told, that MS_AnyProduct will have to be patched, simply because it comes with the Microsoft logo on the box. Part of that can be blamed on being the market leader. The sheer abundance of your product means that it’s exposed to the hackers of the world who wish to subvert the dominant paradigm, or whatever kitschy phrase they’re using this week.

    Contrast this with Firefox. Maybe it’s not so abundant, but the code is. What it lacks in exposure it makes up for in transparency. Rather than tons of hackers trying to open IE’s black box, we have tons of coders looking at an open framework, each of them zealously trying to safeguard their own machine…because they have a personal stake in the improvement of this browser.

    On a personal note, I have to say this: since loading Firefox in May, I’ve experienced 4 unwanted pop-ups, and found 8 objects in Ad-aware/Spybot (yes, I keep track). Most of those were cookies. I survive the web unscathed whereas the users I support at my job (University software support) are being ravaged by malware, despite our best efforts. Those who I convert to Firefox never have to see me again. Those who don’t want to switch, I know I’ll see them back in a few months. I don’t know what better proof there is of the <b>untrustworthy</b> nature of <b>official</b> Microsoft software.

  25. Eric says:

    Mozilla can’t afford bandwidth, so it needs the mirrors

    But they can afford two-page ads in the New York Times? <g>

    i don’t believe this was paid for by mozilla, rather than people that donated money for this ad.

    superstardjdev at gmail dot com

  26. Fubar says:

    looks like you have a problem with Firefox taking a 2 page add out in the new york times , why is that , its not like i see MS add’s appearing on my tv all the time is it ?? shame really they could have spent the advertising money on securing IE and bringing it up todate with usefull functions , firefox may not have enough money but they do have the balls to put out a damn good browser that puts ms’s Ie to shame , its a shame that you have been so biased in these two articles ,and your reasons for this is the fact that other people do it so why not you ? that to me is childish and very Unprofessional , maybe your just reveling in the slashdot lime light alittle and need to get your head out of the clouds, saying that you work for Ms so i assume that every free advertisement is good for your career , well done at making MS employees look totaly rediculas by providing the more than average and literate pc user this total drivell , i guess you already know this by making this second article , typicle MS style to me, good look with Ie and to all that use it , i can only see it becoming a burden on the ineternet rather making the internet any better

  27. Jonas says:

    To be honest I don’t think any of the people installing firefox because of a NY Times ad notice the mirror URLs

    let’s focus on the people behind IE and firefoxs intent

    IE as part of microsoft I guess their intent is to make their company money

    and Firefox well read their about

    http://www.mozilla.org/about/

  28. grr says:

    Try to be a bit more open minded about the feedback you got on your initial post. 95% of the comments were NOT telling you that you were an idiot at all, they were serious attempts to discuss the issues you brought up.

    Im actually surprised by the politeness that the slashdot crowd showed you. This is not a flame war, it’s a cozy barbecue =)

  29. l3v1 says:

    "Because my blog doesn’t display properly…"

    Guess you like hammering your own coffin-nails, aye ?

  30. The Arrow says:

    In your first post about FF you mentioned that users are tricked to download spyware and adware. While I agree that it is as easy to do that when using FF, you forgot to mention all bugs in IE that allows web-sites to automaticly download and execute programs without user interaction.

  31. One only have to ask how many times IE has been compromised, whether by ActiveX, security bugs, buffer overflows/overruns, etc and compared to how many times Firefox has been compromised. I think even the blindest of IE supporters will be able to understand that. Including the blog writer here.

    If we get started on supporting open web standards, then IE is the laughing stock of the whole community. IE can’t even support standards like CSS, PNG image display properly.

    Suffice to say, many people will never use IE again. It’s simpler a safer choice not to use IE.

  32. Web Standards says:

    One only have to ask how many times IE has been compromised, whether by ActiveX, security bugs, buffer overflows/overruns, etc and compared to how many times Firefox has been compromised. I think even the blindest of IE supporters will be able to understand that. Including the blog writer here.
    <br>
    <br>If we get started on supporting open web standards, then IE is the laughing stock of the whole community. IE can’t even support standards like CSS, PNG image display properly.
    <br>
    <br>Suffice to say, many people will never use IE again. It’s simpler a safer choice not to use IE.

  33. z says:

    "But they can afford two-page ads in the New York Times? <g>"

    Mozilla.org did not pay for the ads in the New York Times. Spread Firefox (www.spreadfirefox.com) is not the Mozilla Organization.

  34. Ok, I won’t bash or flame the post, yes I’m a firefox user and I have nothing against Microsoft, actually I work with MS technology.

    Some points he mentioned make sense, the web could be a better place with signed downloads, but as many said, even adware programs can get sign. But myquestion is, dousers really care if a download come from Microsoft.com or myuniversity.edu? most of the people will not even read it.

    And about the ip, wow, that was funny, numbers scary numbers.

    Now the reasons that I use firefox, as a web developer I love it, DoM inspection, javascript debugger and standards compliance, as a user, tabbed browsing, extensions, is not bonded to the kernel!, you can winne about that, but since I started using FF stopped getting explorer errors or hangs while browsing.

    Now for active x, I think it’s a great tool, but has many flaws and the way MS is dealing with it it’s not the best, I work with Project Management and my team use the Project Server and share point, These tools are great and the activex used at the project server is great.

    Well, even with that I prefer Firefox, IE need some refreshing 

  35. nikolai says:

    Great reply.. i liked it, but still i don’t see your point. When you state "How do I (as a normal user, not a computer geek) know that I am really running Firefox?".. you can say the same about IE. I can write a small application that will replace IE’s icon on the desktop and run some shitware with IE interface while it formats your PC. And this application might be installed through some hole in IE as other spyware installs it. I’m not blaming you for using IE and supporting it, but hey, i’m webdesigner, i would LOVE to have "full" PNG, more _standard_ HTML (<form> tags add some weird spaces if inserted in the middle of the table sometimes) and few other things.

    Anyway, not running firefox (at least giving it a small consideration) because your blog doesn’t display correctly is not a fair attitude.

  36. Fubar says:

    just an update

    IE has lots of bugs, so I don’t trust it

    Fine, you don’t trust IE.

    IE has lots of bugs (I never denied that).

    But again this misses the point of the article — I don’t care if the "true" Firefox has no bugs whatsoever. How do I (as a normal user, not a computer geek) know that I am really running Firefox?

    isnt that down MS to educate the user on what they are installing i mean helping them choose differant browser tell them about it coming to a deal with firefox and putting trusting links on sites and so forth , firefox dont charge for there software where as MS does , instead there is nothing telling the OS user about the differant choices of web browsers out there , reason for this well understandably MS would rather have users using there own software and blatently slagging off others that bring out a better product , yes it my not be digitaly signed but to be honest i never trust anything that is digitaly signed via MS , yes some things do needed to be sorted out but lets not forget firefox 1.0 is a new product where as IE isnt and still isnt upto scratch and secure , i know who i put my trust in and thats firefox version 1.0 cant wait for the next versions it can only get better , now what version is Ie on and is it any better than firefox ? answer is simply no its not , stop moaning do you job and compete with firefox to give all users decent web browsing experiance :)

  37. Andrew Ward says:

    I’d just like to leave a message of support for you amongst all the carnage hereabouts. I’ve found your two blog postings very reasonable, and well thought out; which cannot be said for many of the one line replies questioning your sanity/intelligence.

  38. Paul says:

    I don’t understand your point about installing XPIs. I clicked on your XPI link and got a gold bar saying "To protect your computer, Firefix prevented this site (weblogs.asp.net) from installing software on your computer."

  39. Gerard J. says:

    Quote: "IE has lots of bugs (I never denied that)."

    Quote: "But at least they can be sure the files haven’t been tampered with due to the digital signature which IE dutifully checks for them…"

    If IE has bugs, and (as we all know) is subject to all sorts of hijacks and pop-ups, how exactly is an "average" user supposed to "trust" the security certificate pop-up windows that appear in IE when they download content?

    This is the flaw in your code signing argument: when you can’t who controls the messenger, how can you trust the message?

  40. ken says:

    the 2-page NYT advert came from user donations. Firefox/Mozilla didn’t pay for it. As for the other stupid comment about needing server mirrors, it’s because Mozilla doesn’t really make money except for what’s purcahsed through the MozillaStore and/or Donations.

  41. DM says:

    If Trust isn’t transitive how come active directory uses it in 2000 and 2003 server?

  42. vrunt says:

    >> But they can afford two-page ads in the New York Times?

    I was under the impression that the ad was paid for by Firefox’s rabid fanbase.

  43. Henry says:

    "But they can afford two-page ads in the New York Times?"

    Mozilla didn’t pay for the ad. Users that supports Mozilla donated money so that the ad could be printed. They saw it as a meaningful way of spreading the news about a better browser than IE.

  44. Colin says:

    I’m glad to see you’re responding to Slashdot on some level! Your thread is very popular…

    You still haven’t answered one question, though. If downloading unsigned content is "unsafe," aren’t we doomed?

    Almost *everything* is unsigned. I’m sure as heck not paying $400 bucks to sign the stuff on my website. Does that mean I’m dangerous, too? And I can’t use a free certificate, because IE will tell the user it’s not trusted.

    See the mess you guys have created? Microsoft isn’t evil, it’s just inept.

  45. zero says:

    you’re going about installing the flash plugin the hard way. if you go to a site that requires flash, you get a "gold bar" message that guides you through installing flash (without a firefox restart).

  46. Diego says:

    I think you’re right when you "doubt" that a mozilla mirror could have been hacked.

    But if you’re paranoid, they can have hacked the microsoft site too.

    Of course hacking a mozilla mirror could be much easier since they’re uncontrolled.

    But let’s say they add one of those "download installers" which they download all the program when you run, and you do it via bittorrent so the server can handle it.

    I agree that digital signatures are somewhat "stronger" thatn hashes, hoever if you assume a evil spirit can hack a server, I can assume a stupid guy can leave the private key of a certificate on the server and a evil spirit can hack the server and get it.

    Note, however, that the point of a linux distribution is to integrate *EVERYTHING* so you shouldn’t need to download anything from the net so this is not a big problem in the linux field because as you said, packages are signed with PGP. It’s a problem for the windows port however…

  47. Tim says:

    I did as you asked and went to the link. I got this in a dialog box at the top: "To protect your computer, Firefox prevents this site (mozdev.xmundo.net) from installing software on your computer." There is an ‘Edit Options’ button at the end of the bar. From there you would be able to white list the site and then you would have to reload to have the option to install. I find this quite tedious when I have already found the site and the info to download it. But it is a lot of obstruction to force me to opt in to any software that will touch my Firefox. A lot different than my experience with IE (I use it at school and at my office).

    And you say that you have never had a site give you so much spyware, have you ever had spyware on your computer? Have you ever run Adaware and found it? I switched to Mozilla in the pre 1.0 days and have not once had spyware on my computer from it. Eventually someone will write something that will corrupt my browser but my guess is that as long as Windows has proper divisions, it will not own my system. Either way, 0 to many is pretty good to this point.

  48. Insidious says:

    QUOTE

    The problem with unsigned code is that you have no idea who the publisher is!

    No, you really accidently go to a site like mozdev, accidently end up on the extensions page and accidently click "install" without knowing who made the plugin

    BS-O-Meter: Full of ****.

    QUOTE

    But they can afford two-page ads in the New York Times?

    Those were donations. GG_nub

    QUOTE

    How do I (as a normal user, not a computer geek) know that I am really running Firefox?

    Get glasses if you cant tell. Seriously.

    QUOTE

    Because my blog doesn’t display properly…

    Now Playing: Justin Timberlake – Cry me a River

  49. I <3 IE!!! says:

    "Code signing is a way of providing evidence to help users make trust decisions for the software they are going to install, independent of the platform. Check your Linux package installer of choice — I bet it checks for digital signatures (albeit ones generated by PGP keys rather than VeriSign certificates)."

    I agree with you 100%. I love IE!! As a matter of fact, I just downloaded and installed the SIGNED gator software. Hrmm.. Why am I now getting all of these popups? Hrmm.. Why is my cpu running at 100%? Umm.. Go IE? Heh.

  50. To take the comment of Federico Garcia a bit further even, when indeed you say:

    ·People should fear code they cannot easily verify.

    ·People should feel uncertainty about downloading and executing code that they cannot easily verify.

    ·People should doubt the integrity of code they cannot easily verify.

    Does this then imply that I should be afraid to install any piece of software which I cannot verify? By which I take it with "to verify" you imply either reviewing the origin of the software, or being able to review the code?

    And besides that, you keep saying that "it didn’t say so in the NY Times add". Meaning what exactly? It should state there that it’s trusted software? It should explain how (if you want to) to compile the source code yourself? It should state that maybe the download location may vary as the download site tries to determine the best mirror for your location? First you say users shouldn’t be bothered with this kind of info, then you say users should be educated about this kind of info. You know this probably a LOT better than I do, but users don’t want to be educated, they simply want to use, and when something breaks, no matter how much you have tried to educate them, they will still blame you for it. Always. So stop whining about this, and maybe actuallty start educating users instead. You’re preaching to the choir here, we allready know what you have to say, and most of us FireFox users disagree….

  51. Comment moderation? What ever happened to having an honest-to-god discussion? ;)

  52. luggage says:

    The technical savvy of us can make our own decisions on what we install and don’t install. The trouble is there’s a *lot* of people out there who don’t really know what they’re doing with a computer. How are these supposed to know how to download code and compile it? or use MD5? They don’t.

    As for people who say signing is no good, imagine this. There’s a gameapp you really want to try – a window pops up asking if you want to install plop.exe by Gator what would you say? I’d go no thanks, now a window saying do you want to install plop.exe by unknown publisher you might be more likely to try. So it works both ways. That’s the thing with trust.

    The other thing to remember, IE gets targetted a *lot* more by writers of malicious software because it’s used so widely. Wait until they turn their attention to FireFox and see what happens. Microsoft is just a victim of it’s own success.

    The volume of people who miss the point is unbelieveable.

  53. Steve says:

    "I downloaded the FlashBlock extension from http://mozdev.xmundo.net/flashblock/flashblock-1.2.5.xpi and "Install Now" was the default button (hint: try typing that URL into the address bar of Firefox and see what happens)."

    Clicking on your link gave me a yellow bar that said "To protect your computer, Firefox preventedthis site (blogs.msdn.com) from installing software on your computer." and a quik button to edit options and allow your site instal software.

    Typing the address in the address bar, simply wouldn’t load anything.

    I’m using version 1.0.

    Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0

  54. MadMoose says:

    "Trust is not transitive."

    Isn’t that exactly how code signing work? You trust Thawte/Verisign/? who trust the code signer? As far as I know, there might even be more "authorities" in between.

    There might be a difference in scale but the principle is the same.

  55. On kyllä aikamoista kökköä mitä yrität artikkelissasi heittää! How can I trust Firefox? Miksi vaivautua kirjoittamaan tuollaista sontaa jos ei jaksa vaivautua ottamaan edes asioista selvää? Perkele!

  56. krikri says:

    Hello Peter.

    In case you missed it somewhere online, there’s a special term for your reference. It’s called "attention whore", and it would be the perfect description for your case. It seems you will probably get that chance to meet Bill after all that slashdotting and who knows – maybe a bonus is on the way for all this bitching ;)

    Congratulations, and keep using IE. You are the most representative speciment of the users that still hang on to IE as if their life was depending from it (it does ?) – MS employees :)

    Oh, and by the way, I don’t think I need security instructions/suggestions from Microsoft or their employees. Come to think of it, it seems rather funny to use words like "security" and "Microsoft" in the same sentence, so I feel I have to let you know that I’m very happy with the security of all the alternatives I’m using (for free).

    Thank you for the suggestions though :)

  57. John says:

    I applaude you for standing up in what you believe in … though my opinions differ.

    I found an article from Microsoft which basically states that Microsoft’s signing of their own software is not to be trusted. While this has since been fixed, there was a window where someone could spoof the signing of Microsoft’s software.

    Microsoft Security Bulletin MS01-017

    http://www.microsoft.com/technet/security/bulletin/MS01-017.mspx

    So in this sense, you can’t trust that software coming from Microsoft really comes from Microsoft.

    I trust Firefox to be Firefox, because

    1. It runs like Firefox

    2. It hasn’t done anything bad to my system (yet)

    3. No 3rd party applications report it as spyware/adware/virus, etc.

    I think that code signing is very important to more advanced computer users, but to the average joe (take my grandmother), she doesn’t care what the popups say… she just clicks "ok" to get them to go away. Yes, we need to educate them. But as far as certificate signing goes, now you have to ask, Do I trust Thawte/Verisign ? I myself do not. They did afterall grant a "Microsoft Corporation" certificate to a non-Microsoft person. Who is to say they would not do the same for anyeone else?

