http://releases.mozilla.org/pub/mozilla.org/firefox/releases/2.0.0.4/win32/en-US/

“While there may have been more bugs in Mozilla than in IE, Symantec gave the open-source project high marks for its bug-fixing. On average, it patched bugs within one day of their public disclosure — the fastest turn-around of all measured browsers. Opera came in second, averaging two days. Safari was next, with a five-day window, followed by Microsoft, which averaged nine days per patch.”

My firefox eats lot of ram too. They’re fixing that problem in version 5, due in the summer of this year. I already “built” the version and it’s looking pretty darn good.

The default value is WAY too high. I discovered this then I was looking around in the source code, and checking what all those options did.

You save about 70MB or so of RAM when you implement the change I mentioned above. (I find that based on my surfing habits, the Windows version doesn’t go above 100MB of RAM no matter what I do).

If you really want to test the robustness of Firefox, try opening more than 200 tabbed windows. Then repeat with IE7. Do the same with Opera.

Just abuse those browsers and see which one comes out on top. That’s how you test software. (Pretend you’re a typical desktop user and just click at anything and everything! Really punish it!)

Regarding software security.

The issue with IE is that its linked to Windows. An IE problem becomes a Windows problem…Which results in a potential issue for the whole system. Microsoft is willing to accept this compromise, because they need to keep IE bundled with Windows in order to remain the dominate browser. (They know the majority will not try another solution because its human tendency to accept whats given to you in the case of complex technology).

Browsers like Firefox and Opera aren’t linked to the operating system itself. You’ll find that security issues are often because of the browser itself OR because of Java scripting. (Like in the recent case of Firefox).

I know the current version of the Java implementation in Firefox needs to be seriously overhauled and improved. Its a potential security problem. (I can’t comment on Opera OR IE, because I don’t have access to the source code for those apps).

Security issues isn’t because of popularity. Its mainly because of poor implementation and design decisions.

MS is renown for security issues because of implementation and company policy. They have to make compromises to keep their dominate position. (Its a fact that they hide quite well from the end-user).

To hide the seriousness of it, they will get their marketing team to create trivial excuses for the public. Examples include: “We’re more vulnerable because we’re more popular” and “No software is perfect”.

The first excuse is utter nonsense. Look at webserver implementations. Apache, and open-source solution, takes 2/3rd of the market while MS’s solution takes about 20%. And yet, the MS solution is hacked/cracked more.

The 2nd excuse is a blanket statement. Of course no software is perfect, but you can get very close to it when you do things the right way. Any security expert can tell you that.

So why are MS solutions hacked and cracked more?

(1) They treat security as a PR matter. They do “just enough” to keep the public happy, and hype it with their marketing team. As long as you feel safe, its all good!

(2) They don’t rewrite from scratch. (Because they can’t). Everyone knows IE has serious issues, because it will take too long for MS to re-implement and rewrite it. They went with the “band aid” approach because its quicker to implement. That is, slap on security features into the OS to delay the inevitable. (or at least it will by them time to release a patch).

Their marketing team will add their dose into it, and people will believe its safer.

Its not. Its a fool-hearty attempt to sell software. ie: BAD for the end user! Because its innocent desktop users like you folks that suffer in the long term! Have a think about why you need an AV solution, anti-this and anti-that malware app installed?

If the solution was properly implemented, you wouldn’t need all that! A good brain, some good security practices and policies is all you really need. (Of course, security companies don’t want you to have that because its more profitable to keep charging you a subscription service!)

Did you know that there are security technologies out there which result in you not needing an AV solution running in background (fulltime)? You only need to scan suspected files. That’s it.

(3) They overcomplicate things in an unnecessary way. If you want security, you keep things simple. That includes the implementation and the code itself.

If you ever compared the system calls for Apache and MS’s solution, you realise how overdone the MS approach is.

Complexity breeds higher probability of security issues. And takes MUCH longer to fix and patch!

Just look at their UAC in Vista. This is the current perfect example. A good idea (used actively in Unix, Linux, etc), completely screwed by implementation from MS. In fact, its so annoying that some people turn it off and Apple makes fun of it in their latest ad!

They aren’t creative enough to think of a better way to implement it and make it reasonably livable for the user.

(4) MS itself is unable to respond in a timely manner. Monthly updates are equivalent to a train schedule approach to releasing patches. This will take weeks to months.

Now think of eletronic speeds and how fast issues can spread. See how MS pales?

On the other side of the fence, open-source folks release fixes within hours to a week at most.

As well, content providers take priority for Microsoft. They react FASTER to an issue relating to the DRM implementation than they do to their own security issues! This is fact.

Why? Fixing security issues doesn’t pay in monetary terms. Content Providers do.

(5) Everything is executable in Windows!

This is the biggest compromise in design to make it easier for the user. Its the reason why UAC exists. (You see what I mean by band-aid now?)

