Update 2006-08-08: This post is about the Firefox Myths article by Andrew K. I won't link to it here, since the author has spammed it on enough sites as it is, but you can find it using a quick Google search for "Firefox Myths". Don't confuse it with my own Firefox Myths article, which attempts to be more forthcoming and accurate.

This blog post was written some time back when I first learned of the Firefox Myths page. The Firefox Myths page has since undergone many changes, most of which were never recorded in the site's changelog, and much of my original post is no longer relevant. However, the site now has more problems than ever, and here is a list of some of the ones I have noticed, in order of appearance:

The article starts off with a disclaimer, which in part reads, "This page is not an endorsement for any web browser. This page is not a review of Firefox. This page is not a comparison guide." Despite this, he says at the bottom, "I recommend and use Avant Browser, the best of all worlds." and makes numerous comparisons and judgements of Firefox.

Next in the disclaimer, he says, "All Myths relate to running the default install of Firefox in Windows with no Extensions." and yet he occasionally makes a statement in the article that only applies to Firefox on Unix/Linux, always to make Firefox look worse. For example, for months he had claimed that Secunia lists an "extremely critical" vulnerability in Firefox. If you actually look at Secunia's data, you'll see that the only "extremely critical" vulnerability listed only applied to Firefox on Unix/Linux (not on Windows) and was fixed the day after discovery. He knew this, and yet for several months he refused to correct his page, insisting that his page was "irrefutable". Finally, he recently made the correction without any indication and still insists that his page is and was "irrefutable". Under "Patch Time", the article still refers to a vulnerability that only applies to Mac OS X.

The first actual myth response is accurate (although it's hardly what I'd consider a "myth") and the second is partially true. However, the "Example" of the "Firefox and Mozilla are Not for Profit" myth is actually not a myth. Firefox is not developed solely by Mozilla. Countless volunteer contributors work on Firefox without profit. There is a small group of developers who are employed to work on Firefox full-time, some of whom are paid directly by Google, but they certainly don't make up all or even the bulk of the Firefox development community.

He then goes into the system requirements. He looks only at the official statements from the respective vendors rather than some unbiased third party organization. Microsoft is known to publish the bare minimum system requirements at which the program is just barely functional. It's possible that Firefox has higher system requirements, but I would need to see it from a third party source.

The "Performance Myths" takes more data from potentially biased sources. In fact, the only source he uses for the speed comparisons is a self-proclaimed Opera fan who was later hired by Opera ASA itself. Potential bias aside, his method of testing is highly questionable. For each of his tests, he only performed three or fewer trials, and all on only one computer. There is way too much variation from trial to trial and computer to computer to consider that data reliable. In fact, I have personally attempted to reproduce his tests on a few different computers and the resulting order has been significantly different. For a proper study, you would need at least ten or twenty trials per test, each on at least five or ten typical computers.

In the middle of the Performance Myths, he makes a very bizarre statement: "The argument that components of Internet Explorer may load during Windows Startup is nullified by Opera's start times." Yes, Opera tends to start up faster than Firefox on Windows. What does that have to do with Internet Explorer? Windows was designed with much of IE's backend built into core system libraries that are loaded during system startup. By the time you click to open Internet Explorer, much of it has already been loaded. If it wasn't for the fact that Windows gives special treatment to Internet Explorer, the two browsers' startup times would be much closer. This argument isn't about user experience, but rather that if IE and Firefox were compared on a common ground, IE would not start up significantly faster. This argument is about code quality. Firefox's slower startup time is not a result of poor coding, but a result of Internet Explorer getting special treatment by the operating system design.

In the above statement, he makes it seem as though a faster startup time necessarily means better coding quality, but this isn't really the case. The main reason Firefox starts up relatively slowly is because of its extension and theme systems. All major browsers have some form of addon system, but Firefox's is unique in its flexibility and power. The entire interface is designed in a language called XUL, which loosely resembles the language used in webpages. This allows extensions and themes to have a level of control over the interface that addons for other browsers don't easily have. However, the complexity of it does have an impact on startup time. So it's a trade-off. K-Meleon is a browser that uses the same core backend as Firefox but without all of the XUL, and it is significantly faster at starting up. So no, it isn't poor coding, it's that the concept itself involves a trade-off.

In the next section, he claims that Firefox did not achieve 10% market share by the end of 2005. He cites two sources which support his point. Here are three major analytics companies that did report 10% market share of higher by the end of 2005:

• Onestat: 11.51% by November 2005.
• ADTECH: 12.41% by September 2005.
• XiTi: 13.08% by October 2005.

In fact, WebSideStory, the one analytics company he picked for his quote, has consistently reported significantly lower figures than almost every other major web analytics company around. It's important to remember that the figures produced by web analytics companies typically only represent the usage of websites that have purchased their products, which in WebSideStory's case are unusually expensive. Actually detecting the user agents and computing those statistics is very simple, so the accuracy of the statistics is mostly influenced by the number of websites studied and how well they represent the overall usage of the Web. Based on the prices of WebSideStory's products, I can't imagine too many websites are willing to pay for them when there are free services that are sufficient for most sites. My guess is this is the reason they are just about the only significant web analytics firm that still hasn't reported Firefox usage crossing 10% yet.

Next, he mentions that XiTi used to gather their statistical data only over weekends, when Firefox usage is generally believed to be higher, and therefore their results are moot. Well, the key there is "used to". They have since changed that policy and now report the average of an entire week, yet their Firefox usage results are still up above 20% in Europe. Their latest report puts it at 21.1% and even compares the weekend-specific data to the weekday-specific data, showing very little difference between the two (22.7% to 20.6%, respectively).

Then he mentions the 150 million download blooper, which was less of a myth and more of a one-day PR "oops". The download count legitimately passed 150 million just a few days after that, and is currently past 200 million.

Now we get to the Security section of the article, which is where the real absurdity comes up. He starts off saying, "Firefox is anything but Secure with multiple unpatched vulnerabilities allowing exposure of sensitive data to local users." Let's look at those vulnerabilities. According to Secunia, Windows users are currently exposed to 2 unfixed "less critical" vulnerabilities and 1 "moderately critical" vulnerability that has been partially fixed. Since security is very much a relative term, let's look at Internet Explorer: 13 "not critical", 8 "less critical", 10 "moderately critical", and 1 "highly critical" vulnerabilities that don't have complete patches yet (as with Firefox, I'm also counting vulnerabilities that were only partially fixed or only have a workaround solution). You don't have to be a rocket scientist to see that Internet Explorer is far worse than Firefox, especially considering that Internet Explorer vulnerabilities are much more likely to be exploited than Firefox vulnerabilities. But in case you need visuals, here are some graphs:

More graphs

But ignore all of those nasty statistics, he says, "You only need one vulnerability to be insecure." By his argument, it doesn't matter that Internet Explorer for Windows has been subject to a total of 12 "extremely critical" vulnerabilities over time while Firefox for Windows has never experienced any. It's sickening that people actually pay this guy money to service their computers.

He then takes it a step further and manipulates the numbers so it looks like Firefox has more vulnerabilities than Internet Explorer. Rather than counting the number of Secunia vulnerability reports (44 for Firefox, 104 for Internet Explorer), he counts up the number of individual bugs in each of the reports so that Firefox's total comes out to 125. Comparing apples to oranges (125 vulnerability issues to 104 vulnerability reports), Firefox turns out looking a lot worse than it really is. By the way, he also can't seem to count.

Next, he claims that Secunia lists 77 "Highly Critical" vulnerabilities (again, the total number of little bugs in each vulnerablity report). Plain and simple, this is a lie. Secunia does not give criticality ratings for the individual vulnerability issues. It gives a single overall rating for a report, which often represents the criticality of the most serious issue in the report. A cumulative patch may fix one highly critical vulnerability and a bunch of little "not critical" vulnerabilities, and the author of this article would count all of those little bugs as "highly critical" vulnerabilities. Not so.

In the "Most Secure Web Browser" section, the author makes a big goof-up. Originally, he said, "Some of the Firefox Fanboys have been trying to spread a new myth [...]", quoting a claim that Secunia waits for Opera to fix their vulnerabilities before publicly releasing the report. It was then pointed out that it was the Opera fan site, Opera Watch, which originated that quote. He was caught calling the maintainers of an Opera fan site "Firefox Fanboys". Rather than removing the statement, he added the nonsensical note "(not Opera Watch)" to the sentence. Um... what do you mean "not Opera Watch"? They made the quote in the first place!

And it certainly doesn't help his case that the Opera Watch quote is actually true: Secunia does wait for Opera to fix their issues before publicaly releasing the report. Even the e-mail he links to confirms this. The e-mail says, "When the Secunia Research Team finds vulnerabilities (in any product) we follow the guidelines written here: http://secunia.com/secunia_research/". That page then says the following: (emphasis added)

All vulnerabilities discovered by Secunia Research are reported directly to the vendors in a responsible manner, giving the vendor two weeks to reply with a confirmation and details about the expected release date for the security update. Secunia always wait for the security update - as long as the vendor keeps a reasonable time frame for issuing the update and actively co-operate with the Secunia Research team.