  58. Wow, this just proves that you have no idea what you’re talking about.

  59. Jad says:

    The ad in the NY Times was funded by donations. Just FYI

  60. Shai says:

    While some of the problems you note with Firefox are real, some of the views you expressed yourself are even more problematic; and they are worth discussing, because they represent Microsoft’s approach.

    You say, "trust is not transitive", but this reveals the underlying misconception that trust is a relation, a binary entity: Either you trust me with your life, or not at all. It doesn’t work this way. It doesn’t even work this way in IE: When security is set to High for a site, that site is still allowed — trusted enough — to run some (JScript) code on your computer, though it is not allowed to install ActiveX controls.

    The same principle belies your "#1 Immutabale Law of Security": the law should be qualified to say, "If a bad guy’s code runs on your computer *with sufficient privileges*, then it’s no longer your computer" (I haven’t bothered with the link, I’m only attacking your quote).

    Microsoft has educated the world, by negligence, to forego privilege separation. AFAIK, the only common way to get a sandboxed code-execution environment in IE is by installing a JVM — from Sun; no Microsoft representative I’ve seen even acknowledged the potential usefulness of the idea. The other great tool of privilege separation — using different users — was practically impossible until WinXP, because it was very hard to have two users running programs simultaneously from the same terminal. To this day, AFAIK, even after the "run as other user" feature was introduced, there is no standard way for a Windows program to ask the user to "su" in order to get temporary, local permissions. This generated — and still generates — a usage-pattern where normal, non-technical users are *usually* running everything with administrative privileges. This is what makes your original phrasing of the #1 Law mostly correct. This is also, I suppose, what made you install a whole OS on a Virtual PC for the experiment; a Unix user in the same situation would just define a new user, and not give that user the privileges to compromise the whole system; or, create a "chroot jail" (this is usually done for server applications).

    And last but not least: the whole code-signing scheme assumes an enormous deal of trust in the browser itself. While you fairly granted Firefox the same level of trust as you would IE, many — as I — do not trust IE to that level.

    So, what’s my point? My point is that while what you say is essentially true, and in that sense IE is more secure than Firefox, the difference is marginal, and the primary problems are not really in either browser, but in Windows. Firefox on Linux is more secure than Firefox or IE on Windows, and had it run there, IE on Linux would also be more secure than Firefox on Windows, in the same aspects. The point I haven’t made, but this post is too long already, is that there are other aspects of security where Firefox is better than IE.

  61. Chris says:

    <quote>

    People should fear code they cannot easily verify

    People should feel uncertainty about downloading and executing code that they cannot easily verify

    People should doubt the integrity of code they cannot easily verify

    </quote>

    So, they should fear and doubt IE, and for that matter any closed sourced application?

  62. I admire your bravery in taking on the Slashdot crowd!

    What’s the "gold bar" that Firefox borrowed from IE? The one that appears when Firefox prevents a popup etc?

  63. Mr Blobby says:

    As a point of fact mozilla.org does support signing as well as MD5 and SHA-1 hashes (through GnuPG). Signing the hashes is (computationally) reasonably inexpensive.

    There is no reason why this ‘signature of hashes’ functionality couldn’t be built into FireFox (especially for extensions) in an end-user friendly way.

  64. "Mozilla can’t afford bandwidth, so it needs the mirrors

    But they can afford two-page ads in the New York Times?

    Next please… "

    A single time ad blitz is a proven marketing strategy when it pertains to items that are known in a subculture that is evolving into mainstream. Because many "in-the-know" people know about FireFox, whenever someone says "Hey, what is this FireFox?" there is a chance that a nearby person can explain. Being that there are lots of businesses in NY, and almost every business has an IT department, and most good IT people know about alternatives to MS products, I think you can figure out the rest.

    Where am I going with this? Well, I guess I only wanted to make a point saying that the extreme cost of bandwidth would just be a waist and strain on the budget of a company that has the opportunity for free hosting from universities. Yes, there is a chance of the software being compromised, but the chance of it being compromised might be, or would more likely be, less then that of MS having their own built in compromises (bugs).

  65. Mr Blobby says:

    As a point of fact mozilla.org does support signing as well as MD5 and SHA-1 hashes (through GnuPG). Signing the hashes is (computationally) reasonably inexpensive.
    <br>
    <br>There is no reason why this ‘signature of hashes’ functionality couldn’t be built into FireFox (especially for extensions) in an end-user friendly way.
    <br>
    <br>

  66. G. Man says:

    First Post!
    <br>

  67. Michele says:

    Great catch Peter. I’ve had a good laugh.

    Michele (happy MS-free guy who can actually get it ;)

  68. bob says:

    Is there anything lower than making boneheaded comments about a community and then cherry picking and publishing the worst anonymous abuse you (rightfully) recieve in order to make that community look bad?

    Professional trolls, like David Coursey, have been earning good money for years by making idiotic statements about Apple products and then mocking the community response. And now you seem to be carrying on this grand tradition. It’s a poor show when your argument is so weak that you need to lean on such distasteful rhetorical ploys.

  69. Steve says:

    I just wanted to compliment you on a very calm reply to many irrational complaints. I didn’t read the original article, but linked over from /. to see this post of your replies. I came in thinking "oh boy, another MacroHard fanboy loser going to spout off about the obvious greatness of their (in my opinion) over priced, poorly written bloatware." Instead, I found some very rational reasoning and very valid questions/comments that I may not always agree with, but certain believe the OSS community should listen.

  70. Steve says:

    I don’t have words. You are VERY stupid!

  71. Greg says:

    I love Slashdot too – why is it that people(or maybe just geeks) get so zealous about software? I used to support IE at MS and now I’m using Firefox. You made some valid points about security. I think the Firefox boys got a lot of things right but they should’ve made it rock solid BEFORE they blew their trumpet. Firefox is doing ok today but it will probably be replaced sooner or later by the next &quot;best browser out there&quot;.

  72. Peter S says:

    Mozilla can’t afford bandwidth, so it needs the mirrors
    <br>But they can afford two-page ads in the New York Times? &lt;g&gt;
    <br>Mozilla can’t afford code signing certificates
    <br>But they can afford two-page ads in the New York Times? &lt;g&gt;
    <br>
    <br>From the NY Times Ad: &quot;This message has been brought to you by the thousands who contributed funds to the Mozilla Foundation, a non-profit organization dedicated to promoting choice and innovation on the Internet.
    <br>Special thanks to the employees of Haberman &amp; Associates, MozSource, Oracle, Red Herring, Red Hat, Sourceforge.net, Speakeasy and Sun Microsystems&quot;
    <br>
    <br>I just wanted to double check what I already thought. The Ad was paid for by private citizens and companies, not the Foundation directly. That’s what it looks like to me anyways.

  73. sorry. says:

    I have one question.
    <br>How do you belive your wife’s breakfast?
    <br>Does she sign on it?

  74. Es gibt einen netten Beitrag über den Sicherheitsvergleich zwischen IE und FireFox. Egal welchen Browser man bevorzugt lesenswert ist es auf alle Fälle.How can I trust Firefox? und als Antwort darauf noch I love Slashdot.Liest man sich ein paar Comments d

  75. Ben says:

    &#183;People should fear code they cannot easily verify
    <br>…
    <br>&#183;People should doubt the integrity of code they cannot easily verify
    <br>
    <br>========
    <br>
    <br>So, we should trust Linux a lot more than Microsoft? :-D
    <br>

  76. Jason Petry says:

    OK, this is amazing. From your own statements:
    <br>
    <br>1) No normal user would manually verify hashes or signatures.
    <br>
    <br>but this same normal user must:
    <br>
    <br>2) &quot;only install software from publishers you trust&quot;
    <br>
    <br>How in the name of God is a &quot;normal user&quot; who can’t even be bothered to take a simple, one-click step to verify their download make a rational decision about whether or not to trust a given publisher? Consider even a small subset of the sort of areas that user would have to review:
    <br>
    <br>1) Are the staff who might have the ability to alter the software before it’s signed trustworthy? Are these people resistant to outside influences that might try to cause them to alter the build in unauthorized ways, either through malice, or caprice? (For example, something like this: <a target="_new" href="http://news.com.com/2100-1001-239273.html?legacy=cnet">http://news.com.com/2100-1001-239273.html?legacy=cnet</a&gt;)
    <br>
    <br>2) How secure is the infrastructure being used to build the software? Is the corporate network of the publisher safe from intrusions like this:
    <br><a target="_new" href="http://archives.cnn.com/2000/TECH/computing/10/31/ms.hack.blame.idg/">http://archives.cnn.com/2000/TECH/computing/10/31/ms.hack.blame.idg/</a&gt;
    <br>
    <br>3) How are the code signing keys managed? Are they secure from unauthorized use? For that matter, what about the Certification Authority, can they be trusted not to make a goof like this:
    <br><a target="_new" href="http://www.cert.org/advisories/CA-2001-04.html">http://www.cert.org/advisories/CA-2001-04.html</a&gt;
    <br>
    <br>Of course, you may say these are somewhat biased examples, from a past, old Microsoft, and that the new, &quot;Trustworthy Computing&quot; Microsoft _can_ be trusted, but how is the &quot;normal user&quot;, who can’t even
    <br>be trusted to run a simple utility and perform a mechanical verification supposed to make that
    <br>determination?

  77. D. Moonfire says:

    I am a Firefox fan in general, but I always appreciate someone pointing out that not everything is perfect. So, I’m glad you created the comment and I don’t think you’re an idiot. :)

  78. bsdguy says:

    If your site looks good in IE then IE is very broken.
    <br>You have 13 html errors. Try it in dillo to get
    <br>the error report. <a target="_new" href="http://www.dillo.org/">http://www.dillo.org/</a&gt;.
    <br>Ooops I forgot you can not run better software
    <br>than Bill sells because he will not let you…..Maybe
    <br>you can find a buddy with a real OS on thier box.

  79. Anthony Lice says:

    &quot;Mozilla can’t afford code signing certificates
    <br>
    <br>But they can afford two-page ads in the New York Times? &lt;g&gt; &quot;
    <br>
    <br>you know what were all those little names in the ads? the donors that made that ad possible, would you please inform yourself before you make a comment?

  80. Hector Plasmic says:

    What good does it do to download signed code if the signed code allows spyware to install without permission just by visiting some web site? Duh. Fix the beam in your own eye before complaining about the mote in others.

  81. Ardentra says:

    The other thing digital signatures do is give me someone to complain to if their software does do something bad. If someone has a certificate signing their software I now have someone I can sue.
    <br>
    <br>Peace,
    <br>RA

  82. dotted says:

    I didn’t read the /. article, but i don’t see anything about W3C compatibilty. And who is winisp.net? How can I trust your images – oh wait I dont use IE :P

  83. Personal comment :
    <br>
    <br>Just excuse some of us. It is a wide-known fact that geeks tend to defend their &quot;babies&quot; with emotion. Or something. But not with a great share of &quot;head&quot; or common sense.
    <br>
    <br>That said, I do have some criticisims for you anyhow.
    <br>
    <br>&quot;Having said that, Firefox is still several months newer than SP 2, it has had years to learn from IE’s mistakes, and it still managed to &quot;borrow&quot; the Gold Bar from IE. So you can’t really claim it is disadvantaged in that sense.&quot;
    <br>THAT, my fellow, is totally normal. What would you do if a competing product was to put up a feature with a special look integrated? You’d imitate the look, so that the end-user doesn’t feel &quot;oh damn, what the fsck is this?&quot;
    <br>
    <br>Flash plugin redirecting to macromedia.com: could you tell me where the heck you downloaded firefox? Because the redirection is a thing of the past, if i remember correctly : firefox shows you a window to download the plugin as of 1.0, if memory serves.
    <br>
    <br>&quot;buy me a verisign&quot; : the MOZILLA CORP bought a SSL, yes. but they did NOT buy the ad. It’s spreadfirefox.com, approved but not controlled by mozilla.org , that bought the ad in the NYT. But i guess they could take the money and verisign the download, yes…
    <br>
    <br>FUD : As i am biased, i’d think i’d say YES, you spread FUD. But then again, you do show issues that have to be checked.
    <br>
    <br>
    <br>Integrate a better plugin system in IE and maybe i’ll get back to microsoft.
    <br>
    <br>
    <br>
    <br>Oh, and if you want total immersion, i have a great skin for ya : <a target="_new" href="http://www.intraplanar.net/project/luna/">http://www.intraplanar.net/project/luna/</a&gt; – takes the widgets from windows directly in Firefox. Oh, and get Adblock. Kicks ass.

  84. Kiehlster says:

    I agree with you on your points about Firefox’s lack of signed downloads and flawed default settings. I also agree that Firefox isn’t a secure browser because there are probably hundreds of vulnerabilities waiting to be unburied. Chances are that they will surface when Firefox gains more of the browser share. The rule has always been that malware makers go after the biggest market shares they can find, and that remains to be IE.
    <br>
    <br>I’m amazed you haven’t run across silently installed malware on IE because I have to deal with it day in and day out. My friends send their computers to me to remove all the malware that they’ve mistakenly stumbled upon in IE. I recommend Firefox to all of them.
    <br>
    <br>If Microsoft can clean up IE, then I may go back to it, but I go where the least present threat of malware is going to be. So far I haven’t found any malware for Firefox, so I’m using that, but I also do my homework before installing plugins, signed or unsigned. I just like to go where the bombs aren’t flying, and so far Firefox is only at the edge of the battle field while IE sits in the middle of the field looking like a sitting duck with guys running around welding on sheets of metal armor for protection.
    <br>
    <br>I’m not sure about the rest of these commenters (haters?) are thinking, but your arguments are very valid and the comments sound like fleets of denial and uneducated arguments. But I’d still have to side with them because I see less loss of productivity when using firefox than when using IE, and less Firefox malware than IE malware.

  85. Roger Parker says:

    As I understand it, your blog was pointed at the &quot;Typical&quot; user. I think that what most of these hostile replyees(?) seems to have forgotten or even thought about, is what the knowledge/understanding level of the REAL typical user is. The real typical user, meaning the vast majoity of our population that have computers have no concept of true computer security, certificate verification, never heard of MD5, barely knows that they should even update their OS &amp; brouser. I’ve been a flight simulator technician for 27 years and love all things electronic, PCs especially. I’ve built more PC’s for friends &amp; co-workers than I can count. And try the best I can, or have time to, to maintain them. And with as much time as I devote to all this, you and the people with the hostile replies, seem to know far more than I do concerning system/software security/certificates/verification/digital signitures. I simply don’t have the time to devote to that aspect of PC’s. So, I must look to the &quot;Experts&quot; to answer my questions, if I’m lucky enough to know what the question is. At least I know enough to look with a discerning eye at those answers most of the time. The &quot;Typical&quot; user will, almost without failure, look to anyone who knows more than they do as an authority figure in that area. They are easily lead to believe what ever some unscrupulous person, publisher, hacker, virus writer or web redirector wants them to believe. Like it or not, this is where 90% of PC owners are at. These &quot;Knowledgable&quot; people with the hostile replies need to step out of their circle of knowledgable friends and see the real world for what it is. Most computer users just don’t have their level of knowledge and never will. They gravitate to MS and it’s products because it’s relitively easy and they don’t have to devote ungodly amounts of time to learning how to do what they want. They rely on the &quot;Authorities&quot; to be responsible and make their product safe and easy to use. And I don’t disagree with that theory. The very knowledgable must understand that they are the &quot;Exception&quot;, not the rule.

  86. Meikel says:

    I appreciate you mentioning code signing here and in the previous post all over again. Unfortunately Microsoft has decided to make the Root Certificate Update a non-critical update, so that it’s listed directly next to Media Player and other optional stuff.
    <br>
    <br>Unless one buys Verisign certificates, one’s software basically behaves like being unsigned.
    <br>
    <br>XP requesting updates online only works if one actually is online when launching a downloaded program.
    <br>
    <br>Obviously code signing is not seen as important as most Microsoft people claim.

  87. bigbadwlf says:

    Mozilla can’t afford bandwidth, so it needs the mirrors
    <br>
    <br>But they can afford two-page ads in the New York Times? &lt;g&gt;
    <br>
    <br>————–
    <br>
    <br>Why don’t you address the point directly instead of pretending that you don’t know damn well that donations paid for that two-page ad in the New York Times?
    <br>
    <br>Speaking of which, I wonder if enough people believe in Internet Explorer enough to donate money for an ad for it?

  88. Look the other way says:

    Firefox is good because it is the little guy, against the moth-ridden giant.
    <br>Firefox is good because the vermin has not attacked it yet (or not much).
    <br>Firefox will permit a very newbie end-user to browse A LOT of sites before getting spyware/virus/malware installed without his intention.
    <br>Firefox is good because it brings a little peace to web experience that was getting scarier and scarier.
    <br>Firefox is good because it helps web designers make pages that will work in more environments using worldwide approved standards.
    <br>
    <br>Stop hating IE, it was the little guy once too, but has grown a bit slow and bloated, easily exploited, without much upgrades recently, only patches to stop 2 months old exploits.

