Dennis Kennedy

I'm getting pretty ambi-browserous these days. Because of the wildly inconsistent approaches IE and Firefox seem to take to javascript windowing especially, I never know when I'll need to switch between browsers.

As I've noted before, I tend to favor Firefox for the tabbed browsing. I'd like it even better if the tabbed browsing worked a little more consistently, but Firefox is a work in progress, and I'll accept a few quirks.

I met Tom Sherman, at JotSheet, in January at BlogWalk Chicago and have become a fan of his blog, which can be funny, irreverent and incisive. Tom has a great post today called "Mozilla Firefox security: User smugness from the Foundation's silence?" on the issues raised by Firefox's approach to security patches, which seem to take the form of quiet version upgrades, and whether that approach is appropriate as Firefox becomes more widely adopted.

I've noticed before that one of the benefits of Firefox version upgrades sometimes was sometimes listed as "improved security." I'd later learn through some of the security blogs that the upgrades contained security patches.

One, perhaps unintended, result of all the euphorious reviews and recommendations to ditch IE and install Firefox to avoid security issues is to lull new Firefox users into a false sense of security.

Consider Tom's analysis:

"Telling your users to upgrade is a viable strategy when your user base is geeks. That's not the profile of the typical FF user anymore. Furthermore, as Firefox's growth slows, we know empirically that users are downloading FF more infrequently. Besides, to the average user, what's the real, demonstrable benefit of downloading and installing Firefox 1.0.1 (which is really just a security patch, similar to a Window Update) when he's already got 1.0 or 1.0PR? In his mind, 1.0PR, 1.0, and 1.0.1 are basically the same programs. At least Microsoft makes it mindlessly easy."

Tom's discussion of this issue is quite even-handed and makes his post important reading for Firefox users.

He also adds some follow-up comments about Firefox's automatic updates being as a welcome feature.

I agree, but here's my difficulty:

The current version of Firefox is 1.0.1. My version identifies itself as version 1.0. I have Firefox set up to check for updates automatically. I also manually tried to update it just now, in two different ways. I get messages that no updates are available.

Am I running an updated version 1.0.1 that is misidentified on the "About Mozilla Firefox Screen" or am I running an version 1.0 that will not update and may have security problems? I don't know.

I might need to download the most current version and reinstall Firefox.

As Tom suggests, I'd guess that if the same state of affairs existed in IE, there'd be quite a bit of uproar.

As I said, I actually like and use Firefox, but it cannot be a good thing to leave users in doubt about security or to make it difficult to run a secure version, whether your name is Microsoft or whether it is Mozilla.

[Originally posted on DennisKennedy.Blog (http://wwww.denniskennedy.com/blog/)]