Mark Gilbert’s Blog

While having a little browse around the internet looking for information on the Firefox 2.0 Alpha release I stumbled accross a particular website. It is called Firefox Myths. What the site is basically about is apparently dispelling myths about the Firefox web browser. I did have a good laugh reading the Firefox Myths website, but was a little concerned by some of what the author was saying, which is why I’ve written this post. I would also like to mention Ben Houghton who spent a while helping with research, fact checking and proof reading for this.
If I discover anything I’ve left out I will add and amend this entry as required, so if you have anything to say, get those comments posted.

To start with I’m not going to hide anything here, I have used Firefox for a long time, I began with version 0.5 way back in December 2002, now I use a Mac I use the Safari browser, but I do like Firefox. I still keep it around for odd tasks such as testing my website compatibility.

I’m not sure where a lot of these myths have come from, they seem to be made up, but if the author could provide links as to where these myths came from then that would be good.

Lets start off with his myths;

Myth - “Firefox has lower System Requirements than Internet Explorer”

The site states that IE 6 will run on a 486 and Firefox requires a minimum of a 233 MHz processor to work. According to Microsoft this is true, IE 6 will run on a 486 since Windows 98 will run on 486, but how slowly would this run? I never ran Windows 95 on anything less than a 233MHz PC and it was pig slow then. I would break down in tears if I had to run Windows 98 on a 486. Since IE 6 will not run on Windows 3.1 I seriously doubt any useful work could be done with IE 6 on a 486. I so wish I had a 486 knocking around so I could try this out for myself. it would be a fun experiment for me.

Myth - “Firefox is the Fastest Web Browser”

I don’t think Mozilla¹ or anyone else has made this claim, Opera used to say they were the fastest web browser but they now don’t. What the Mozilla group say is;

Faster Browsing
“Enjoy quick page loading as you navigate back and forward in a browsing session. Improvements to the engine that powers Firefox deliver more accurate display of complex Web sites, support for new Web standards, and better overall performance”

They never say they are the fastest¹, just that they are fast, which has probably been left ambiguous deliberately.
However I have seen various speed tests done on browsers showing Opera to be the fastest browser out there.
In fact on the note of browser speeds, the Avant browser suggested by the author actually does claim to be the “fastest web browser on earth” on their homepage, when clearly it is beaten in every area by another browser, namely Opera.

Myth - “Firefox is Faster than Internet Explorer”

Again see above, I don’t think the Mozilla Foundation¹ has ever claimed this and looking at the browser speed tests does show that IE 6 is quite a bit quicker than Firefox in a lot of areas, but there are some areas where Firefox is faster than IE 6, in particular script rendering. But even though IE is faster than Firefox at say CSS rendering, at least Firefox renders CSS correctly. In an old version of my Website I had a pure CSS based menu system, the whole site and it’s CSS was W3C validated but IE refused to display the menu correctly, it made a horrible mess of thing while Firefox dsiplayed the site correctly. Now if I’ve coded to the XHTML 1.0 standard surely Firefox should display it incorrectly since it apparently does not fully support the W3C standards, but it displays it correctly, which would seem to suggest that Firefox has better W3C support than IE. More of W3C compliance later.

Myth - “Firefox is Faster than Mozilla”

Again see above, the Mozilla Foundation¹ have never made this claim but I know other people have.

Myth - “Firefox Achieved 10% Market Share in 2005″

Well yes, WebSideStory did report that Firefox has only got a usage level of 8.9% but this will vary according to who you listen to. Technical sites will report some very high usage statistics for Firefox while non technical sites will report lower usage statistics. Research done by French Web metrics firm XiTi shows that in some countries such as Finland, Firefox has achieved 38% market share, again this varies by where you look at the statistics from and what sort of site you take them from. Most other webanalysis firms are reporting higher Firefox usage figures than WebSideStory. People such as the W3 Schools have reported well over 10% market share for Firefox since it’s version 1.0 release and currently shows 25% market share. Janco Associates show 12.61% market share for Firefox, OneStat show ,a href=”http://arstechnica.com/news.ars/post/20051103-5525.html”>11.5% market share from March 2005 so it really depends what figures you look at.
My site stats for a given period are show 35.99% Firefox usage as shown below

I think the important thing is that this is the first time since Netscape in 2002 that a non Microsoft browser has had close to 9% market share. That is a large achievement however you look at it.