  89. Kyle Adams says:

    Here’s the thing: I’ve never really cared about the verification process for software (be it digitally signatures, MS certified drivers, or otherwise), and I’ve been in the IT world for over a decade.
    <br>
    <br>Why? So few software vendors bother with doing it, so I HAVE to use unverified software in order to get the functionality I want. Example: the other day I installed a SOHO wireless router (forget the model number) from Netgear. Their driver was not MS certified, something their user manual instructed the user to ignore. Is that necessarily MS’ fault? No, but every time an end user encounters this situation, it dimishes the value of verification. Prosletyzing the end user is useless until vendors are converted.
    <br>
    <br>Assuming you got all the vendors on the ticket, you still have to make the process easy enough for my grandmother to understand. All this discussion of digital signatures and the accompanying dialog boxes are just not there yet.
    <br>
    <br>Am I playing with fire? Absolutely. Am I happy with the status quo? No. Until someone creates an easy-to-understand process (and the current digital signature stuff does NOT quality) that goes into widespread use, any discussion is moot for me. Perhaps MS and Apple could collaborate: Apple makes the whole process understandable for the end user while MS pushes the &quot;widespread&quot; use thing ;-)

  90. Sam Morris says:

    The 90/10 rule applies to Slashdot comments, as it does to everything else. It is therefore a shame that, in choosing to poke fun at some of the 90%, you omitted to address all of the 10%.
    <br>
    <br>In case this was merely an oversight, I would draw your attention to the fact that every copy of &quot;Firefox Setup 1.0.exe&quot; on http://ftp.mozilla.org and mirrors is accompanied by a &quot;Firefox Setup 1.0.exe.asc&quot;, which is a detached digital signature generated by GnuPG. Any user who so wishes can use this file to determine that the file they downloaded is the same file published by the Mozilla foundation, and has not been tampered with, replaced, etc.

  91. Henry says:

    Good to see that you keep your blood cold and stay on point. I can’t begin to imagine the sort of feedback you received from the FFundamentalists…
    <br>
    <br>Keep it up, and keep the good work. You’re making important and very sound points – of the sort that I’m trying to make myself whenever the Dogmafox issue pops up: what’s worse than the lack of security is a false sense of security.
    <br>
    <br>As a sidenote, gotta love that &quot;how much do they pay you&quot; kind of snide. Yep, even today, after the Trott and Rather stories, many people still don’t understand the concept of weblogs. You know, those guys in pajamas?
    <br>
    <br>Anyway, even if you were actually paid for that: since when is it a shame to believe in your job and its products?

  92. Dev says:

    Peter, nice article.. I’m sure your concerns will go a long way in making Firefox a more secure browser with a better installation. Official releases could be signed and geeks can always download the latest builds with the MD5’s. The way I look at it, you’re contributing to fixing firefox rather than spreading FUD – don’t the folks at MS hate you for it? :)
    <br>
    <br> I think the question of which is the better browser is not relavant – Firefox just shows that there are open source alternatives to IE, and it’s up to the user to decide what to use…
    <br>

  93. smacme says:

    &lt;q&gt;But they can afford two-page ads in the New York Times?&lt;/q&gt;
    <br>
    <br>The ad was paid for by donations from Firefox users who believe that Firefox is a viable browser. With all the security flaws of IE, people will naturally wonder what else is out there and give it a try. The time is good for Firefox to advertise and win over IE users.

  94. Webview says:

    I would like to address Peter’s main point of ‘trusting’ the code download. I think that this is a valid point and Mozilla should take steps to secure their downloads.
    <br>
    <br>But let’s say the worst happens and someone replaces the FireFox binaries with a hacked version that is loaded with spyware. How long would it take until someone noticed it? Putting a specific number on this would be hard, but given my experience in the open-source community–not very long. Take that for what it is worth, but I belivee with thousands of people actively using the site, it wouldn’t last very long.
    <br>
    <br>The same exact thing could happen with Microsoft (for anyone to believe otherwise would be putting their heads in the sand). But having a closed distribution system (again, just from past experience) may mask the problem for a bit longer–but eventually the right binaries would be fixed.
    <br>
    <br>And before anyone asks you can package IE loaded with hacks without needing the source, so having access to the source (in FireFox’s case) isn’t a negative thing.
    <br>
    <br>So given that scenario, I think that the issue of downloading trust is somewhat moot (I do think having a digitial signature would be a wise thing, however).
    <br>
    <br>So where does that leave us? We are back with a more secured FireFox and a less-secure IE. I think that (again realistically), there will be far, far more damage done from having a closed-source IE than a very open and actively monitored open-source product.
    <br>
    <br>At this point, whom would you trust?
    <br>

  95. A Dane says:

    Although I disagree on quite a few points in your &quot;How can I trust Firefox?&quot; blog I think that by giving a reply in this blog you show your’re not without reason.
    <br>However, I think you could have saved yourself a lot of flaming if you had written the blog in a more ‘mature’ fashion. Some of your inline comments made me believe that you never have learned how to write a good argumentative case. I recomend the book: &quot;A. Weston, A Rulebook for Arguments&quot;.
    <br>
    <br>

  96. gilad says:

    &quot;Trust is not transitive. If I trust you and you trust Bob, that doesn’t mean that I trust Bob.&quot;
    <br>
    <br>Love the NT Domain Trust analogy. I remember it from my first NT class. I guess we all think in terms of our personal background and experience.

  97. hotaru says:

    i have a few comments…

    first, on the whole signed software thing… anyone can get a certificate that says "Microsoft" on it. how many users are actually going to check to make sure the certificate really is from who it says it’s from?

    and about the blog not displaying properly, it looks fine for me in firefox 1.0…

  98. Joe says:

    Thanks.

    Your honesty and fairness, while I dont agree with all your conclusions, has earned yourself a "People I admire" link on my website.

  99. The question is not whether you can trust Firefox to install on windows as a proper windows citizen should, but whether or not you can trust ANYTHING to install on Windows properly where you are not vulnerable to any number of malicious hacks, bugs, exploits, virus etc etc etc that is rampant on the Windows OS. It’s no longer a question of whether or not a program behaves well on Windows or follows a proper gui etiquette, but indeed if even the entire OS itself is a viable program for everyday usage by the average user.

    Over the past few years we’ve seen time and time again that the Windows os is rampant with critical security faults and due to its marketing and domination of the desktops around the world, its become the main target for the worst kind of hackers, thieves and exploiters.

    Therefore the question becomes: How can I trust Windows AT ALL? And the bottom line is YOU CAN’T. When using Windows one must consider that every single program due to the instability and insecurity of the OS itself, is an outlet for hackers to attempt to gain control over the system once it’s connected to the internet. The only way it is safe to use ANY program on Windows is to run it in Virutal PC on a Macintosh. Then when you’re done using that Windows only program, you switch off Virtual PC and use Firefox for the Mac where 95% of the worst kinds of hackery and security issues are non existant.

    Can I trust Firefox on a PC? NO WAY! I wouldn’t use Windows let alone connect it to the internet!

  100. CFGIGOLÔ says:

    How can I trust Firefox? Aos que não olharem com o cabresto irão reparar algumas verdades. Mas ainda acho que muitos dos problemas de segurança ocorrem por usuários sem conhecimento e/ou experiência. Mas sua culpa não é total; ele é…

  101. Quote:

    >>"But Firefox is more secure!"

    >"Hypothetically, let’s say that that is the case."

    Hypothetically, you are smart!

    Quote:

    "Doing what the typical end user would do (download, click, click, click) you have zero proof that what you downloaded is, in fact, the true Firefox web browser. It could be a compromised version of Firefox, or even some completely unrelated root kit."

    I coud also buy MS Windows OS, go to my computer room, reverse engineer it, produce a bundle of back doors in it and distribute it on all the warez sites. Volah! Suddenly sevreal thousand of MS users are running a compromised version of windows.

    But i dont have to do that… becouse windows contain so many "pre-manufactured" back doors from its vendor already.

  102. Twench says:

    Peter –

    I am an avid Firefox user and I thoroughly enjoyed you two very well thought out posts. I appreciated your insight into potential problems with installing Firefox and, more importantly, your level headed response to the inevitable "OMG U 5UCK0RZ!!!!!!!!" replies.

    Thank you.

  103. Morten Holt says:

    "Firefox only installs extensions from white-listed sites, and only update.mozilla.org is trusted by default.

    Simply not true.

    I downloaded the FlashBlock extension from http://mozdev.xmundo.net/flashblock/flashblock-1.2.5.xpi and "Install Now" was the default button (hint: try typing that URL into the address bar of Firefox and see what happens)."

    Well on my computer if I click that link it does give me a bar telling me that Firefox has blocked the site from installing an extension. I then have to whitelist it before I can download the extension

  104. b3x says:

    or more specifically how microsoft wants the user to think their experience should be, and how microsoft thinks users should aquire software: by buying it from microsoft.

  105. Dan Watson says:

    Not to add fuel to the fire, but the reason your site doesn’t display properly on Firefox is because Firefox renders it according to the W3 spec and IE does not. Have a look here:

    http://www.w3.org/TR/REC-CSS2/visuren.html#floats

    "Since a float is not in the flow, non-positioned block boxes created before and after the float box flow vertically as if the float didn’t exist."

    If you want everything to be strictly right of your floating menu div, you should position your main div – a margin-left would probably do the trick nicely. As it is now (and how it’s supposed to be according to spec), your main div takes up the full width of the pagelayout div, with it’s contents shifted right to accomodate the left-floated menu div and reflowing afterwards. This also explains why the background image of your block_title is displaying under your menu.

  106. Giacomo says:

    The problem you point out with http://mozdev.xmundo.net/flashblock/flashblock-1.2.5.xpi is real, and this is a serious issue that the Mozilla guys should check out asap. I suspect it might be due to that site being listed as the official extension source on update.mozilla.org, but still, we should be warned.

    I still don’t agree on all your verification argument, there is too much spyware signed and "politically correct" around these days to think VeriSign and friends are "part of the solution". For end-users, popup stating that a program from Microsoft.com has been signed by Microsoft.com are so obvious, they will just click through. This is not very different from the standard "Are you sure…?" because, as Tognazzini et al. found _ages_ ago, users simply don’t read popups. Period.

    Firefox tried to cope with this UI issue, putting a 3-seconds waiting time when installing extensions, forcing users to take time to actually read the popup content. What did IEsp2 do? Add a few more popups that basically repeat "Are you sure? really really sure?". Just a few clicks more, nothing else.

    I agree that the security problem is a cultural issue, not an application issue. However, even in this field, MS is still behind, and you are just trying to spin it.

    ( And please spare us from "People should fear code they cannot easily verify": I still can’t see jack shit of the IE code anywhere. How am I supposed to verify code that I cannot see? I am sorry to seems sore with this last sentence, but those three lines really are so FUD, you should be ashamed of yourself).

  107. DoesnMatter says:

    Despite of Microsoft taking all the fancy measures, IE is still hijacked and it still is possible to compromise even the OS. So what is the effectiveness of these measures – code signing, trust etc? If your argument is that users are dumb – they will screw up anyways regardless of whether they are using IE or Firefox. With IE what is bad is that the number of exploits are insanely more given the historic data – and they get screwed up silently – irrespective of whether they were dumb or smart.

    Also I find your argument about MD5 sums funny – If a sane person in his right mind had to verify the MD5 sums he/she will download the mirror’s version of Firefox.exe and {before executing it} verify it’s md5sum against a trusted source – mozilla.org’s copy of FireFox.exe. Sure it is painful and not for average user but you get it. Your security fundas suck.

  108. Esqueleto says:

    We have forgot one thing ….
    <br>
    <br>Firefox run Standard HTML …. IE does not. That’s why we have 2 kinds of pages; the one that can be seen by IE and others that can be seen by all others browsers….
    <br>
    <br>Maybe all others browsers are wrong using the standards.
    <br>
    <br>
    <br>(())
    <br>Esqueleto
    <br>Odivelas – Portugal

  109. Esqueleto says:

    We have forgot onde thing ….

    Firefox run Standard HTML …. IE does not. That’s why we have 2 kinds of pages; the one that can be seen by IE and others that can be seen by all others browsers….

    Maybe all others browsers are wrong using the standards.

    (())

    Esqueleto

    Odivelas – Portugal

  110. Krissam says:

    Before you start flaming firefox you maybe should consider the fact that most web developers have a hard time coding for IE.

    I have a friend a very skilled webdesigner, if his pages doesn’t show up fine in a browser he validates it after the w3 standards, and when it’s valid there it shows up fine in all browser, exept for IE, since it simply cant follow standards.

    and your:

    "Mozilla can’t afford code signing certificates

    But they can afford two-page ads in the New York Times? <g>"

    was payed by firefox fans, not by mozilla, so you point is that a .org company should ask people for money so they can get a certificate that people doesn’t care about anyway instead of asking them for a advertisement which would make more people switch to there favorite browser?

    well i’m off now, a little to drunk, but still i fell that i had something which needed to get out.

  111. Don Pratt says:

    <quote>

    People should fear code they cannot easily verify

    People should feel uncertainty about downloading and executing code that they cannot easily verify

    People should doubt the integrity of code they cannot easily verify

    </quote>

    Good points. I’m sure your next post will let everyone know where we can get the source for Windows XP and Office so we can start verifying the code.

  112. Matt says:

    No software is perfect. When considering FF for the masses (non-technical, casual user) IMO the weakness of not automating/implementing code signature verification is more than offset by the fewer exploited security flaws. Over time the casual IE user will have a lot of spyware and adware which may very well have been initially introduced by the user accepting some signed adware. I haven’t conducted any controlled tests, but I would imagine over time the casual user would suffer more from both the security flaws and the intense focus of exploiters on IE than they would using FF even lacking automated code signatures. If FF does become more popular, maybe this will change.

    No one with any security knowledge will say code signature verification is pointless. I truly hope mozilla will incorporate code signature verification into future versions of firefox. Thank you for pointing this out.

    Code signatures are neither pointless nor panacea, for either geeks or regular folk. There are lots of reasons, both rational and irrational, to use one software over another. It’s a free country. No one has the Excalibur of software, not Microsoft or Open Source. So take a lunch break, have a beer and be thankful for the digital diversity of our world. :)

  113. Hello Peter,

    I think you raise a good point about the need to incorporate MD5 hash checking into FireFox and/or Mozilla. We ought to be able to trust content from

    a mirror as long as these kinds of checks are in place. I would find this much more reassuring than basing things on overpriced certificates, with trust being defined as "Microsoft’s definition of trust".

    We don’t trust you because we don’t trust Microsoft.

    We don’t trust Microsoft becuase we can’t trust IE.

    We can’t trust IE because or the poor track record,

    and the encumbered agenda. In the real world, trust IS transitive. We’re glad Bill directs some money

    to worthy causes, but some actual software development

    would _also_ be a worthy cause.

    All Australians have heard of Swinburne University, I know of several people who work or study there. I would trust a Swinburne Mirror 1000 times before I trusted any agenda-encumbered downloaded from Microsoft. (No, I don’t want to update my MS media player (installed on Linux), not today, tomorrow, or the day after that – it still won’t include a "save file" menu item…)

    Regards,

    Nigel Stewart

  114. ActiveX has suffered and probably will continue to suffer from flawed, signed code.

    ActiveX controls digitally signed by Symantec and marked as safe for scripting were found to be vulnerable to buffer overflows.

    The digital signature provides authorization to Internet Explorer to allow web pages to invoke the ActiveX control. The ActiveX control should be responsible for deciding whether or not to take an action if invoked from a web page.

    The buffer overflows allow a web page to invoke the ActiveX control and then take it over, after Internet Explorer has authorized it to run.

    See the following:

    http://www.theregister.co.uk/2004/03/22/scripting_flaws_threaten_norton_software/

    http://securityresponse.symantec.com/avcenter/security/Content/2004.03.19.html

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0364

  115. I predicted Peter Torr would start a flame war with his Firefox post, and sure enough… To his credit, he’s addressed most of the criticisms directly in this follow-up post, entitled, I love Slashdot. My favorite part: You’re spreading FUD Well, yes, I suppose I am. People should fear code they cannot easily verifyPeople should feel uncertainty about downloading and executing code that they cannot easily verifyPeople should doubt the integrity of code they cannot easily verify And, to re-iterate what I said earlier, manually checking MD5s or compiling the source does not qualify for 99% of users. This debate is very, very healthy. If Microsoft pays attantion to the success of Firefox and improves IE to remain competitive, we all benefit….

  116. woodydrn says:

    "Firefox only installs extensions from white-listed sites, and only update.mozilla.org is trusted by default.

    Simply not true.

    I downloaded the FlashBlock extension from http://mozdev.xmundo.net/flashblock/flashblock-1.2.5.xpi and "Install Now" was the default button (hint: try typing that URL into the address bar of Firefox and see what happens)."