The author of the Firefox Myths article appears to have misinterpretted the quote as saying that Secunia and Opera have a special partnership. That is not what the original quote claimed. It quote was, "Opera usually coordinates its browser updates with Secunia, so that Secunia doesn't release any information about security vulnerabilities in the browser before a patch is made available." That is true, as Secunia has confirmed.

Patch time! The author says that, "Multiple vulnerabilities have remained unpatched for a long time." By "multiple vulnerabilities" of course he means one. He lists two, but the first one only applies to Mac OS X, and remember that he said in his disclaimer, "All Myths relate to running the default install of Firefox in Windows". So to keep everything on an equal basis, let's talk about the second one. Take a good look at it. "Cross-Domain Cookie Injection Vulnerability", less critical, released 2004-09-18, unfixed. Now take a look at this one. Look familiar? Internet Explorer has the exact same vulnerability, discovered at the exact same time, still unfixed. Not only that, but Internet Explorer also has 11 older vulnerabilities that haven't been completely fixed yet. You're saying Firefox is slow? Take a look at these statistics. All in all, Firefox looks tied up with Opera for the fastest patch time of the three browsers.

Then he pastes some random guy's rant about ActiveX. But not just any random guy, a random guy whose bio consists mainly of developing failed products, and then apparently writing "English about computers ever since". Too bad the sentence doesn't seem to be in English. Anyway, I'd take the time to debunk this guy's rant, but I'll let Microsoft do it for me: "An ActiveX control can be an extremely insecure way to provide a feature. Because it is a Component Object Model (COM) object, it can do anything the user can do from that computer. It can read from and write to the registry, and it has access to the local file system. From the moment a user downloads an ActiveX control, the control may be vulnerable to attack because any Web application on the Internet can repurpose it, that is, use the control for its own ends whether sincere or malicious." (Source).

If ActiveX didn't introduce security holes, then I could logically deduce that Secunia would have no mention of security holes caused by ActiveX. Let's test that hypothesis. The most recent report mentions a remote code execution issue related to COM objects. Looking at the official Microsoft security bulletin for it, it says, "When Internet Explorer tries to instantiate certain COM objects as ActiveX Controls, the COM objects may corrupt the system state in such a way that an attacker could execute arbitrary code." Strike one. Oh, but don't worry, the next Secunia advisory doesn't have an issue related to ActiveX. It has two. "A memory corruption error within the DXImageTransform.Microsoft.Light ActiveX control's parameter validation can be exploited to execute arbitrary code when a user e.g. visits a malicious web site." and "An error within the way certain COM objects, which are not meant to be instantiated in Internet Explorer, are instantiated can be exploited to execute arbitrary code when e.g. a malicious web site is visited." Hm... that second one sounds familiar. Oh well.

Oddly enough, the only myth debunking he does that actually puts Firefox in a pseudo-positive light isn't really true. He claims that Firefox's memory leak issues are actually due to page caching. He simply misinterpretted the explanation Ben Goodger gave. When Firefox 1.5 came out, some people complained that it used more memory than previous versions and appeared to use more and more as you navigate the Web. This observation was mostly due to page caching. However, Firefox does have real memory leak bugs as well, mostly on Windows platforms. They generally aren't as bad as those noticed in some of the Internet Explorer 7 betas, but they're there. The source he links to even admits this: "All versions of Firefox no doubt leak memory - it is a common problem with software this complicated."

I'm actually not sure if Opera supports Firefox-style page caching, but the author of Firefox Myths proved he's clueless about Opera's features when he began insisting that Opera's fast-forward and rewind buttons are equivalent to Firefox's page caching (he admitted that this is what he's referring to in his "Opera is able to do the same thing" link). Opera's fast-forward and rewind features simply attempt to detect what the next or previous page is in a logical sequence and it takes you there. For instance, if you follow a search result to a certain page in a book, Opera's fast-forward and rewind buttons will take you to the next and previous pages of the book, respectively. It isn't even close to Firefox's cached pages feature. Just read the pages he linked to; it explains it well enough. Why he insists on misrepresenting his sources is beyond me.

Next up are extensions. As I explained above, Firefox's extension system is a level beyond the addon system supported by Internet Explorer. As for Opera widgets, uh... those are not like Firefox extensions or IE addons. It would help if the author actually tried out the browser features before pretending to be an expert on them.

He tried to debunk the claim that Firefox blocks all popups. Okay, could he provide an example of where that claim was made? His example says, "Some web pages open endless pop-up advertisement windows. Firefox can stop these annoying windows from opening. This can save you time as there are no pop-up windows to close anymore." That's absolutely true. Popup windows are blocked. It doesn't say anything about fly-over elements in a webpage itself, which no major graphical browser stops by default nor can reasonably stop (You would need to disable JavaScript entirely or at least for the sources of each type of ad). Another type of popup that gets through is from plugins such as Flash, which are naturally somewhat beyond the scope of the browser. The browser has no way of knowing if a Flash-generated popup window was the result of user action or something automatic like an ad. By default, Firefox and other browsers go the safe route and allow all popups from Flash, but you can quickly disable them via an about:config option.

Later, he claims that Internet Explorer 6 supports tabbed browsing. Huh? Uh, no it doesn't, not without addons. Oh yes, he says, the MSN toolbar addon! Now hold on a second, he's comparing Firefox without extensions to Internet Explorer with them? That's quite the double standard. If Firefox doesn't block all popups (because you need to change settings or get an extension to stop the in-page ads), then Internet Explorer doesn't support tabbed browsing for the same reasons.

Now we get to where he talks about my standards support resource. He starts off by saying that Firefox has incomplete support for "many W3C standards including HTML 4.01, XHTML 1.1, CSS 2.1, CSS 3 and DOM." That's nice, except CSS 2.1 and CSS 3 aren't W3C standards yet. They are working drafts. A specification isn't considered a "W3C standard" until it reaches "Recommendation" status. Until then, it's basically an idea floating around and has no endorsement from the W3C. It should also be noted that Firefox's support for each of those technologies is dramatically better than Internet Explorer's, and more or less on par with Opera.

Then he claims that I was attempting to redirect people coming from his site away from the standards support summary. This is a lie. Here's what actually happened: At one point, my tables said that Internet Explorer 6 had some support for XHTML 1.1, because it supported some of the newly included elements as proprietary extensions to HTML. However, it did not actually support those element in XHTML itself, since Internet Explorer doesn't truly support any of XHTML 1.1. The XHTML 1.1 standard says to send the document with the "application/xhtml+xml" content type. This is the only correct content type for XHTML 1.1, and if you send it as "text/html" instead (the default), Internet Explorer and other browsers will actually treat it like regular old HTML despite the doctype and self-closing tags. I knew this wsa troublesome from the beginning, and I was considering changing Internet Explorer's support values for the new XHTML 1.1 elements to "N". Then, the Firefox Myths article said that my tables showed IE had better support for the new additions to XHTML 1.1 than Firefox. I responded by adding a paragraph to the standards support summary page explaining why Internet Explorer doesn't really support those changes. At first, the paragraph only appeared for people coming from the Firefox Myths article (although no one was ever redirected away from the page), but less than a day later I changed it so everyone saw the message regardless of where they came from. I then fixed the table and removed the message shortly afterwards. Somewhere in the meantime, the author of the Firefox Myths article added that "Update". But at no time did I ever try to hide my tables from those visitors.

Next he makes an even bigger lie, claiming that I've been redirecting Internet Explorer visitors on Web Devout to the "Browser Warning" page. Let's make this clear: Internet Explorer users visiting certain parts of this site (the Nanobox) get a one-time redirect to the browser warning page, but at no time did I ever do this kind of automatic redirect on Web Devout. Although the Firefox Myths article doesn't specifically say it, the author has claimed numerous times in public discussions that IE users visiting Web Devout were given the warning, which is simply a lie.

He then takes a quote from me out of context. I was talking with him in the Web Devout message boards and he pointed out my Internet Explorer is Dangerous article and accused me of putting bias into the standards support resource. I basically said what the web development community has been saying for ages: Internet Explorer's current lack of standards support makes web development a pain. My quote was, "Do I dislike Internet Explorer? Yes. Do I wish Internet Explorer would just go away? Yes. Do I intentionally lie to get people to switch? No. My IE warning page is no more propaganda than your Firefox Myths page, except I actually have facts and don't misinterpret my sources." It would be great if Internet Explorer could mature to the level other browsers are at, but until then, it's simply an annoyance for us. It forces us to dumb down our markup and designs or else bloat up the source and create accessibility problems. I don't dislike Internet Explorer just because it's from Microsoft or because it's closed source or any of that. I dislike it because it's old and behind the times compared to other browsers and it doesn't seem to be catching up (IE7 has made less progress over IE6 than the latest versions of Firefox and Opera did over their predecessors).

