Robert needs to go Down Under and feed Microsoft Australia’s managing director Steve Vamos some of that Cluetrain manna. He and his colleague Ben English had some audacious things to say (via Slashdot) about Internet Explorer:
At a security roundtable discussion in Sydney on Thursday, Ben English, Microsoft’s security and management product manager, told attendees that IE undergoes “rigorous code reviews” and is no less secure than any other browser. “Because IE is ubiquitous, you hear a lot more about it, but I don’t think that Internet Explorer is any less secure than any other browser out there,” English said.
Steve Vamos, Microsoft Australia’s managing director, agreed, saying he does not believe IE’s market share is under attack following the recent high-profile debut of the Mozilla Foundation’s Firefox browser.
That’s simply bollocks, guys. If Mr. English or Mr. Vamos can show me a few independant studies that support their views, I’ll change my tune. In the meantime, they need to:
- Actually try Firefox, so that they can speak with a modicum of authority about it.
- Admit that tabbed browsing is a feature your users want. I’ve introduced a bunch of your users to Firefox, and I’m batting 100% on the superiority of tabbed browsing. I’ve also got twenty bucks that says IE will offer tabbed browsing by 2006. Why implement that feature if your users don’t want it?
- Don’t lie in the press. When a powerful and well-funded US government department describes the security threat in using your product, there’s probably something wrong with it. Recognize that, get busy fixing it and tell us you’re doing so.
DarrenBarefoot.com 
Oh good move quoting the US government. Should I then be completely unreasonable and say that:
When a powerful and well-funded US government department describes the security threat in using *the other* product there’s probably something wrong with it.
Nah. I like firefox. Really.
Ali: I wasn’t arguing that Mozilla didn’t have security vulnerabilities, just that IE has more. Popular opinion and personal experience has certainly demonstrated that that’s the case If you can demonstrate otherwise, I’m all ears.
I certainly have no arguments to make for or against the security of IE, or Firefox for that matter. But it is a rather common myth that US-CERT is an agency fighting the evil that is IE and your statement above (and the contents of the article linked there) just propagates that. US-CERT is an agency fighting the evil that is insecure software (and for that they deserve much praise. They are one of the very few impartial security agencies with enough experts and money to be of consequence).
I’ll grant you that US-CERT (as it should) treats all software equally. That said, I had a quick look through the 12 Mozilla-related vulnerability notes (by searching from this page) and none of them recommend switching to another browser. That’s a possible solution CERT offers on this note on IE.
I agree with you Darren but would like to add, now that microsoft has abandoned users of win2k and win98 by not including them in upgrades in new releases of IE it will bound to have an effect, monopoly or not.
As for security of IE vs Mozilla. Both have problems but Mozilla Foundation has a bounty on finding new bugs and Mozilla responds very quickly to apply patches to bugs that are found. Seen turn overs of less than 2 days from bug report to patch release from Mozilla. Compare that to IE where security vulnerbilities (some considered critical) are still being ignored after a year or more.
Its the new kid on the block and this may change but for now I’m reveling in no threats of spyware, adware and the ability to customize the browser the way I want it
Agreed. What IE, in particular, is suffering from is a classic case of the curse of commercial software. Up until a couple of years ago, you couldn’t take a product from release to release, simply make it more secure and more reliable and expect people to pay money for it again. People did not see the value in security, the marketters never paid enough attention to that angle, and the productions teams didn’t see the value in spending time on security (vs writing new features).
So you got unpatched holes that get little time alloted to them, and new holes were introduced with new feature whose security was not considered carefully enough.
Now, thanks to the efforts of a whole lot of programmers and frustrated users of insecure and unreliable software, now we live in a world where people understand the value of security. And every software company sees this, from top to bottom. From a software quality perspective, mozilla was the best thing that ever happend to IE.