    What happens here it says "To protext your computer, Firefox prevented this site (weblogs.asp.net) from installing software on your computer" … So it IS true ;)

  117. Nice job on both the original article and the follow-up. From the comments it’s pretty clear you are getting flamed by plenty of zealots who can’t stand that anyone would dare to say that FF isn’t perfect. Obviously most of the flamers aren’t willing to try to understand your viewpoint long enough to read the article. They seem to be reading just enough to find something to flame you for. (classic problem with arguments, you only listen enough to grab bits for your next come-back) ;-(

    Personally I love mozilla (I use moz suite, not FF) and I am a webdeveloper. IMO, you have written very clearly something that is useful and should be taken to heart by the mozilla team. Certainly the info about being redirected to download sites with just IPs and unrecognizable urls. At very least the mozilla site should give a page telling you that before the redirection.

    In any case, you have it right that we’d have to suspend quite a bit of our own normal security precautions to get through that process. That’s unacceptable in a browser that is normally so concerned about security issues. But, as you say, maybe mozilla is ‘perfectly secure’, but, because of the process you (normal user) can’t even be sure you have the official bits, and not some hacked package.

    Anyway, keep up the good work and don’t let the flames from zealots get you down. You’ve done a good thing here.

  118. The D says:

    1: Mozilla can’t afford bandwidth, so it needs the mirrors

    Your Answer: But they can afford two-page ads in the New York Times?

    2: Mozilla can’t afford code signing certificates

    Your Answer: But they can afford two-page ads in the New York Times?

    You actually ‘correctly’ answered BOTH of these questions in the primary post. User Donations.

    3: How can you trust Firefox to be THE Firefox? Simple.

    Trusted Sources.

    Forbes thinks it’s ok.

    CERT Thinks its ok.

    Redhat thinks its ok.

    CNN Thinks its ok.

    O`reilly Thinks its ok.

    Google things its ok. (http://www.google.com/search?hl=en&lr=&c2coff=1&q=%22best+browser%22&btnG=Search)

    Thats a GOOGLE Link, I promise you can trust it.

    Those are a few sources "I" personally trust. And if the common person (99% of us, according to you) can’t identify at least one of those above, then the problem is social, at best.

    Sure, a hacker could place a trojan copy of Firefox on one of the ‘approved’ mirrors, and someone could download it, and in theory, install it, assuming it’s legitimate. But they have the choice of downloading, saving, and installing it.

    I run spybot and company every morning, because IE has a habit of installing nasty hacker programs without my consent (Yes, in some instances, even with the security set to high) with one small exception. I am never presented with a dialog.. ;-/

    At least to install "StealYourCreditCardsAndFormatYourHardDrive.exe" in firefox, I have to click something.. ;-/

  119. Ron George says:

    Peter, let me give you another way to view your main argument. When you say "How can I trust Firefox?" you are talking about two entirely different problems. You are not seperating the program and the place you download.

    The actual program, Firefox, is not the item in question. Your first issue was where you got the program. You label it as a ‘Firefox’ trust issue but in reality you are complaining about the validity of the dealer.

    If you buy a car from a shady or unscrupulous car dealer that has rolled the mileage back on the odometer. You dont say, "How can I trust Ford?" You put the blame where it belongs. The car dealer. Your mistrust was at the university (on a side note: I agree with you) not on the program itself.

    Some other useability issues you had with the program are opinions and you are entitled. You show a complete familiar attitude towards IE and its workings.

    One thing I do notice about people in the Tech industry. We have this opinion of ‘average joe user’ that hasnt changed in years. We always dumb down every experience we could possibly have and turn it towards the worst possible exponential. "Now average joe user would see these scissors and poke out his eye… we need safety glasses required." I hope that average joe user has been paying attention in the past few years and gets a bit better with his browsing experience.

    PS: None of the images show on you log properly with a Windows 2000 machine running IE version 6.0.2800.1106 SP1. They do give you those unpleasant red X boxes though.

    PSS:Windows 2000 with Firefox version 1.0 does display the top two images only.

    PSSS: I noticed on the 16th you are now working at ‘The Secure Windows Initiative.’ Does this post come from a comparison you did at the office? Did it come from a discussion or a briefing that SWI gave you on entrance into their department? I can only visualize your first day at SWI and they push the Kool-Aid closer to you as they speak of the ‘un-certifiedness’ of Firefox.

    Please dont drink the Kool-Aid. Keep a stern eye on security issues with IE and help get Microsoft back on track.

    Thank you for the great read Paul.

  120. pedro says:

    <b>Second thing: Complaining about the installation errors was probably a cheap shot.</b>

    <i>Still, if the same errors had appeared during the installation of a Microsoft program, users would have picked them out and laughed at them.</i>

    And yet you are usign a cheap shot again, with this "an error justifies another" kinda argument. If you could just for a moment forget the "everybody is against Microsoft atitude" and stick to your arguments about security as you seem to be trying too…

    <b>Users are dumb and don’t read dialogs anyway, so this whole code signing thing is a waste of time</b>

    <i>Great attitude — let’s keep the population uneducated and encourage them to install random code; they probably won’t get tricked into installing malware if they’re smart enough to run Firefox! </i>

    But it is still a valid point: unfortunately, users aren’t that concerned about security. "Atitude" won’t change that fact, education will. You argue that code signature is important, it might be a start. But you still have to be a computer geek to decide. And since you are a computer geek you know that the firefox you downloaded is authentic. >:)

    <b>Firefox only installs extensions from white-listed sites, and only update.mozilla.org is trusted by default.</b>

    <i>Simply not true.

    I downloaded the FlashBlock extension from http://mozdev.xmundo.net/flashblock/flashblock-1.2.5.xpi and "Install Now" was the default button (hint: try typing that URL into the address bar of Firefox and see what happens).</i>

    I tried the link and I got a different answer. That it is not in the whitelist, so it defaults to the "cancel" button. I don’t understand what you did different.

  121. Zach Crisler says:

    What I am hearing is since you and the rest of the Windows/IE using population are "idiots," The Mozilla Foundation has a responsibility to develop software for "idiots"? I think there is nothing wrong with software developers expecting the consumer to have some "common sense" and "basic knowledge" of what they are doing. "Your Honor, honest, I didn’t know the red light meant stop…promise."

    To quote:

    "Trust is not transitive. If I trust you and you trust Bob, that doesn’t mean that I trust Bob."

    Oh, my bad…how are we supposed to build the "web of trust" again? Become best friends with everyone we come in contact with? You are right…you don’t "have" to trust Bob. But unless you have some reason not to trust Bob (or me), you "can" and probably "should" trust Bob. Else you will find it quite hard to do anything.

    To quote:

    "How do I (as a normal user, not a computer geek) know that I am really running Firefox?"

    How do you really know you are running Windows? Because you bought a computer with it pre-installed…because you bought a disc from Best Buy that says "by Microsoft" on it? Can you actually see the code to verify what it’s doing? Nope. And even if you "knew for sure" it isn’t like you can hold Microsoft liable for their own product (see the license agreement you agree to before installing their products)!

    To quote:

    "it[Firefox] still managed to "borrow" the Gold Bar from IE"

    Did I miss the part about Microsoft inventing the web browser?

    To quote:

    "Sorry; that’s just the way it is. I don’t control http://weblogs.asp.net&quot;

    No, that’s <a href="http://webstandards.org">not the way it is</a>. This is your blog, the responsibility is on you! If you are unhappy with the domain, get another one!

    To quote:

    "People should fear code they cannot easily verify. People should feel uncertainty about downloading and executing code that they cannot easily verify. People should doubt the integrity of code they cannot easily verify."

    I would trust unsigned open-source code any day of the week over signed, hand delievered, closed-source software. You’re talking about verfiying signatures…that only ensures what you downloaded has remained unchanged from the server to your desktop. It doesn’t verify the integrity of the software itself. Quality software is not something I associate with Microsoft Corporation. Intellectual property my ass…how could you read a book if the publisher refused to print the text? Who is running the real scam here?

  122. What I find amazing is how dense nearly everyone seems to be.

    1) Just because a program is signed doesn’t mean you should trust it. Thus, even if BonzaiBuddy or Gator signed their programs, you still wouldn’t trust them because you know it’s BonzaiBuddy and Gator. Signing simply proves that the program is valid, and comes from who they claim to be. Nothing more.

    Mozilla/Firebird Lacking an automatic way of verifying that the file is authentic *IS* a bad thing. MD5’s are not enough, since it is a manual process and also can be easily compromised. Not to mention that it’s now been proven that MD5’s in and of themselves are not secure.

    2) Whitelist of IP’s or not, Mozilla does not jive with what we’ve told users to be suspicious of. Don’t tell them one thing, then do another. Bad form.

  123. Peter Torr’s arguments about Firefox suggest a broader issue — the need for open source advocates to think more broadly about the user experience, starting with how users think about and actually pursue acquisition of the software.

  124. jeff m says:

    Note that there are many many many more copies of Internet Explorer that came from untrustworthy sources (pirates) than FireFox. Don’t believe me? Just go to any night market in Hong Kong, and you’ll see them bundled in all the $0.50 Windows XP disks..

    At least with FireFox you can track the chain to the source. With Internet Explorers I can download or buy on the street, I have no way of finding where they come from.

  125. That Guy. says:

    QUOTE

    >How do I (as a normal user, not a computer geek) know that I am really running Firefox?

    >Get glasses if you cant tell. Seriously.

    To quote you, GG_nub.

    Do you *really* think that I couldn’t modify the Mozilla source in such a way as to leave the user interface perfectly unaffected, yet perform any additional maliciousness I chose? How would your precious glasses help you then?

    Do you plan on checking the MD5 signatures I’ll have thoughtfully provided?

    They’ll match, I assure you.

    Do you plan on checking the source code line-by-line? Sure, you’ll find that the version I provided differs very slightly, but I’m quite skilled at writing obfuscated code. Chances are, you’d only know that it’s not the same, but never have a clue what else it does.

    Do you plan on trusting the site I post my version on, simply because someone else I know says you should? Even if you don’t, someone else will. They always do.

    I may not fool all of you, but I’ll get enough, and that’s all that I need.

    Now, if the whole install process were handled a bit more professionally, it would be a little harder to social-engineer users and convince them that it’s safe to download and run my version. But thankfully that’s not a problem at all. Mozilla’s doing a great job of teaching the technical illiterates out there to trust any old website or IP address, so they’ll believe me when I ask them to do the same.

    Pick at IE all you like. Pick at the author for the wording he chose that seems to give you openings to make clever remarks you can giggle about later.

    And while you congratulate yourselves, I’m rooting your gramma.

    GG_nub.

  126. blackbeans says:

    "Firefox only installs extensions from white-listed sites, and only update.mozilla.org is trusted by default.

    Simply not true.

    I downloaded the FlashBlock extension from http://mozdev.xmundo.net/flashblock/flashblock-1.2.5.xpi and "Install Now" was the default button (hint: try typing that URL into the address bar of Firefox and see what happens). "

    So I did just that, Firefox tells me:

    "To protect your computer, Firefox prevented this site (blogs.msdn.com) from installing software on your computer. [Edit Options…]"

    BTW, I still trust Firefox and open source 1000% more than the CIA infested code from Redmond!

  127. blackbeans says:

    "People should fear code they cannot easily verify"

    Tell me how I can verify that the code of IE and SP2 doesn’t contain CIA spyware? No one should trust Microsoft code.

  128. Emuen says:

    The most security you can ever have, downloading, it to be able to trace the chain back to the original programmer. And that IS NOT possible width IE. But is Width firefox.

  129. Finn says:

    This is not a Firefox issue, this is an every-package-other-than-about-three on the entire Windows platform issue.

    On Linux, I can download something and have the file checked prior to installation, either via OpenPGP signatures or the admittedly less secure MD5 hash. That’s done for me by the package manager.

    On Windows, the only system that exists for doing this is the one you’re hyping in IE. Reality check: How many items of software available on the internet are signed in this way? Not many, right? Signing in this way is the EXCEPTION, not the rule. Of the four or five items of unusual (i.e – not Windows-supported) hardware in my machine, three of them came with unsigned drivers. That’s not small-brand hardware, either. If you use Windows, I can guarantee you’re used to clicking the "To hell with it, install it anyway" button. Either that or you only run Outlook, IE and MSN Messenger, in which case you’ve probably been owned anyway. I know you’re going to claim that there’s all these ignorant NYT readers who won’t know what to do when presented with this dialog box saying "This software isn’t signed". The reality is, they know what to do: Ignore it. Why do they ignore it? Because Microsoft has produced an unfeasible standard that is never going to be adopted outside of a few high-profile packages.

    One of the reasons that Microsoft continually produces for continued use of Windows is the "Software Ecosystem" that has built up around it. This "Software Ecosystem" is, largely, not signed. And it isn’t going to be signed until Microsoft implements an open standard for doing so which isn’t going to cost developers hundreds of dollars. OpenPGP might be a good start, and rather than just setting Verisign to "Trusted" status and virtually everybody else to an unknown quantity I think it would make sense to leave EVERY signing authority untrusted to start with. Let the user decide who they want to trust rather than deciding for them in an ultra-restrictive manner.

    This whole issue is a Windows issue. These signatures should not be being checked by individual applications at download time, they should be being checked by the installer. Windows has an issue in that it ships the majority of its installable packages as executable files. You have to trust the executable before you can even get into the installer. On Linux I can download RPM or DEB packages and have a trusted installer operate on these without passing any arbitrary code to the CPU, while on Windows I have to either run the .exe or not run it.

    That’s a Windows problem, sorry. Since you’re now working for Microsoft on their security policies, maybe you should have a chat with your bosses about implementing an open, free package management standard that allows verification of OpenPGP signatures? That’d solve the problem you have with Firefox straight away, and not just for Firefox either – it would do it for every currently developed bit of Windows freeware, 99% of which is much more risky to download and install than Firefox is.

  130. GCNaddict says:

    1) if mozilla posts a download link on their site which leads to a mirror, then I can trust it :)

    2) your blog is fine in firefox. maybe you’re high >_<

    3) "How do I (as a normal user, not a computer geek) know that I am really running Firefox?" because you got it from the getfirefox web page, duh! (if they give a mirror, then its a trusted mirror. sheesh how dumb do you think the average person is?

    4)"Firefox’s downloads are more secure because they don’t auto-execute

    Neither do IE’s. " wanna bet?

    5)"OMG IE is insecure coz it is part of teh kernel!!111!

    Oh, that gem. Yes, and Paintbush runs as LocalSystem!" yes, that gem. do you have any clue how many vulnerabilities in IE led to complete and utter destruction of the windows kernel on my machines? For god’s sake the windows kernel is flawed as it is! IE is simply a gateway for hackers to exploit the flaws ;)

    6)"Those weren’t random web sites — they were official mirrors! You should trust them if you trust mozilla.org

    Trust is not transitive. If I trust you and you trust Bob, that doesn’t mean that I trust Bob.

    Let’s say I trust the Mozilla developers to write 100% secure code. Let’s also say I trust the mozilla.org administrators to run a secure web site. Let’s even further suppose that I trust the mozilla.org administrators to only allow "good" mirrors (ie, they won’t use http://www.hackers-r-us.com as an official mirror for Firefox).

    Does that mean I should trust the administrators / users of each of those mirrors to keep their systems secure? No.

    Hackers now have several websites they can try to hack in order to compromise the Firefox install. " Oh god I love this one the most. Its obvious you’re being paid a great deal to defend microsoft with this matter. Well I for one cann tell you that Mozilla checks the installs and verifies them every day to make sure they werent compromised.

    7) Why is it that Firefox is more secure out of the box than IE? Microsoft doesnt care about safety. they just want money.

    8)http://www.eweek.com/article2/0,1759,1728788,00.asp

    http://www.usatoday.com/tech/news/computersecurity/2004-09-08-zombieinfect_x.htm

    http://www.forbes.com/2004/09/29/cx_ah_0929tentech.html?partner=tentech_newsletter

    http://reviews.cnet.com/Mozilla_Firefox_1_0/4505-9241_7-31117280.html?part=editchoice&subj=Mozilla&tag=logo

    a hearty "pwnt" to you too, Mr. Torr ;)

  131. Please remember that this site does not work in Firefox since the code is not correct HTML. One reason why IE is so bloated is because MS feels they should render incorrect code as well. I really hope the next version of IE, whenever that is ready, will be FULLY CSS 1,2, 2.1 and 3 compliant. Then so many web developers lives will not lose so many precious hours fixing IE bugs in sites (I literally spend more time coding a site to work in IE than it takes for me to get it to work in Firefox, Opera and Safari, and that is because IE doesn’t understand correct HTML and CSS).

  132. I appreciate you taking the time to create this article. The fact is someone could simply hack a mirror site, modify the code (since it is after all open source software) and then upload it to the mirror. Users downloading it could be installing a botched version of the software.

    Let’s say for example a version that had a key watching utility built in sending the results to Joe Schmoe’s e-mail address so that he could have your identity. Not very secure.