Then he says "Internet Explorer has very good support (81-86%) for the most important web standard, HTML 4.01." There are two problems there. First of all, in modern practical web design, people don't really care about HTML support. That is, HTML support isn't where the real bang-your-head-on-the-desk problems are. The main foci are CSS and DOM. Second, 81-86% isn't "very good support" when everyone else has better support. The current number is actually 80% for IE6 and 81% for IE7. And that's just looking at HTML 4.01. The overall support for HTML/XHTML is 73-74% compared to 85% in Opera and 91% in Firefox.

He mentions that I have been lowering my support ratings over time, implying that it's out of bias. If he had bothered to mention Firefox's and Opera's support values, he would have seen that they have been lowering as well. As time goes on, I find more and more browser bugs that previously went unnoticed. All values are expected to go down over time.

He says that W3C standards don't define a webpage. He is wrong. Tim Berners-Lee, the creator of the Web, invented HTML and founded the W3C. He originally defined what a webpage is, and he formalized the definition through the W3C. What is the Firefox Myths author's argument? A dictionary definition! Well gee, the definition doesn't say anything about a body element, so I guess body elements must have nothing to do with the definition of a webpage. You know, other than the fact that every webpage necessarily has one. It sure is good that doctors don't get all of their knowledge about diseases from common dictionaries or we'd all be in trouble.

Next up is the Acid2 test. He claims that the Acid2 test covers the most demanded web standards. I disagree. I know many people who want correct support for the title attribute in major browsers, but that went untested (I guess they couldn't figure out how to fit it into the smiley). Someone please tell me how Safari and Konqueror managed to pass this kind of test even with a huge bug in CSS background support. Let's face it: Acid2 primarily focused on Internet Explorer, and they also threw in a few things to give other browser developers something to do. The issues exposed in Acid2 should definitely be fixed in time, but from a web developer's point of view they were not necessarily top priorities for non-IE browsers.

No, Firefox 2.0 won't pass Acid2 because they are putting off all major layout engine work until Firefox 3.0 in order to have a more solid 2.0 release. David Baron's reflow branch passed Acid2 some time ago and it will be included in Firefox 3.0.

"10-15% of web sites aren't completely compatible with Firefox"? Weird, considering I practically live on the Web and never have to open IE except for seeing how much it messes up my website designs so that I can spend hours trying to hack it. Guess who did that study, by the way: WebSideStory. There's a shocker. It was from January 2005, when Firefox was new. Since then, Firefox has become a huge player in the market and countless sites have undergone extensive redesigns in order to support more standards-compliant browsers. The claim that Firefox doesn't support ActiveX is incorrect. There has been an ActiveX plugin for Firefox for a long time now. It just doesn't support it by default because there are so many security issues with ActiveX.

Most of what follows is nonsense that I'm not going to pick apart point-by-point. Basically, he received a ton of e-mail talking about factual errors in his page, which he simply ignores or misquotes in the sidebar. Oh yeah, you see those four quotes from me, David H., in the sidebar? Those are all butchered pieces of this and that, taken out of context, and glued together so that it makes it seem like I'm saying something I'm not. Many people have publicly complained about being misquoted there, but his response is to go and misquote you again. Here is an incomplete list of misquotes with links to the original sources.

Despite what he says in the page, he has been proven to lie about his identity and relation to the Firefox Myths article many times. Here is a list of his known two IP addresses (which have been spotted on over a dozen of his identities), his known aliases, and websites from which he is known to have been banned.

A somewhat aging spoof of his article is available here: Firefox Fables.

The following is the original post, for historical purposes:

---

When I come across an article that I feel I must comment on but doesn't have a public forum to do so, I like to express my thoughts here. In this case, I saw an article entitled Firefox Myths (Edit 2006-03-31: Link removed to reduce the impact of his rampant spamming. See this response: Firefox Myths.) which attempted to use my web browser standards support resource as evidence that Internet Explorer is superior to Firefox (Edit 2006-02-20: This was my impression of the page; the author claims it doesn't attempt to do this), and I had to respond. The following is the e-mail I sent the author of the article.

Hello, I am the developer of a resource you cited in your Firefox Myths article. You pointed to my standards support resource <http://nanobox.chipx86.com/browser_support.php> in attempt to show that Internet Explorer has better standards support than Firefox at least in regard to XHTML 1.1. I would like to explain why that claim is false.

For starters, I would like to provide a little background on XHTML and how it is supposed to be used. XHTML is supposed to be sent by the server with the content type "application/xhtml+xml". This content type triggers the XML parsing engine in the web browser. When it is sent as "text/html", web browsers treat it as if it was actually HTML with some oddities in the code (for instance, the "/>" in self-closing tags is interpretted by the browser as a markup error and the "/" is simply ignored, which causes unexpected behavior when you try to self-close elements that usually have an end tag). The CSS and DOM standards also define some behavior that is different between HTML and XML-parsed XHTML.

The XHTML 1.0 specification makes it clear that "application/xhtml+xml" is the only truly correct content type for XHTML, but it also allows websites to send the document as "text/html" as long as certain compatibility guidelines are followed. This provision only applies to XHTML 1.0. According to the specification, XHTML 1.1 must be sent as "application/xhtml+xml" or one of the other XML content types, not "text/html". Any website sending a document labeled XHTML 1.1 as "text/html" is in violation of the specification.

Internet Explorer does not recognize the "application/xhtml+xml" content type, and it will only view an XML document as a webpage if special hacks are used. Internet Explorer does not actually support real XHTML in any form, and the Internet Explorer development team has openly admitted this fact.

Microsoft added some very basic support for ruby markup in Internet Explorer before it was a standard. Internet Explorer recognizes this markup in HTML documents, which is not standard behavior by any W3C specification. The W3C standards allow for ruby markup to be used in XHTML 1.1, and a website is in error if it tries to make use of ruby markup in any lower version. Therefore, while Internet Explorer does support some of the relevant elements, it is ultimately irrelevant when you look at the full context: Internet Explorer doesn't support ruby markup in any form in which it is correct to use it.

Even to disregard the above argument, your very statement of the results of my tables was incorrect. My tables do not suggest that Internet Explorer has better XHTML 1.1 support than Firefox. It suggests that it has better support for the changes incorporated in XHTML 1.1 since XHTML 1.0. To claim that the browser has better support for XHTML 1.1, you must add up the information in HTML 4.01, the XHTML 1.0 changes, and the XHTML 1.1 changes. My tables provide that information on the summary page <http://nanobox.chipx86.com/browser_support_summary.php>, and it shows that Internet Explorer has 78% support for HTML 4.01 to XHTML 1.1, while Firefox has 83% support and Opera has 88% support.

It should also be noted that HTML support is not a major concern among web developers right now. The biggest difficulty in web design lies with Internet Explorer's incomplete and often incorrect CSS support. My tables show that both Firefox and Opera have about double the support for CSS that Internet Explorer has. In my own personal experience, which most web developers I talk with also share, developing a good, valid, accessible website that works in Firefox, Opera, Safari, Konqueror, and lynx often takes about half the time it takes to make the same website with only Internet Explorer and Firefox considered.

I would also like to take this time to address some other of your so-called denounced myths. Your argument about security was flimsy at best. Firefox currently has no serious known security vulnerabilities. Firefox has never been subject to a known remote code execution vulnerability on Windows versions. Meanwhile, Internet Explorer has a two-and-a-half-year-old remote code execution vulnerability still unfixed, as well as dozens of other vulnerabilities that are at least as serious as any currently unfixed Firefox vulnerability.

In addition to the number and severity of Internet Explorer vulnerabilities, Microsoft also has a very unimpressive record of fixing them, which is made clear in this resource: <http://nanobox.chipx86.com/security_summary.php>. You will notice that Microsoft has only fixed under a quarter of the vulnerabilities that have been open since the Firefox 1.0 release, while Mozilla has fixed almost seven-eights of Firefox's vulnerabilities. You will also notice that Microsoft takes about ten times as long as Mozilla to fix a serious vulnerability. This data comes from the same source you cited in your article.

In regard to performance, while I can't argue the test results, it should be noted why Internet Explorer is faster than Firefox in several cases. First, Firefox's user interface was written in the highly extensible XUL language which makes its unique extension system possible. This does cause a notable slowdown compared to browsers with native or otherwise less flexible UI widgets, but it wasn't done without reason, and the benefits of XUL should be properly weighed. Furthermore, Firefox has significantly more extensive and reliable web technology support than Internet Explorer. Internet Explorer takes many shortcuts and hasty assumptions in its webpage rendering that very often cause unexpected behavior. Some of the well known bugs are noted here: <http://positioniseverything.net/explorer.html>. The Internet Explorer development team claims to have fixed several of them since the first IE7 beta. What effect these implementation redesigns and bug fixes will have on performance, not to mention websites that rely on the bugs, is yet to be seen.