Myth - “Firefox is Secure”
Myth - “Firefox is the Most Secure Web Browser”
Myth - “Firefox is More Secure by not using ActiveX”

I think I can cover three myths here. Firstly Firefox is more secure. According to security research firm Secunia Firefox has had many less problems than Internet Explorer. The advisories for the different products are here for Internet Explorer and here for Firefox.
Firefox has had 26 advisories posted, 3 are still unpatched and the most severe one is marked as “less Critical”
Internet Explorer has had 91 advisories and has 21 still unpatched, at least one of these is marked “highly critical”
I think this speaks for itself really. 20% of the Firefox problems are system access problems and 36% or the Internet Explorer problems are system access issues. I’m not sure what else to say with regards to this, the problems are there in black and white.
Due to the way IE is tied into the Windows OS exploits in the IE browser also can affect the whole OS, this also makes IE less secure. ActiveX was and still is a major source of security exploits for IE, by not supporting ActiveX controls Firefox IS more secure.
At this point the author tries to argue that by supporting ActiveX controls this somehow makes IE more secure³. Well I nearly laughed so hard I fell of my chair at this point.
The author quotes directly from the eWeek article he cites as a source but doesn’t give any hint that this is a verbatim quote². It would be nice if he would differentiate this.
Anyway, a quick look through Secunia show that IE has 4 exploits for ActiveX and 3 of these are still unpatched and Firefox currently shows zero exploits for it’s XPCOM object model or it’s xpi extension system. I’m not saying that exploits for XPCOM and xpi extensions don’t exist, it’s just that there are no known ones.

Art Manion, who represents the United States Computer Emergency Readiness Team (US -CERT) suggested in a vulnerability report that the whole design of IE6 SP1 makes it hard to secure.

“There are a number of significant vulnerabilities in technologies relating to the IE domain/zone security model, local file system (Local Machine Zone) trust, the Dynamic HTML (DHTML) document object model (in particular, proprietary DHTML features), the HTML Help system, MIME type determination, the graphical user interface (GUI), and ActiveX. � IE is integrated into Windows to such an extent that vulnerabilities in IE frequently provide an attacker significant access to the operating system.”

Myth - “Firefox Extensions are Safe”

Yes Firefox extensions can be insecure but this is true of any browser plugin. This is simply down to the author of the plugin, not the browser itself. Although the browser can allow some of the exploits more freedom over the system it’s running on. See above for why this is an issue when IE is tied into the OS so closely

Myth - “Firefox is a Solution to Spyware”

This is true because a lot of spyware installs through ActiveX controls. I see computers everyday infected with spyware. All of them use IE as the browser of choice and all have SP2 installed. SP2 does have better spyware protection than XP with no service packs but IE is still a large backdoor for spyware. Yes SP2 makes the whole affair better, but still far from perfect, idiot users still become infected because they click things they shouldn’t. You can lock down IE very well, and make it almost fool-proof, but when you make something fool-proof nature just creates a better fool. To lock IE down properly the security settings must be turned up and these settings themselves must be locked down with the help of GPO’s (Group Policy Objects). I have created such secure setups but users become easily confused when websites are telling them they need to turn their security setting down and they can’t because the Sys Admin has locked them down.
With Firefox it is much harder to become infected automatically, possibly down to the fact that IE still has the largest market share and so most spyware is written to take advantage of IE. Only time will tell on this front.
The only completely secure version of IE that exists is the one which comes with Microsoft Windows Server 2003, since it comes totally locked down and sites have to be manually allowed before they can be viewed or used.

Myth - “Firefox is Bug Free”

Who has ever said that Firefox is bug free? Mozilla certainly haven’t¹. No sane person would ever claim their application was bug free, anything more complex than “Hello World” can not be claimed to be bug free. If Firefox was bug free and the perfect browser why would they still be working on new versions? Firefox isn’t perfect, that’s not what I’m arguing, I’m simply saying it’s better than IE.

Myth - “Firefox Blocks all Popups”

Proof shown below, IE with popup blocker did not block any popups on the dodgy sites I visited as a test, firefox didn’t allow any of them. I’m not saying Firefox will block all popups, but it will block a hell of a lot more then IE.