    Someone should try adding some code to Firefox to see if they can make it happen and then actually play out this scenario so everyone will see how insecure the peice of crap really is.

  133. JakobDam says:

    Oh, and here we go again – the big war, and this time a MS man as the Explorer spokesman. And a reasonable one at that.

    The thing that I notice is that a lot of the arguments about Firefox being "not trustworthy" due the lack of proper certificates.

    It’s very true that there’s no way of telling who compiled the firefox distribution, and as such it can be virtually anything.

    BUT – for the average users, even signed certificates don’t mean a dingo’s kidney.

    So much for security – an evil programmer can easily make a look-a-like Windows Media Player og Internet Explorer – not with the same functinality of course, as this would require these MS software products to be Open Source – but still, how many would notice before the software was fully installed?

    Focusing on other things, I would like to mention that one annoying thing for a web developer (yes, correctly guessed, I’m a web developer) is that Internet Explorer does not run with the standards. Or from a more Microsoft-friendly point of view, the standards doesn’t follow Internet Explorer.

    CSS is one thing. JavaScript (who doesn’t remember the GetElementByID versus Document.All war) is another thing. Simple HTML yet a third thing.

    I actually don’t care which standard wins – the Explorer way, og the W3C standards. But – the most convenient would of course be if it was an independant organization such as W3C that made the standards.

    My belief is, that if Microsoft persistently continues to ignore the W3C standards, then IExplorer will be dead within 5 years.

    And certificates – usefull as they may be – doesn’t say anything about the content of the software itself as we all agree on. We can also agree that the majority of PC users doesn’t even know WHAT a certificate is! Even if you spelled it out by calling it vendor ID, they would still be lost.

    If I have misunderstood something, please forgive me. :)

  134. Steve says:

    Your complaint isn’t with Firefox – you’re just using Firefox as an example in your complaint against an alternative software distribution method. Its a fair complaint – you can’t be sure that someone hasn’t tampered with the Firefox binary you installed and put spyware in it.

    The wise user can verify the MD5 hash against the one provided by mozilla.org – this of course isn’t perfect, because there’s no proof that the web server at mozilla.org wasn’t hacked and the MD5 hash replaced, but its a reasonably good system that just needs third party authentication.

    That said, not everyone can afford to spend money on a digital signature, and just because the digital signature is present doesn’t mean the software is safe, as you’ve acknowledged yourself. This is evident by the fact that the majority of Windows developers don’t sign their applications – a substantial slice of ISVs don’t consider it worth the cost despite years of Microsoft trying to convince them otherwise, and that’s inherently a sign of a failed system.

    My biggest gripe with your comment yesterday was the jab at saying Firefox was written by a bunch of college students at some university – you know that’s not true. Mozilla developers are from all over the world, in many walks of life, and a substantial number of them are in major corporations like Google (I hear they might be good at what they do). Even if some of the developers are college students, what does it matter? Yahoo, Google, Microsoft – all companies that were at some point headquartered in dorms.

    Who should I trust? An organization devoted to the improvement of the web experience, or a company that possibly capitalized on their monopoly to deliver a deliberately substandard product in order to increase need for Avalon and boost sales of Longhorn?

    On a sidenote, the penalties for mistaken trust are less on all of my non-Window machines. I can run Firefox in a BSD jail, in Solaris container, and the SELinux features on my Fedora Core 3 box allow me to set a protective MAC policy. Also, I’m not running as admin on any of those three boxes.

  135. Martin says:

    Very nice blog there Peter!

    You really nail all these firefox maniacs to the wall; I’m loving it ;-)

    Oh – btw – I’m running a large website, and stastitics show that 97% of the users use IE … <ironi>really strange isn’t it, since there are so many problems with it ??</ironi> .. glad the (approx.) 1% firefox users like their free software … I’ll never touch firefox for a million bucks :)

    Guys – pull yourselves together ;-)

    Best regards,

    Martin

  136. Martin says:

    Very nice blog there Peter!
    <br>You really nail all these firefox maniacs to the wall; I’m loving it ;-)
    <br>
    <br>Oh – btw – I’m running a large website, and stastitics show that 97% of the users use IE … &lt;ironi&gt;really strange isn’t it, since there are so many problems with it ??&lt;/ironi&gt; .. glad the (approx.) 1% firefox users like their free software … I’ll never touch firefox for a million bucks :)
    <br>
    <br>Guys – pull yourselves together ;-)
    <br>
    <br>Best regards,
    <br>Martin

  137. Greg says:

    Quote
    <br>Paul
    <br>I don’t understand your point about installing XPIs. I clicked on your XPI link and got a gold bar saying &quot;To protect your computer, Firefix prevented this site (weblogs.asp.net) from installing software on your computer.&quot; /quote
    <br>
    <br>I agree with Paul. I got no software installed. Also, I type it in the url. Nothing at all happened
    <br>
    <br>Are you sure you didn’t download a nightly build of 1.0 instead of the release version?

  138. Now your saying "But they can afford a two page New York Times Ad?" Doing some simple math or yet even using your head could say yeah its alot cheaper then the amount of bandwidth used per month to download firefox.

    Running a two page ad in the New York Times costs the Project around $150,000.

    Now Firefox is about 4.7 megebytes. Let’s say that its downloaded on average 500,000 times a day. I used that number because its pretty close to that. That would equal ~2.24 Terabytes of data a day or ~67 terabytes a month. I’m curently not able to find how much a Terabyte a month of bandwidth runs but you can be sure that it times 67 is going to be alot more then $150,000.

    So Yes I do think they can afford a two page ad and not the bandwith required to host it on just their servers.

  139. John Gross says:

    Hey Peter,

    we all enjoyed watching an ex-BIT start a flame war on Slashdot. ;)

    Good to see things worked out with MS….

    For the record:

    I still count you as the smartest programmer I have ever met, and we are getting close on 10 years out of Uni !

  140. Storm says:

    Why is it that every time a Linux user and a MS user talks about there systems, they always say "my system is more secure then yours"?

    Personaly i’ve got both linux (servers) and MS (workstations) and they are both insecure as hell. Even with the newest core and security updates.

    I hack my own systems for fun, education, and security reasons, so i know there both not secure, as both sides would claim there system is.

    —–

    Just an impartiel guy tiered of people figthing about witch system is best!

    They both suck!!!

  141. John says:

    Dude, shouldn’t you be working?

  142. AdamW says:

    Just one point – actually, the fact that a two-page ad appeared in the New York Times promoting Firefox means nothing (nada, zip, zero) for the finances of the Mozilla Foundation, since it was paid for by a non-profit organisation created by the Spread Firefox project. This means the money can only be used for promoting Firefox; it can’t be used for buying bandwidth, or certificates.

  143. nbspete says:

    In spite of everything that has been said the only way to know which browser is more secure is to encourage everyone to start using Firefox and see what happens. We know how bad IE is and MS doesn’t appear to be motivated to improve it much so why not try something else? If the experience of others is similar to my own experience with Firefox they’ll continue to use Firefox (exclusively) and never look back.

  144. michael says:

    why does internet exploer have so many windows open, i like one window. My computer goes slow when using internet explorer but not firefox. why?

    i get all these security popups in ie that want me to install some secuirty stuff. why dont you stop that, were firefox doesnt do it on the same site.

    Why oh why does this dumb ugly program have to come with windows. cant yous just take it out and use winamp instead of that media player, then forsure i would buy windows with no hesitation.

    thats why macs are so much trusted over windows

  145. AnonGuy says:

    I’ve read your reply post as well. One thing you did overlook. IE is bundled with the software, so MS doesn’t have to worry about downloads. Yes, it can be downloaded, but this entire article is a cheap shot since it’s not FUD against the browser, it’s FUD against downloading a browser, which is oh so conveniently not necessary in Windows.

    How about next time you actually write a review, you actually learn the software first. You took an overly critical (and later admitted wrong) look at FF, when you should have had the self realization that you’ve used IE for years, and FireFox for less than 5 minutes.

    I’m not saying you are wrong about code signing, but that has nothing to do with the operation of FireFox, but rather site admin of Mozilla. FireFox doesn’t run executable files by default, and so why should it verify a signature? I think all webpages should be signed if they run any type of scripting (which is used in exploits), but I don’t see IE running to advocate signed Javascript when that is a browser’s job. IE could do full virus checking and claim FF was not safe because it didn’t, but the fact is that such is not the job of a browser that doesn’t start executed code.

    So, basically, all you really have to say is: FireFox code doesn’t have Verisign approved signature, and that a button is default Yes instead of No. Nevermind the fact that FireFox would not attempt by default to run downloaded code, so that is really an IE problem, not FireFox (which I would say assumes you trust software DEDICATED to scanning your files for spy/ad ware and virii (Hey, isn’t MS the proud new owner of anti-spyware software, and wouldn’t the Windows OS be able to detect this… so why ask FF to do it?)

    And, based on that, how can you trust the browser. I’m not saying that those two things being changed aren’t improvements, but, jesus man, I hope seriously you aren’t that paranoid. If you were, you wouldn’t be on Windows at all. You’d be on a hand built Altair in an underground bunker with aluminum foil on your head to keep the CIA from frying your brain.

    Come back to us with real bugs. It’s not like people aren’t open to hearing about them and fixing them. But you’re talking about website policy, not bugs or exploits. If this is the best arguement MS has against FF (being that you are MS’s voice in this blog), then you better fear for the fate of IE.

    BTW, I have read from your colleauges that Thunderbird is much better than Outlook in oh so many ways. How about trying that out too. :)

    -Signed: guy with 50 web pages open simultaniously, but only one browser window open, no advertisements (flash or other), no activex, no popups, and better notification of those certificates you love so much (these in SSL) and a nice bright url bar changing color when I enter and leave those areas… on a default install of FF.

  146. John says:

    You did raise couple valid points about shortcomings of firefox, but let me remind you that it’s on version 1.

    The question you should have asked is: Can average user trust Internet explorer more than firefox?

    And the answer to that question is NO. And 10 million downloads so far seem to agree.

    Internet explorer (which is backed by mighty Microsoft and is on version 6) has its own issues, and unlike firefox it takes you guys forever to fix them.

    As for me, I have switched to firefox so you can feel the heat and write some good code.

  147. Simon says:

    I am laughing my ass off and I hope that comment about Swinburne is sarcastic, because my partner studies at Swinburne (I tried to get in too). And it is one of the most prestigious universities for IT/Technology courses in Australia… thus the .au extension… but I guess because you havn’t heard of Swinburne, or even any universities in your own country, that these are far out universities that nobody else has heard of.

    (And yes, of course I have heard of DePaul)

  148. Matt says:

    I’m back again. Lets pick apart post #2.

    >> Mozilla can’t afford bandwidth, so it needs the mirrors

    But they can afford two-page ads in the New York Times? <g> <<

    Unlike Microsoft, which strongarms PC vendors into bundling Windows on all their boxes, and then strongarms huge (and small) corporations into various multi-year licensing agreements to generate billions and billions of dollars in cash, Firefox and Mozilla (and Apache, and Jakarta, and lots of other software the majority of Internet infrastructure depends on) is written mostly for free by people who do these things in their spare time. Hey, I like making money just as much as the next guy, but the concept of "free software" is because it’s written for "free" (note free is in quotes, nothing is free, except of course the firefox download). Also, they afforded the ad because people donated the money, not because they strangled the pocketbooks of individual and corporate users.

    >> IE has lots of bugs, so I don’t trust it

    Fine, you don’t trust IE.

    IE has lots of bugs (I never denied that).

    But again this misses the point of the article — I don’t care if the "true" Firefox has no bugs whatsoever. How do I (as a normal user, not a computer geek) know that I am really running Firefox? <<

    LOL!! How do I know I’m running IE? Simple, I spend 4 hours browsing, turn on my computer the next day and I have 1-3 unwanted browser bars, CoolWebSearch, and a mountain of third party cookies all over my machine :) Time for the old AdAware/Bazooka/BHODemon combo. Even "normal" users like my friends hate IE because they know it’s ridiculously easy for your computer to get trashed. I clued some of them in to Firefox and they love it. Which brings us to our next point…

    >> Users are dumb and don’t read dialogs anyway, so this whole code signing thing is a waste of time

    Great attitude — let’s keep the population uneducated and encourage them to install random code; they probably won’t get tricked into installing malware if they’re smart enough to run Firefox! <<

    You’re absolutely right. Lets educate users on the differences between the browsers and see what they pick. It’s a bad sign for Microsoft if the intelligentsia of the computer community is moving to Firefox in droves, and with 11 million+ downloads, it looks like it’s moving out of the IT shops and into "regular" users hands. Wait…one last thing…

    >> You’re spreading FUD

    Well, yes, I suppose I am.

    ·People should fear code they cannot easily verify

    ·People should feel uncertainty about downloading and executing code that they cannot easily verify

    ·People should doubt the integrity of code they cannot easily verify

    And, to re-iterate what I said earlier, manually checking MD5s or compiling the source does not qualify for 99% of users. <<

    I thought you wanted to educate users, not reinforce fear-mongering. Lets educate users how to use MD5 hashes, lets teach them about the concept of mirror sites, lets teach them that the browser that at least asks you if you want to install something is better than the one that lets spyware vendors install silently :)

    – Matt

  149. Matt says:

    Ooooh, I can’t resist taking one more (kind-hearted) shot at you :)

    >> Why don’t you just use Firefox?

    Because my blog doesn’t display properly… <<

    We go to "http://www.htmlhelp.com/tools/validator/&quot; and enter "http://weblogs.asp.net/ptorr/&quot; into the URL bar. We get a list of XHTML errors a mile long. Down at the bottom, we see this…

    "The maximum number of errors was reached. Further errors in the document have not been reported."

    Yep, it’s definately a good reason not to use FireFox (a standards based browser) to view your NON STANDARDS COMPLIANT BLOG PAGE.

    Oooh, that one was just too easy :)

  150. Again you’ve been more than a little misleading by poor logic.

    To wit:

    "Trust is not transitive. If I trust you and you trust Bob, that doesn’t mean that I trust Bob."

    Ambiguious phrasing at best.

    For example do you mean:

    "Trust is not always transitive."

    Even informally you would have few people disagreeing with that statement. However it is ignoratio elenchi – it doesn’t refute the statements you were responding to. You would have to provide evidence that specifically indicates the systems in question. Absense of this is a fallicy of non-support.

    "Trust is never transitive"

    Which would at least be responding to the

    statements you were responding to…however it’s trivially countered. Larry can trust Bill’s attention to detail and within a limited context and by virtue of this can trust Jim to do a good job because Bill has observed and been pleased with Jim’s work.

    "Trust is usually not transitive"

    Similar to the first definition except you have to support the statement instead if it’s application. Obviously you’re not in a position to speak authoritatively in the most general sense here. So you have to be refering to a specific context. In this case you seem to be talking about downloading from mirrors.

    I won’t pretend to know the answer here but given the large number of mirrors used by download sites. I wouldn’t be surprised that downloading from a mirror doesn’t usually result in virus/trojan/malware/etc..

    So your argument is at least, less than clear-cut.

    The summation of all this is that you seem to have again made an ass of yourself.

    You would have been better off talking about something else. For example: "Even though you can usually trust downloading from mirrors the cost of a wrong download can be very high."

    That would at least be logically sound.

    Don’t even get me started on your implicit statment of: "Hey my article was unfairly biased…but I justify this by the existance of other biased articles."

    Do you really need an explanation of how silly that statement is?

  151. Peter Torr says:

    In fact I attended Swinburne University… hence the reference.

    LOL

  152. Peter Torr says:

    I meant "Trust is not transitive IN THIS CONTEXT."

    Sorry if that wasn’t completely obvious; I ddn’t have all day to write the post.

    By the way, I look nothing like a donkey.

  153. Simon Cooke says:

    John wrote:

    > You did raise couple valid points about

    > shortcomings of firefox, but let me remind you

    > that it’s on version 1.

    Version 1? Wow. How long have the Mozilla guys been working on this browser? Since 1998 at least… 6 years and it’s only v1?

    Kind of lame really.

    When’s v2 going to come out and fix this then? 2010?

  154. "Yes, it’s taken Microsoft a while to get IE into good shape."

    But it is not in any shape. MS refuses to repair broken versions on machines users: 95, 98, ME, 2000.

    MS own site requires you to use the IE in a less than secure mode. Other site computer sites require you to turn off pop-up blocker to use their help desk.

    You should throw a stone if you live in glass house. And just because you are PM does give you the single right to mislead others about how secure some thing is when you do not even know what caused an error – so blame the I am trying to prove that is broken.

    Even with disclaimers that ranks to Slander, better talk to M$ Lawyer first next time.

  155. Torel says:

    "Google didn’t help much either…"

    man, your bad.

    You shoulda used the MSN search.

