In this misleading and ill-informed article, Fred posits that
changing to Firefox–or Mozilla, or any similar software–because “it’s more secure” is a dangerous misconception; and demonstrably false
Incredibly, Fred is trying to tell us that Firefox is not more secure than Internet Explorer!
To back up his claims, Fred very carefully chooses quotes from the US-CERT site
In most cases in the more recent issues, you’ll see the list of IE’s vulnerabilities are fewer than those for Firefox, Mozilla, and the other alternate browsers
and from the Symantec Internet Security Threat Report
Between July 1 and Dec. 31, 2004, Symantec documented 13 vulnerabilities affecting Microsoft Internet Explorer. This is notably lower than the 21 vulnerabilities affecting each of the Mozilla browsers that were documented during the same period
All sounds pretty damning, right? Yes, until you do a little bit of research.
Firstly, Fred conveniently neglects to mention what classification the vulnerabilities have (high/medium/low) i.e. how potentially risky they are for your computer.
Compare the two graphs below (from Secunia) to see that for Internet Explorer 6.x – 42% of its bugs are highly dangerous or above whereas only 7% of Firefox bugs are highly dangerous.
IE is integrated into Windows to such an extent that vulnerabilities in IE frequently provide an attacker significant access to the operating system. It is possible to reduce exposure to these vulnerabilities by using a different web browser
For an unbiased review of vulnerabilities in both browsers, see the Vulnerability Reports on the Secunia website for IE 6.x and Firefox 1.x. Scroll down on these pages to see that Internet Explorer currently has 19 unpatched (some of which are highly critical and have been unpatched for more than a year) and 10 partially fixed vulnerabilities whereas Firefox has 4 unpatched (none of which are even moderately critical).
Finally and from a purely personal perspective – I frequently get support calls from clients infected by spyware and malware of all sorts. I have never had one of these calls from a client I have migrated to Firefox – it is always the IE users who get infected.
With this level of inaccuracy in his piece, you have to wonder about the motivation behind writing such a dangerous and misleading article…