As for web page rendering, this problem is quickly solving itself. As more and more big corporations like Google, IBM, and Dell are throwing their weight behind Firefox, business websites that currently don't work in Firefox are being forced to make redesigns to accomodate for this growing base of potential customers. Websites that don't work in Firefox are typically due to either using ActiveX, which Microsoft is starting to hold back due to security issues, or relying on Internet Explorer bugs that will likely be fixed in future versions, thus breaking those webpages. The only reason that Internet Explorer is compatible with most sites on the Internet is that it has been so dominant in overall market share for so long, web developers couldn't afford to have their site not work in it. If Firefox was currently the dominant web browser and the majority of websites were built around it, Opera, Safari, and Konqueror would have no problem at all getting a foothold in the market since they all have very good standards support, but Internet Explorer in its present form wouldn't stand a chance.

While I believe it's very important to keep reality in check (for instance, your comment on tabbed browsing is accurate, although it may be mentioned that InternetWorks had tab support back in 1994), I don't see why you must present such an obviously skewed and misleading perspective on the situation. It would be a very difficult argument to make that Internet Explorer has better standards support than Firefox in any arena, or that Firefox is no more secure than Internet Explorer is, and you provided no such arguments. You linked to two resources that provided evidence against your claim. There is nothing wrong with stating that Firefox does not have 100% standards compliance (which no browser has) or that Firefox is not perfectly secure (which no browser is), but to pass it off, even indirectly, as evidence that Internet Explorer is somehow superior is simply distorting the facts. I don't know why you feel the need to spread FUD and attempt to stifle competition that has proven to be a big energy boost for the Web, but please don't lie about what my resource and other legitimate resources say.

Update 2005-12-20: The author has responded to my e-mail and corrected the W3C Standards section. Most of the revision is accurate, although I wouldn't say that Internet Explorer has good support for HTML 4.01 when it doesn't even recognize two elements, implements the q element incorrectly (for instance, if you didn't see quotes around that q, you're probably using Internet Explorer), and doesn't handle objects properly. I should also note that much of the Firefox Myths page is still quite misleading.

Update 2005-12-20: I'd like to share more of the e-mail conversation we've been having. I haven't asked permission to publicly post his messages, so I'll only post mine unless he feels like chiming in.

I have another thing I would like to point out. On your website, you link to the "Open Source Oopsies" resource. This is presumably to point out that Firefox also has rendering bugs. It should be noted that none of the bugs mentioned on that site exist anymore, and the resource itself makes note of that. In fact, the site directly praises Mozilla's quick response to rendering bugs. Considering the Internet Explorer side of the issue, also detailed on the same site <http://www.positioniseverything.net/explorer.html>, this resource seems to paint a very good picture for Firefox and a very bad picture for Internet Explorer. Once again, I would ask that you don't mislead visitors about the content of such quality resources by linking to them in the context of trying to put down Firefox. You pass these resources off as evidence to support your argument, and visitors would have to read each one to see that they do not in fact support your claims, but rather contract it. This is simply doing a disservice to everyone.

"Reality - Firefox has incomplete support of many W3C standards including HTML 4.01 and XHTML 1.1. Actually Internet Explorer supports XHTML 1.1 better than Firefox."

The second statement is false. You claimed that Internet Explorer is superior in this regard, when it isn't true.

"Reality - Firefox is anything but secure with multiple unpatched vulnerabilities allowing exposure of sensitive data to local users. You only need one vulnerability to be insecure. Arguing that Internet Explorer has more vulnerabilities does not make Firefox a secure Web Browser."

This clearly addresses the popular argument for switching from Internet Explorer to Firefox (no one uses a security argument for trying to get users of Opera or Safari to switch to Firefox, or vice versa). While you aren't necessarily claiming that Internet Explorer is superior in this respect, you are certainly claiming that Firefox is not superior to Internet Explorer, which just about every scrap of evidence from the resource you listed contradicts. By claiming that Firefox is not any more secure than Internet Explorer, you are effectively attempting to tear down the most stated reason for switching away from Internet Explorer, thus encouraging users to stick with Internet Explorer. Even though you didn't directly say that Internet Explorer is superior to Firefox in terms of security, you are definitely putting favor on Internet Explorer in this respect.

It would be more reasonable an argument to debunk the claim that Firefox is *perfectly* secure. No browser is perfectly secure, but Firefox is without a doubt much more secure than Internet Explorer, and you very directly say otherwise. You are trying to simplify it to either secure or not, and reality isn't that black and white.

"Reality - 15% of web sites aren't completely compatible with Firefox. Firefox is not 100% Internet Explorer and ActiveX compatible. Web pages that depend on ActiveX or were only tested in Internet Explorer (which there are many) will only render and work properly in Internet Explorer based browsers. Web page features such as Menus, Web forms or other content may not function or behave differently then intended. While Internet Explorer works with 99.99% of all Web Pages."

This argument clearly claims that Internet Explorer is superior in this respect, but I don't believe you are fully explaining the situation. This is not a fault of Firefox by any means. It is a fault of Internet Explorer -- one that they will end up suffering for the most as they try to move toward better standards support -- and lazy web developers. By claiming that users are better off with Internet Explorer in this respect, you are blinding the users from the future. By all estimates, Internet Explorer 7 will have more problems viewing webpages than Firefox has, because as Microsoft improves IE's standards support, webpage hacks that detect Internet Explorer will still feed it the correction code which will only cause problems now that the bugs are fixed. The obvious exception is proprietary tools like ActiveX. An ActiveX plugin is available for Firefox, and I am not aware of any problems it has. Also, ActiveX is slowly but surely being phased out as business websites realize that they must cater to other browsers or they will lose business.

Overall, your webpage generally says on most points that Firefox is no better than Internet Explorer or even that it is inferior. This is the only reasonable interpretation one can make from the content of your site, and I yet see no reason to take back my words. If you can provide defense for your article, I may reconsider my stance that you are spreading FUD and purposefully misleading information.

You directly said that Internet Explorer has better XHTML 1.1 support. Are you seriously arguing that that doesn't count as a claim that Internet Explorer is "somehow superior"? I am glad that you corrected the statement, but the fact remains that your wording throughout the document is very misleading in favor of Internet Explorer and you would be a fool not to expect people to interpret it the way I and many others did.

You call Firefox "anything but secure", yet the remaining unpatched vulnerabilities are trivial at best and its biggest competition has major vulnerabilities several years old. But you make it sound like one "not critical" vulnerability is no better than a thousand "extremely critical" vulnerabilities.

You say that Firefox is not a solution to spyware because spyware can always be downloaded manually by the user, but you don't mention that with a fully-patched Internet Explorer you can still get adware and spyware simply by visiting a site and not seeing so much as a dialog box. Don't say that isn't true, because it happened to me just a few months ago on a fully up-to-date system, regularly cleaned by AVG and AdAware. I was going to test a website in Internet Explorer, so I started up the browser, went to the page, did some searches, never once saw a dialog box, and then when I closed the browser and opened it back up again, I was presented with a screenfull of ads. That kind of thing just doesn't happen in Firefox, because Firefox isn't designed to run code on that level of operation without first getting approval from the user. Microsoft calls it a feature for seamless integration.

You are quick to point out that Firefox has incomplete support for web standards, but you don't balance it out with a note that Firefox is a leader in the area of standards support. CSS 3, for instance, isn't even a W3C Recommendation yet. It's in the Candidate Recommendation stage, meaning the spec is ready for browsers to begin implementing it and will reach Recommendation status once it's supported by a few different user agents. No browser is expected to have close to full support for CSS 3, yet Firefox is well on its way. Of course you didn't claim otherwise, but the fact is you didn't provide a balanced perspective. Your wording clearly shows the skewed angle. "Ironically Internet Explorer supports changes to the XHTML 1.1 standard better than Firefox, 39% to 24%, even without fully supporting XHTML yet." would be better worded something like "Ironically Internet Explorer supports changes to the XHTML 1.1 standard better than Firefox, 39% to 24%, although the additions rely on features it doesn't yet support that Firefox does." The point is that those additions are absolutely meaningless when you can't use them, and "even without fully supporting XHTML yet" doesn't deliver that important point clearly.

These are all examples of statements that aren't necessaily untrue, but are undeniably misleading and constantly in favor of Internet Explorer. The reader naturally interprets your page as saying, "Firefox is insecure. Firefox has bad standards support. Firefox is nothing new or special." and they're forced to dive into your links and do the research themselves if they want a more accurate picture (which most readers won't do). Like I said, this is doing a disservice to your readers, who expect a page such as this to have already done the research and present the information accurately and in context.

In regard to my site, you can surely infer that I think Opera has better HTML support than Firefox. You can infer that I think all browsers have pretty darn good ECMAScript support. However, if I was to only present one column -- Firefox -- that would be quite a different story. One might then infer that I think Firefox has terrible CSS support when in fact, if you put the information in context with the other browsers, you can clearly see that Firefox's CSS support is actually very good. Again, the issue here is not about you directly saying that one browser is better than another, but about you *indirectly* suggesting it by only looking at the one browser with no perspective (except when you truly do have a bit of data, however incomplete, that appears to make Firefox look worse than IE) and focusing only on the shortcomings of it. Most of the points on your article look at Firefox's glass as half empty while ignoring IE's glass or saying that it's full enough. There's nothing wrong with denouncing myths, but if you don't do it in proper context, people naturally interpret it as a biased argument.