  156. This is a very thoughtful article, this and the one that precedes it, but is this really how you feel about it? I mean, would you honestly switch iff (if and only if) you had proof that it was digitally signed? And since you *are* aware of the methods by which one validates checksums (via MD5, &c.), for whose benefit is this whole diatribe?

  157. Not a perfect flame by definition, and not on usenet, but anyway. This is the blog entry of the year, great piece of writing!

  158. Beebob says:

    "But they can afford two-page ads in the New York Times? <g>"

    They can’t. They had a massive collection for donations, specifically and solely for the two page ad in the NYT. If you look at it, you’ll notice the ad is made up from all the people who donated money for the ad.

    Also, what on earth is paintbush?

  159. ""Do you *really* think that I couldn’t modify the Mozilla source in such a way as to leave the user interface perfectly unaffected, yet perform any additional maliciousness I chose?""

    Why would you go through all that?

  160. SquareSoft0 says:

    I feel more ignorant having read a good chunk of the comments, I’ll have a more coherent and meaty comment later.

    1) About the ad: He was implying that the Mozilla group has an almost infinite resource, its rabid users. Why spend money out of their pockets when they have droves of people willing to do so for them?

    ""This means the money can only be used for promoting Firefox; it can’t be used for buying bandwidth, or certificates.""

    –Buying bandwidth + certificates = making Firefox better… Making Firefox better = promoting Firefox. In this case we can see a transitive relationship, now perhaps if people would stop blindly throwing this term into their trolling posts.

    2) About signed code: His entire point is that signed code is inherently easier to verify. What he did NOT state is signing code is verifying in itself. Hypothetical situation: 100% of the world’s code is signed. In this situation using Peter’s logic, this does NOT mean that 100% code is trustworthy and verified. What this DOES mean is that you know the code’s maker and distributer, allowing you to make a justified choice in whether or not to trust the code you wish to execute.

  161. GCNaddict says:

    "Microsoft Corp.’s growing group of 1,200 Weloggers were among those feeling the pinch from a recent rash of spam messages to blog comments.

    Company officials confirmed this week that some Microsoft Developers Network bloggers had noticed a spike in spam and that the company was encouraging bloggers to turn on comment moderation while it investigates a more widespread solution.

    "MSDN has seen a sudden rise in comment spam over the last two weeks," said Betsy Aoki, MSDN’s community site manager. "The last time Microsoft saw a rise like this, it took steps to implement comment moderation on blogs.msdn.com."

    In August, Microsoft first noticed a comment spam spike and suggested that bloggers moderate comments, either by requiring approval for someone to post or by approving each individual comment, Aoki said. Microsoft also decided to disable comments on posts that were older than 30 days as a way to reduce the places where spammers could post.

    While Aoki said that the level of comment spam began to slow this week for MSDN, the earlier spike drew concern from MSDN bloggers and fit into a broader pattern of increasing comment spam in recent weeks."

    maybe its because of you, Mr. Torr. you are likely at fault for increasing the rate of "spam" to the msdn blog site.

  162. JL NOVA says:

    How I love it when a Microsoft employee would dare to make comments before checking the facts carefully. Every single time that there are choices other than your M$ products, why is it that instead of you embracing it, you attack it? Could it be that hackers have done to you what the US governemt could not in it’s anti-trust suits? You know, one thing that angers me to the utter point of sheer hatred for Microsoft is the lack of responsibility that you guys have had. IE has not seen a major overhaul in about 6 or seven years. How dare you come on here and try to defend a product that is flawed so severely and has been exploited so viciously by criminals AND we all know that HAS BEEN PURPOSELY TIED INTO THE OS AND HAS BEEN EXTREMELY UNFRIENDLY TO OTHER COMPETING SOFTWARE. Just like any other manufacturer (automobiles for example), when you desing a product and it has serious defects, It is your responsibility and DUTY to protect the public. I personally hold Microsoft responsible for not doing enough to protect people from their identities stolen, hacked into, and thier computers used as drones for criminals’ work.

    I hate your IE browser and I have enven studied the way it has been written into Windows and have found that if someone wrote a good un-install program to find all of the binaries (which are laid out in the Windows system 32, system and Windows folders) for IE, that browser would be removed immediately. IE is a gateway to the source code of Windows which is one reason why if it were tog et compromised, then the entire OS would be compromised. I wait for the day when your monopoly is crushed.

  163. Dave Mueller says:

    Wow who would have thought that someone working for microsoft could possibly have anything bad to say about their competition.

  164. Hasse says:

    You claim that it is not transitive. With that comment you say that PGP,GPG, Verisign and other doesn’t work

    In the real world trust is also transitive. How do you trust that when you are using the phone that you call the right person…you trust this because you trust the phone company…and why do you trust the phone company because many people you know trusts them

    That is actually how trust networks work.

    I can then only conclude that it is weird that people trust microsoft software as it is only in the last year or so that microsoft has taken security seriously

    In OSS software you can at least check the code (or get someone you trust to do it).

  165. It is always fun to see the crowd at /. go wild after a (any?) posting made anyware by any MS-employee.

    :-)

    I think your article singles out some good points – but you might have been more careful with choosing your words – given the out-cry you must have known would come.

    First of all, I am a happy user of FF and only use IE when I have to. I have been using FF since January 2004 and in February I began thinking about the same problems that you have written about in our blog. I actually made a posting to a Danish newsgroups discussing the exact same things you do.

    (http://groups-beta.google.com/group/dk.edb.internet.software.browser/msg/6542c0780731bedd)

    The problem I see with FF is not whether it is secure or not – or better or whorse than IE. The problem is that it inflicts bad user-behaviour. I have finally "trained" my dad and other relatives to be aware of what they install when browsing the web. I have actually succeeded in teaching them not to install unsigned code, because even though it doesn’t provide 100% that bad code will be installed, it drastically reduces the risk.

    Now I have installed FF on my dad’s desktop and when he tries to install e.g. an extension, he calls me and asks if he should install it – even though it says it is unsigned. What the devil am I going to tell him?

    Does

    "Well, dad, I know that I have tought you not to install unsigned code – but this is Firefox, so the same rules do not apply – simply click ‘Yes’"

    … sound good?

    Secondly – the lack of signed binaries of the installer of FF makes me 100% sure that he would never have gotten through the installation on his XP SP2 given the many warnings he’d receive when trying to install it.

    FF might be the first example where the normal distribution-model of OSS-software just doesn’t cut it. The OSS-community needs to figure out how to distribute software in binary form to people who doesn’t have a clue to what /dev/null means. Simply stating that one could simply check the MD5-sum or compile the source themselves is 110% ignorant of how Joe User expects software to behave.

    dev at stocholm dot dk

    PS: and for the record: I am a former employee of Microsoft Denmark.

  166. Greets,

    Hmmm…this got long. I hope you read through it, I think I make a few good points, and there’s no vulgarity in it (except for one reference to Outlook :) ).

    Now…

    Let me put something forward that you will definitely not like.

    The cert system the way it works right now is antithetical to people who love to write software.

    I am a software developer, and I love what I do. I have a very popular open source application, loved by many, trusted quite thoroughly by all of them. I get paid nothing for writing it, I get paid nothing by my users, it is free in all respects, and I write it for the love of producing software that my users love to..well, use.

    I don’t have it digitally signed. It’s a FREE program, how can I possibly justify paying $200/year for this?

    Why is anyone trying to extract money out of my work, when I don’t even make money on it?

    This is probably an argument you simply don’t understand, either by not being a developer yourself, or if you are, being a ‘only at work’ developer, who doesn’t understand that some of us (despite being professional developers in our day jobs) also write code for the pure love of it.

    To those who code for love, and love to distribute our programs, the whole idea of a for-pay ‘gatekeeper’ between us and the end-user is nauseating. It’s absurd, and frustrating, and completely unnecessary in the end.

    First, I need to set something aside. ActiveX controls are fundamentally insecure, as they run raw, uninterpreted, unsandboxed code on the processor. Microsoft should stop supporting, or at the least, stop promoting them as any kind of a solution. Please, PLEASE, if you have any kind of a pull, recognize that an uninterpreted plugin is uncontrollably insecure, no matter how ‘signed’ it is, and stop the proliferation of ActiveX now.

    That said, any form of signature needs to be either more affordable, or have a free component for free applications. If you really are working on the secure initiative at Microsoft, take some time to go to places like Download.com, and peruse it, and see how many files are currently ‘digitally signed’. The answer is virtually none, and the ones that are, aren’t the free ones. (And some of the ones that ARE, have spyware!)

    If you really want to revamp the way executable security is handled, make it so that there are no barriers to people who write free software (in any sense of the word) from being able to run on your platform.

    Paying you, or Thawte, or Verisign for the ‘priviledge’ of writing free software is obscene, and if you loved programming the way I (and many others) do, you’d understand that.

    If you can find a certification means that doesn’t impose that kind of a limitation on software developers, then I’d sign my software too.

    I’m worried about the idea of Microsoft implementing the ‘Secure Digital Initiative’ stuff, for the same reason. Because of a lack of foresight (I prefer to honestly believe that (and a level of ignorance) over malice and greed), you will end up implementing methods that allow you (the generic Microsoft ‘You’, here) or some other agency to act as ‘paid gatekeeper’ for all software that will be allowed to run on a system. This cuts out the ability for people like me, who write software for the joy of it, to provide solutions to people for free, because we have to pay to BE developers.

    If that doesn’t frighten you, go find some of the fabled MS engineers who love to programming, and ask them what they think of the idea of having to pay yearly to be allowed to *give away* software on the dominant platform, or even to be able to write the software in the first place. Perhaps I’m wrong, perhaps being used to Windows tools, where the toolchain is often expensive in the first place, this seems normal to them. That would be sad…

    In the mean time, because FireFox doesn’t use a ‘certification’ method that virtually nobody ELSE uses either, is no reason to call it insecure.

    Now, you are complaining about the surrounding ‘protocol’ (the mirrors, the certifications, etc.), not the application itself. The application is provably more secure solely in that it does not run ActiveX controls, no matter their certification status. Beyond that, we can dig around for various levels of comparison, between the default security in FireFox versus the default security in IE, and the ‘must disable’ security in IE.

    When I can do a ‘Windows Update’ without changing my IE security level from ‘High’, and not having to click ‘Yes’ a thousand times each page (hyperbole, but it IS exhaustingly frustrating), then perhaps we’ll have achieved something.

    You will have achieved a lot more when I can do a ‘Windows Update’ with just FireFox, so I don’t need to rely on IE at all. It’s VERY nearly doable, if you eliminated the ActiveX control, and converted the VBScript to JavsScript; I walked through the VBScript by hand once, and was able to get all the way through the pages, down to the one that loads the ActiveX control. :( There was nothing prior to that that required IE at all.

    In partial summary, which I’m sure you’re breathlessly awaiting, (1) those who love developing software and don’t need to be paid for it, need some way to provide that software in a secure manner without having to be ‘cash vending machines’ for gatekeepers, when they’re not making money on their work themselves. (2) ActiveX is a truly evil concept, downloading raw X86 code onto your machine, embedded in a web page, and controlled only by a weak certification scheme that allows anyone to get a certificate, no matter how vile (or poorly written) their code. (3) While the process surrounding FireFox may not live up to your expectations of verifications, neither does upwards of 90% of the software that users WILL download to their computer, so castigating FireFox for it is a little absurd. (4) FireFox is, by default, more secure than IE, simply by dint of not needing to turn off its security to operate most major websites.

    I haven’t gotten into running as Admin on a Windows box, the dismal record of Outlook (which is related), the intermingling of the concepts of ‘code’ and ‘data’ that is absolutely endemic to Microsoft products (and the cause of 90% of their security problems), or dozens of other security issues that are not directly relevant to this problem, but encourage a dismal outlook on Microsoft’s security policies.

    Those unfortunately call into question YOUR motives on trying to direct attention away from them, and onto FireFox, especially when you pick on a security mechism that virtually no OTHER 3rd party developers are using either.

    I loathe name-calling, but when a MS ‘security’-minded person tries to find fault with the security of someone else’s product on mostly specious grounds, I have to ask that you turn the finger around and clean your own house first.

    Now… SHOULD FireFox step up and get this certification, to ‘prove’ itself a member in good standing of the community? Maybe, if it’s a legitimate standard that won’t change in a year or two…

    If Microsoft so strongly wants people to use this certification method, perhaps they should pay for FireFox’s use of it, and then trumptet to all the OTHER 3rd party developers that FireFox is using it, and so they should also!

    As for the mirror site problem, you are completely out of line. Expecting mirror sites to be SSL-certified is absurd, and again places excessive restrictions on software distribution (the ‘gatekeeper’ effect). Further, SSL certification of a mirror provides no valuable information, since it’s still run by the same people in the end, and their security will still be ‘equally strong’. If you don’t believe in Mirror sites at all…all I can tell you is that you are far too spoiled by being behind Microsoft’s fat pipe. Software distribution out here in the real world means mirrors.

    I’m terribly sorry for all the people calling you bad names, and saying stupid things about you personally. That is just wrong. I’d love to sit down with you (or SOMEONE) over dinner at Hunan Garden or something, and have this out in a proper technical discussion that resulted in real changes, but this will have to do. I tried to keep my comments to ones I would make, face to face, in a technical debate over dinner. I may have failed in spots, and I’m sorry if I did. Even dinner debates get heated. :)

    I hope there’s something to learn, or take away that is valuable in this. I obviously think there is, or I wouldn’t have taken the time to write it.

    Good luck, and illegitimi non-carborundum.

    [Roger Harrison]

  167. Greets,

    Btw, I got here from Scoble, oddly enough, not /..

    [Roger]

  168. Pedrão says:

    Mas que barato!!!! Propaganda de graça para o Firefox feita por um funcionário da Microsoft!!!!

    Um anúncio no NYT: 150 mil dólares

    Um anúncio de um funcionário da concorrente: não tem preço!

  169. Billy G says:

    How can I trust code I can’t see. How can I trust a company that aides Spyware in being installed on my computer. Those digital signatures don’t mean shit.

  170. Wow, I can’t get over the statement on the side of this guy’s page. Is he serious? It says:

    Normal disclaimers apply. I am not responsible for anything, and neither is Microsoft.

    Haha! Is that second sentence the Microsoft employees’ creed?

  171. Chris says:

    Question : If IE were a seperate browser and not bundled with Windows, would it get as many downloads as Firefox? or any other browser for that matter?
    <br>

  172. CFarrell says:

    This post was picked up in a SlashDot article yesterday and the general tone of the SlashDot submission was that there is a valid point here. I agree. Whereas open source software has a reputation as being secure and reliable, it is not sufficient that this reputation remains obvious only among developers and long-term users of open source software. Newcomers to open source and, critically, businesses and institutions who have, or intend migrating their IT environments to open source are used to the certification method of verifying software, whereby trust is expressed in a third party, such as Thwaite or Verisign. It is naive to expect a migration to the standard open source method, whether or not this is better than the certification method. At this stage, when Firefox specifically, and open source software generally, is moving towards large scale adoption, the above article has offered a valid topic for debate. As the open source community has shown considerable disdain (nobody can deny that this has been, for the most part, justifiable) for proprietary processes, it might prove sensible to look at the possibility of developing an "open source" certification. This could be used to verify the origin of open source software (including mirror locations) and could be administered by a body such as the Free Software Foundation – a body trusted by developers and users alike.

    I am an avid user of open source software. I have no proprietary software on my PC whatsoever. Yet I would like the open source model to learn from the business software model, for which Microsoft provides a good example.

  173. > I meant "Trust is not transitive IN THIS CONTEXT."

    In which context?

    If you’re talking about the specific case you mentioned that you shouldn’t trust Mozilla mirrors. Then I apologise that it’s not completly obvious that that also suffers from a fallacy of non-support.

    Mind you that does leave us with a question about your generalized example**. Why give a general example if you’re not making a general point? If you’re talking about a specific context then you have retreated from the general argument.

    **Or at least it sure looked that way. Perhaps you were, in fact talking about a specific "You" and "Bob". In which case it would be irrelevant anyway…we don’t really care about what goes on between you and Bob.

    > I ddn’t have all day to write the post.

    Hey if that’s what it takes to write a convincing argument rather than one that’s asinine or manipulative. I’d say go for it! :)

  174. macewan says:

    someone from microsoft is raising his eyebrows about firefox? that’s rich. then he worries as he is sent to the mirror at the depaul university computer security response team?

    since you’re more than likely using some version of windows os which is closed to developers, trying to find what the errors were during the installation could pose a problem.

    i highly recommend the use of Linux. if you must use some winos during your work then vmware could help out. seriouly give it a thought. probably a stable version of Debian (www.debian.org/) or the Novell flavor of Linux.

    i run unstable versions of Debian or Ubuntu Linux at home but at work Ubuntu Linux Warty runs 24/7 on a brand new compaq. $350 for the hardware, clean the windows and install Linux. Now I have access to everything I need to get my work done for the nonprofit i work with. the ONLY computer problems i’ve ever seen in the organization is worms, virus problems and the money they spend on xp license. just so they could use word, excel and email. quite the shame.

    i sleep well at night. do you?

