What a sad, sad attempt. I didn't see one thing that makes me even consider the idea that there is anything misleading or untrustworthy about Firefox. I'm going to go through the article and comment as I go along.
Not only does this software come from a completely random university server, but I have no way of checking if it is the authentic Firefox install or some maliciously altered copy.
Redirections are done every day by thousands of sites. The link is posted directly from Mozilla.org. Isn't that trustworthy enough? Besides, this is blatently wrong. If you're really that paranoid, get the md5 or sha1 sum from the site and use them verify your download. Not easy, sure, but possible.
Oops, my network connection died.
Blatant fearmongering and an attempt to unfairly cast doubt on the integrity of Firefox by associating it with a random negative event.
...this time coming from -- I kid you not! -- a numeric IP address, the bastion of spammers and phishers and all manner of other digital rogues
Blatently disregarding that there are plenty of legitimate uses for numeric IP addresses.
a completely blank MessageBox.
Which most likely comes from the fact that he's using a virtual machine and not a supported platform. And if he's so paranoid, why continue at this point?
It dutifully tells me the extension isn't signed (good), but makes the default choice Install Now (bad). This is the opposite of what Internet Explorer decided to default to when it detected unsigned code (ref: above). Now tell me again, which is the more secure browser?
A very, very minor point, and one that ignores the fact that IE will often install things without asking you at all (or at least did until SP2).
[regarding Flash] That's probably a good move for most users, although personally I tend to click Run inside IE because I know it will warn me about unsigned programs.
Very trusting of IE I see. Why so suspicious here though? Isn't getting it from the Macromedia site enough?
I just get the usual "This could be a virus; do you want to run it anyway?" dialog. But without any evidence to base my trust decision on (where it came from, who the publisher was, etc.), what should I do?
Didn't you just download it from the Macromedia site? I think the point of the dialog was to make you think about fishy forums and such, not about legitimate sources of popular software.
What's really frightening though is that there is a "Don't ask me again" option in this dialog...
...Didn't that originate with IE?
How do I disable Flash inside Firefox? Good question. I don't see any menu items or Tools -> Options settings,
He obviously just didn't look hard enough. Options>downloads>plug-ins. In addition, you can just remove the plugin from you plugins folder.
According to Google, I have to download yet another unsigned extension to enable the blocking of Flash content.
According to Google? What does that mean? And since when does IE even offer that option?
How do I know I didn't just install some terrible malware from a compromised web server?
How do you know you didn't just install some Malware the last time you downloaded an IE "helper" toolbar? Indeed, which browser is more likely to install things undetected? You're supposed to use your own best judgement. Certificates mean next to nothing in terms of security.
Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer any more.
Which means that, in the end, security is up to you, not the software. He's twisting this quote to try to pin the blame on Firefox for something that is the user's responsibility.
To continue my benevolent fairness, I actually think Firefox is a nice browser.
Yeah, a real balanced job he's doing here.
But just because it doesn't currently have any unpatched security vulnerabilities talked about in the press doesn't mean they don't exist.
Generally true of all software. It's the overall track record that is most telling. And in the Firefox vs. IE race, it's no contest.
Mozilla keeps their security bugs hidden from the public (just like Microsoft does)
Mozilla keeps it's security-related bugs under wraps until it can fix them, which is generally a short time depending on the severity of the bug. The security-sensitive flag is for that brief period of time between when a bug is found and it's fixed, so that it doesn't exacerbate a problem that's already known. M$ however apparently keeps security bugs under wraps so that it doesn't have to fix them. (And sometimes doesn't even fix them even when they've been made public).
But the thing that makes me really not trust the browser is that it doesn't matter how secure the original code is if the typical usage pattern of the browser requires users to perform insecure actions.
...with a rehash of the rather innocuous or dubious complaints mentioned in the article. It also completely ignores everything Firefox does to protect users from doing insecure actions, such as requiring you to whitelist a site before installing extensions, not allowing you to automatically install executables, reasonable default security settings, and more. Plus, there isn't the inherently dangerous ActiveX and integration with the OS that IE has.
I personally don't care if people choose to run Firefox or Linux or any other software on their computers -- it's their computer, after all -- but we'll never get past the spyware / adware problem if people continue to think that installing unsigned code from random web sites is A Good Idea.
Which seems to be deliberately implying that Firefox is an insecure application, and that it will only harm anyone who uses it.
Overall, this is one of the most sickeningly biased bits of writing I've ever seen. It simply oozes with phrases designed to make you question the integrity of the program. I'd say it was a masterpiece of propeganda if it wasn't so ham-handed about it. And the comments following it are just as biased. Looks like a classic astroturfing attempt to me.