Update 2005-12-20: It seems he wishes to end the discussion, so here is the conclusion:

I have applied every automatic update I have been given by Windows XP's Windows Update system. That's the best you can expect from over 95% of the Internet Explorer users out there. I'm by no means an expert on Windows security, but I do know that I did nothing that should have allowed a piece of adware to be installed on my system. I was searching for a good example of a CSS dropdown menu that works in Internet Explorer, I went to several dozen websites and didn't keep track of them all (I didn't know I just got infected with something), and next time I restarted my browser (only a few minutes later), my screen was filled with ads and my homepage was changed to something I never visited. I don't know what you call it, but I call it a problem. I assure you I never gave consent for anything of the sort to be installed, and my browser configuration was exactly what you would expect most up-to-date Internet Explorer users to have. I had SP2 and every automatic update Microsoft provided.

I did not apply all of the workarounds Microsoft has, because quite frankly, who does? Microsoft recommends that you manually remove certain ActiveX components, never have more than one window open at a time due to injection vulnerabilities, and it even says not to click on links. I honestly don't care if a workaround is available, too few people will ever really use the workaround to claim that it's a legitimate fix. It's fixed when the fix comes to the users through the regular update system if such a system is expected to serve that purpose. If Firefox had a remote code execution vulnerability, I don't care if it could be fixed just by adding a dumb bookmark or something, it still isn't a complete fix.

As for your page being misleading, I believe I have clearly presented my case. You haven't yet properly defended yourself with anything but a "nuh-uh" response. As I have said before, it doesn't matter if every individual fact you present is true (which I don't believe is the case anyway), it's still presented in a clearly misleading way. You call a web browser with no major known security vulnerabilities insecure on the same terms as a browser with an extensive record of remote code execution vulnerabilities and an extremely low percentage of vulnerabilities fixed. If you don't believe that is misleading, then perhaps you shouldn't be trying to write an rticle that attempts to debunk misleading claims.

I am not an anti-IE fanboy. Like you say, the facts are clear. But the difference is that I look at all of the facts, not just the ones that favor my preferences. I have defended Internet Explorer on news sites and public discussion forums countless times. On news articles that praise Firefox, I very regularly correct their false claims such as Firefox being 100% standards compliant or being the first browser with tabs. I am very willing to point out the flaws in my personal favorite software. But I am careful not to overcorrect. Firefox doesn't have perfect standads compliance, but I wouldn't tell someone that without making sure they understand that it still has darn good standards support. On the other side, when someone claims that Internet Explorer "doesn't support any of the web standards", I point out that it does, just relatively little. That's what I believe you need to do in your article. Don't just say that Firefox isn't perfectly secure, also mention that it does have an impressive track record on security (as does Opera). Don't just mention that Firefox doesn't have perfect standards support, mention that, like most browsers, it's better than Internet Explorer and is even a leader in some areas. Don't just mention that year-old questionable figure about 15% of the Web being incompatible with website (which, by the way, was a loose interpretation of what WebSideStory actually said, and you don't want to make the mistake of interpreting something!), mention that that percentage is quickly decreasing and that some believe this likely won't be a significant issue in a year or two.

By the way, speaking of presenting both sides of the issue, would you like to give me permission to post your e-mails verbatim on my weblog? I'm currently posting my reponses, but I would prefer that the public gets to see your arguments as well.

His reponse was a very direct no, and he made me aware that I do not have his permission to post anything about him ever. How fortunate it is that you don't need someone's permission to talk about them. He also expressed that I have misquoted him, which I apologize if I did, although I do not recall passing anything off as an actual quote from him other than text I copied and pasted from his website. So with a swear word and a lot of caps, he basically showed no interest in me publicly displaying his messages, and I will honor that request.

He insists that it is impossible that I got adware on that machine if I had SP2 installed and MSJVM removed. I know for a fact that I had SP2 and that the Windows Update icon claimed that no updates were available. The Firefox Myths webpage says that SP2 automatically removes MSJVM from the system, so if what he says is true, it must be impossible that I got adware on the system. I guess I must have used System Restore for no reason then.

By the way, he also wanted me to let everyone know that you should install SP2 and remove MSJVM so that you don't experience the problem that I had with SP2 installed and MSJVM removed. Because Internet Explorer certainly doesn't have any remote code execution vulnerabilities without automatic fixes, especially not this one, this one (which wasn't yet fixed during the incident in question), or this one. And I'm sure Secunia knows about every vulnerability as well.

Well I'm done with this game. It's just yet another misleading website from someone who probably sleeps under a big Windows logo, and I'm sure we're both sick of this pointless argument by now. I'm off to get some food.

Update 2005-12-21: Oh, one last little thing: I should note that throughout the day he has made several changes to the Firefox Myths page, although not a single one has been noted in the changelog.

Update 2005-12-21: Ugh. Okay, when I said, By the way, he also wanted me to let everyone know that you should install SP2 and remove MSJVM so that you don't experience the problem that I had with SP2 installed and MSJVM removed. that wasn't an actual quote from him. It was paraphrasing with my own sarcastic remark thrown in. Like I said, I did not quote anything from his e-mail responses in this blog post, because he didn't give me permission to. I hope that clears up the heaps of confusion I'm sure all of you smart people are having.

Update 2005-12-27: The Firefox Myths page has been updated to add another lie about my website. The author claims that I have deliberately made parts of my site to be broken in Internet Explorer. This is incorrect. The "personal site" part of my website was designed from the very beginning to work fine in all standards-compliant web browsers, and I refused to add special hacks just to make Internet Explorer work. None of these webpages were designed to deliberately break Internet Explorer; the fact that Internet Explorer makes a mess of it is due to its lack of standards support, and future versions of Internet Explorer will display this website more correctly. The one exception here is the weblog, which I specifically added hacks to in order to make it look not so bad in Internet Explorer, due to the relatively high traffic. In other words, I add hacks only to make the page look better in Internet Explorer, not the other way around.

Internet Explorer users also get an extra box on the page recommending that they switch to a standards-compliant web browser. If they actually are using a standards-compliant web browser (heck, even if they're using Internet Explorer 7 or higher), there is a style rule that hides the box, assuming the browser supports the basic CSS 2 selector (which Internet Explorer 6 and below do not). So the webpages should look the same in any standards-compliant browser, whether it's detected as Internet Explorer or not.

On my personal site, I also give Internet Explorer users a one-time redirect to a targetted message saying why their web browser is dangerous both to them and to the Web as a whole. There is a link near the top that allows the user to continue to the page they were trying to get to. The webpage uses a cookie if it can, or else rewrites all links on the site, so that the webpage remembers not to send the user to that warning again.

So to summarize, I don't deliberately break my site for Internet Explorer users any more than a typical website that doesn't work properly in Firefox was designed to deliberately break Firefox. The difference is that I'm writing my site to work in any browser that follows the standards, and as a result, future versions of Internet Explorer will progressively get better at viewing my website, rather than the other way around. Even if every browser is handed the same code (which you can see the results of here: Nanobox, the website works perfectly fine in Firefox, Safari, and Konqueror, and has only one very minor bug in Opera that is partially fixed in the Opera 9 technical preview, yet Internet Explorer makes a mess of it. I'm not deliberately breaking anything, I'm just deliberately *not* spending extra time bloating up my code to work in outdated browsers, no matter how high their market share happens to be. I would never do this on a business website, but that's a different story. I also make sure Internet Explorer 6 can view my web development resources reasonably well, although Firefox, Opera, Safari, and Konqueror do support some of the usability features that Internet Explorer doesn't, and that again is due to lack of standards support that will probably be added in Internet Explorer 7.

I would also like to point out that the website claims it is NOT an endorsement for Internet Explorer, yet at the bottom it straight-out recommends Avant Browser, which is Internet Explorer with user interface enhancements. Time and time again, this guy has proven himself to be a chronic liar and manipulator.

By the way, here is the message I was giving to people who came from the Firefox Myths page. It was simply inserted above the summary table when a user followed the Firefox Myths' Source link to my resource.

The article you have just come from states that Internet Explorer has better support for the XHTML 1.1 changes than Firefox. It should be noted that although Internet Explorer does support some of the relevant elements, it does not support them in any fashion in which it is correct to use those elements. Internet Explorer only supports the elements as proprietary extensions to HTML. True XHTML 1.1 must be sent with the content type "application/xhtml+xml" or a generic XML content type, which Internet Explorer does not recognize as a webpage without the application of special hacks.

I would appreciate an explanation of why the above message is considered to be biased. I was simply stating facts. Is the author of the Firefox Myths page implying that I'm expressing the facts in a manipulative way? Funny, considering that he repetitively argued in the e-mail conversation that his article couldn't be manipulative since it only told the facts.

