One thing I hear a lot: “oh, Firefox only has had less security holes because few people use it! If it ever grows to 50% market share or more, it will have as many problems as IE!”
It’s not just IE users who say it - many Firefox users believe it as well.
But there’s a flaw in that reasoning.
The flaw is that those people, apparently, believe that all software is of exactly the same quality. In other words, there is no such thing as better or worse programmers, more or less motivated programmers, better or worse testing practices, rushed software to meet a deadline set by the marketing department, a more or less efficient bug tracking system, even different software design philosophies (such as some believing in making the browser a part of the OS, and some beliving that it’s still an application).
If none of these existed, then, sure, maybe all software would be equally good - or equally bad. A piece of software used by twice the users would have twice the number of known security holes - and the less used software would have as many holes, they wouldn’t just have been found yet.
But I don’t think that this “theory” fits with observation of reality. Some software has historically been buggy and insecure (and I don’t mean just IE or Windows - many commercial Unixes such as Solaris or HP/UX apparently only started to care about security this century, though they have been around for decades more). Some other software hasn’t. Some software has holes like “anyone can do this and take full control of the computer”, while in some other software the bugs are more like “there’s a buffer overflow here, which could theoretically be exploited to cause the program to crash”. Big difference, don’t you think?
No, Firefox isn’t perfect, and there will certainly be more bugs - both ones that are still undiscovered, and ones that will be introduced in future versions. But I believe they are, and will be, nothing compared to IE’s history - neither in number nor in severity.
You see, besides the “release dates driven by a marketing department”, the “not open source, so security experts can’t find code flaws and suggest fixes” and the “integrated with the OS” disadvantages, IE has another one that people usually don’t remember. The current IE, 6.0, is still mostly a patched IE 4.0. That’s from 1997. At that time, security wasn’t the huge problem it is today, so IE wasn’t written with security in mind. Have you noticed that IE hasn’t had any real new features from 4.0 to 6.0? It has only been patched for most security flaws found, and for stability. Patched to fix particular holes - not designed as secure in the first place. And from what I see, IE 7 still won’t be written from scratch - it’ll still be IE 4 + patches.
Related posts:
RSS feed
The only “new” feature of interest in IE7 is, the way I see it, tabbed browsing (which MANY other browsers have had for quite a while…). Better late than never, eh?
Not only that - it’ll also correctly support transparency in PNG files. Which other browsers have done for years. Oh, and
RSS feeds“web feeds” (if you can’t do it first, rename it so people will still think you did :)).but does anyone know whether HTML will be a new feature in IE7??
(all of the IE’s, from 6 and prior, all of them have left out the Q element from HTML)
Fully supporting HTML is the 1st test of a browser in my book!
I agree to your argument and the facts you provided. But still (i dont know why!!) i feel Firefox is more secure than IE.