  175. Alan Smithee says:

    I guess the big question is: does code signing solve the biggest current threats to network or browser security?

    Check with the folks at the Dell helpdesk. According to John Dvorak ( "Panic Over Spyware" http://www.pcmag.com/article2/0,1759,1744126,00.asp ), the biggest problem right now is spyware & adware. Code signing is no deterrant in the vast majority of these situations. I’m really not sure code signing is where I’d like the Mozilla foundation to expend its resources next. Though it should at some point, I’m not at all convinced it should be the top priority at this moment.

    I have to ask: is every piece of code you execute signed? Honestly now, do you run IrfanView, SpywareBlaster, AutoIt, or anything produced by a single programmer or small team to whom code signing may not be financially feasible? Doesn’t this requirement attack the same grass-roots/garage developers that made Windows popular in the first place?

    Isn’t this a simple case of forum-shopping, i.e. looking for a specific set of circumstances in which your side may have some advantage, without necessarily being a central case to the larger argument?

  176. Hi Peter,

    I’ve been following your recent blog posts about firefox . You speak alot about "signed code" I admit that there are advantages to code signing, but it also opens you up to vulnerable code, for example i found a internet explorer vulnerability reported 2003-08-14 that is yet unpatched by microsoft. The problem is with an activeX plugin MCIWNDX.OCX, the vulenerability report states

    "This plugin is part of Visual Studio version 6. However, since the plugin is digitally signed by Microsoft, it may be silently installed through Internet Explorer by any website."

    So could you explain why i would trust signed code more than unsigned?

    Just because its signed by microsoft doesn’t mean that it should be trusted any more than unsigned code, In this particular case you are putting yourself at risk by trusting so called "signed" code

  177. 恋花和尚 says:

    Ping Back来自:www.donews.net

  178. 恋花和尚 says:

    Ping Back来自:www.donews.net

  179. Vincent says:

    > Version 1? Wow. How long have the Mozilla guys been

    > working on this browser? Since 1998 at least… 6

    > years and it’s only v1?

    >

    > Kind of lame really.

    >

    > When’s v2 going to come out and fix this then? 2010?

    Not really. The betas were far more stable than anything MS has given us – I appreciate them taking their time.

    And if this was MS we’d have to wait a few years before any other features were added or bugs were fixed. If problem surfaces with Firefox you can probably download a fix within a few days or weeks. hense the versioning system. Check it out.

  180. Terry D says:

    Although I don’t agree necessarily with all your points (I stopped using IE awhile back, for security and other reasons) I do appreciate that you did a follow up article. Hopefully Firefox can learn from some of the points you brought up, just like hopefully IE can continue to grow from issues brought up by others as well.

  181. I love Slashdot too.

    I made a comment on your previous post saying I agreed with your views but I have been using FF (and its precursors) for a year now.

    As an end user I much prefer FF to IE as it is much more pleasant to use than IE. what’s more there a tons of extensions that make FF an infinitely more *useful* product than IE.

    What I don’t understand about this post is the final sentence that because your blog doesn’t show well in FF you won’t use it. That is unwise. Like any other website the objective is to make it present itself acceptably in most browsers. As an FF user I’m not going to know how your blog should look like unless I know otherwise and for some reason it is going to benefit me to view it in IE.

    Even though IE is the most common browser I keep on reading remarks in other’s blogs that thier visitors stats show a high level of FF users. Consequently even though you aren’t a specialist in this field maybe it’s time you made your blog more presentable to non-IE browsers. Hell, I can do it so I would be shocked if you couldn’t do it also.

  182. Your 15 minutes of fame just expired.

  183. Daniel says:

    Hey, i don’t expect this comment to even get moderated, I just hope that you actually read it. .

    100% BRAVO to you for having the guts and the knowledge and the calm logic to make your postings and your feedback. When I heard that someone had written an article that was "critical" of firefox, I knew that the sheer amount of flaming that was going to be astronomical, and judging from the pages of crap on slashdot and the pages of crap you got posted here and on the other article, I was right.

    So, yes, I as an intellectual an open minded and (humbly) intelligent human being have infinte respect for what you’ve done here; you supported your statements, you stood strong in the face of the inevitable onslaught of flaming, and you even logically and calmly responded to many of the choice comments from people. This is a rare and glorious thing to see these days on the Internet.

    I’m sorry for wasting your time with basically just a plate full of unadulterated praise, but I’m just so incredibly happy to see something like this, so gloriously and flagrantly flying in the face of the steaming slashdot bullshit.

    and incidentally, your blog (and all the other microsoft related blogs) display better in my various copies of firefox than slashdot itself does.

    so.. thanks again :)

    your new and highly impressed reader,

    daniel

  184. Whilst I have no sympathy for Microsoft and little sympathy for Peter and the flood of comments here, I would agree that most of the comments have completely missed the point of his original post: downloading unsigned software from an unknown web site means you can’t tell spyware or tampered software from genuine safe software.

    However…

    1. If you do the install from a pre-SP2 Windows box (which I’d hazard most PCs are, mostly pre-XP even), you get fewer alerts and a smoother install process.

    2. I’ve watched non-technical users install stuff. They just merrily click "OK" and "Yes" and whatever it takes to get something downloaded and installed. They don’t pay attention to the content of the dialog boxes. They’re too used to all these dire warnings (not just in the software world) and they tune out. Besides, most of them who have spyware / adware laden PCs don’t even notice – or think that their machine is just acting up. They don’t associate that with anything they’ve done.

    The problem is a lack of education and understanding in non-technical users. Dialog boxes and alerts with helpful messages don’t help very much unfortunately.

    Peter had a pretty sucky install experience. If he’d been a "normal user", he’d have probably bailed at some point and not bothered with Firefox. Luckily I’ve not seen other (non-technical) users have such an experience – for most people the install is smoother…

  185. Jakeypoo says:

    Seriously, though. 2005 is the year of Linux according to some magazine. Just like 2004, 2003, 2002, 2001…

  186. AC says:

    [quote]re: I love trolling Slashdot

    bob

    Is there anything lower than making boneheaded comments about a community and then cherry picking and publishing the worst anonymous abuse you (rightfully) recieve in order to make that community look bad?

    Professional trolls, like David Coursey, have been earning good money for years by making idiotic statements about Apple products and then mocking the community response. And now you seem to be carrying on this grand tradition. It’s a poor show when your argument is so weak that you need to lean on such distasteful rhetorical ploys.

    Posted @ 12/21/2004 6:45 AM[/quote]

    one of the most insightful post!

  187. IE v Firefox is purely a numbers game.

    Merry Christmas everyone, now step away from the keyboards and relax. Maybe next year we can all focus our passions on solving real world problems?

    Hmmm then again…

  188. Gizmo151 says:

    All the article was a Microsoft shill doing his job.

    As Redmond is afraid of open source anything,it’s heiracy too them!!

    I know from my own experience IE is slower and no where near as secure. Hactive X is the main secruity problem…

  189. Peter,

    Your original case, about signed code, would be stronger if all Microsoft code was actually signed by Microsoft. Live Communications Server still has several controls that are not signed by Microsoft, one is a company with "turtle" something in the name.

    By the way, I vote "Your Not an Idiot."

    Michael Cherry

    Lead Analyst Windows and Mobile

    Directions on Microsoft.

  190. AC says:

    # re: I love Slashdot

    Simon Cooke

    >John wrote:

    >> You did raise couple valid points about

    >> shortcomings of firefox, but let me remind you

    >> that it’s on version 1.

    >Version 1? Wow. How long have the Mozilla guys been

    >working on this browser? Since 1998 at least… 6

    >years and it’s only v1?

    >Kind of lame really.

    >When’s v2 going to come out and fix this then? 2010?

    >Posted @ 12/21/2004 9:55 PM

    http://www.mozilla.org/projects/firefox/roadmap-1.0.html

    http://www.mozilla.org/projects/firefox/roadmap.html

    another idiot who dont even know how to use google

  191. Judah says:

    Errr, AC, Firefox uses the Gecko engine, which has been in development long before 2002.

  192. Firefox is the better browser. Hands down.

    However you did raise many valid points that the Mozilla team should look into.

    May I also remind you that Mozilla is a Hobby for people. It doesn’t have the bells and whistles, resources, money that Microsoft has.

    Microsoft is a corporation that is taking computers, what they could be, and ruining them. Ever hear of a little thing called TCPA????

    Jeez…

    On the bright side, you are a very good persuasive writer.

    :-D

    The nameless crusader

  193. OMG!! I love this blog!

    You have been linked!

  194. me says:

    <a target="_new" href="http://www.mozillastore.com/products/software/firefoxcdguidebook/?r=mozorg">http://www.mozillastore.com/products/software/firefoxcdguidebook/?r=mozorg</a&gt;
    <br>
    <br>Not sure about the downloadable version, hay buy a copy on CD, you know as Microsoft would preach if you want it pay for it.
    <br>
    <br>Otherwise by a magazine article or just have faith and download it and hope for the best.

  195. Peter Torr says:

    I am going on holiday so I won’t be able to moderate them. I will let them through when I get back.

    Thanks for taking the time to post (and more thanks if you actually read the article first! :-) ).

    Happy Holidays

  196. In my blog I wrote a &quot;How to ensure you have the appropriate Firefox code – Step by step&quot; guide, I think the average user is able to verify if he/she has the clean Firefox code or not.

  197. Nathan says:

    <i>

    "By the way, I vote "Your Not an Idiot."

    Michael Cherry

    Lead Analyst Windows and Mobile

    Directions on Microsoft."

    </i>

    Heh. Lead Analyst and he doesn’t know the correct way to use "your" and "you’re".

  198. anti-bimbo says:

    ah ah ah such a laugh

    your 2 posts in one word : poo

    please stop writing useless articles unless you wanna be considered as web-legend such as "star wars kid" or "the peter panguy"

    your super hero name would be "the MS man that cant manage his SP2 but dont want to admit it

    tnaks anyway for thoses minuts of fun. i really enjoyed it. you remembered me of my hotlining experiences

  199. noam samuel says:

    first of all, I must say that about the question of signing software in linux, it does exist. most package managers support pgp signatures to packages in order to verify that packages really come from where they are supposed to.

    secondly, I must point out that in the sense of "could I trust that firefox is actually firefox", you can just try downloading from two different mirrors and compare the binaries. you can also download from download.com, if you trust them.

  200. Kroc Camen says:

    In summary (ignoring people missing the point)

    * a Firefox download could be faked, to instead be a virus.

    This is totally possible, though unlikely for the moment. Mozilla foundation should have plans in place for dealing with "popularity issues" – or at least I hope they have O_o

    However for the moment, this issue pails in comparison to the number of people being infected through IE’s hole every day.

    Signing, MD5 hases and PGP signatures are zero guaruntee of authenticity. Microsoft’s system being even more misleading than the rest as it authenticates nothing as regards the binary pattern of the program.

    AS firefox popularity grows, an attack can and will be expected. The chances of mass all-out attacks is less though due to the fact that Firefox has a better first-foot on security and the updates can be distibuted to all users in a very short time. (Much quicker than IE)

    * Signing helps users makes informed decisions

    The repsonse has been that since anything can be signed, good or bad and that no signture can be trusted thanks to signature flaws – signing of a download only causes the problem of instilling trust in things that should not be trusted. What Microsoft have created is simply a money spinning idea for themselves, and have corrected absolutley none of the problems of activeX installers (such as Gator) as the end user will, and always will, just click yes on whatever. And if they do only accept signed software – they still get hacked >_<

    Firefox’s current system has proven – in the field- to withstay the barrage of breech attempts that usually get past IE. A download must be whitelisted before it can be downloaded. Non-techy users simply click the "click here if your download has not started yet" link (e.g. on download.com) and get the true requested download. Since drive-by downloads of Gator and so forth do not have a "click here if your Spyware did not install itself already link" – most non-techy users are never ever caught out by Gator.

    Microsoft should drop signing completley – it is paramount to "painting the roses red" and benefits nobody but Microsofts pockets. IE should implement a system similar to Firefox with all automatic downloads (and not downloads by click) being blocked. The core idiocy with SP2 is that when a driveby download kicks in you get a big yes/no window that must be dismissed – and you can already guess what the "Microsoft Conditioned" users will do. Thank you Windows98 for your legacy….

    My opinon is that Microsoft need a reality check.

    They need to sit in front of 40-something mothers and watch as they let every internet nasty in through IE. And the people programming IE should spend a week fixing PCs that have "stopped working" because ofyou-know-what.

    IE6 SP2 was an idealistic bullcrap update that tried to instigate "ground breaking" new ideas – but forgot to bear in mind that not everybody is a C++ programmer, let alone somebody who can switch on a PC.

    I believe FireFox’s success to be based on that the people who write this software, use the web, and see the bad side of it day in day out. I doubt IE programmers even have to deal with spyware due to network boundary security.

  201. Matt says:

    Your blog doesn’t display properly in IE either. W2K patched, IE6 patched. Probably because I have large fonts turned on.

    Nevertheless, it doesn’t display properly. Is there something I can do about it? Probably. But as a user, I want it to display correctly without having to fiddle with settings, yes?

  202. Ben says:

    I would agree with some other comments that there are points here that could do with some careful consideration.

    However, I feel that both Microsoft *and* the Mozilla team (or more generally, all closed-source and all open-source software providers) should consider the issues.

    The certificate and signing solution as championed by MS obviously has already failed: Gator is signed and has a valid certificate, many hardware drivers for current mainstream hardware are not signed and users don’t read security pop-ups. Obviously, this system does not provide any way to decide on trust or security of anything.

    OTOH, trusting any of hundreds of mirrors for downloading open-source and relying on MD5 hashes don’t help either: not all mirrors can be policed and users don’t bother checking hashes.

    It would be nice if both MS (employees) and OSS developers could come out of their respective entrenched corners and figure out a better way of doing things.

    Regrettably, that would not necessarily lead to a good solution, but we can only try, can’t we?

  203. John says:

    You think Microsoft doesn’t use mirrors in exactly the same way Firefox does. I remember cancelling one of the first Windows Updates I performed because it was showing a redirection to CONNEXXION, which I’d never heard of. I thought that was fishy, so I cancelled the update, and did some research.

    I found out soon enough that the company performs load-balancing services for heavily-downloaded software, so naturally it made it easier for me to trust the update after that. Oh, and I had no choice in the matter, of course.

    Nowadays, the Windows Update software hides all of this from you, but it’s still performing the exact same. This is not to say there’s anything wrong with mirrors, but to defend Firefox’s visible (as a necessity, since they don’t bundle their download at the OS level) redirection to mirrors.

    This is a Good Thing, because 1) Mirrors are not going away, so people should get used to them; and 2) I can actually see which place it intends to begin downloading from, and choose another if I feel uncomfortable. I could even redownload it from multiple mirrors to compare copies, if I were so inclined.

    How would I do any of that through Windows Update? Should I just trust Microsoft’s distribution method more than Mozilla’s? I think the answer is clear – of course not. The method should be transparent enough for me to trust the Method Itself, not the Person or Company Behind It.

    Mozilla’s method satisfies me in this respect. Digital signatures are useless, just like checking ID at an airport. Checking ID only ensures that I know who’s installing software on my computer, it says nothing about their intentions. The hashes are a very suitable alternative to digital signatures that people who care about their software Will Check. Having multiple mirrors in different locations prevents the kinds of attacks you seem to believe so possible (the cracking of a web-server and replacement of both the binaries and their md5 hashes) by ensuring that people have multiple sources to compare against one another.

    Your knee-jerk response to the firefox installation "errors" you witnessed while running the software using an environment that hardly anyone’s going to be actually running on their home computer (7-zip on a virtual PC?) is irresponsible and misleading, and you know it. I use 7-Zip, but I’m aware that it has problems. I’ve used PC-emulators, and I’m aware that they, too, have problems.

    Everyone else has done a nice job of working out your other fears by leading you directly to the answers that were lying under your nose. All you seem to be holding on to is the "faulty" distribution through mirrors, which is easily explained above.

  204. Garric says:

    You have too much time in your hands. Do something more productive such as, say, diyng.

  205. Matt Shaw says:

    I’ll say this for you, as if you’re even monitoring this anymore, the competition between the two browsers betters us all. Were Mozilla to be the lone product in the market, it wouldn’t take long for it to become bloated and ridiculous. Competition cannot help but benefit we, the consumers.

  206. BeOsFreak says:

    "Microsoft is a corporation that is taking computers, what they could be, and ruining them."

    Just what the heck does that mean? Microsoft is a copmany that knows how to sell a box of "SH_T" to anyone. {Windows 95 Presentation, remember, it crashed, but people loved it.} Please do not blame Microsoft for being the Business Tycoon. Blame them for having all the money in the world, and not being able to Make "The Perfect OS".