I see the article now also cites my resource as evidence that Opera is the most standards-compliant web browser. The author of Firefox Myths doesn't point out that my resource doesn't yet include Safari or Konqueror, which is right up there as well. Furthermore, my resource certainly suggests that Firefox is more standards-compliant than Opera, if only by a little (and well within the margin of error). Opera is only ahead in HTML support, which isn't a big concern in web development anymore. Most of the real web development work is with CSS (or DOM and ECMAScript if you're making a web application). HTML support or lack thereof almost never causes problems in web design anymore.

Update 2005-12-30: I would now like to more thoroughly point out the current problems with the Firefox Myths page.

Problem #1 (Lie): The page claims This page is NOT an endorsement for Internet Explorer or Opera and it is NOT a Comparison Guide, yet at the bottom it clearly endorses Avant Browser, which is just Internet Explorer with UI enhancements. It also makes many comparisons among Internet Explorer, Firefox, and Opera.

Problem #2 (Bias): The speed comparisons (wait, this article isn't supposed to make comparisons, right?) are taken from the personal site of an Opera employee. And what do you know, Opera comes out as the fastest browser across the map. I have begun making my own speed tests to see how accurate the cited article is, and, at least on my computer, results are quite different. Here is a preview of the page I'm making: Web browser speed summary.

Problem #3 (Fallacious logic): The article equates secure with perfectly secure, which of course are two totally different claims. Furthermore, it slaps the label insecure on anything with at least one vulnerability, effectively claiming that Internet Explorer and Firefox are equally insecure, which of course is total nonsense. Perhaps a better source to cite is this: Web browser security summary

Problem #4 (Misleading/lie): The article claims that Opera is the most secure browser, without taking into account other browsers like lynx.

Problem #5 (Ignoring the facts): From the article:

Internet Explorer with Windows XP Service Pack 2 installed provide the exact same level of Spyware security as Firefox. SP2 includes a built-in Pop-up blocker, an ActiveX installation warning system and removes MSJVM from the system. This eliminates all the known security exploits some Spyware applications used to auto install themselves. Anyone who claims Internet Explorer cannot be secured from Auto-installing Spyware either doesn't know how or is lying.

This argument doesn't take into account the fact that several remote code execution vulnerabilities have been found in the last few years that cause the browser to accidentally execute arbitrary code given by the website. These kinds of vulnerabilities can be used to install software with no indication to the user. One such vulnerability was patched just two weeks ago. It's a hasty and misleading assumption that all of these vulnerabilities have been found and fixed. In the last year and a half, five extremely critical vulnerabilities have been found. That's an average of one every three or four months.

Problem #6 (Not telling the whole story): The article claims that Firefox doesn't block all popups. This is true if you're only looking at the default settings. By default, Firefox tries to block all popups other than ones perceived to be user-requested. Normally this works fine, but the way the plugin API is designed, Firefox has no way of knowing if a popup from a plugin is user-requested. To be safe and not hurt legitimate functionality, Firefox allows all popups from plugins. If this behaving isn't desirable, there are about:config options you can use to block all popups from plugins, and even all popups period if you want.

Problem #7 (Define very good): The article says that Internet Explorer has very good support for HTML 4.01. HTML 4.01 is the oldest standard covered by my resource. It's also arguably the most simple standard of the bunch to implement. I wouldn't claim that Internet Explorer has very good support for HTML 4.01 when it's the only major browser that doesn't recognize all of the elements (it's missing two) and also makes a mess of the object element.

Problem #8 (Misinterpretting the situation): The article says, Ironically Internet Explorer supports changes to the XHTML 1.1 standard better than Firefox, 39% to 24%, even without fully supporting XHTML yet. The phrase even without supporting XHTML yet is misleading. Because it doesn't support XHTML, you can't make use of those changes. From a web developer's point of view, the XHTML 1.1 changes section might as well be 0% for Internet Explorer. See my note at the bottom of the standards support summary page for an explanation.

Problem #9 (Passing irrelevant information as relevant): It seems the author felt like talking about the Nanobox — my personal site — just below the link to my standards support page — part of Web Devout. Dispite how it sounds, the comments he makes about the Nanobox have nothing to do with the standards support document he links to. Web Devout has always worked in Internet Explorer 6 and will continue to, and Internet Explorer users visiting Web Devout have never been redirected to another page based on what browser they're using.

Problem #10 (Lie): It cites my resource as evidence that Opera is the most standards compliant Web Browser. First of all, my resource clearly shows that Firefox is slightly ahead of Opera overall (in particular, note the Perspective section on the summary page). Also, the Firefox Myths article ignores Safari and Konqueror, which are right up there as well.

Update 2006-01-20: Since my last update, a lot of new information has come up about Andrew K., the author of the Firefox Myths article. He has posted messages on countless websites under many different pseudonyms, all claiming at some point to be a different person from the actual author or otherwise deliberately misleading about his identity. Some of these pseudonyms include Mastertech, GeneralAres, FFeLEET, Realist, Mike G., and Andrew. Mastertech, who used to pretend he wasn't the author (notice in this post he deliberately refers to the author as he instead of I) but now openly admits it, still denies that he and "Andrew" are one and the same, although I think anyone with half a brain can put two and two together. The other pseudonyms have been confirmed by the respective sites' administrations to be the same person.

Andrew K. has trolled on countless websites, has been banned from many of them, and has also ban evaded, which is against his ISP's terms of use (accessing a service without consent). He has personally advertised his site on about a hundred different message boards without coming straight out and saying that he wrote it (after all, that would be regarded as spamming, another bannable offense). All of this, and he still claims that I'm the one being dishonest. I think the facts speak for themselves.

Update 2006-01-26: The Firefox Myths article now has several false quotes in the sidebar, including ones from me, Asa Dotzler, Robert Accettura, and others who have spoken out against this article. He took statements totally out of context, often statements that weren't even about his article, and passed them off as testimonials about his webpage. The statements from me were actually parts of sentences cut and pasted together to make it sound like I was making negative statements about Firefox. What he is doing is illegal and grounds for lawsuits, but he doesn't seem to care.

Update 2006-01-28: After a lot of feedback on this post, including a couple of complaints that I didn't go as deep into my points as I should have, I have decided to reconsider my decision about posting Andrew K.'s e-mail responses. Andrew has continued to lie about statements and actions made by myself and others, and he has ignored several of my reasonable requests, including a request that he remove my quote from his Testimonials section (given that the quote wasn't even about his article and there were meaning-changing omissions). Because of these actions, I feel justified in going against his request if it means my readers will get a more complete picture of the subject. The reason I did not dive into my points as deeply as I could have in my e-mails to him is that he wouldn't even acknowledge most of my points, flat-out ignoring them. From my point of view, it was much like having a debate with a wall. The following are all of Andrew K.'s e-mail responses in this conversation, presented in full and in order, unalterred with the exception of a censored cuss word in the last e-mail and reply quotes removed to save space.

His first response, after my second e-mail:

David,

I really concerns me you are attempting to say I am in any way claiming
Internet Explorer is superior to Firefox. If you wish me to seriously
consider what you have to say. I STRONGLY suggest you change what you
have to say about what I DID say. I have no problem rationally discussing
something but I am not about to listen to people put words in my mouth.

Let me know if you wish to reconsider.
Andrew

Did you get the email I sent you?

After my third e-mail:

No you make unfounded assumptions:

"but to pass it off, even indirectly, as evidence that Internet Explorer 
is somehow superior is simply distorting the facts."

At no time did I say Internet Explorer was superior and you know that. 
Just because you and everyone else read into this how you wanted does not 
change what I actually said. You want me to make corrections to a page 
that you can't even quote correctly?

Your "interpretation" is not what I actually said. I can "interpret" from 
your web page you think Opera is the best browser ever and every other 
browser is crap. Now is that what you actually said? No.

What my web page does it point out common Myths I hear all the time about 
Firefox that are simply not true. Anyone reading the sources can see 
Firefox is a decent Web Browser as I mention in the top of the Guide. 
Which everyone conviently does not read.

After my fourth e-mail:

On Tue, 20 Dec 2005 15:33:40 -0500, David Hammond <nanobot@gmail.com> 
wrote:

> You directly said that Internet Explorer has better XHTML 1.1 support.
> Are you seriously arguing that that doesn't count as a claim that
> Internet Explorer is "somehow superior"? I am glad that you corrected
> the statement, but the fact remains that your wording throughout the
> document is very misleading in favor of Internet Explorer and you
> would be a fool not to expect people to interpret it the way I and
> many others did.

Nothing is misleading. The Facts are clear. You interpret it the way
you did because of your animosity towards IE and you misconceptions
about its security as you have demonstrated below.

> You call Firefox "anything but secure", yet the remaining unpatched
> vulnerabilities are trivial at best and its biggest competition has
> major vulnerabilities several years old. But you make it sound like
> one "not critical" vulnerability is no better than a thousand
> "extremely critical" vulnerabilities.
>
> You say that Firefox is not a solution to spyware because spyware can
> always be downloaded manually by the user, but you don't mention that
> with a fully-patched Internet Explorer you can still get adware and
> spyware simply by visiting a site and not seeing so much as a dialog
> box.

