Monday, June 08, 2009

On Switching Away from Firefox

So today I did the unthinkable – I stopped using Mozilla Firefox for good on all systems. While I’ve rightfully considered the use of Internet Explorer to be “criminal negligence” for a long time, the popular perception of “IE – bad, Firefox – good” seems to have quietly collapsed with nobody noticing … thus, this blog post.

Over few last months, Firefox on several of my Windows systems (please don’t remind me that I should use Linux or that fruit thing) started:

  • Crashing a few times a week
  • Experiencing very long startup times
  • Going into occasional freeze-ups for up to 30 seconds
  • Not closing down; when you try to launch a new one, the previous instance would remain in memory and needs to be killed.

At this point, I am done with it. I am not sure what made Firefox to be the “IE of 2009” – slow, unstable and crash-prone. Was it a modular architecture? Module quality? General codebase bloat? Intense focus on security? :-) I don’t know and at this point, I don’t care. Google Chrome is stable, super-super-fast and renders all the websites I go to well. Bye-bye, Firefox.

Now the question that many would: “But is it secure?” The only honest answer is the same as with Firefox: we don’t know. If Firefox was “secure because it had niche use,” then Chrome is secure for that reason too :-) It definitely has more frequent updates, thus shrinking a half-life of its vulnerabilities. Early on, Chrome had some embarrassing holes, but these seem gone now, with – hopefully! – lessons learned.

However, as I was rereading that ever-awesome Mark’s “Naked Security” preso where he reminds folks that “Functionality > Performance > Security”, the thought that I switched from IE to Firefox and now to Chrome due to functionality (and to some extent performance), not security. I switched to Linux (back then…), because I needed to run a bunch of tools, not because “Linux is more secure.” Then I switched back to Windows for the same reason. Just how desperate a software user needs to be to switch due to insecurity? [BTW, I will explore this subject in the future on]

Finally, I wanted to finish with with a complete quote from my own post on the previous browser switch, back in 2006:

So, is security always secondary to functionality? No, that is the wrong question to ask. The truth is that secure functionality is clearly preferred to insecure functionality. However, all the security in the world will NOT make someone switch to something that does not have the needed functionality. Which is, IMHO, an important lesson that we purveyors of security gear should always keep in mind!”

In other words, if something doesn’t work, it might be “secure”, but nobody will use it!

Possibly related posts:

Dr Anton Chuvakin