    If you must blame anyone for Microsoft success, then blame all computer manufactures that signed on the dotted line: by signing the agreement you will get Windows OS at an OEM price but don’t passs that savings to your customers, put that extra $100 in your pocket, however you cannot install any other OS with this OEM version. If you do so, you agree to pay us, Microsoft, $10 Billion Dollars in fines and legal fees.

    No the guy signing the agreement is thinking, WOW! Instant $100 per PC. My Boss is gonnna geve me a big bonus for this. (Reality: MS becomes instant Multi-Billion dollar company over night.)

    And now you know the rest of the story. Angry at Microsoft, buy a MAC of send e-mail to PC vendors demanding alternate OS installs, along with Winblows, to get "another OS" out there.

    SO, why do Open Source projects not do what MS does? Steal Cool Technologies, and claim they invented them.

  207. Bob Ross says:

    If you blog doesn’t render right in Firefox, it’s the HTML not firefox.

    IE tends to "fix" broken or dirty html so pages render right. For years people have been practicing bad web design by coding by MS standards.

    Firefox renders the page the way the code says to.

    I personally would find a better blog host.

  208. Para instalar qualquer programa tem que pedir a benção da micro$oft. Haja paciencia. Não vou discordar de voce. Esse é o seu ganha pão. Se Bill Gates nadar em uma piscina muitos morrem afogados. hahaha

  209. Refrozen says:

    http://www.refrozen.com/new/newer/content.php?a=wsn&i=9

    If you scroll down from the original news item (it’s in the comments section), I wrote a reply to counter my "This guy is an ass" post. :-)

    You aren’t such a bad guy now that you covered your ass, some of the comments made by other people on the original article were pretty asinine however.

  210. vlsi0n says:

    i agree 100% with the author.

  211. Andre says:

    I just tried to install the extension you linked in your post, and Firefox popped up a bar that read:

    "To protect your computer, Firefox prevented this site (weblogs.asp.net) from installing software on your computer."

  212. joe says:

    i’m not really a computer expert or anything, and i used to use all microsoft stuff, but seriously though. i started using mozilla, and thats when i realized how much ie sucked.

    even if ie’s installation is secure, and mozilla’s may not be guaranteed to be secure, it’s when you use it that matters the most. cuz the number of people who installs a malicious firefox will be probably <1%, while more than half of ie users get screwed with viruses and shit for using ie. so there take that torr. i met a project manager for one of microsoft’s softwares at a conference, and he seemed very professional, but your biased opionions really makes me sick.

  213. alanh says:

    M$, I sense fear, sleep well.

  214. crazybob says:

    I don’t want to hear statements about how secure SP2 made IE or anything like that. It’s irrelevant how nice Microsoft thinks it is. I am not a programmer, though I am a self-proclaimed geek.

    All I have to go on is past experience. My little brother likes online flash games a lot. He was using a limited account on a Windows XP pro computer. This offers a great deal of safety at the expense of all usability, so I switched it to a full account as a birthday present. Two days later, the computer was trashed with spyware, adware, malware, and other such nonsense. It took me over two hours to clean the computer, and both Spybot and Adaware found over 800 issues each.

    After that, I switched him to FF 1.0PR. To the best of my knowledge, 1.0PR came before, or at least near, SP2. Since that switch, he has not had any large issues with his computer. I think it says a lot that a developmental version of a volunteer effort was safer than a 6th generation product which has been worked on for years by paid programmers.

    Also, I have been with FF since 0.7. I am a bit safer in my browsing than my little brother, and since switching to FF, I have gotten two popups, 10 spyware programs, and only had problems blocking desired popups when I was trying to use AIMexpress, before I allowed popups from that domain. Again, we are comparing a developmental product to a 6th-gen behemoth, and still the little guy wins.

    Sure, I now have SP2 installed…But that was a slipstreamed fresh install. IE has yet to see the internet on this install, so I can’t speak for the improvements SP2 offered. I hear they are there, and if they are…all I can say is: about time. But I still won’t use it. I would miss my mouse gestures, weatherfox, tabs, and flashblock.

  215. Matt Gould says:

    It’s rather pathetic how this follow up comment reciprocated most of the criticisms you made in your analysis of FF. The only remaining issue you have raised here is your fear of downloading FF itself! If you are so concerned, you could have retried to download FF until you started recieving it from mozilla.org themselves or had it sent to your email account by someone you trust with a genuine copy.

  216. farking says:

    there is only one problem in the world. *users*

    that’s what we need really take care of. we give them AV, fw, ids, ips…what they give all of it a damn if you don’t educate them?

    we need to teach them ‘don’t take candy from strangers’ :) btw I’ve use firefox about 2 weeks right now, install correct extension that suit your need & you’ll love it. good luck

  217. Kanya Ikari says:

    You know… you should realize that EVERYTHING has some bugs; anything isn’t perfect. And btw, Firefox maybe is unsigned and IE is signed – but I really think your ordinary user wants comfortable interface rather than some signatures xD My two cents.

  218. The point being was that regular computer users are at risk when installing unsigned software.

    Most of the /. people are techies or often called nerds, geeks, … whatever. Just look at all those in favor of linux.

    My point is that my gf or my father doesn’t know how to linux, I’d be surprised if they ever heard of it in the first place. Those are the kind of people Peter was talking about.

    I know that whenever my girlfriend or my father comes across a downloaded application which produces a security warning, he or she won’t install it. Simple as that.

    How should they know what sha1, md5 etc is? The only thing they care about is to use a computer that works and does what they want it to do. Installing possible harmful software interupts their joyful computer experience..

  219. Otto says:

    <i>Signing isn’t a panacea, but it’s better than nothing!</i>

    This comment says it all, really. Your whole rant is basically about code signing. Admittedly, you have some other minor points, but these are relatively minor so let’s focus on the big one here.

    I’ll start by stating my premise:

    <b>Code signing is *worse* than nothing.</b>

    Code signing, as implemented by Microsoft and IE and as being used by Verisign and so forth, does nothing to improve security, and in fact actually degrades security by introducing more possible places for flaws to occur, by tricking the user into believing software is safe when nothing of the sort is being assured, and by providing a monopoly on "safe code" to major businesses when it’s well documented that these are often the people who write the least secure code.

    First, security is not improved by inserting more steps into the process. Take the example where Verisign sold somebody a certificate for "Microsoft Corporation" a few years back. It wasn’t really Microsoft, it was some smartass who decided to prove a point, but it was a good point. He now had the ability to write code and sign it and have it pop up in IE saying that it was written by "Microsoft" and that it was signed. Signed code only puts the users faith in a company like Verisign, and it’s been shown, repeatedly, that you can’t trust them to do anything but try to make a buck. Understandably so, granted. Also, anybody can buy a signature. So for that matter, signed code doesn’t actually do anything. A spyware author could buy a signature. Signatures could be stolen and used to sign code as somebody else. IE has had exploits before that compromised its signature verification mechanism. The point being that there’s enough ways around it that it’s really kind of useless as any kind of trustworthiness indicator.

    Secondly, it’s not even meant to be used as such an indicator in the first place. All code signing really is is a slightly more advanced form of MD5 checking. It ensures that the code has not changed from the time the author signed it and it ensures that the signer paid money to Verisign or some other company in the big list. It says absolutely nothing about the trustworthiness of the signer, the trustworthiness of the author, that the author and signer were indeed the same person, whether anybody else has looked at the code and verified that it doesn’t do harmful things, etc, etc. It’s totally useless as any real indicator of whether or not you should trust the code in question.

    Finally, the fact is that signatures are expensive. It costs between $400 and $700 to buy a code signing signature from Verisign, and that’s usually just for one type of code signing method. Independant coders can’t afford that. And independant coders write the best code on the planet, as evidenced by the fact that the internet even exists. The whole thing is built on free code and free protocols and seriously large portions of it run on open sourced software. Face it, it’s a bit hard to pony up $400 for a code signing certificate when you’re writing software that you give away for free. The whole paid code signing certificate concept favors corporations or other "for-profit" entities and ignores the hobbiest. The hobbiest will always be more skilled than the professional, simply because the hobbiest cares more. The hobbiest does it because he enjoys it and loves to do it, the professional does it because he gets paid. Sometimes these two overlap, but not always. Free software is written by hobbiests and will always be of a higher quality, on average.

    So the whole "code signing" take that you have on this strikes me as major shilling for Microsoft and other corporate motivations, basically. Because with just a little thought, the total worthlessness of code signing in general, and Microsoft’s implementation of it in specific, becomes immediately appearant. If you want to figure out a way to help ensure that random code is secure, then I’d agree with you. But code signing not only does not solve that problem, it’s actually detrimental to solving that problem in the long run.

  220. Scott says:

    You make some good points. Frankly I blame the media for the majority of "hype" surrounding security exploits in IE.

    I will say though that ActiveX is evil and the root of most peoples problems with IE.

    I was (almost) never dumb enough to click on "yes" to download some mysterious ActiveX control that some lame web site (usually a commercial one) thrust upon me. But then, I’m smarter than the average computer user.

    If and when Firefox gets as popular as IE it’s vulnerabilities will come to the forefront as well.

    But security is not why I use Firefox. I use it because it’s simply a better Browser than IE. It’s more easily customizable and has more features and (unlike Opera, another good browser) is free (as in free beer).

    Not to mention, Firefox is available on virtually any computing platform and IE is not. I use both Linux and Windows and I like to be able to use much of the same software whenever possible. IE had a Unix version a number of years ago. That’s as close as they’ve gotten to a POSIX-compatible product.

    That’s not good enough for me.

    But forget about me. The average user, using just windows will still have a better browsing experience with Firefox than with IE (th"e exception being the non-standards-compliant "IE-only" sites out there.

    I have to correct your article about Mozilla being able to "afford a two-page-ad in the New York Times".

    They can’t. The ad was paid for by the individuals names in the ad. It was paid for by donations from people who wanted to help <a href=http://spreadfirefox.com/>Spread Firefox</a>.

  221. Murhaaya says:

    (I apologize for my english. It’s so poor but I can’t resist to add my reply)

    Oh man…

    I use Mozilla 1.7 because my PC is powerful and I like goodlooking themes that I can get, from Mozilla site. I recommend Firefox to all my friends. I have no problem while installing Firefox 1.0 neither installing plug-in like Flash, Shockwave, Quick time, Real Media, Cult 3D (Nokia uses this one for 3D of their cell phones. With IE there is no way to even be redirected to Cult3D page through the plug in window[in my case]. In Mozilla there was no problem with it) …

    If anybody in his/her reply hit the point with, "I don’t trust IE" (I don’t trust it either) you just say: "I’m talking about FF not IE", you should be working(or you experts should) on improvig IE rather than saying that FF is insecure. That’s so typical for MS guys. If somebody says to you that this and that MS thing doesn’t work properly you just reply "That’s not my fault" or "I don’t write the code" or "I work in HR not in IT" or some similar dumb reply instead of "Thank’s for your care, I will try to do something about it". It is just so wrong.

    How can I trust FF?

    How can I trust you? Or even MS? How do I know that Windows aren’t a big backdoor? I can’t trust you, because you apologized for some mistakes in you last article. => simple equation:

    Your "facts" + Apology for mistakes in your "facts" = you are untrustworthy

    because nobody should trust anybody who lies!!!

    But back to FF. "It’s nice browser" so why you don’t use it? Maybe you should use FF for few months and then wrote some articles. But I don’t beleive you that you realy truly said that’s it is nice browser.

    You are comparing FF 1.0 and MSIE 6 withSP2. That is so unfair. Try to compare it with MSIE 5.5 (if the MS did not burned all copies of their old mistakes oh I mean programs). I don’t believe that you as a MS employee could find old versions of IE. That’s so weak.

    I think that you really don’t know what are you saying. It’s all so weak and pointless.

    (Sorry, there is one good point:

    You are having so many free time if you are installing FF just for this. You should go out and play some games on fresh air. Don’t stare at you gamabox all the time, it makes you more stupid than you are :-)

  222. Chris says:

    >Normal disclaimers apply. I am not responsible for anything, and neither is Microsoft.

    You are not responsible for your own writing? It is good to live like that, but please make this disclaimer larger, so people know not to trust your own UNSIGNED work, because if you are responsible, you SIGN something

    and since this is UNSIGNED (non-responsible writing) people shouldn’t trust it.

  223. Tuxiradical says:

    In single Windows use software signed by Microsoft. And for that reason use linux. You must think that firefox this created by the own users, the own creators of plugins. serious just to sign your own plugins? And not that version of firefox you used, because in the 1,0 (the one that use I) when I am going to install plugin says to me that one is going away to install not surely in a place, and if it wants to put that site in my list of safe sites. I believe that in previous versions it did not appear that option. But the problem this really in the installation of plugins? NO! IE has several problems of security that do not have anything to do with the ActiveX. Also we must think about the user who uses them, an inexperienced user (those that normally uses IE) is going to give to him any button so that the window disappears that requests to him to install plugin. In firefox, if he tries himself to install plugin: 1 First it appears a bar in the superior part indicating that the site is not safe. 2 After adding it in the list (too much lost time), then it is possible to be installed. I repeat the question, insurance that you have the same version of firefox that I? Greetings.

    PS: Sorry, my english is very bad, I’m a spanish boy.

  224. Robert says:

    Peter, you just can’t win with this bunch, can you? Well, I thought your follow up was respectable. I was just thinking, and NO I have nothing at all against open-source code (I enjoy a peek under the hood), but give me the source code to something and I can bend it to my will (and I am not that good) – imagine a true hacker unleashing hell on a browser that is open source, if and when it were to become the #1 browser.

  225. Not being picky or anything. It’s not a plugin it’s just a patch for signtool which has been around for ages. It’s original function was to sign .jar files for the original netscape. MS has a tool of the same name used to sign it’s .cab files.

    Thanks for the mention. I’m just a lowly programmer that wanted to sign his own extension and tracked down how. Then I decided to amke it easier for others. Once NSS 3.10 is released. Maybe someone can build a pre-release version of signtool to help out current developers

  226. watson says:

    "Trust is not transitive. If I trust you and you trust Bob, that doesn’t mean that I trust Bob."

    I don’t understand why you say this and then also go on and on about signing things. All that effictively does is make me Verisign and Bob the signer.

    It also goes against what Microsoft is pushing in terms of security (just look at Kerberos, all a service [ie. you] effectively knows is that the Kerberos ticket granting service [ie. me] trusts the client [ie bob].

    I think you need to go back and re-think what it is you are saying.

    You might also think about writing a post entitled Do I feel safer running Firefox? I’m sure the honest answer will be yes.

  227. Michael Silk says:

    I couldn’t agree more with Otto.

    Code signing is a terrible way to trust applications.

    Also, it’s totally naive to think that users actually _care_ about their security at all.

    For example, I was trying to install some software on my computer, and Windows 2000 suggested to me that it was "trusted", or whatever. But I needed to use this software. If I clicked "No I don’t trust it" I couldn’t use it. There is no alternative for me. I _must_ trust it, even if Windows says I can’t. So the whole thing is useless without alternative solutions to solve the users problem.

    Heck, history should _show_ you that IE’s practices of which button is selected by default, and the wording of it’s warnings, etc, _DO NOT WORK_.

  228. niko says:

    my god… this blog displays terribly in firefox..

  229. V1nce says:

    >Mozilla can’t afford bandwidth, so it needs the mirrors

    >But they can afford two-page ads in the New York Times?

    M$ can’t fix broken software, pay security experts (are there any ?), ship software in time

    But they can afford Press & TV Ads

    (don’t leave, it will ship in mid-2005, late 2005, spring 2006, finally there will be a SP (2007?) but it will be free (I promise))

    and use FUD…

  230. Ahmet Aka says:

    You are not an idiot.

    You are a cultist.

    Your "follow-up" posting does nothing but pick a few of the erroneous feedbacks by the less-clueful readers and retort (bash?) them. You also picked one or two of the correct points raised by some readers and totally distorted or skirted them in your replies. And you did this in a point-by-point basis that supposedly must look like you have addressed every issue raised by your readers totally and irrefutably. However, there is not one (1) serious issue that you could address properly and correctly. All over this follow-up, you doublethinked and quackspeaked. You violated every logical rule they teach in the 101 and mangled every truth till they looked like they proved your point.

    And the "first-things-first-oh-I-am-so-objective-and-humble" beginning where you attempt to redeem yourself – we, over in my country, call that "Kurtarma Yazls" – look it up.

  231. Eddie says:

    You made points that Firefox isn’t safe because the user can click whatever… etc.

    Well IE is just the same, maybe even worse. If someone chooses to download a virus, thinking it’s something good, on IE, then they arn’t going to give a **** if it’s signed, unsigned, known, or unknown! Sure, it might help for you computer nerds, but most people will disregard the information anyway!

    Oh sure, IE tries but the truth is, it’s the same either way!!!

    Since FF is better in everything else, FF is still way better.