Monday, February 15, 2016

Is it time to stop using Firefox because it is less secure?

Firefox has been my favourite web browser for a decade. Recently I started using Chrome in Linux because it performs better on most web pages, but there doesn't seem to be a Chrome performance advantage in Windows. Experiences with Chrome show that it is a good browser, but I prefer Firefox because I prefer Mozilla over Google.

Nowadays, Google is the Microsoft of the Internet. They own some of the most popular web sites plus the most popular web browser. Advertising is their main source of revenue, which makes them bad for privacy. Potentially giving so much of my information to Google does not seem good.

It seems like Firefox has lost its way recently. New unpopular features were added, while old features were removed, upsetting some loyal users. There doesn't seem to be much real progress. I hate how it won't be possible to disable extension signing, which means you will need to install a different build if you want to use an extension which wasn't signed via Mozilla. However, all of that was ultimately acceptable.

What really made me stop and think was when Pwn2Own announced that Firefox won't be attacked because it is too easy. Looking at comments on several sites, I didn't really see a valid defense of Firefox. Instead, some people expressed an irrational conviction that Firefox is safe and doesn't need security improvements. Then I looked at statistics on exploits, comparing Chrome to Firefox. In 2015, Chrome had 8 code execution vulnerabilities, and Firefox had 83. Previous years show a similar pattern.

Is using Firefox in Windows unwise because it is less secure? Running it in Linux probably gives you security through obscurity, but I'm already using Chrome in Linux.

Firefox will eventually get sandboxing via Electrolysis, but when? It seems like that has been "coming soon" for a long time. Is waiting for it to be released a good idea?

1 comment:

kripken said...

Electrolysis is already enabled by default on Firefox Nightly, so one option is to use that, and you get multiprocess+sandboxing.