Tip

Firefox 2.0 vs. Internet Explorer 7

Web browsers are among the most commonly used software. Recently, both Internet Explorer 7 (IE7) and Firefox 2.0 trumpeted new or improved security features during their well-publicized launch campaigns. While these features

    Requires Free Membership to View

are primarily aimed to attract the business user, they also are directed toward the everyday user who has started to take Internet security more seriously. But what are these new features and do they make using the Web any safer?

Internet Explorer 7 and Firefox 2.0 enhancements
Both Internet Explorer 7 and Firefox 2.0 filter and analyze the Web address, the page content and the structure of a page. And, though both make use of blacklists, only Internet Explorer 7 offers this as a default setting. Firefox 2.0 makes up for this by offering the choice of two blacklists, one of which happens to be a live database maintained by Google. Also impressive is the speed with which all lists are updated.

Both browsers' development groups have upped the ante regarding user warnings, especially warnings applicable to providing personal information. Internet Explorer 7 now uses color-coded warnings in the URL bar based on whether a site is trusted and Firefox's dialog box to warn of cross-domain scripting. Internet Explorer 7 has also enhanced their default settings: the Medium setting has been raised to Medium-high, and the Low setting has been removed altogether. Unfortunately, the much-anticipated Internet Explorer 7 Protected Mode, which stops Web sites from changing a computer's critical files or settings, will work only in Windows Vista! Nonetheless, these improvements take steps to enhance the user experience as each browser now offers enough information to enable users to make intelligent decisions about the safety of a Web site.

More on Web browser security

Learn how to maximize your Web browsing security.

Tired of Internet Explorer and Firefox? Learn what Opera has to offer.
Both Web browsers tackle downloads with a barrage of warnings. It seems that Microsoft really learned from past problems caused by ActiveX. Now, a download dialog box only appears when you click a direct link to a download. This prevents pop ups from prompting you to download a file. In addition, if there's a need to install a software program, the prompt will only appear once. Microsoft has also reworked ActiveX prompts; they now appear in the Info bar where they don't interfere with navigation and can be ignored. And, although drive-by ActiveX installs are now impossible, users still need to change their habits. While Internet Explorer has provided publisher program information for some time, simply doing so hasn't deterred people from installing malicious programs.

Alternatively, Firefox allows Web pages to trigger a download dialog box that users must deal with. Firefox also has its own add-on model, and there are concerns about the ease with which they can be installed.

Firefox 2.0 vs. Internet Explorer 7: End-user appeal
However, Firefox 2.0 will likely appeal more to the technically knowledgeable user and its options and dialog boxes reflect that. It offers more customization, such as allowing users to choose which warning messages they receive, and which cookies they can view and remove. On the other hand, if Internet Explorer 7 considers its browser settings to be unsafe, the "Fix Settings for Me" option can help the less technically savvy surfer.

Presently, Firefox has a better reputation for security than Internet Explorer, but Internet Explorer 7 definitely reflects Microsoft's increased focus on security. Regardless, in order to consume Firefox's loyal user base, Microsoft has to show that it can match Firefox's fast response when new security issues arise.

About the Author:
Michael Cobb, CISSP-ISSAP, is the founder and managing director of Cobweb Applications Ltd., a consultancy that offers IT training and support in data security and analysis. He co-authored the book IIS Security and has written numerous technical articles for leading IT publications. Mike is the guest instructor for SearchSecurity.com's Messaging Security School and, as a SearchSecurity.com site expert, answers user questions on application and platform security.

This was first published in December 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.