That is because that is an outright lie. Show me the link you went to and
I will personally go there and test it. With SP2 and MSJVM removed nothing
can install without you wanting it to.

> Don't say that isn't true, because it happened to me just a few
> months ago on a fully up-to-date system, regularly cleaned by AVG and
> AdAware. I was going to test a website in Internet Explorer, so I
> started up the browser, went to the page, did some searches, never
> once saw a dialog box, and then when I closed the browser and opened
> it back up again, I was presented with a screenfull of ads. That kind
> of thing just doesn't happen in Firefox, because Firefox isn't
> designed to run code on that level of operation without first getting
> approval from the user. Microsoft calls it a feature for seamless
> integration.

It happened because you have no idea what you are doing, either

A. You never installed SP2 or
B. Never uninstalled MSJVM

Just because YOU do not know how to stop Spyware does mean it cannot
be done. See here what YOU are doing is spreading FUD about IE.

After my sixth e-mail:

Until you provide a link of your "alleged" automatic
infection. I will take your experience as BS.

This isn't complicated. You either have the Active X
warning system disabled in IE SP2(which has to be done
manually)

Or you have MSJVM installed.

And yes with both of these done, what you experienced
will not happen.

Do me a favor now that you know. try spreading the
word that people should install SP2 and uninstall
MSJVM so they don't go through the problem you had
again. But of course you will never do this as it
would not help your anti-IE cause.

Why solve a problem when you can lie about it?

My **s, you already misquoted me and made false allegations and
have refused to correct a single one. The answer is NEVER.

NO YOU DO NOT HAVE PERMISSION TO POST ANYTHING ABOUT ME OR
MY EMAILS ANYWHERE EVER.

Remember, those so-called false allegations were just the statement at the beginning of this blog post which said that the Firefox Myths page attempted to show that Internet Explorer was superior to Firefox. Note that I never tried to pass this off as a quote from Andrew K. or the article. It was simply my interpretation of his article, what I hold to be a reasonable interpretation, the same interpretation held by hundreds of other people, and the interpretation I still hold, judging from his decisions in regard to the article, his message board conversations, and his history.

You may notice that the only point of mine that he even responded to was the fact that my fully-patched Internet Explorer got a drive-by malware infection, and his response to that was saying that I'm lying, that I never got that malware infection, that it's impossible. Well obviously it isn't, because it happened, whether Andrew K. wishes to accept it or not.

Update 2006-02-14: If you want to see the (not so) brilliant debating skills of Andrew K. (Mastertech), check out this thread. Toward the end, it seems he isn't even trying anymore, completely acting like I don't exist and dismissing every factual rebuttal with no excuse as to why he's dismissing them. He's adding bizarre myths such as that W3C recommendations aren't web standards (which I can only assume was a misinterpretation of my arguments that CSS 2.1 and CSS 3 aren't web standards until they make it to recommendation status), and if you look at the source HTML of his page, you can see he's attempting (and failing) to prevent anyone who is using Firefox's AdBlock extension from viewing his page. Meanwhile, he's still trying to claim that he doesn't care if people click on his ads and that all he wants is feedback about his article. This guy is one of the most bizarre people I have ever met, and he seems to get more and more desperate as time goes on. Luckily no one on these forums is really buying his nonsense anymore, but it just bugs me to know that there are probably some people who are still gullible enough to believe his bundle of lies and deceit.

Update 2006-02-20: Mastertech has now been banned from digg for rampant abuse of the system, namely spamming his site in 24 new stories and many times more comments. I have a strange feeling he'll be back.

MasterTech, as he so incorrectly refers to himself, has been a laughing stock of major internet tech forums for quite some time now. I felt chills while reading your article, which I can really only describe as "sheer ownage".

thanks for taking the time to respond to that article. i wish he would have given permission to post his email responses, that would have been some entertaining reading worth a second cup of coffee.

See here: here and even on the Mozilla Forums.

The article was written by Andrew K. Mastertech has sometimes claimed to be Andrew K., sometimes denied it: he once claimed to be called Vincent. On several forums, Mastertech has been challenged about whether he is in fact the same person as another Andrew, responsible for anti-Firefox postings on a blog/forum site. He has always denied this, but sugessted that the Site responsible for the Firefox Myths article and the anti-firefox blog might be written by the same person. Mastertech/Andrew K/Andrew/Vincent does indeed crop up in many locations, and does seem to be a glutton for punishment. I for one would like to get to the bottom of this mystery. Is it a Jeckel and Hyde story, or a case of mistaken identity? A small lie seems to prove a bigger one here.
http://205.177.13.145/forums/viewtopic.php?p=350374&sid=80b45b219c617da4a6e8c8dc7599d04f

The guy obviously has no ide whats hes talking out and its obvious that the article is an attempt too stab Firefox - the guy needs a reality check.

Cheers,

Ryan Jones

Sorry too post again but did you know this guy is going around peoples forums and posting this article saying that your sources are biased ans should be ignored and yet he quotes them quite clearly in his article?

He just got banned from a forum I use for spamming, all the bettwe.

Cheers,

Ryan Jones

Very nice job: I was pointed here from the Wikipedia article on Firefox.

Seem like Andrew K. don't like the truth (he calls it bias) so he changed the link for your "Web browser standards support summary" into http://www.google.com/search?hl=en&q=http%3A%2F%2Fnanobox.chipx86.com%2Fbrowser_support_summary.php&btnG=Google+Search

You all amy be interested too know hes making a new 1.0.2 version so be ready for Nanoboxes new updated article too :-)

And you all may be intereted in the discussion at the forums where he is making himself look like a complete idiot:

http://nanobox.chipx86.com/forums/viewtopic.php?p=281

Cheers,

Ryan Jones

This Mastertech also posted such link on deviantART's forum

http://forum.deviantart.com/os/xp/563523/

I just want to say, keep up the good fight.

That article is utter crap, and people need to know it.

I looked at your site on the W3C Validator and everything checks out.

http://validator.w3.org/check?uri=http%3A%2F%2Fnanobox.chipx86.com%2Fblog%2F2005%2F12%2Fre-firefox-myths.php

Okay, Firefox has issues, and I hope that nobody denies this, but that guy posted crap!
He created an anti-firefox campaign, with personalized banners....it's a nonsense.....all this work.....why? damn It's only a browser!!!! this guy should really get a life.
thank you for a sane response to this nonsense :-D

It seems he's a fan boy for all the bad software. He's got several links for Diskeeper 10, which if you do the offline defrags that it recommends, stands a good chance of corrupting the data on your drive.

Funny, you are such stereotype agressive firefox fanboy. Put a smile on you're face for a change for a change, have some fun in life, and let it rest...

I became suspicious of MasterTech's (snicker) article the moment I saw this at the top of the web page...

"Legal Notice - Reproduction of this page in whole or in part is strictly forbidden. This guide and ALL versions thereof are protected by copyright under the Digital Millennium Copyright Act (DMCA). ..."

in bold-face right at the top of the page. While most content-providers like the New York Times find it sufficient to provide a small (c) notice at the bottom of their pages, Mr. Tech here wishes to show his readers who's the boss right from the get-go and that the controversial Digital Millenium Copyright Act is locked and loaded for each and every web surfer thinking about usurping this fine example of creative genius.

coupled with the facts-to-fit-the-agenda analysis and the empowering Firefox Myths logo, I smell an anti-social personality disorder.

A comment from one "Anonymous" was rejected due to foul language.

To the reply two up, I consider web browser usage quite a sensitive area because so much relies on alternative browsers gaining momentum. As a web developer, Internet Explorer is the single biggest thorn in my side. Internet Explorer creates significant limitations in how a webpage can be written and the features it can have, and it also significantly increases the development time and workload (all of those "bang-your-head-on-the-desk bugs", as Chris Wilson called them). If only IE's market share drops to second or third place, that will be enough to force them to really compete again. The Web needs this to happen.

Now, I'm not advocating the use of any and all methods at your disposal to reduce Internet Explorer usage. But when something like Firefox Myths comes up and puts unfounded doubt in people who would otherwise consider switching to an alternative browser (and no, Avant doesn't count), that isn't something I'll stand for, especially when the author is using illegal tactics to promote the message. How would you feel if someone was spamming something around the Web that could help prolong some of the most stressful elements in your job?

I have given my own commentary regarding the issue of firefox Myths. These are my opinions nor do I know Andrew K or Nanobot.

I think that guy just wants to receive a lot of valid email addresses for spamming.

He has no other way to leave a message on the page.

He is lying about something we love, causing reaction a to reply somehow.

He might also be payed by Opera , MS, or GoogleAdds.

To paraphrase the Electronic Communications Privacy Act of 1986 "...consent from a party to the communication (one party in an e-mail correspondence can publish the orrespondence without the permission of the other person and without incurring liability under this Act)..."

Rough translation, there is absolutely nothing he can do if you post the entirety of his emails to you. You are completely within your rights to post in part or full the content of any electronic messages that the little bastard sent your way.