In other OSs, nothing is executable unless specifically requested by the user. If it isn’t, its denied. (Which will then allow you to see a potential bit of malware trying to do something nasty).

(6) The complete lack of user education about security and good practices.

Yeap. I blame Microsoft for this. They could have actively promoted security tips and guides to ALL Windows users. They could add tutorials, helpfiles, video demos, etc, etc.

But they didn’t. They were more concerned in selling an operating system.

Now we have a generation of computer users who think they know computers but lack the necessary knowledge of even the basic security concepts!

(7) Internal bickering of MS is having an impact on everything they do.

The biggest delay of Vista is because of Microsoft itself.

The company actually consists of smaller parties that fight and bicker with different goals. One group likes and accepts open-source, the other doesn’t.

What usually takes days to weeks for something to get done in a typical software company, usually takes months for Microsoft to do. (There are too many managers to report to and to request permission to change features!)

+++++

You probably then wonder why, Linux/BSD/etc still get compromised!

This is often because of two reasons.

(1) Lack of knowledge and experience about security and the tools available to them. This often results in mis-configuration that results in exposed areas.

(2) Poor or complete lack of security policy. If you don’t conduct serious audits, how do you know you’re secure? A common one is that they didn’t keep up with updates. This is why you define some good policies!

You will NEVER find, when you dig through computing history, a case where a *nix based operating system cause as much of a ruckus on the Internet as a Microsoft solution. (Words like Code Red, Welchia, Slammer, Blaster are clear reminders of what MS has done and could have prevented)…Heck, check your firewall logs and you still will find the residue of these nasties STILL floating around!

Have a think about why Apple picked FreeBSD as part of the basis of its OSX. Granted, I don’t like Apple, but at least they’re smart enough to see a *nix solution is a good one to adopt.

What’s really sad is that even Microsoft’s OneCare Live security solution is suffering from security issues. (check their recent patches and you’ll see).

Now that’s just ironic.

MS wants you to trust them with security, and yet, their own implementations have series security issues? Should you continue trusting them?

I wouldn’t. That’s why I left them. I don’t trust software where I can’t see the source code.

So you can see why I pick stuff like Azureus over uTorrent, etc.

****

So why do people stick with Microsoft?

I see two reasons.

(1) People just take whats bundled with a system.

(2) Applications.

Say if an alternative suddenly appeared.

It will have a compatibility layer that was seamless and secure. But was completely compatible with ALL Windows-based applications from Windows 3.1 to Windows Vista. To top it off, its an option to be bundled with any PC.

How well do you think Windows will sell if this solution was completely and legally free?

At best, you will expect their marketing department to lie through their teeth to keep people to stay while they scramble to counter this new threat.

Have a think about that the next time when you hear people question why people stick with Windows.

Its not because they enjoy it, its because they have to.

Think about why gamers plan to adopt Vista in the future…That’s right. Its the only OS that will work with DirectX 10 games.

What happens if an alternative can do that without spending a single dime? How will this particular audience react? How would MS react?

You see, I’ve figured out that MS isn’t an invincible software empire. Its just a tyrant that lies and does deals to maintain its dominate position. To break that, you have to come up with alternative solutions that render their money making model useless. As in to completely de-value their software from head to toe.

but didn’t you mean browser.cache.memory.capacity ?

the more popular the software, the more attackers try to attack it and thus the more vulnerabilities it has.

the newer the software, the more secure it is.

as firefox reaches a high popularity, it’s bound to have certain flaws detected.

but firefox was built around the idea of a browser better than IE.

personally i love firefox 2

In Firefox, enter in the web address line:
=> about:config

Then enter in the “Filter” line:
=> browser.cache.disk.capacity

Based on how much system memory you have enter the following to modify the value:

For 128MB to 512MB RAM => 5000
For 512MB to 1GB+ RAM => 15000
(These are typical values that work for most people. You may use other values if you wish, depending on your web surfing habits).

Then restart Firefox.

For some stupid reason, they set it to something like 200000!
(I would like to meet the person who did this and smack them on the back of the head for this stupidity).

You wonder why people are having memory related issues!

Then comes these clueless IE lovers that claim everything is a memory leak! Do you have any idea of what a memory leak is? Do you know how to detect and identify one? Do you know how to correct it? I bet you all they don’t. They’re just echoing what others have said. (Its the internet version of “Chinese whispers”).

You really want to know why I use Firefox?

Because its the only browser that works on the multiple OSs I use and its open-source. (allowing me to look at the source code…Which I could use as an example to study for programming. Maybe re-do what they’ve done in a better way.)

Its the only browser that has plugins or extensions that give me FULL control of what ad, Java or Flash crap gets loaded on screen. (Thereby further reducing memory consumption).

Firefox gets better when you DO NOT use it on Windows. When you build your own system from scratch, with something like Linux or BSD, you can keep it thin and fast. Firefox seems to be very responsive in this scenario.