IE With popup (WARNING - Not Work Safe)	���	Firefox Without Popup
	���

Myth - “Firefox was the first Web Browser to offer Tabbed Browsing”

Again the Mozilla foundation¹ never claimed they invented tabbed browsing, they just utilise the feature. opera wasn’t the first either, it was a browser called InterWorks which did it back in 1994.

Myth - “Firefox fully supports W3C Standards”
Myth - “Firefox fully supports the most important W3C Standards”

Again I can cover two myths here. This is in part about the ACID2 Test which is often used to test standrds compliance in a browser.

ACID2 Reference Rendering	IE Rendering	Firefox Rendering

The author suggests that HTML 4.01 is the most important web standard, however the author has written his page in XHTML 1.0 Transitional. The HTML 4.01 standard has really been surpassed by XHTML and people should by now moving away from using HTML 4.01, for this reason I would argue that XHTML is now the most important web standard.
Besides IE 6 still has some serious problems with HTML 4.01. There is a whole list of problems with IE in a Wikipedia article.
There is no support for the element which is a part of the HTML 4.01 standard, there is also IE’s CSS box model bug. This is where a width is explicitly specified for any block-level element it should determine only the width of the content within the box, with the padding, borders and margins added afterwards. IE incorrectly includes the padding and borders within the specified width, resulting in a narrower box when displayed, this contradicts the W3C’s CSS specification

Apparently 15% of websites dont render correctly in Firefox, but I can wager that these websites also dont comply to the W3C standards. The problem lies with the fact that some websites are specifically coded to work around all of IE’s rendering bugs and so these hacks and work arounds cause problems in browsers which don’t require them. IE is famous for having terrible support for W3C standards, Firefox may still not fully support them, but it has much better support than IE. When the Microsoft team was working on IE they chose to use proprietary standards instead of supporting the established standards for CSS rendering and as a result sites have to be specifically coded for IE, whereas if you code to the W3C standards then it will display correctly in all compliant browsers. Microsoft have gone their own way with IE for so long it’s almost impossible to turn back now without breaking a raft of sites designed by lazy developers who couldn’t be bothered to code to the W3C standards. This is commented on by Paul Thurrott who runs his Supersite For Windows. I always find Paul Thurrott to be a good source of inforamation on Windows related material.

If the author of the article could show me a site that complies with W3C standards and doesn’t render properly in Firefox, but renders better in IE then I would be very surprised and impressed.

In a lot of these “myths” the writer is just trying to slander Firefox. He claims Firefox does not do a lot of things when in fact IE is even worse at doing them, of course this is not mentioned at any point in the page. It seems more of an attempt to drag Firefox through the mud, not to make a sensible comparison of it’s benefits and features. The whole article stinks of a tabloid newspaper article, poor research, unbalanced and written purely to damage the target. I freely admit Firefox is far from perfect, but it is leaps and bounds better than IE.

The author also suggests that a particular web page titled “IE Is Dangerous” is a propaganda website, but hold on, isn’t that exactly the type of site the author has written?

I hope I can get some good feedback and comments on here, do people agree or disagree with what I’ve said? Also if the author of the Firefox Myths website stumbles accross this posting then I hope to hear from him too.

Cheers

OK, corrections, omissions and clarification time

1. After recieving an e-mail from the author of the article, he does satte at the top of the page that

“This page does not claim the Mozilla Foundation is the originator of any of these Myths.”

2. Verbatim quotes are actually in quotation marks, apologies to the author.

3. The author of this article sent me an e-mail a copy of which can be seen in the comments section of this post. I said that he tried to argue that IE was more secure using ActiveX controls. He states that,

“I’m not sure why you came to that conclusion, since the point was simply FF is NOT more secure by not using ActiveX.”

Since there are 4 known security exploits for ActiveX, logically Firefox IS more secure by not using ActiveX. For example, Windows (the glass type) are a security problem in houses, bad people can get in through them. A bank vault is more secure by not having windows in it. In this example windows are ActiveX controls.

4. The author states that there would be no Internet without HTML, while this is true, XHTML will soon replace HTML. Therefore it is always better to look forwards than backwards, since progress is made by moving forwards not hanging onto the past. XHTML would not exist without HTML, but since XHTML is a more current standard, then I would suggest that XHTML support is more important than HTML support.

This entry was posted on Wednesday, January 25th, 2006 at 15:21 and is filed under Applications, Internet, Personal, Technology, Web Design. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.