Keep up the good work and have a nice day. ;)

It isn't a matter of legal rights, it's a matter of common courtesy. Sometimes you have to keep up your standards of decency even against the most indecent of opponents.

I respect and admire your decision. I merely wanted to inform you that you were under no obligation to respect this little idiots wishes.

Also, even though your intersparsed narrative is well written, it would be nice to see the back and forth language of the emails.

If nothing else good comes of this, at least I've learned of your valuable resource. It's good to see that there are still a few people online that can do honest research. ;)

You are so egoists and fanatics, that when you see any bad Firefox comment, you're gathering like a payed group from Mozilla.
How stupid is this?
Every program has it's good and bad functionality. If it's working fine to you, then use it and shut up. You don't need to be a sheep and follow the trend about Firefox or Linux or anything... stop comparing and nugging and use what you like!
"Baa, baa, baa, baa, baa, baa".

I'd just like to congratulate you on an excellent arguement with what is quite possibly the most frustratingly cretinous poster i've ever encountered, i think he needs to join US defence services to help dream up dossiers, he seems to be rather good at making "quotes" that don't exist at the stated sources.

No one said Firefox was perfect but to recommend using a rebadged IE browser based on scare tactics and FUD is unforgivable.

Use of an alternative browser technology is becomming more and more important now that IE is being restricted to the windows platform, cross platform standards compliant browsers are what matters in this day and age.

weird... he actually trying to compare something (firefox) with something else (ie) with different version (ie6sp1 and ie6sp2), on different comparison (various). In the requirement myth he wrote the minimum requirement for IE6 SP1 while in the other part he write for the updated, Windows XP SP2 ONLY (which has higher requirement), IE6 SP2

Myth - "Firefox is a web browser"
Reality - Firefox is a cannibal plant that grows on the subway of certain villages from Pacific Ocean. We don't really surf, it's just an illusion.

I am suprise to Andrew trying to tell the public that IE is better than FF....

Well... i think FF is better in W3C support and security... But not really better in speed/system req.

While compare FF w/ Opera... FF lost in 90% ....

I still use FF for development...

It's fun to see, how people start to become personal, when they have nothing to say to the point. All those guys, throwing mud at author because he dared to say FF's not perfect, really can't produce any proofs, so they just bark.

In my opinion, FF offers some useful features like neat page search, download tool and tabbed browsing, but certainly, it's not an ultimate browser, and it's nothing horrible in saying this in public.

I agree with your debunking of the "Firefox Miths" page, and moreover I feel to add to the discussion a further notable article:
http://www.schneier.com/crypto-gram-0601.html#5
that links a well conducted analysis of FF and other browsers security... and the title says it all about IE!

I have a image that you can use to rebutt his image
img

Please copy the image as much as you want !!
i will take it down i day or 2

tyo be honest people, FF has a long ways to go. It works well for simple browsing, and I use it every day as my primary browser. But it has some serious issues too. - to date, I have yet to find a version of firefox that can download consistently over a modem.... most files say they are done when they are simply incomplete... the resume functions dont work right, etc.

That said, I have actually felt safer on the internet with FF, I managed to go the first 2 hours without spyware on a fresh windows xp install... that should say something at least.

That is one site of many that will try to slow change, probably due to fear. Stop taking it too personally people.

Nanobot

Fine article, very good comparison, well balanced treatment of all listed browsers.

I use FF as IE has consistently failed to block a majority of problems, all you have listed.

Thanks for doing so much properly laid out research on your own and posting it. Makes explaining why I use FF to my coworkers so much easier.

No comment. Thanx for having taken from your time to fight "disinformation". After reading his article, i googled his title and found your response. Thank you.
On another hand it made me think about an idea : wouldn't it be great for the internet to have a website(s) where users can rate information sources and authors? with so many blogs around anybody can claim knowing about something the user don't know and therefore mislead the latter.
Does it exist ? if yes it really chould be made more know to people. if not i'd really like to see it happen and participate in doing it.

Since i know myself i'm naive, I HATE Lies

He's at it again.
Slagging of Nanobot, again, without any sort of proof, whatsoever.

http://www.warp2search.net/modules.php?name=News&file=article&sid=27318&mode=&order=0&thold=0

This Masterbate, is a complete moron.
He has no FACTS, no LINKS, no "MYTHS"
Nothing.
Just a bunch of anti-firefox, one-sided ranting bull.

I had bookmarked the Firefox Myths page some time back, and just got to reading it today. I actually hadn't heard any of those myths. At least, not as he worded them. I've never heard someone recommend Firefox because it has no security vulnerabilities, because it stops all pop-ups, that it fully supports all web standards, that it was first to support tabs, that it was bug free, or any of the others.

I have heard comments that FF is more secure than IE, and statistically, that seems to be true. I have recommended FF because it permits far fewer pop-ups than IE, but I occasionally have pop-ups on my system with FF, so I know it doesn't block them all. I certainly can't say I've ever recommended FF because it starts faster than IE - my FF typically takes 45-60 seconds to start. Of course, I'm usually loading 15-20 tabs that I left open last time I was in FF, and that takes a while. I could go on, but everyone here gets the point.

What I found especially funny is that his XP-Games page has as its first ad a graphical ad with the text "Get Firefox with Google Toolbar for better browsing." Hmmmmmm. I bet that changes if he views this page. No worries - I have the image captured, and will post it at my site when I get to a system I can FTP from.

RagManX

Thank you Thank you Thank you for this article. I encourage all users of digg to mod his firefoxmyths comments as spam

Anyway it seems (by looking allmost anywhere) that OPERA is the best browser... Cheers!

He's spamming again...

http://episteme.arstechnica.com/groupee/forums/a/tpc/f/99609816/m/558005957731

He's spamming again...

http://episteme.arstechnica.com/groupee/forums/a/tpc/f/99609816/m/558005957731

Hahaha, you guys are all a bunch of FF fanboys. Someone writes some truth about your beloved browser and you try to start a war against him.

Let's just face it, Firefox sucks. It has grown using lies and a FUD (fear, uncertainty and doubt) campaign against IE.

Everybody that uses FF does this so they can pretend to be "leet". Yeah.. lets all be anti-MS, lets all use FF, its free, fast, secure and it has the best invention in the world: tabbed browsing!

Go get a real browser, Opera is 10x better than FF.

A lot of people use Firefox because the extension system is beyond comparison, it has excellent standards support (by the measurements in my resource, slightly better than Opera all around), and whether you like it or not there are some real long-term benefits to it being open source. I'm not one of those guys who tries to act like open source products are always better than their proprietary equivalents (for instance, I adore Adobe Photoshop and can't stand The GIMP, and I recognize that Microsoft Office is the best in its class in many areas), but generally speaking open source does have several benefits that really shine in the Firefox product. Opera is a very good browser, but I personally prefer Firefox, and for some good reasons.

The real fanboys are the ones who are unreasonably resistant to the idea that there are good qualities in the alternative products. Even Internet Explorer, which was all but abandoned by its creators for so long, has a few good qualities (moreso in IE7). The Firefox team has learned some things from Internet Explorer and Opera, the Opera team has learned some things from Firefox and Internet Explorer, and now the Internet Explorer team has learned some things from Firefox and Opera. If you put any one of those three on a pedestal and act like nothing else is worth mentioning, then I think we've found who the real fanboy is.

I think competition between browser is good for consumer. It makes coders and developers work harder and to improve their product over competitiors.

Yeah, I know FireFox has problems, like mine carshes when I do extensive browsing with more than two dozen tabs open when it takes almost all RAM. But I still like FireFox.

I don't know much but tech. In my experiences all browsers have weakness but least weakness' I've experienced has been in FireFox. Not once my webpage has been hijacked with FF, nor I have had weird ActiveX installed without my permission, unlike with IE few times. But IE is a lot more stable than its previous version has been. I still use IE now and then.

But as my experiences: FireFox is better... for me it suits better than IE. Its all about how you use it and what's your preferance...

When I read thing like "I'm here to crush some myths, I'm the only one to know the truth, don't listen to these pretending I'm wrong, they're jealous", I get my bulls**t detector on red alert.
As usual on that site, there is some truth, but with forgotten details, some "myths" that nobody never claimed, and a lot of false statements.
It's not only about Firefox, the guy (mastertech) has written a lot of bulls**t about XP (http://mywebpages.comcast.net/SupportCD/XPMyths.html ).
This one is my favourite example :
"Myth - "The FAT32 file system is better than NTFS."
It isn't ?
Actually, given the answer, it is.
But, the author give us a strong warning : "I only recommend and use NTFS with Windows 2000 and XP."
OF COURSE ! SINCE IT DOESN'T WORK WITH 98/ME !!!
What this guy is telling is "I don't recommend to use Kerosene in your car"
Thank you, thank you very much !!

I've created a "Firefox Myths Debunked" thread;
http://www.techspot.com/vb/showthread.php?p=249519

In particular read the Quotes section, which I'm sure everyone will find enlightening. For example;

"...all web sites are IE compliant, use a browser with IE engine & tabs, & a fully patched system = 100% security." - FreewheelinFrank
Actual comment;